From 6538bffe410eaa69bcd24b8927cd503ae3ef3212 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Mar 2025 14:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/39xxx/CVE-2022-39163.json | 90 +++++++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45351.json | 78 +++++++++++++++++++++++++-- 2025/23xxx/CVE-2025-23203.json | 99 ++++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2813.json | 18 +++++++ 2025/2xxx/CVE-2025-2814.json | 18 +++++++ 5 files changed, 291 insertions(+), 12 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2813.json create mode 100644 2025/2xxx/CVE-2025-2814.json diff --git a/2022/39xxx/CVE-2022-39163.json b/2022/39xxx/CVE-2022-39163.json index 4b9fb1674a3..99402b697e3 100644 --- a/2022/39xxx/CVE-2022-39163.json +++ b/2022/39xxx/CVE-2022-39163.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + "cweId": "CWE-444" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.0.0", + "version_value": "11.0.1" + } + ] + } + }, + { + "product_name": "Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7192746", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7192746" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45351.json b/2024/45xxx/CVE-2024-45351.json index ec09a5fc630..e727ab419ee 100644 --- a/2024/45xxx/CVE-2024-45351.json +++ b/2024/45xxx/CVE-2024-45351.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@xiaomi.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xiaomi", + "product": { + "product_data": [ + { + "product_name": "Game center application", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Game center application 13.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=549", + "refsource": "MISC", + "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=549" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23203.json b/2025/23xxx/CVE-2025-23203.json index 1d1222ae357..3ae7e3135de 100644 --- a/2025/23xxx/CVE-2025-23203.json +++ b/2025/23xxx/CVE-2025-23203.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Icinga", + "product": { + "product_data": [ + { + "product_name": "icingaweb2-module-director", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 1.10.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.11.0, < 1.11.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3233-ggc5-m3qg", + "refsource": "MISC", + "name": "https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3233-ggc5-m3qg" + }, + { + "url": "https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.10.3", + "refsource": "MISC", + "name": "https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.10.3" + }, + { + "url": "https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.11.3", + "refsource": "MISC", + "name": "https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.11.3" + } + ] + }, + "source": { + "advisory": "GHSA-3233-ggc5-m3qg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2813.json b/2025/2xxx/CVE-2025-2813.json new file mode 100644 index 00000000000..ea5d5c1d5e7 --- /dev/null +++ b/2025/2xxx/CVE-2025-2813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2814.json b/2025/2xxx/CVE-2025-2814.json new file mode 100644 index 00000000000..c0fd5c502fa --- /dev/null +++ b/2025/2xxx/CVE-2025-2814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file