From 646fced24cc9cd6c3c8b303fde1fe4eff86a39ea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2025 23:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3309.json | 16 +++---- 2023/22xxx/CVE-2023-22139.json | 8 ++-- 2024/13xxx/CVE-2024-13499.json | 18 ++++++++ 2024/40xxx/CVE-2024-40513.json | 56 ++++++++++++++++++++++--- 2024/40xxx/CVE-2024-40514.json | 56 ++++++++++++++++++++++--- 2024/46xxx/CVE-2024-46450.json | 56 ++++++++++++++++++++++--- 2024/48xxx/CVE-2024-48460.json | 56 ++++++++++++++++++++++--- 2024/53xxx/CVE-2024-53553.json | 61 ++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54660.json | 56 ++++++++++++++++++++++--- 2024/55xxx/CVE-2024-55511.json | 56 ++++++++++++++++++++++--- 2024/56xxx/CVE-2024-56144.json | 76 ++++++++++++++++++++++++++++++++-- 2024/57xxx/CVE-2024-57703.json | 56 ++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57704.json | 56 ++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57784.json | 56 ++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57785.json | 56 ++++++++++++++++++++++--- 2025/23xxx/CVE-2025-23198.json | 76 ++++++++++++++++++++++++++++++++-- 2025/23xxx/CVE-2025-23199.json | 76 ++++++++++++++++++++++++++++++++-- 2025/23xxx/CVE-2025-23200.json | 76 ++++++++++++++++++++++++++++++++-- 2025/23xxx/CVE-2025-23201.json | 76 ++++++++++++++++++++++++++++++++-- 19 files changed, 945 insertions(+), 98 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13499.json diff --git a/2019/3xxx/CVE-2019-3309.json b/2019/3xxx/CVE-2019-3309.json index 9f53085dbad..5db1324cec2 100644 --- a/2019/3xxx/CVE-2019-3309.json +++ b/2019/3xxx/CVE-2019-3309.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3309", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-3309", + "ASSIGNER": "secalert_us@oracle.com", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is mistakenly published by the other party." } ] } diff --git a/2023/22xxx/CVE-2023-22139.json b/2023/22xxx/CVE-2023-22139.json index a2be8cd3d7c..474a779ee56 100644 --- a/2023/22xxx/CVE-2023-22139.json +++ b/2023/22xxx/CVE-2023-22139.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert_us@oracle.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is mistakenly published by the other party." } ] } diff --git a/2024/13xxx/CVE-2024-13499.json b/2024/13xxx/CVE-2024-13499.json new file mode 100644 index 00000000000..cba991dbc5a --- /dev/null +++ b/2024/13xxx/CVE-2024-13499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40513.json b/2024/40xxx/CVE-2024-40513.json index a24a8f79314..2d7c4e717d8 100644 --- a/2024/40xxx/CVE-2024-40513.json +++ b/2024/40xxx/CVE-2024-40513.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40513", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40513", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php-lover-boy/ChatVia", + "refsource": "MISC", + "name": "https://github.com/php-lover-boy/ChatVia" } ] } diff --git a/2024/40xxx/CVE-2024-40514.json b/2024/40xxx/CVE-2024-40514.json index 752a33f22de..51271100ee9 100644 --- a/2024/40xxx/CVE-2024-40514.json +++ b/2024/40xxx/CVE-2024-40514.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40514", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40514", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/php-lover-boy/ChatVia", + "url": "https://github.com/php-lover-boy/ChatVia" } ] } diff --git a/2024/46xxx/CVE-2024-46450.json b/2024/46xxx/CVE-2024-46450.json index 83d9fd29f1c..a606841813f 100644 --- a/2024/46xxx/CVE-2024-46450.json +++ b/2024/46xxx/CVE-2024-46450.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46450", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46450", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/BXxTqsZk", + "url": "https://pastebin.com/BXxTqsZk" } ] } diff --git a/2024/48xxx/CVE-2024-48460.json b/2024/48xxx/CVE-2024-48460.json index 31156c76662..9ae543879dc 100644 --- a/2024/48xxx/CVE-2024-48460.json +++ b/2024/48xxx/CVE-2024-48460.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48460", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48460", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Eugeny/tabby/issues/9955", + "refsource": "MISC", + "name": "https://github.com/Eugeny/tabby/issues/9955" } ] } diff --git a/2024/53xxx/CVE-2024-53553.json b/2024/53xxx/CVE-2024-53553.json index d89830a1b5c..198ce52ecd5 100644 --- a/2024/53xxx/CVE-2024-53553.json +++ b/2024/53xxx/CVE-2024-53553.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53553", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://infosecwriteups.com/exploiting-execute-after-redirect-ear-vulnerability-in-htb-previse-92ea3f1dbf3d", + "refsource": "MISC", + "name": "https://infosecwriteups.com/exploiting-execute-after-redirect-ear-vulnerability-in-htb-previse-92ea3f1dbf3d" + }, + { + "refsource": "MISC", + "name": "https://github.com/Turbul3nce/Vulnerability.Research/tree/main/CVE-2024-53553", + "url": "https://github.com/Turbul3nce/Vulnerability.Research/tree/main/CVE-2024-53553" } ] } diff --git a/2024/54xxx/CVE-2024-54660.json b/2024/54xxx/CVE-2024-54660.json index 8e6bb96e43a..b87ff2164a9 100644 --- a/2024/54xxx/CVE-2024-54660.json +++ b/2024/54xxx/CVE-2024-54660.