diff --git a/2024/13xxx/CVE-2024-13750.json b/2024/13xxx/CVE-2024-13750.json new file mode 100644 index 00000000000..5753f1e9dbd --- /dev/null +++ b/2024/13xxx/CVE-2024-13750.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13750", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13751.json b/2024/13xxx/CVE-2024-13751.json new file mode 100644 index 00000000000..f83412357a4 --- /dev/null +++ b/2024/13xxx/CVE-2024-13751.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13751", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13752.json b/2024/13xxx/CVE-2024-13752.json new file mode 100644 index 00000000000..ac7602d2af3 --- /dev/null +++ b/2024/13xxx/CVE-2024-13752.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13752", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13753.json b/2024/13xxx/CVE-2024-13753.json new file mode 100644 index 00000000000..41ae79f3647 --- /dev/null +++ b/2024/13xxx/CVE-2024-13753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48662.json b/2024/48xxx/CVE-2024-48662.json index 05e92bc65c3..eebdf57a3c1 100644 --- a/2024/48xxx/CVE-2024-48662.json +++ b/2024/48xxx/CVE-2024-48662.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/VuDuc09/vuln_research/tree/main/CVE-2024-48662", + "url": "https://github.com/VuDuc09/vuln_research/tree/main/CVE-2024-48662" } ] } diff --git a/2024/51xxx/CVE-2024-51417.json b/2024/51xxx/CVE-2024-51417.json index c976ab7a22e..8348f3f45ab 100644 --- a/2024/51xxx/CVE-2024-51417.json +++ b/2024/51xxx/CVE-2024-51417.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields." + "value": "An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields." } ] }, diff --git a/2024/54xxx/CVE-2024-54728.json b/2024/54xxx/CVE-2024-54728.json index 2c58e3a54f7..203724a7749 100644 --- a/2024/54xxx/CVE-2024-54728.json +++ b/2024/54xxx/CVE-2024-54728.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54728", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54728", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/xu-yanbo202000460009/00dacd7bfede713a0f052a531da4fabd", + "url": "https://gist.github.com/xu-yanbo202000460009/00dacd7bfede713a0f052a531da4fabd" } ] } diff --git a/2024/56xxx/CVE-2024-56178.json b/2024/56xxx/CVE-2024-56178.json index f7fd7001930..5c37387a484 100644 --- a/2024/56xxx/CVE-2024-56178.json +++ b/2024/56xxx/CVE-2024-56178.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-56178", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-56178", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.couchbase.com/alerts/", + "url": "https://www.couchbase.com/alerts/" } ] } diff --git a/2024/56xxx/CVE-2024-56316.json b/2024/56xxx/CVE-2024-56316.json index c9cb2703bd5..95100d2c60f 100644 --- a/2024/56xxx/CVE-2024-56316.json +++ b/2024/56xxx/CVE-2024-56316.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-56316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-56316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316/", + "url": "https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316/" } ] } diff --git a/2024/57xxx/CVE-2024-57052.json b/2024/57xxx/CVE-2024-57052.json index 812478a797c..84a3ce62ecb 100644 --- a/2024/57xxx/CVE-2024-57052.json +++ b/2024/57xxx/CVE-2024-57052.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8", + "url": "https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8" } ] } diff --git a/2024/57xxx/CVE-2024-57373.json b/2024/57xxx/CVE-2024-57373.json index 11295423db1..79540b00105 100644 --- a/2024/57xxx/CVE-2024-57373.json +++ b/2024/57xxx/CVE-2024-57373.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allows a remote attacker to execute arbitrary cod and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cypherdavy/CVE-2024-57373", + "url": "https://github.com/cypherdavy/CVE-2024-57373" } ] } diff --git a/2024/57xxx/CVE-2024-57546.json b/2024/57xxx/CVE-2024-57546.json index 10ac64af335..b9cd5754f27 100644 --- a/2024/57xxx/CVE-2024-57546.json +++ b/2024/57xxx/CVE-2024-57546.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57546", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Validate%20links%20SSRF.md", + "refsource": "MISC", + "name": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Validate%20links%20SSRF.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb", + "url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb" } ] } diff --git a/2024/57xxx/CVE-2024-57547.json b/2024/57xxx/CVE-2024-57547.json index e59542f310c..5e3e503f6ec 100644 --- a/2024/57xxx/CVE-2024-57547.json +++ b/2024/57xxx/CVE-2024-57547.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57547", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Remote%20Code%20Execution%20via%20backup%20file%20editing.md", + "refsource": "MISC", + "name": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Remote%20Code%20Execution%20via%20backup%20file%20editing.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb", + "url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb" } ] } diff --git a/2024/57xxx/CVE-2024-57548.json b/2024/57xxx/CVE-2024-57548.json index 50aac09f378..55dc1c9b28a 100644 --- a/2024/57xxx/CVE-2024-57548.json +++ b/2024/57xxx/CVE-2024-57548.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57548", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CMSimple 5.16 allows the user to edit log.php file via print page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md", + "refsource": "MISC", + "name": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Broken%20Access%20Control%20to%20log.php.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb", + "url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb" } ] } diff --git a/2024/57xxx/CVE-2024-57549.json b/2024/57xxx/CVE-2024-57549.json index b7da77512fe..46b1363c1b2 100644 --- a/2024/57xxx/CVE-2024-57549.json +++ b/2024/57xxx/CVE-2024-57549.