admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-29 02:00:57 +00:00
parent d06c7e4332
commit 5a35409136
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 582 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2023/33xxx/CVE-2023-33838.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33838",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-759 Use of a One-Way Hash without a Salt",
"cweId": "CWE-759"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Governance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7172200",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7172200"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

109
2025/0xxx/CVE-2025-0795.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in ESAFENET CDG V5 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /todolistjump.jsp. Durch Beeinflussen des Arguments flowId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ESAFENET",
"product": {
"product_data": [
{
"product_name": "CDG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.293919",
"refsource": "MISC",
"name": "https://vuldb.com/?id.293919"
},
{
"url": "https://vuldb.com/?ctiid.293919",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.293919"
},
{
"url": "https://vuldb.com/?submit.483349",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.483349"
},
{
"url": "https://github.com/Rain1er/report/blob/main/CDG/todolistjump.md",
"refsource": "MISC",
"name": "https://github.com/Rain1er/report/blob/main/CDG/todolistjump.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "rian.xinc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

109
2025/0xxx/CVE-2025-0797.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In MicroWorld eScan Antivirus 7.0.32 f\u00fcr Linux wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /var/Microworld/ der Komponente Quarantine Handler. Dank der Manipulation mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MicroWorld",
"product": {
"product_data": [
{
"product_name": "eScan Antivirus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.293920",
"refsource": "MISC",
"name": "https://vuldb.com/?id.293920"
},
{
"url": "https://vuldb.com/?ctiid.293920",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.293920"
},
{
"url": "https://vuldb.com/?submit.484329",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.484329"
},
{
"url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_incorrect_default_perms_leads_to_malware_evasion.md",
"refsource": "MISC",
"name": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_incorrect_default_perms_leads_to_malware_evasion.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "FPT IS Security (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

109
2025/0xxx/CVE-2025-0798.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in MicroWorld eScan Antivirus 7.0.32 f\u00fcr Linux ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei rtscanner der Komponente Quarantine Handler. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection",
"cweId": "CWE-78"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MicroWorld",
"product": {
"product_data": [
{
"product_name": "eScan Antivirus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.293921",
"refsource": "MISC",
"name": "https://vuldb.com/?id.293921"
},
{
"url": "https://vuldb.com/?ctiid.293921",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.293921"
},
{
"url": "https://vuldb.com/?submit.484718",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.484718"
},
{
"url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_rtscanner_rce.md",
"refsource": "MISC",
"name": "https://github.com/dmknght/FIS_RnD/blob/main/escan_rtscanner_rce.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "FPT IS Security (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C"
}
]
}

109
2025/0xxx/CVE-2025-0800.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in SourceCodester Online Courseware 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /pcci/admin/saveeditt.php der Komponente Edit Teacher. Mit der Manipulation des Arguments fname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.293922",
"refsource": "MISC",
"name": "https://vuldb.com/?id.293922"
},
{
"url": "https://vuldb.com/?ctiid.293922",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.293922"
},
{
"url": "https://vuldb.com/?submit.484935",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.484935"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "ayush8816 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

18
2025/0xxx/CVE-2025-0822.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

74
2025/23xxx/CVE-2025-23362.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as vulnerable. According to the vendor, the product has been refactored after those old versions and the version 3.0.1 is not vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rodrigue",
"product": {
"product_data": [
{
"product_name": "EXIF Viewer Classic",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.4.0 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromewebstore.google.com/detail/exif-viewer-classic/nafpfdcmppffipmhcpkbplhkoiekndck",
"refsource": "MISC",
"name": "https://chromewebstore.google.com/detail/exif-viewer-classic/nafpfdcmppffipmhcpkbplhkoiekndck"
},
{
"url": "https://exifviewers.com/",
"refsource": "MISC",
"name": "https://exifviewers.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN05508012/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN05508012/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "MEDIUM",
"baseScore": 6.1,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}