diff --git a/2024/58xxx/CVE-2024-58106.json b/2024/58xxx/CVE-2024-58106.json index 86193ac33d6..43e19bc323a 100644 --- a/2024/58xxx/CVE-2024-58106.json +++ b/2024/58xxx/CVE-2024-58106.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the codec module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58107.json b/2024/58xxx/CVE-2024-58107.json index 2a9187a9950..0df5a0a297a 100644 --- a/2024/58xxx/CVE-2024-58107.json +++ b/2024/58xxx/CVE-2024-58107.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the codec module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-680 Integer Overflow to Buffer Overflow", + "cweId": "CWE-680" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58108.json b/2024/58xxx/CVE-2024-58108.json index 82690b734f7..e54b575fcc3 100644 --- a/2024/58xxx/CVE-2024-58108.json +++ b/2024/58xxx/CVE-2024-58108.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the codec module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58109.json b/2024/58xxx/CVE-2024-58109.json index 3f3a2ac7d31..1f5b0d85df0 100644 --- a/2024/58xxx/CVE-2024-58109.json +++ b/2024/58xxx/CVE-2024-58109.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the codec module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58110.json b/2024/58xxx/CVE-2024-58110.json index a4cc32f04dc..5bf6175128f 100644 --- a/2024/58xxx/CVE-2024-58110.json +++ b/2024/58xxx/CVE-2024-58110.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the codec module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58111.json b/2024/58xxx/CVE-2024-58111.json index a79629fa8b9..ab66625d4ac 100644 --- a/2024/58xxx/CVE-2024-58111.json +++ b/2024/58xxx/CVE-2024-58111.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248 Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58112.json b/2024/58xxx/CVE-2024-58112.json index 55e83b82d03..26882da8fbf 100644 --- a/2024/58xxx/CVE-2024-58112.json +++ b/2024/58xxx/CVE-2024-58112.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248 Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58113.json b/2024/58xxx/CVE-2024-58113.json index 42a178b3479..c590f2171f4 100644 --- a/2024/58xxx/CVE-2024-58113.json +++ b/2024/58xxx/CVE-2024-58113.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of improper resource management in the memory management module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399 Resource Management Errors", + "cweId": "CWE-399" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58115.json b/2024/58xxx/CVE-2024-58115.json index 2a488786153..27c5f8ea827 100644 --- a/2024/58xxx/CVE-2024-58115.json +++ b/2024/58xxx/CVE-2024-58115.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58116.json b/2024/58xxx/CVE-2024-58116.json index 6d4f094d551..2b08fda6358 100644 --- a/2024/58xxx/CVE-2024-58116.json +++ b/2024/58xxx/CVE-2024-58116.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58124.json b/2024/58xxx/CVE-2024-58124.json index 36f72ee8b56..6d4bc5f0d37 100644 --- a/2024/58xxx/CVE-2024-58124.json +++ b/2024/58xxx/CVE-2024-58124.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Access control vulnerability in the security verification module\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58125.json b/2024/58xxx/CVE-2024-58125.json index eea112fa701..2044eb2f5e1 100644 --- a/2024/58xxx/CVE-2024-58125.json +++ b/2024/58xxx/CVE-2024-58125.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Access control vulnerability in the security verification module\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58126.json b/2024/58xxx/CVE-2024-58126.json index 02ee17c33b3..96851ea2338 100644 --- a/2024/58xxx/CVE-2024-58126.json +++ b/2024/58xxx/CVE-2024-58126.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Access control vulnerability in the security verification module\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/58xxx/CVE-2024-58127.json b/2024/58xxx/CVE-2024-58127.json index 629299cca4f..3decbde1253 100644 --- a/2024/58xxx/CVE-2024-58127.json +++ b/2024/58xxx/CVE-2024-58127.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Access control vulnerability in the security verification module\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/20xxx/CVE-2025-20654.json b/2025/20xxx/CVE-2025-20654.json index 9f0f1f2ebc0..7ee9416ffe8 100644 --- a/2025/20xxx/CVE-2025-20654.json +++ b/2025/20xxx/CVE-2025-20654.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6890, MT7622, MT7915, MT7916, MT7981, MT7986", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SDK version 7.4.0.1 and before (for MT7622 and MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02 (for MT6890)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20655.json b/2025/20xxx/CVE-2025-20655.json index 90555c4dccd..ee98bbb7b5e 100644 --- a/2025/20xxx/CVE-2025-20655.json +++ b/2025/20xxx/CVE-2025-20655.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT9972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20656.json b/2025/20xxx/CVE-2025-20656.json index f04603b8ee6..55246ca4a83 100644 --- a/2025/20xxx/CVE-2025-20656.json +++ b/2025/20xxx/CVE-2025-20656.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6895, MT6897, MT6983, MT6985, MT6989, MT6990, MT8196, MT8370, MT8390", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20657.json b/2025/20xxx/CVE-2025-20657.json index f2b2c62bcee..bd575f52559 100644 --- a/2025/20xxx/CVE-2025-20657.json +++ b/2025/20xxx/CVE-2025-20657.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6877, MT6885, MT8768, MT8771, MT8781, MT8786, MT8791T", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20658.json b/2025/20xxx/CVE-2025-20658.json index 34ab29a3d76..2a8c5251411 100644 --- a/2025/20xxx/CVE-2025-20658.json +++ b/2025/20xxx/CVE-2025-20658.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2718, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6895, MT6897, MT6983, MT6985, MT6989, MT8196, MT8673, MT8676, MT8678, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0, 15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20659.json b/2025/20xxx/CVE-2025-20659.json index ef6882b6172..ee70ea0d90c 100644 --- a/2025/20xxx/CVE-2025-20659.json +++ b/2025/20xxx/CVE-2025-20659.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798, MT8863", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem LR12A, LR13, NR15, NR16, NR17, NR17R" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20660.json b/2025/20xxx/CVE-2025-20660.json index df3c816c95a..38d41b47244 100644 --- a/2025/20xxx/CVE-2025-20660.json +++ b/2025/20xxx/CVE-2025-20660.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT9972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20661.json b/2025/20xxx/CVE-2025-20661.json index 0224af1fd3d..3aa71bed0d6 100644 --- a/2025/20xxx/CVE-2025-20661.json +++ b/2025/20xxx/CVE-2025-20661.