admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-10 22:00:37 +00:00
parent bf1bedfc56
commit 4b1433c84f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 1209 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

305
2024/0xxx/CVE-2024-0446.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},
@ -36,12 +36,289 @@
"product": {
"product_data": [
{
"product_name": "Autodesk applications",
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024, 2023, 2022"
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
@ -72,9 +349,27 @@
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

18
2024/13xxx/CVE-2024-13856.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2024/23xxx/CVE-2024-23120.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},

2
2024/23xxx/CVE-2024-23121.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},

305
2024/23xxx/CVE-2024-23122.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},
@ -36,12 +36,289 @@
"product": {
"product_data": [
{
"product_name": "AutoCAD, Advance Steel and Civil 3D",
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024, 2023, 2022, 2021"
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
@ -72,9 +349,27 @@
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

305
2024/23xxx/CVE-2024-23123.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},
@ -36,12 +36,289 @@
"product": {
"product_data": [
{
"product_name": "AutoCAD, Advance Steel and Civil 3D",
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024, 2023, 2022, 2021"
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.0.1"
},
{
"version_affected": "<",
"version_name": "2024",
"version_value": "2024.1.3"
},
{
"version_affected": "<",
"version_name": "2023",
"version_value": "2023.1.5"
},
{
"version_affected": "<",
"version_name": "2022",
"version_value": "2022.1.4"
},
{
"version_affected": "<",
"version_name": "2021",
"version_value": "2021.1.4"
}
]
}
@ -72,9 +349,27 @@
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

2
2024/23xxx/CVE-2024-23124.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted STP file when parsed in ASMIMPORT228A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},

2
2024/23xxx/CVE-2024-23144.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},

2
2024/23xxx/CVE-2024-23146.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
]
},

108
2025/1xxx/CVE-2025-1157.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/model_recuperar_senha.php. The manipulation of the argument recuperacao leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Allims lab.online bis 20250201 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /model/model_recuperar_senha.php. Durch Manipulieren des Arguments recuperacao mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Allims",
"product": {
"product_data": [
{
"product_name": "lab.online",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20250201"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295061",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295061"
},
{
"url": "https://vuldb.com/?ctiid.295061",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295061"
},
{
"url": "https://vuldb.com/?submit.493492",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.493492"
}
]
},
"credits": [
{
"lang": "en",
"value": "Stux (VulDB User)"
},
{
"lang": "en",
"value": "Stux (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

109
2025/1xxx/CVE-2025-1158.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in ESAFENET CDG 5.6.3.154.205_20250114 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei addPolicyToSafetyGroup.jsp. Durch das Beeinflussen des Arguments safetyGroupId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ESAFENET",
"product": {
"product_data": [
{
"product_name": "CDG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.3.154.205_20250114"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295062",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295062"
},
{
"url": "https://vuldb.com/?ctiid.295062",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295062"
},
{
"url": "https://vuldb.com/?submit.493644",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.493644"
},
{
"url": "https://github.com/Rain1er/report/blob/main/CDG/addPolicyToSafetyGroup.md",
"refsource": "MISC",
"name": "https://github.com/Rain1er/report/blob/main/CDG/addPolicyToSafetyGroup.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "hqlzs (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

81
2025/24xxx/CVE-2025-24970.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "netty",
"product": {
"product_data": [
{
"product_name": "netty",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.1.91.Final, <= 4.1.117.Final"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"refsource": "MISC",
"name": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
},
{
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"refsource": "MISC",
"name": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
}
]
},
"source": {
"advisory": "GHSA-4g8c-wm8x-jfhw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}