admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-17 01:00:37 +00:00
parent 89cdbaf898
commit 63e0114ad2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 263 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
2025/2xxx/CVE-2025-2355.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in BlackVue App 3.65 f\u00fcr Android gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente API Endpoint Handler. Mittels Manipulieren des Arguments BCS_TOKEN/SECRET_KEY mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Storage of Credentials",
"cweId": "CWE-256"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Credentials Management",
"cweId": "CWE-255"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BlackVue",
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.65"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.299822",
"refsource": "MISC",
"name": "https://vuldb.com/?id.299822"
},
{
"url": "https://vuldb.com/?ctiid.299822",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.299822"
},
{
"url": "https://vuldb.com/?submit.513351",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.513351"
},
{
"url": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext",
"refsource": "MISC",
"name": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext"
}
]
},
"credits": [
{
"lang": "en",
"value": "geochen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

89
2025/2xxx/CVE-2025-2356.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in BlackVue App 3.65 f\u00fcr Android ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion deviceDelete der Komponente API Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of get request method with sensitive query strings-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of GET Request Method With Sensitive Query Strings",
"cweId": "CWE-598"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BlackVue",
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.65"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.299823",
"refsource": "MISC",
"name": "https://vuldb.com/?id.299823"
},
{
"url": "https://vuldb.com/?ctiid.299823",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.299823"
},
{
"url": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext--client-secrets-sent-via-get",
"refsource": "MISC",
"name": "https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-hardcoded-secrets-exposed-in-plaintext--client-secrets-sent-via-get"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

61
2025/30xxx/CVE-2025-30089.json
View File

@ -1,9 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-30089",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -27,29 +50,6 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
@ -63,5 +63,18 @@
"url": "https://crates.io/crates/gurk"
}
]
},
"generator": {
"engine": "enrichogram 0.0.1"
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L"
}
]
}
}

18
2025/30xxx/CVE-2025-30090.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/30xxx/CVE-2025-30091.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}