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT9972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20662.json b/2025/20xxx/CVE-2025-20662.json index 1798a6d8fa2..0aa4f29ffee 100644 --- a/2025/20xxx/CVE-2025-20662.json +++ b/2025/20xxx/CVE-2025-20662.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT9972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20663.json b/2025/20xxx/CVE-2025-20663.json index a88c20b5394..98426fd0f65 100644 --- a/2025/20xxx/CVE-2025-20663.json +++ b/2025/20xxx/CVE-2025-20663.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248 Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7915, MT7916, MT7981, MT7986", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and before" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/20xxx/CVE-2025-20664.json b/2025/20xxx/CVE-2025-20664.json index f1e51e4cd9d..f04db9a8281 100644 --- a/2025/20xxx/CVE-2025-20664.json +++ b/2025/20xxx/CVE-2025-20664.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248 Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7915, MT7916, MT7981, MT7986, MT7990, MT7992", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and 8.2.1.4 (MT799X) and before" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/April-2025", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/April-2025" } ] } diff --git a/2025/31xxx/CVE-2025-31170.json b/2025/31xxx/CVE-2025-31170.json index 870a3da6e2a..50472aab114 100644 --- a/2025/31xxx/CVE-2025-31170.json +++ b/2025/31xxx/CVE-2025-31170.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Access control vulnerability in the security verification module\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + }, + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31171.json b/2025/31xxx/CVE-2025-31171.json index 76592f21c8b..eccec03d799 100644 --- a/2025/31xxx/CVE-2025-31171.json +++ b/2025/31xxx/CVE-2025-31171.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File read permission bypass vulnerability in the kernel file system module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31172.json b/2025/31xxx/CVE-2025-31172.json index 77a0e453981..0b9ed4cd4a0 100644 --- a/2025/31xxx/CVE-2025-31172.json +++ b/2025/31xxx/CVE-2025-31172.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory write permission bypass vulnerability in the kernel futex module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31173.json b/2025/31xxx/CVE-2025-31173.json index 294fffa188d..28ae2a08447 100644 --- a/2025/31xxx/CVE-2025-31173.json +++ b/2025/31xxx/CVE-2025-31173.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory write permission bypass vulnerability in the kernel futex module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31174.json b/2025/31xxx/CVE-2025-31174.json index ccd978be568..bc5e1a585d3 100644 --- a/2025/31xxx/CVE-2025-31174.json +++ b/2025/31xxx/CVE-2025-31174.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path traversal vulnerability in the DFS module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31175.json b/2025/31xxx/CVE-2025-31175.json index 0068c96c3d9..c985082d89a 100644 --- a/2025/31xxx/CVE-2025-31175.json +++ b/2025/31xxx/CVE-2025-31175.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization mismatch vulnerability in the DSoftBus module\nImpact: Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.0" + }, + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2025/4/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3333.json b/2025/3xxx/CVE-2025-3333.json index bef11912dd7..7f6d2dd3bb2 100644 --- a/2025/3xxx/CVE-2025-3333.json +++ b/2025/3xxx/CVE-2025-3333.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menu_update.php. The manipulation of the argument menu leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In codeprojects Online Restaurant Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/menu_update.php. Mit der Manipulation des Arguments menu mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codeprojects", + "product": { + "product_data": [ + { + "product_name": "Online Restaurant Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303547", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303547" + }, + { + "url": "https://vuldb.com/?ctiid.303547", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303547" + }, + { + "url": "https://vuldb.com/?submit.551907", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.551907" + }, + { + "url": "https://github.com/p1026/CVE/issues/47", + "refsource": "MISC", + "name": "https://github.com/p1026/CVE/issues/47" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "p_key (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3334.json b/2025/3xxx/CVE-2025-3334.json index 2a41b94806b..3d66d0dc3b7 100644 --- a/2025/3xxx/CVE-2025-3334.json +++ b/2025/3xxx/CVE-2025-3334.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/category_save.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in codeprojects Online Restaurant Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/category_save.php. Durch die Manipulation des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codeprojects", + "product": { + "product_data": [ + { + "product_name": "Online Restaurant Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303548", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303548" + }, + { + "url": "https://vuldb.com/?ctiid.303548", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303548" + }, + { + "url": "https://vuldb.com/?submit.551908", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.551908" + }, + { + "url": "https://github.com/p1026/CVE/issues/48", + "refsource": "MISC", + "name": "https://github.com/p1026/CVE/issues/48" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "p_key (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3361.json b/2025/3xxx/CVE-2025-3361.json new file mode 100644 index 00000000000..208a5773812 --- /dev/null +++ b/2025/3xxx/CVE-2025-3361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3362.json b/2025/3xxx/CVE-2025-3362.json new file mode 100644 index 00000000000..1e5c99ffc50 --- /dev/null +++ b/2025/3xxx/CVE-2025-3362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3363.json b/2025/3xxx/CVE-2025-3363.json new file mode 100644 index 00000000000..50ea686b316 --- /dev/null +++ b/2025/3xxx/CVE-2025-3363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3364.json b/2025/3xxx/CVE-2025-3364.json new file mode 100644 index 00000000000..bc35fd7ff49 --- /dev/null +++ b/2025/3xxx/CVE-2025-3364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file