From 5498fe6f763e56ef3fdeb08895a1cd36b5f8a344 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Apr 2025 21:04:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/31xxx/CVE-2025-31191.json | 98 ++++++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31192.json | 88 +++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31194.json | 64 +++++++++++++++++-- 2025/31xxx/CVE-2025-31282.json | 79 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31283.json | 79 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31284.json | 79 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31285.json | 79 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31286.json | 79 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31376.json | 85 +++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31386.json | 85 +++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31387.json | 113 +++++++++++++++++++++++++++++++-- 11 files changed, 884 insertions(+), 44 deletions(-) diff --git a/2025/31xxx/CVE-2025-31191.json b/2025/31xxx/CVE-2025-31191.json index a1a677db231..458554785d5 100644 --- a/2025/31xxx/CVE-2025-31191.json +++ b/2025/31xxx/CVE-2025-31191.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access sensitive user data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122377", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122377" + }, + { + "url": "https://support.apple.com/en-us/122371", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122371" + }, + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/31xxx/CVE-2025-31192.json b/2025/31xxx/CVE-2025-31192.json index 82052f18dc8..06d252866e5 100644 --- a/2025/31xxx/CVE-2025-31192.json +++ b/2025/31xxx/CVE-2025-31192.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A website may be able to access sensor information without user consent" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122371", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122371" + }, + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122379", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122379" } ] } diff --git a/2025/31xxx/CVE-2025-31194.json b/2025/31xxx/CVE-2025-31194.json index c5719708dd5..ae9d35cb6c4 100644 --- a/2025/31xxx/CVE-2025-31194.json +++ b/2025/31xxx/CVE-2025-31194.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A Shortcut may run with admin privileges without authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/31xxx/CVE-2025-31282.json b/2025/31xxx/CVE-2025-31282.json index ddc9e8ed12a..7a6e5d60867 100644 --- a/2025/31xxx/CVE-2025-31282.json +++ b/2025/31xxx/CVE-2025-31282.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Mangement", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Vision One", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NA", + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/en-US/solution/KA-0019386", + "refsource": "MISC", + "name": "https://success.trendmicro.com/en-US/solution/KA-0019386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "NONE", + "baseScore": 0, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N" } ] } diff --git a/2025/31xxx/CVE-2025-31283.json b/2025/31xxx/CVE-2025-31283.json index ab8e415005f..2ecc38cc52b 100644 --- a/2025/31xxx/CVE-2025-31283.json +++ b/2025/31xxx/CVE-2025-31283.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Mangement", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Vision One", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NA", + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/en-US/solution/KA-0019386", + "refsource": "MISC", + "name": "https://success.trendmicro.com/en-US/solution/KA-0019386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "NONE", + "baseScore": 0, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N" } ] } diff --git a/2025/31xxx/CVE-2025-31284.json b/2025/31xxx/CVE-2025-31284.json index 73a16b53374..2e7acf3096a 100644 --- a/2025/31xxx/CVE-2025-31284.json +++ b/2025/31xxx/CVE-2025-31284.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Mangement", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Vision One", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NA", + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/en-US/solution/KA-0019386", + "refsource": "MISC", + "name": "https://success.trendmicro.com/en-US/solution/KA-0019386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "NONE", + "baseScore": 0, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N" } ] } diff --git a/2025/31xxx/CVE-2025-31285.json b/2025/31xxx/CVE-2025-31285.json index c7128e81953..6a38dac0967 100644 --- a/2025/31xxx/CVE-2025-31285.json +++ b/2025/31xxx/CVE-2025-31285.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Mangement", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Vision One", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NA", + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/en-US/solution/KA-0019386", + "refsource": "MISC", + "name": "https://success.trendmicro.com/en-US/solution/KA-0019386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "NONE", + "baseScore": 0, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N" } ] } diff --git a/2025/31xxx/CVE-2025-31286.json b/2025/31xxx/CVE-2025-31286.json index 0e9b9a04da5..85600074514 100644 --- a/2025/31xxx/CVE-2025-31286.json +++ b/2025/31xxx/CVE-2025-31286.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code.\r\n\r\nPlease note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Mangement", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Vision One", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NA", + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/en-US/solution/KA-0019386", + "refsource": "MISC", + "name": "https://success.trendmicro.com/en-US/solution/KA-0019386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "NONE", + "baseScore": 0, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N" } ] } diff --git a/2025/31xxx/CVE-2025-31376.json b/2025/31xxx/CVE-2025-31376.json index a15b352b2d2..c042125d62d 100644 --- a/2025/31xxx/CVE-2025-31376.json +++ b/2025/31xxx/CVE-2025-31376.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mayeenul Islam", + "product": { + "product_data": [ + { + "product_name": "NanoSupport", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/nanosupport/vulnerability/wordpress-nanosupport-plugin-0-6-0-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/nanosupport/vulnerability/wordpress-nanosupport-plugin-0-6-0-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31386.json b/2025/31xxx/CVE-2025-31386.json index f76f9f7cd84..993a0bb1f1b 100644 --- a/2025/31xxx/CVE-2025-31386.json +++ b/2025/31xxx/CVE-2025-31386.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simplepress", + "product": { + "product_data": [ + { + "product_name": "Simple:Press", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "6.10.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simplepress/vulnerability/wordpress-simple-press-plugin-6-10-11-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/simplepress/vulnerability/wordpress-simple-press-plugin-6-10-11-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "20kilograma (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31387.json b/2025/31xxx/CVE-2025-31387.json index 7c4628130b4..25275d14638 100644 --- a/2025/31xxx/CVE-2025-31387.json +++ b/2025/31xxx/CVE-2025-31387.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "InstaWP", + "product": { + "product_data": [ + { + "product_name": "InstaWP Connect", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "0.1.0.82", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "0.1.0.83", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-82-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-82-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress InstaWP Connect plugin to the latest available version (at least 0.1.0.83)." + } + ], + "value": "Update the WordPress InstaWP Connect plugin to the latest available version (at least 0.1.0.83)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] }