admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-12 19:00:34 +00:00
parent f0b10af337
commit 49ed6bc6bc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 999 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2025/0xxx/CVE-2025-0937.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@hashicorp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HashiCorp",
"product": {
"product_data": [
{
"product_name": "Nomad",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.9.6"
}
]
}
},
{
"product_name": "Nomad Enterprise",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.8.10",
"status": "unaffected"
},
{
"at": "1.7.18",
"status": "unaffected"
}
],
"lessThan": "1.9.6",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191"
}
]
},
"source": {
"advisory": "HCSEC-2025-02",
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

330
2025/1xxx/CVE-2025-1146.json
View File

@ -1,17 +1,339 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@crowdstrike.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack. CrowdStrike identified this issue internally and released a security fix in all Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor versions 7.06 and above.\n\n \nCrowdStrike identified this issue through our longstanding, rigorous security review process, which has been continually strengthened with deeper source code analysis and ongoing program enhancements as part of our commitment to security resilience. CrowdStrike has no indication of any exploitation of this issue in the wild. CrowdStrike has leveraged its world class threat hunting and intelligence capabilities to actively monitor for signs of abuse or usage of this flaw and will continue to do so. \n\n\nWindows and Mac sensors are not affected by this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CrowdStrike",
"product": {
"product_data": [
{
"product_name": "Falcon sensor for Linux",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "7.21.17405",
"versionType": "semver"
},
{
"lessThan": "7.20.17308",
"status": "affected",
"version": "7.20",
"versionType": "semver"
},
{
"lessThan": "7.19.17221",
"status": "affected",
"version": "7.19",
"versionType": "semver"
},
{
"lessThan": "7.18.17131",
"status": "affected",
"version": "7.18",
"versionType": "semver"
},
{
"lessThan": "7.17.17014",
"status": "affected",
"version": "7.17",
"versionType": "semver"
},
{
"lessThan": "7.16.16909",
"status": "affected",
"version": "7.16",
"versionType": "semver"
},
{
"lessThan": "7.15.16806",
"status": "affected",
"version": "7.15",
"versionType": "semver"
},
{
"lessThan": "7.14.16705",
"status": "affected",
"version": "7.14",
"versionType": "semver"
},
{
"lessThan": "7.13.16606",
"status": "affected",
"version": "7.13",
"versionType": "semver"
},
{
"lessThan": "7.11.16410",
"status": "affected",
"version": "7.11",
"versionType": "semver"
},
{
"lessThan": "7.10.16321",
"status": "affected",
"version": "7.10",
"versionType": "semver"
},
{
"lessThan": "7.07.16209",
"status": "affected",
"version": "7.07",
"versionType": "semver"
},
{
"lessThan": "7.06.16113",
"status": "affected",
"version": "7.06",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Falcon Kubernetes Admission Controller",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "7.21.1904",
"versionType": "semver"
},
{
"lessThan": "7.20.1808",
"status": "affected",
"version": "7.20",
"versionType": "semver"
},
{
"lessThan": "7.18.1605",
"status": "affected",
"version": "7.18",
"versionType": "semver"
},
{
"lessThan": "7.17.1503",
"status": "affected",
"version": "7.17",
"versionType": "semver"
},
{
"lessThan": "7.16.1403",
"status": "affected",
"version": "7.16",
"versionType": "semver"
},
{
"lessThan": "7.14.1203",
"status": "affected",
"version": "7.14",
"versionType": "semver"
},
{
"lessThan": "7.13.1102",
"status": "affected",
"version": "7.13",
"versionType": "semver"
},
{
"lessThan": "7.12.1002",
"status": "affected",
"version": "7.12",
"versionType": "semver"
},
{
"lessThan": "7.11.904",
"status": "affected",
"version": "7.11",
"versionType": "semver"
},
{
"lessThan": "7.10.806",
"status": "affected",
"version": "7.10",
"versionType": "semver"
},
{
"lessThan": "7.06.603",
"status": "affected",
"version": "7.06",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Falcon Container Sensor",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "7.21.6003",
"versionType": "semver"
},
{
"lessThan": "7.20.5908",
"status": "affected",
"version": "7.20",
"versionType": "semver"
},
{
"lessThan": "7.19.5807",
"status": "affected",
"version": "7.19",
"versionType": "semver"
},
{
"lessThan": "7.18.5705",
"status": "affected",
"version": "7.18",
"versionType": "semver"
},
{
"lessThan": "7.17.5603",
"status": "affected",
"version": "7.17",
"versionType": "semver"
},
{
"lessThan": "7.16.5503",
"status": "affected",
"version": "7.16",
"versionType": "semver"
},
{
"lessThan": "7.15.5403",
"status": "affected",
"version": "7.15",
"versionType": "semver"
},
{
"lessThan": "7.14.5306",
"status": "affected",
"version": "7.14",
"versionType": "semver"
},
{
"lessThan": "7.13.5202",
"status": "affected",
"version": "7.13",
"versionType": "semver"
},
{
"lessThan": "7.12.5102",
"status": "affected",
"version": "7.12",
"versionType": "semver"
},
{
"lessThan": "7.11.5003",
"status": "affected",
"version": "7.11",
"versionType": "semver"
},
{
"lessThan": "7.10.4907",
"status": "affected",
"version": "7.10",
"versionType": "semver"
},
{
"lessThan": "7.06.4705",
"status": "affected",
"version": "7.06",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.crowdstrike.com/security-advisories/cve-2025-1146/",
"refsource": "MISC",
"name": "https://www.crowdstrike.com/security-advisories/cve-2025-1146/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