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57549", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57549", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Sensitive%20information%20disclosure.md", + "refsource": "MISC", + "name": "https://github.com/h4ckr4v3n/cmsimple5.16_research/blob/main/CMSimple%205.16%20Sensitive%20information%20disclosure.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb", + "url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb" } ] } diff --git a/2025/21xxx/CVE-2025-21600.json b/2025/21xxx/CVE-2025-21600.json index e8c3cd70800..4ca653c132e 100644 --- a/2025/21xxx/CVE-2025-21600.json +++ b/2025/21xxx/CVE-2025-21600.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516." + "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * \n\nfrom 21.4 before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 21.4-EVO before 21.4R3-S9-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S2-EVO,\u00a0\n * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue does not affect versions of Junos OS prior to 21.3R1.\n\n\nThis issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516." } ] }, @@ -40,39 +40,60 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "21.4R3-S9" - }, - { - "version_affected": "<", - "version_name": "22.2", - "version_value": "22.2R3-S5" - }, - { - "version_affected": "<", - "version_name": "22.3", - "version_value": "22.3R3-S4" - }, - { - "version_affected": "<", - "version_name": "22.4", - "version_value": "22.4R3-S5" - }, - { - "version_affected": "<", - "version_name": "23.2", - "version_value": "23.2R2-S3" - }, - { - "version_affected": "<", - "version_name": "23.4", - "version_value": "23.4R2-S3" - }, - { - "version_affected": "<", - "version_name": "24.2", - "version_value": "24.2R1-S2, 24.2R2" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "21.4R3-S9", + "status": "affected", + "version": "21.4", + "versionType": "semver" + }, + { + "lessThan": "22.2R3-S5", + "status": "affected", + "version": "22.2", + "versionType": "semver" + }, + { + "lessThan": "22.3R3-S4", + "status": "affected", + "version": "22.3", + "versionType": "semver" + }, + { + "lessThan": "22.4R3-S5", + "status": "affected", + "version": "22.4", + "versionType": "semver" + }, + { + "lessThan": "23.2R2-S3", + "status": "affected", + "version": "23.2", + "versionType": "semver" + }, + { + "lessThan": "23.4R2-S3", + "status": "affected", + "version": "23.4", + "versionType": "semver" + }, + { + "lessThan": "24.2R1-S2, 24.2R2", + "status": "affected", + "version": "24.2", + "versionType": "semver" + }, + { + "lessThan": "21.3R1", + "status": "unaffected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -82,39 +103,60 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "21.4R3-S9-EVO" - }, - { - "version_affected": "<", - "version_name": "22.2", - "version_value": "22.2R3-S5-EVO" - }, - { - "version_affected": "<", - "version_name": "22.3", - "version_value": "22.3R3-S4-EVO" - }, - { - "version_affected": "<", - "version_name": "22.4", - "version_value": "22.4R3-S5-EVO" - }, - { - "version_affected": "<", - "version_name": "23.2", - "version_value": "23.2R2-S3-EVO" - }, - { - "version_affected": "<", - "version_name": "23.4", - "version_value": "23.4R2-S2-EVO" - }, - { - "version_affected": "<", - "version_name": "24.2", - "version_value": "24.2R1-S2-EVO, 24.2R2-EVO" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "21.4R3-S9-EVO", + "status": "affected", + "version": "21.4-EVO", + "versionType": "semver" + }, + { + "lessThan": "22.2R3-S5-EVO", + "status": "affected", + "version": "22.2-EVO", + "versionType": "semver" + }, + { + "lessThan": "22.3R3-S4-EVO", + "status": "affected", + "version": "22.3-EVO", + "versionType": "semver" + }, + { + "lessThan": "22.4R3-S5-EVO", + "status": "affected", + "version": "22.4-EVO", + "versionType": "semver" + }, + { + "lessThan": "23.2R2-S3-EVO", + "status": "affected", + "version": "23.2-EVO", + "versionType": "semver" + }, + { + "lessThan": "23.4R2-S2-EVO", + "status": "affected", + "version": "23.4-EVO", + "versionType": "semver" + }, + { + "lessThan": "24.2R1-S2-EVO, 24.2R2-EVO", + "status": "affected", + "version": "24.2-EVO", + "versionType": "semver" + }, + { + "lessThan": "21.3R1-EVO", + "status": "unaffected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } } ] } diff --git a/2025/24xxx/CVE-2025-24369.json b/2025/24xxx/CVE-2025-24369.json index 1a06691c686..973e614fa31 100644 --- a/2025/24xxx/CVE-2025-24369.json +++ b/2025/24xxx/CVE-2025-24369.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-807: Reliance on Untrusted Inputs in a Security Decision", + "cweId": "CWE-807" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xe", + "product": { + "product_data": [ + { + "product_name": "x", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< v1.11.0-37-gd98d70a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Xe/x/security/advisories/GHSA-56w8-8ppj-2p4f", + "refsource": "MISC", + "name": "https://github.com/Xe/x/security/advisories/GHSA-56w8-8ppj-2p4f" + }, + { + "url": "https://github.com/Xe/x/commit/7bd7b209f4f1b897de85ec8973458dc8be606a8b", + "refsource": "MISC", + "name": "https://github.com/Xe/x/commit/7bd7b209f4f1b897de85ec8973458dc8be606a8b" + }, + { + "url": "https://github.com/Xe/x/commit/e09d0226a628f04b1d80fd83bee777894a45cd02", + "refsource": "MISC", + "name": "https://github.com/Xe/x/commit/e09d0226a628f04b1d80fd83bee777894a45cd02" + }, + { + "url": "https://xeiaso.net/notes/2025/GHSA-56w8-8ppj-2p4f", + "refsource": "MISC", + "name": "https://xeiaso.net/notes/2025/GHSA-56w8-8ppj-2p4f" + } + ] + }, + "source": { + "advisory": "GHSA-56w8-8ppj-2p4f", + "discovery": "UNKNOWN" } } \ No newline at end of file