From 4d85bec9cba4adaa08b702830ac1bf2ae1d9e50a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 2 Mar 2025 20:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1829.json | 114 +++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1830.json | 109 +++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1831.json | 109 +++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1850.json | 18 ++++++ 4 files changed, 338 insertions(+), 12 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1850.json diff --git a/2025/1xxx/CVE-2025-1829.json b/2025/1xxx/CVE-2025-1829.json index 4d302aa239d..2652c392a44 100644 --- a/2025/1xxx/CVE-2025-1829.json +++ b/2025/1xxx/CVE-2025-1829.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In TOTOLINK X18 9.1.0cu.2024_B20220329 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion setMtknatCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments mtkhnatEnable mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection", + "cweId": "CWE-78" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "X18", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0cu.2024_B20220329" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298096", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298096" + }, + { + "url": "https://vuldb.com/?ctiid.298096", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298096" + }, + { + "url": "https://vuldb.com/?submit.504983", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.504983" + }, + { + "url": "https://github.com/sjwszt/CVE/blob/main/CVE_2.md", + "refsource": "MISC", + "name": "https://github.com/sjwszt/CVE/blob/main/CVE_2.md" + }, + { + "url": "https://www.totolink.net/", + "refsource": "MISC", + "name": "https://www.totolink.net/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Calmc1 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1830.json b/2025/1xxx/CVE-2025-1830.json index 03944e91681..b7c9ebe4f16 100644 --- a/2025/1xxx/CVE-2025-1830.json +++ b/2025/1xxx/CVE-2025-1830.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in zj1983 zz bis 2024-8 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Customer Information Handler. Durch Manipulieren des Arguments Customer Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zj1983", + "product": { + "product_data": [ + { + "product_name": "zz", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024-8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298097", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298097" + }, + { + "url": "https://vuldb.com/?ctiid.298097", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298097" + }, + { + "url": "https://vuldb.com/?submit.504790", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.504790" + }, + { + "url": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_xss1.md", + "refsource": "MISC", + "name": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_xss1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Caigo (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/1xxx/CVE-2025-1831.json b/2025/1xxx/CVE-2025-1831.json index ee7e4ef85c7..d9cea65bb9c 100644 --- a/2025/1xxx/CVE-2025-1831.json +++ b/2025/1xxx/CVE-2025-1831.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in zj1983 zz bis 2024-8 entdeckt. Dabei betrifft es die Funktion GetDBUser der Datei src/main/java/com/futvan/z/system/zorg/ZorgAction.java. Durch das Beeinflussen des Arguments user_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zj1983", + "product": { + "product_data": [ + { + "product_name": "zz", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024-8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298098", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298098" + }, + { + "url": "https://vuldb.com/?ctiid.298098", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298098" + }, + { + "url": "https://vuldb.com/?submit.504806", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.504806" + }, + { + "url": "https://github.com/caigo8/CVE-md/blob/main/zz/ZZ_2024_8%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A52.md", + "refsource": "MISC", + "name": "https://github.com/caigo8/CVE-md/blob/main/zz/ZZ_2024_8%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A52.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "macfy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1850.json b/2025/1xxx/CVE-2025-1850.json new file mode 100644 index 00000000000..9cdcc60ed65 --- /dev/null +++ b/2025/1xxx/CVE-2025-1850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file