113
2025/1xxx/CVE-2025-1214.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1214",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in pihome-shc PiHome 2.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /user_accounts.php?uid der Komponente Role-Based Access Control. Durch Beeinflussen mit unbekannten Daten kann eine missing authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pihome-shc",
"product": {
"product_data": [
{
"product_name": "PiHome",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295173",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295173"
},
{
"url": "https://vuldb.com/?ctiid.295173",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295173"
},
{
"url": "https://vuldb.com/?submit.497533",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.497533"
},
{
"url": "https://github.com/janssensjelle/published-pocs/blob/main/pihomehvac-improper-access-control.md",
"refsource": "MISC",
"name": "https://github.com/janssensjelle/published-pocs/blob/main/pihomehvac-improper-access-control.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jelle Janssens (VulDB User)"
},
{
"lang": "en",
"value": "Jelle Janssens (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

110
2025/1xxx/CVE-2025-1215.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "In vim bis 9.1.1096 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei src/main.c. Dank der Manipulation des Arguments --log mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 9.1.1097 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c5654b84480822817bb7b69ebc97c174c91185e9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "vim",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.1.1096"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295174",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295174"
},
{
"url": "https://vuldb.com/?ctiid.295174",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295174"
},
{
"url": "https://vuldb.com/?submit.497546",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.497546"
},
{
"url": "https://github.com/vim/vim/issues/16606",
"refsource": "MISC",
"name": "https://github.com/vim/vim/issues/16606"
},
{
"url": "https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9",
"refsource": "MISC",
"name": "https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9"
},
{
"url": "https://github.com/vim/vim/releases/tag/v9.1.1097",
"refsource": "MISC",
"name": "https://github.com/vim/vim/releases/tag/v9.1.1097"
}
]
},
"credits": [
{
"lang": "en",
"value": "wenjusun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.8,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

18
2025/1xxx/CVE-2025-1259.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/1xxx/CVE-2025-1260.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

