admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-24 16:00:31 +00:00
parent f01fa50ae0
commit 5c8da9b0d1
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 970 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2018/9xxx/CVE-2018-9193.json
View File

@ -1,12 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-9193",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +35,17 @@
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"product_name": "FortiClientWindows",
"version": {
"version_data": [
{
"version_value": "6.0.4 and earlier"
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.5"
},
{
"version_affected": "=",
"version_value": "5.6.6"
}
]
}
@ -30,32 +56,36 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-108",
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
"url": "https://fortiguard.com/advisory/FG-IR-18-108",
"refsource": "MISC",
"name": "https://fortiguard.com/advisory/FG-IR-18-108"
}
]
},
"description": {
"description_data": [
"solution": [
{
"lang": "en",
"value": "It is advised that all customers update their Vulnerability Scan engine to v2.00027 or later to protect against this vulnerability. In FortiClient -> About -> Engines -> Vulnerability, ensure version is 2.00027 or greater. The engine update will be pushed automatically to all FortiClients. Upgrade to FortiClient 6.0.5."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file."
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X"
}
]
}

84
2021/26xxx/CVE-2021-26091.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-338"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiMail",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.4"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/advisory/FG-IR-21-031",
"refsource": "MISC",
"name": "https://fortiguard.com/advisory/FG-IR-21-031"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C"
}
]
}

82
2021/26xxx/CVE-2021-26105.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-358"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSandbox",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.2.2"
},
{
"version_affected": "=",
"version_value": "3.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-234",
"refsource": "MISC",
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-234"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to FortiSandbox 4.0.1 or above.\n\r\nUpgrade to FortiSandbox 3.2.3 or above."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X"
}
]
}

317
2023/25xxx/CVE-2023-25610.json
View File

@ -1,17 +1,326 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-124"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSwitchManager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.4"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.11"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.10"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.11"
}
]
}
},
{
"product_name": "FortiOS-6K7K",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.5"
},
{
"version_affected": "=",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.4.8"
},
{
"version_affected": "=",
"version_value": "6.4.6"
},
{
"version_affected": "=",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.2.9",
"version_value": "6.2.12"
},
{
"version_affected": "<=",
"version_name": "6.2.6",
"version_value": "6.2.7"
},
{
"version_affected": "=",
"version_value": "6.2.4"
},
{
"version_affected": "<=",
"version_name": "6.0.12",
"version_value": "6.0.18"
},
{
"version_affected": "=",
"version_value": "6.0.10"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.2"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.8"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.14"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.11"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.12"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.18"
},
{
"version_affected": "<=",
"version_name": "5.6.0",
"version_value": "5.6.14"
},
{
"version_affected": "<=",
"version_name": "5.4.0",
"version_value": "5.4.13"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.15"
},
{
"version_affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.14"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.4"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.11"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.10"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.11"
}
]
}
},
{
"product_name": "FortiWeb",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.22"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-001",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-001"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\r\nPlease upgrade to FortiWeb version 7.2.2 or above\r\nPlease upgrade to FortiWeb version 7.0.7 or above\r\nPlease upgrade to FortiWeb version 6.4.3 or above\r\nPlease upgrade to FortiWeb version 6.3.23 or above\r\nPlease upgrade to FortiWeb version 6.2.8 or above\r\nPlease upgrade to FortiWeb version 6.1.4 or above\r\nPlease upgrade to upcoming FortiOS version 6.0.17 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.5 or above\r\nPlease upgrade to FortiManager version 6.4.12 or above\r\nPlease upgrade to FortiManager version 6.2.11 or above\r\nPlease upgrade to FortiManager version 6.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 7.0.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.13 or above\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.5 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.12 or above\r\nPlease upgrade to FortiAnalyzer version 6.2.11 or above\r\nPlease upgrade to FortiAnalyzer version 6.0.12 or above\r\n\r\n\r\n## Workaround for FortiOS:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface:\r\n\r\n\r\n```\r\nconfig firewall address\r\nedit my_allowed_addresses\r\nset subnet Y IP MY SUBNET\r\nend\r\n```\r\n\r\nThen create an Address Group:\r\n\r\n\r\n```\r\nconfig firewall addrgrp\r\nedit MGMT_IPs\r\nset member my_allowed_addresses\r\nend\r\n```\r\n\r\nCreate the Local in Policy to restrict access only to the predefined group on management interface (here: port1):\r\n\r\n\r\n```\r\nconfig firewall local-in-policy\r\nedit 1\r\nset intf port1\r\nset srcaddr MGMT_IPs\r\nset dstaddr all\r\nset action accept\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nnext\r\n\r\n\r\n\r\nedit 2\r\nset intf any\r\nset srcaddr all\r\nset dstaddr all\r\nset action deny\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nend\r\n```\r\n\r\n\r\nIf using non default ports, create appropriate service object for GUI administrative access:\r\n\r\n```\r\nconfig firewall service custom\r\nedit GUI_HTTPS\r\nset tcp-portrange admin-sport\r\nnext\r\nedit GUI_HTTP\r\nset tcp-portrange admin-port\r\nend\r\n```\r\n\r\n\r\nUse these objects instead of \"HTTPS HTTP\" in the local-in policy 1 and 2 below.\r\n\r\n\r\nWhen using an HA reserved management interface, the local in policy needs to be configured slightly differently - please see: \r\n\r\nhttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005\r\n\r\nPlease contact customer support for assistance.\r\n\r\n\r\n## Workaround for FortiManager and FortiAnalyzer:\r\n\r\n\r\nLimit IP addresses that can reach the administrative interface\r\n\r\n\r\n## Workaround for FortiWeb:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"
}
]
}