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179", + "refsource": "MISC", + "name": "https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179" } ] } diff --git a/2024/55xxx/CVE-2024-55511.json b/2024/55xxx/CVE-2024-55511.json index c69aa5947a0..578c3bdbd84 100644 --- a/2024/55xxx/CVE-2024-55511.json +++ b/2024/55xxx/CVE-2024-55511.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55511", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55511", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://updates.macrium.com/reflect/v8/v8.1.8017/details8.1.8017.htm", + "url": "https://updates.macrium.com/reflect/v8/v8.1.8017/details8.1.8017.htm" } ] } diff --git a/2024/56xxx/CVE-2024-56144.json b/2024/56xxx/CVE-2024-56144.json index def985a3a1f..0f567d7630a 100644 --- a/2024/56xxx/CVE-2024-56144.json +++ b/2024/56xxx/CVE-2024-56144.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-56144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/security/advisories/GHSA-2f4w-6mc7-4w78", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/security/advisories/GHSA-2f4w-6mc7-4w78" + } + ] + }, + "source": { + "advisory": "GHSA-2f4w-6mc7-4w78", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/57xxx/CVE-2024-57703.json b/2024/57xxx/CVE-2024-57703.json index 97c6068f1a2..81d7f749c4c 100644 --- a/2024/57xxx/CVE-2024-57703.json +++ b/2024/57xxx/CVE-2024-57703.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57703", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57703", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Pr0b1em/IoT/blob/master/Tenda%20AC8v4%20V16.03.34.06.md", + "url": "https://github.com/Pr0b1em/IoT/blob/master/Tenda%20AC8v4%20V16.03.34.06.md" } ] } diff --git a/2024/57xxx/CVE-2024-57704.json b/2024/57xxx/CVE-2024-57704.json index 9b1d806c31e..dc1b605599d 100644 --- a/2024/57xxx/CVE-2024-57704.json +++ b/2024/57xxx/CVE-2024-57704.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Pr0b1em/IoT/blob/master/Tenda%20AC8v4%20V16.03.34.06.md", + "refsource": "MISC", + "name": "https://github.com/Pr0b1em/IoT/blob/master/Tenda%20AC8v4%20V16.03.34.06.md" } ] } diff --git a/2024/57xxx/CVE-2024-57784.json b/2024/57xxx/CVE-2024-57784.json index 35ddcc76d2f..c686df81287 100644 --- a/2024/57xxx/CVE-2024-57784.json +++ b/2024/57xxx/CVE-2024-57784.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57784", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57784", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/s4fv4n/8cc4e4cb6fd028e803898837b73aa342", + "url": "https://gist.github.com/s4fv4n/8cc4e4cb6fd028e803898837b73aa342" } ] } diff --git a/2024/57xxx/CVE-2024-57785.json b/2024/57xxx/CVE-2024-57785.json index e8fccba5cdf..132590ba768 100644 --- a/2024/57xxx/CVE-2024-57785.json +++ b/2024/57xxx/CVE-2024-57785.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57785", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57785", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30", + "url": "https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30" } ] } diff --git a/2025/23xxx/CVE-2025-23198.json b/2025/23xxx/CVE-2025-23198.json index 0e2b83be025..c8a9c9700cb 100644 --- a/2025/23xxx/CVE-2025-23198.json +++ b/2025/23xxx/CVE-2025-23198.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq" + } + ] + }, + "source": { + "advisory": "GHSA-pm8j-3v64-92cq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23199.json b/2025/23xxx/CVE-2025-23199.json index 0b2545fab85..a912ccefe40 100644 --- a/2025/23xxx/CVE-2025-23199.json +++ b/2025/23xxx/CVE-2025-23199.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7" + } + ] + }, + "source": { + "advisory": "GHSA-27vf-3g4f-6jp7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23200.json b/2025/23xxx/CVE-2025-23200.json index 83b6061c2e2..49d9f81b814 100644 --- a/2025/23xxx/CVE-2025-23200.json +++ b/2025/23xxx/CVE-2025-23200.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c66p-64fj-jmc2", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/security/advisories/GHSA-c66p-64fj-jmc2" + } + ] + }, + "source": { + "advisory": "GHSA-c66p-64fj-jmc2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23201.json b/2025/23xxx/CVE-2025-23201.json index 13b47af9fab..e168ff8217a 100644 --- a/2025/23xxx/CVE-2025-23201.json +++ b/2025/23xxx/CVE-2025-23201.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc" + } + ] + }, + "source": { + "advisory": "GHSA-g84x-g96g-rcjc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] }