From 5d9e3544a729a4864f3174edc3431b859c05ec25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 15 Feb 2025 00:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10405.json | 60 ++++++++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39689.json | 4 +- 2024/4xxx/CVE-2024-4282.json | 68 ++++++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5462.json | 68 ++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1320.json | 18 +++++++++ 2025/1xxx/CVE-2025-1321.json | 18 +++++++++ 2025/1xxx/CVE-2025-1322.json | 18 +++++++++ 2025/1xxx/CVE-2025-1323.json | 18 +++++++++ 2025/1xxx/CVE-2025-1324.json | 18 +++++++++ 2025/1xxx/CVE-2025-1325.json | 18 +++++++++ 2025/1xxx/CVE-2025-1326.json | 18 +++++++++ 2025/1xxx/CVE-2025-1327.json | 18 +++++++++ 2025/21xxx/CVE-2025-21401.json | 65 ++++++++++++++++++++++++++++++-- 2025/26xxx/CVE-2025-26819.json | 62 +++++++++++++++++++++++++++++++ 14 files changed, 453 insertions(+), 18 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1320.json create mode 100644 2025/1xxx/CVE-2025-1321.json create mode 100644 2025/1xxx/CVE-2025-1322.json create mode 100644 2025/1xxx/CVE-2025-1323.json create mode 100644 2025/1xxx/CVE-2025-1324.json create mode 100644 2025/1xxx/CVE-2025-1325.json create mode 100644 2025/1xxx/CVE-2025-1326.json create mode 100644 2025/1xxx/CVE-2025-1327.json create mode 100644 2025/26xxx/CVE-2025-26819.json diff --git a/2024/10xxx/CVE-2024-10405.json b/2024/10xxx/CVE-2024-10405.json index 31f147536c9..c440da18d52 100644 --- a/2024/10xxx/CVE-2024-10405.json +++ b/2024/10xxx/CVE-2024-10405.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brocade", + "product": { + "product_data": [ + { + "product_name": "Brocade SANnav", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Brocade SANnav before 2.3.1b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402", + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39689.json b/2024/39xxx/CVE-2024-39689.json index 5f6a2434d40..3bea2a58d22 100644 --- a/2024/39xxx/CVE-2024-39689.json +++ b/2024/39xxx/CVE-2024-39689.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\"" + "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\"" } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": ">= 2021.05.30, < 2024.07.04" + "version_value": ">= 2021.5.30, < 2024.7.4" } ] } diff --git a/2024/4xxx/CVE-2024-4282.json b/2024/4xxx/CVE-2024-4282.json index 785a0ec5148..23e5bed7621 100644 --- a/2024/4xxx/CVE-2024-4282.json +++ b/2024/4xxx/CVE-2024-4282.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brocade", + "product": { + "product_data": [ + { + "product_name": "Brocade SANnav", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "before 2.3.1b" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/25400", + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/25400" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5462.json b/2024/5xxx/CVE-2024-5462.json index 7b14e765a73..641477ae173 100644 --- a/2024/5xxx/CVE-2024-5462.json +++ b/2024/5xxx/CVE-2024-5462.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5462", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brocade", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "before Fabric OS 9.2.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610", + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1320.json b/2025/1xxx/CVE-2025-1320.json new file mode 100644 index 00000000000..61135eb715b --- /dev/null +++ b/2025/1xxx/CVE-2025-1320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1321.json b/2025/1xxx/CVE-2025-1321.json new file mode 100644 index 00000000000..6269681a042 --- /dev/null +++ b/2025/1xxx/CVE-2025-1321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1322.json b/2025/1xxx/CVE-2025-1322.json new file mode 100644 index 00000000000..80c7ecb836a --- /dev/null +++ b/2025/1xxx/CVE-2025-1322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1323.json b/2025/1xxx/CVE-2025-1323.json new file mode 100644 index 00000000000..87483881c8a --- /dev/null +++ b/2025/1xxx/CVE-2025-1323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1324.json b/2025/1xxx/CVE-2025-1324.json new file mode 100644 index 00000000000..a00b2da5c7e --- /dev/null +++ b/2025/1xxx/CVE-2025-1324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1325.json b/2025/1xxx/CVE-2025-1325.json new file mode 100644 index 00000000000..a5d2e1ce2de --- /dev/null +++ b/2025/1xxx/CVE-2025-1325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1326.json b/2025/1xxx/CVE-2025-1326.json new file mode 100644 index 00000000000..305feec8630 --- /dev/null +++ b/2025/1xxx/CVE-2025-1326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1327.json b/2025/1xxx/CVE-2025-1327.json new file mode 100644 index 00000000000..f5d459b9090 --- /dev/null +++ b/2025/1xxx/CVE-2025-1327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21401.json b/2025/21xxx/CVE-2025-21401.json index 60835b14de1..93dcbe49c2e 100644 --- a/2025/21xxx/CVE-2025-21401.json +++ b/2025/21xxx/CVE-2025-21401.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (Chromium-based)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "133.0.3065.69" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21401", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21401" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 4.5, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26819.json b/2025/26xxx/CVE-2025-26819.json new file mode 100644 index 00000000000..abb7c297601 --- /dev/null +++ b/2025/26xxx/CVE-2025-26819.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-26819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d", + "refsource": "MISC", + "name": "https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d" + } + ] + } +} \ No newline at end of file