9
2024/13xxx/CVE-2024-13496.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The GamiPress \u2013 Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
"value": "The GamiPress \u2013 Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was previously published as being fixed in version 7.2.2 which was incorrect. The correct fixed version is 7.3.2."
}
]
},
@ -42,7 +42,7 @@
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.2.1"
"version_value": "7.3.1"
}
]
}
@ -79,6 +79,11 @@
"url": "https://plugins.trac.wordpress.org/changeset/3226227/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3226227/"
},
{
"url": "https://abrahack.com/posts/gamipress-sqli/",
"refsource": "MISC",
"name": "https://abrahack.com/posts/gamipress-sqli/"
}
]
},

17
2024/27xxx/CVE-2024-27397.json
View File

@ -40,8 +40,8 @@
"version_data": [
{
"version_affected": "<",
"version_name": "c3e1b005ed1c",
"version_value": "f8dfda798650"
"version_name": "c3e1b005ed1cc068fc9d454a6e745830d55d251d",
"version_value": "f8dfda798650241c1692058713ca4fef8e429061"
},
{
"version_value": "not down converted",
@ -87,6 +87,12 @@
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.84",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.7.5",
"lessThanOrEqual": "6.7.*",
@ -139,6 +145,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01"
},
{
"url": "https://git.kernel.org/stable/c/7fa2e2960fff8322ce2ded57b5f8e9cbc450b967",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7fa2e2960fff8322ce2ded57b5f8e9cbc450b967"
},
{
"url": "https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3",
"refsource": "MISC",
@ -152,6 +163,6 @@
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
"engine": "bippy-5f407fcff5a0"
}
}

16
2024/42xxx/CVE-2024-42254.json
View File

@ -40,8 +40,13 @@
"version_data": [
{
"version_affected": "<",
"version_name": "87585b05757d",
"version_value": "68d19af95a35"
"version_name": "46b1b3d81a7e99574e1a2f914086bc2fe382d79d",
"version_value": "78aefac7efdffddf7889405b7c08e6e0f030fa35"
},
{
"version_affected": "<",
"version_name": "87585b05757dc70545efb434669708d276125559",
"version_value": "68d19af95a353f5e2b021602180b65b303eba99d"
},
{
"version_value": "not down converted",
@ -84,6 +89,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/78aefac7efdffddf7889405b7c08e6e0f030fa35",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/78aefac7efdffddf7889405b7c08e6e0f030fa35"
},
{
"url": "https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d",
"refsource": "MISC",
@ -97,6 +107,6 @@
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
"engine": "bippy-5f407fcff5a0"
}
}

17
2024/50xxx/CVE-2024-50138.json
View File

@ -40,8 +40,8 @@
"version_data": [
{
"version_affected": "<",
"version_name": "457f44363a88",
"version_value": "5eb34999d118"
"version_name": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"version_value": "5eb34999d118e69a20dc0c6556f315fcb0a1f8d3"
},
{
"version_value": "not down converted",
@ -63,6 +63,12 @@
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.84",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.6",
"lessThanOrEqual": "6.11.*",
@ -95,6 +101,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5eb34999d118e69a20dc0c6556f315fcb0a1f8d3"
},
{
"url": "https://git.kernel.org/stable/c/f9543375d9b150b2bcf16bb182e6b62309db0888",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f9543375d9b150b2bcf16bb182e6b62309db0888"
},
{
"url": "https://git.kernel.org/stable/c/ca30e682e5d6de44d12c4610767811c9a21d59ba",
"refsource": "MISC",
@ -108,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-8e903de6a542"
"engine": "bippy-5f407fcff5a0"
}
}

