diff --git a/2024/45xxx/CVE-2024-45774.json b/2024/45xxx/CVE-2024-45774.json index 198eeeb57e1..f88b3e7a236 100644 --- a/2024/45xxx/CVE-2024-45774.json +++ b/2024/45xxx/CVE-2024-45774.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45779.json b/2024/45xxx/CVE-2024-45779.json index 7d8db88e89b..06af4497da5 100644 --- a/2024/45xxx/CVE-2024-45779.json +++ b/2024/45xxx/CVE-2024-45779.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45780.json b/2024/45xxx/CVE-2024-45780.json index 9536d21b85c..e7be2f1e3d0 100644 --- a/2024/45xxx/CVE-2024-45780.json +++ b/2024/45xxx/CVE-2024-45780.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2024/51xxx/CVE-2024-51144.json b/2024/51xxx/CVE-2024-51144.json index 4d917cc231d..c06d3795ba2 100644 --- a/2024/51xxx/CVE-2024-51144.json +++ b/2024/51xxx/CVE-2024-51144.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ampache/ampache", + "refsource": "MISC", + "name": "https://github.com/ampache/ampache" + }, + { + "refsource": "MISC", + "name": "https://nitipoom-jar.github.io/CVE-2024-51144/", + "url": "https://nitipoom-jar.github.io/CVE-2024-51144/" } ] } diff --git a/2024/57xxx/CVE-2024-57174.json b/2024/57xxx/CVE-2024-57174.json index 4ecbd54ccb4..ac30caefd44 100644 --- a/2024/57xxx/CVE-2024-57174.json +++ b/2024/57xxx/CVE-2024-57174.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57174", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57174", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chenzw.medium.com/internal-domain-names-f1cd2886c654", + "refsource": "MISC", + "name": "https://chenzw.medium.com/internal-domain-names-f1cd2886c654" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/BSides-SG-2022---Internal-Domain-Names?tab=readme-ov-file#finding-1---cve-2024-57174-alphion-routers", + "url": "https://github.com/geo-chen/BSides-SG-2022---Internal-Domain-Names?tab=readme-ov-file#finding-1---cve-2024-57174-alphion-routers" } ] } diff --git a/2025/0xxx/CVE-2025-0689.json b/2025/0xxx/CVE-2025-0689.json index 0d1cdcc57d8..9dc6605a680 100644 --- a/2025/0xxx/CVE-2025-0689.json +++ b/2025/0xxx/CVE-2025-0689.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2025/0xxx/CVE-2025-0690.json b/2025/0xxx/CVE-2025-0690.json index c41624970ff..f038b666f43 100644 --- a/2025/0xxx/CVE-2025-0690.json +++ b/2025/0xxx/CVE-2025-0690.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2025/1xxx/CVE-2025-1125.json b/2025/1xxx/CVE-2025-1125.json index 243ebbff952..3afd3ab7f2f 100644 --- a/2025/1xxx/CVE-2025-1125.json +++ b/2025/1xxx/CVE-2025-1125.json @@ -104,6 +104,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138" + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ] }, diff --git a/2025/25xxx/CVE-2025-25362.json b/2025/25xxx/CVE-2025-25362.json index 2f4ba1f92f2..74c108533e7 100644 --- a/2025/25xxx/CVE-2025-25362.json +++ b/2025/25xxx/CVE-2025-25362.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/explosion/spacy-llm/issues/492", + "refsource": "MISC", + "name": "https://github.com/explosion/spacy-llm/issues/492" } ] } diff --git a/2025/25xxx/CVE-2025-25632.json b/2025/25xxx/CVE-2025-25632.json index f9aae68f77f..bca63fcbfd1 100644 --- a/2025/25xxx/CVE-2025-25632.json +++ b/2025/25xxx/CVE-2025-25632.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md", + "refsource": "MISC", + "name": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md" } ] } diff --git a/2025/25xxx/CVE-2025-25634.json b/2025/25xxx/CVE-2025-25634.json index b943735a754..25c19354c6e 100644 --- a/2025/25xxx/CVE-2025-25634.json +++ b/2025/25xxx/CVE-2025-25634.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19GetParentControlInfo.md", + "refsource": "MISC", + "name": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19GetParentControlInfo.md" } ] } diff --git a/2025/27xxx/CVE-2025-27516.json b/2025/27xxx/CVE-2025-27516.json index 3411ad43098..46acd68c212 100644 --- a/2025/27xxx/CVE-2025-27516.json +++ b/2025/27xxx/CVE-2025-27516.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", + "cweId": "CWE-1336" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pallets", + "product": { + "product_data": [ + { + "product_name": "jinja", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7", + "refsource": "MISC", + "name": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7" + }, + { + "url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403", + "refsource": "MISC", + "name": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403" + } + ] + }, + "source": { + "advisory": "GHSA-cpwx-vrp4-4pq7", + "discovery": "UNKNOWN" } } \ No newline at end of file