admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-05 21:00:36 +00:00
parent 436a9d15a0
commit 5cbf46c3cc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 349 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2024/45xxx/CVE-2024-45774.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

5
2024/45xxx/CVE-2024-45779.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

5
2024/45xxx/CVE-2024-45780.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

61
2024/51xxx/CVE-2024-51144.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-51144",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-51144",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ampache/ampache",
"refsource": "MISC",
"name": "https://github.com/ampache/ampache"
},
{
"refsource": "MISC",
"name": "https://nitipoom-jar.github.io/CVE-2024-51144/",
"url": "https://nitipoom-jar.github.io/CVE-2024-51144/"
} }
] ]
} }

61
2024/57xxx/CVE-2024-57174.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-57174",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-57174",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://chenzw.medium.com/internal-domain-names-f1cd2886c654",
"refsource": "MISC",
"name": "https://chenzw.medium.com/internal-domain-names-f1cd2886c654"
},
{
"refsource": "MISC",
"name": "https://github.com/geo-chen/BSides-SG-2022---Internal-Domain-Names?tab=readme-ov-file#finding-1---cve-2024-57174-alphion-routers",
"url": "https://github.com/geo-chen/BSides-SG-2022---Internal-Domain-Names?tab=readme-ov-file#finding-1---cve-2024-57174-alphion-routers"
} }
] ]
} }

5
2025/0xxx/CVE-2025-0689.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

5
2025/0xxx/CVE-2025-0690.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

5
2025/1xxx/CVE-2025-1125.json
View File

@ -104,6 +104,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
} }
] ]
}, },

56
2025/25xxx/CVE-2025-25362.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-25362",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-25362",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/explosion/spacy-llm/issues/492",
"refsource": "MISC",
"name": "https://github.com/explosion/spacy-llm/issues/492"
} }
] ]
} }

56
2025/25xxx/CVE-2025-25632.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-25632",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-25632",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md",
"refsource": "MISC",
"name": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md"
} }
] ]
} }

56
2025/25xxx/CVE-2025-25634.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-25634",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-25634",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19GetParentControlInfo.md",
"refsource": "MISC",
"name": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19GetParentControlInfo.md"
} }
] ]
} }

63
2025/27xxx/CVE-2025-27516.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27516", "ID": "CVE-2025-27516",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"cweId": "CWE-1336"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pallets",
"product": {
"product_data": [
{
"product_name": "jinja",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.1.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7",
"refsource": "MISC",
"name": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
},
{
"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403",
"refsource": "MISC",
"name": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
}
]
},
"source": {
"advisory": "GHSA-cpwx-vrp4-4pq7",
"discovery": "UNKNOWN"
} }
} }