15
2024/53xxx/CVE-2024-53222.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "7ac07a26dea79c3892436bce41cce03dcbd3c4c7",
"version_value": "843d366ff19708668d95cda16bb8aba109a93dba"
"version_value": "c7ee791e538537b281f60945298796f0a3971bbd"
},
{
"version_value": "not down converted",
@ -57,6 +57,12 @@
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.84",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
@ -64,7 +70,7 @@
"versionType": "semver"
},
{
"version": "6.13-rc1",
"version": "6.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -84,6 +90,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c7ee791e538537b281f60945298796f0a3971bbd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7ee791e538537b281f60945298796f0a3971bbd"
},
{
"url": "https://git.kernel.org/stable/c/843d366ff19708668d95cda16bb8aba109a93dba",
"refsource": "MISC",

61
2024/55xxx/CVE-2024-55279.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nokonoko/Uguu/",
"refsource": "MISC",
"name": "https://github.com/nokonoko/Uguu/"
},
{
"refsource": "MISC",
"name": "https://codeberg.org/zypressen/CVE-2024-55279",
"url": "https://codeberg.org/zypressen/CVE-2024-55279"
}
]
}

78
2025/0xxx/CVE-2025-0256.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL DevOps Deploy / HCL Launch",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0 - 7.0.5.25; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

119
2025/1xxx/CVE-2025-1558.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsibledisclosure@mattermost.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1287: Improper Validation of Specified Type of Input",
"cweId": "CWE-1287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mattermost",
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.26.0"
},
{
"status": "unaffected",
"version": "2.25.1"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mattermost.com/security-updates",
"refsource": "MISC",
"name": "https://mattermost.com/security-updates"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "MMSA-2024-00417",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62374"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update Mattermost Mobile Apps to versions 2.26.0, 2.25.1 or higher.</p>"
}
],
"value": "Update Mattermost Mobile Apps to versions 2.26.0, 2.25.1 or higher."
}
],
"credits": [
{
"lang": "en",
"value": "defalt47"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

91
2025/23xxx/CVE-2025-23204.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. The test in version 3.3.8 is probably broken. As of time of publication, a fixed version is not available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "api-platform",
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.3.8, <= 4.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/api-platform/core/security/advisories/GHSA-7mxx-3cgm-xxv3",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/security/advisories/GHSA-7mxx-3cgm-xxv3"
},
{
"url": "https://github.com/api-platform/core/pull/6444",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/pull/6444"
},
{
"url": "https://github.com/api-platform/core/pull/6444/files#diff-09e3c2cfe12a2ce65bd6c983c7ca6bfcf783f852b8d0554bb938e8ebf5e5fa65R56",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/pull/6444/files#diff-09e3c2cfe12a2ce65bd6c983c7ca6bfcf783f852b8d0554bb938e8ebf5e5fa65R56"
},
{
"url": "https://github.com/soyuka/core/blob/7e2e8f9ff322ac5f6eb5f65baf432bffdca0fd51/src/Symfony/Security/State/AccessCheckerProvider.php#L49-L57",
"refsource": "MISC",
"name": "https://github.com/soyuka/core/blob/7e2e8f9ff322ac5f6eb5f65baf432bffdca0fd51/src/Symfony/Security/State/AccessCheckerProvider.php#L49-L57"
}
]
},
"source": {
"advisory": "GHSA-7mxx-3cgm-xxv3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

61
2025/29xxx/CVE-2025-29294.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-29294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in H3C R3000 V100R009 and NX600 V100R0011 and NX15000 V100R005 and NX30 V100R0011 and NX54 V100R011 and BX54 V100R004 and BX54-E V100R0010 and NX18 Plus V100R006 allows a remote attacker to execute arbitrary code via the set_ipv6_static function and the clear_ipv6_info function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://h3c.com",
"refsource": "MISC",
"name": "http://h3c.com"
},
{
"url": "http://r3000.com",
"refsource": "MISC",
"name": "http://r3000.com"
}
]
}