admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-25 05:00:31 +00:00
parent 711541057e
commit 5885872a0b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
15 changed files with 1118 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2024/10xxx/CVE-2024-10206.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4-00",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/10xxx/CVE-2024-10207.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/10xxx/CVE-2024-10208.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user\u2019s browser session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/10xxx/CVE-2024-10209.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/45xxx/CVE-2024-45480.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation",
"product": {
"product_data": [
{
"product_name": "B&R APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/45xxx/CVE-2024-45481.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-791: Incomplete Filtering of Special Elements",
"cweId": "CWE-791"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation",
"product": {
"product_data": [
{
"product_name": "B&R APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/45xxx/CVE-2024-45482.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"cweId": "CWE-829"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation",
"product": {
"product_data": [
{
"product_name": "B&R APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R4.4",
"version_value": "4.4-00P1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/45xxx/CVE-2024-45483.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/45xxx/CVE-2024-45484.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

70
2024/8xxx/CVE-2024-8313.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of Sensitive System Information",
"cweId": "CWE-497"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1188 Insecure Default Initialization of Resource",
"cweId": "CWE-1188"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

70
2024/8xxx/CVE-2024-8314.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8314",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"cweId": "CWE-303"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-488 Exposure of Data Element to Wrong Session",
"cweId": "CWE-488"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation GmbH",
"product": {
"product_data": [
{
"product_name": "APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/8xxx/CVE-2024-8315.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"cweId": "CWE-280"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "B&R Industrial Automation",
"product": {
"product_data": [
{
"product_name": "B&R APROL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R4.4",
"version_value": "4.4-00P5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf",
"refsource": "MISC",
"name": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

153
2025/2xxx/CVE-2025-2732.json
View File

@ -1,17 +1,162 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /api/wizard/getWifiNeighbour der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-77"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "H3C",
"product": {
"product_data": [
{
"product_name": "Magic NX15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V100R014"
}
]
}
},
{
"product_name": "Magic NX30 Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V100R014"
}
]
}
},
{
"product_name": "Magic NX400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V100R014"
}
]
}
},
{
"product_name": "Magic R3010",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V100R014"
}
]
}
},
{
"product_name": "Magic BE18000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V100R014"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300752",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300752"
},
{
"url": "https://vuldb.com/?ctiid.300752",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300752"
},
{
"url": "https://vuldb.com/?submit.520499",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.520499"
},
{
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md",
"refsource": "MISC",
"name": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Qwen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

161
2025/2xxx/CVE-2025-2733.json
View File

@ -1,17 +1,170 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in mannaandpoem OpenManus bis 2025.3.13 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei app/tool/python_execute.py der Komponente Prompt Handler. Mit der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection",
"cweId": "CWE-78"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mannaandpoem",
"product": {
"product_data": [
{
"product_name": "OpenManus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2025.3.0"
},
{
"version_affected": "=",
"version_value": "2025.3.1"
},
{
"version_affected": "=",
"version_value": "2025.3.2"
},
{
"version_affected": "=",
"version_value": "2025.3.3"
},
{
"version_affected": "=",
"version_value": "2025.3.4"
},
{
"version_affected": "=",
"version_value": "2025.3.5"
},
{
"version_affected": "=",
"version_value": "2025.3.6"
},
{
"version_affected": "=",
"version_value": "2025.3.7"
},
{
"version_affected": "=",
"version_value": "2025.3.8"
},
{
"version_affected": "=",
"version_value": "2025.3.9"
},
{
"version_affected": "=",
"version_value": "2025.3.10"
},
{
"version_affected": "=",
"version_value": "2025.3.11"
},
{
"version_affected": "=",
"version_value": "2025.3.12"
},
{
"version_affected": "=",
"version_value": "2025.3.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300753",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300753"
},
{
"url": "https://vuldb.com/?ctiid.300753",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300753"
},
{
"url": "https://vuldb.com/?submit.520426",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.520426"
},
{
"url": "https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa",
"refsource": "MISC",
"name": "https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa"
}
]
},
"credits": [
{
"lang": "en",
"value": "s0l42 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2025/2xxx/CVE-2025-2734.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in PHPGurukul Old Age Home Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/aboutus.php. Mittels dem Manipulieren des Arguments pagetitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "Old Age Home Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300756",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300756"
},
{
"url": "https://vuldb.com/?ctiid.300756",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300756"
},
{
"url": "https://vuldb.com/?submit.522265",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.522265"
},
{
"url": "https://github.com/0xabandon/CVE/issues/1",
"refsource": "MISC",
"name": "https://github.com/0xabandon/CVE/issues/1"
},
{
"url": "https://phpgurukul.com/",
"refsource": "MISC",
"name": "https://phpgurukul.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "0xabandon (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}