4
2025/21xxx/CVE-2025-21396.json
View File

@ -66,8 +66,8 @@
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C"
}
]
}

86
2025/25xxx/CVE-2025-25201.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the application. An attacker without access to the proper administration key would be able to generate new keys and overwrite certificates. Such an attacker would not be able to read-out or extract existing private data, nor would they be able to gain access to cryptographic operations that would normally require PIN-based authentication. The issue is fixed in piv-authenticator 0.3.9, and in Nitrokey's firmware 1.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nitrokey",
"product": {
"product_data": [
{
"product_name": "nitrokey-3-firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "= 1.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Nitrokey/nitrokey-3-firmware/security/advisories/GHSA-jfhm-ppq8-7hgx",
"refsource": "MISC",
"name": "https://github.com/Nitrokey/nitrokey-3-firmware/security/advisories/GHSA-jfhm-ppq8-7hgx"
},
{
"url": "https://github.com/Nitrokey/nitrokey-3-firmware/releases/tag/v1.8.1",
"refsource": "MISC",
"name": "https://github.com/Nitrokey/nitrokey-3-firmware/releases/tag/v1.8.1"
},
{
"url": "https://www.nitrokey.com/blog/2025/nitrokey-3-firmware-v181-security-update",
"refsource": "MISC",
"name": "https://www.nitrokey.com/blog/2025/nitrokey-3-firmware-v181-security-update"
}
]
},
"source": {
"advisory": "GHSA-jfhm-ppq8-7hgx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

114
2025/25xxx/CVE-2025-25205.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like \"/api/items/1/cover\" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-202: Exposure of Sensitive Information Through Data Queries",
"cweId": "CWE-202"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "advplyr",
"product": {
"product_data": [
{
"product_name": "audiobookshelf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.17.0, < 2.19.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-pg8v-5jcv-wrvw",
"refsource": "MISC",
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-pg8v-5jcv-wrvw"
},
{
"url": "https://github.com/advplyr/audiobookshelf/pull/3584",
"refsource": "MISC",
"name": "https://github.com/advplyr/audiobookshelf/pull/3584"
},
{
"url": "https://github.com/advplyr/audiobookshelf/commit/bf8407274e3ee300af1927ee660d078a7a801e1c",
"refsource": "MISC",
"name": "https://github.com/advplyr/audiobookshelf/commit/bf8407274e3ee300af1927ee660d078a7a801e1c"
},
{
"url": "https://github.com/advplyr/audiobookshelf/commit/ec6537656925a43871b07cfee12c9f383844d224",
"refsource": "MISC",
"name": "https://github.com/advplyr/audiobookshelf/commit/ec6537656925a43871b07cfee12c9f383844d224"
},
{
"url": "https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41",
"refsource": "MISC",
"name": "https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41"
}
]
},
"source": {
"advisory": "GHSA-pg8v-5jcv-wrvw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
]
}

86
2025/25xxx/CVE-2025-25283.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively, and an out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. Version 2.1.3 contains a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jkroso",
"product": {
"product_data": [
{
"product_name": "parse-duration",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jkroso/parse-duration/security/advisories/GHSA-hcrg-fc28-fcg5",
"refsource": "MISC",
"name": "https://github.com/jkroso/parse-duration/security/advisories/GHSA-hcrg-fc28-fcg5"
},
{
"url": "https://github.com/jkroso/parse-duration/commit/9e88421bfd41806fa4b473bfb28a9ee9dafc27d7",
"refsource": "MISC",
"name": "https://github.com/jkroso/parse-duration/commit/9e88421bfd41806fa4b473bfb28a9ee9dafc27d7"
},
{
"url": "https://github.com/jkroso/parse-duration/releases/tag/v2.1.3",
"refsource": "MISC",
"name": "https://github.com/jkroso/parse-duration/releases/tag/v2.1.3"
}
]
},
"source": {
"advisory": "GHSA-hcrg-fc28-fcg5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

56
2025/25xxx/CVE-2025-25343.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wy876/cve/issues/4",
"refsource": "MISC",
"name": "https://github.com/wy876/cve/issues/4"
}
]
}