From 72c2834a6ceb8673c8b91c76d1ce0dab429544f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Jan 2025 18:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/43xxx/CVE-2024-43716.json | 2 +- 2024/43xxx/CVE-2024-43717.json | 2 +- 2024/43xxx/CVE-2024-43729.json | 2 +- 2024/43xxx/CVE-2024-43731.json | 2 +- 2024/43xxx/CVE-2024-43755.json | 2 +- 2024/44xxx/CVE-2024-44450.json | 56 ++++++++++++++-- 2024/54xxx/CVE-2024-54006.json | 79 +++++++++++++++++++++-- 2024/54xxx/CVE-2024-54007.json | 85 ++++++++++++++++++++++-- 2024/55xxx/CVE-2024-55410.json | 61 ++++++++++++++++-- 2024/55xxx/CVE-2024-55411.json | 61 ++++++++++++++++-- 2024/55xxx/CVE-2024-55412.json | 61 ++++++++++++++++-- 2024/55xxx/CVE-2024-55413.json | 61 ++++++++++++++++-- 2024/55xxx/CVE-2024-55414.json | 61 ++++++++++++++++-- 2025/0xxx/CVE-2025-0300.json | 114 +++++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0311.json | 18 ++++++ 2025/0xxx/CVE-2025-0312.json | 18 ++++++ 16 files changed, 632 insertions(+), 53 deletions(-) create mode 100644 2025/0xxx/CVE-2025-0311.json create mode 100644 2025/0xxx/CVE-2025-0312.json diff --git a/2024/43xxx/CVE-2024-43716.json b/2024/43xxx/CVE-2024-43716.json index 67c1b46b615..5ca972da361 100644 --- a/2024/43xxx/CVE-2024-43716.json +++ b/2024/43xxx/CVE-2024-43716.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2024/43xxx/CVE-2024-43717.json b/2024/43xxx/CVE-2024-43717.json index 263fe09677b..889b9517028 100644 --- a/2024/43xxx/CVE-2024-43717.json +++ b/2024/43xxx/CVE-2024-43717.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2024/43xxx/CVE-2024-43729.json b/2024/43xxx/CVE-2024-43729.json index 921d43cd6a4..d3d556c45c1 100644 --- a/2024/43xxx/CVE-2024-43729.json +++ b/2024/43xxx/CVE-2024-43729.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2024/43xxx/CVE-2024-43731.json b/2024/43xxx/CVE-2024-43731.json index b65ffa157af..f376bc8627e 100644 --- a/2024/43xxx/CVE-2024-43731.json +++ b/2024/43xxx/CVE-2024-43731.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2024/43xxx/CVE-2024-43755.json b/2024/43xxx/CVE-2024-43755.json index b98ae805766..c245531f2ef 100644 --- a/2024/43xxx/CVE-2024-43755.json +++ b/2024/43xxx/CVE-2024-43755.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction." } ] }, diff --git a/2024/44xxx/CVE-2024-44450.json b/2024/44xxx/CVE-2024-44450.json index 15add4997da..c9c682f401e 100644 --- a/2024/44xxx/CVE-2024-44450.json +++ b/2024/44xxx/CVE-2024-44450.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44450", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44450", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/BottleOfScotch/85e4c6e1d90060ddebd80b8384d59346", + "url": "https://gist.github.com/BottleOfScotch/85e4c6e1d90060ddebd80b8384d59346" } ] } diff --git a/2024/54xxx/CVE-2024-54006.json b/2024/54xxx/CVE-2024-54006.json index dc8471d4fee..1a055182574 100644 --- a/2024/54xxx/CVE-2024-54006.json +++ b/2024/54xxx/CVE-2024-54006.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Networking 501 Wireless Client Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V2.0.0.0", + "version_value": "V2.1.1.0-B0030" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "hpesbnw04763", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/54xxx/CVE-2024-54007.json b/2024/54xxx/CVE-2024-54007.json index 0ac8633a0d4..4ae38f69e21 100644 --- a/2024/54xxx/CVE-2024-54007.json +++ b/2024/54xxx/CVE-2024-54007.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Networking 501 Wireless Client Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V2.0.0.0", + "version_value": "V2.1.1.0-B0030" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "hpesbnw04763", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nicholas Starke (HPE Aruba Networking SIRT)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/55xxx/CVE-2024-55410.json b/2024/55xxx/CVE-2024-55410.json index d9c0434f6fe..0baa9900064 100644 --- a/2024/55xxx/CVE-2024-55410.json +++ b/2024/55xxx/CVE-2024-55410.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55410", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55410", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of Asus GPU Tweak II Program Driver v1.0.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://asus.com", + "refsource": "MISC", + "name": "http://asus.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55410/CVE-2024-55410_690b33e1-0462-4e84-9bea-c7552b45432a.sys_README.md", + "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55410/CVE-2024-55410_690b33e1-0462-4e84-9bea-c7552b45432a.sys_README.md" } ] } diff --git a/2024/55xxx/CVE-2024-55411.json b/2024/55xxx/CVE-2024-55411.json index f97c05c36ce..b0ae30623dd 100644 --- a/2024/55xxx/CVE-2024-55411.json +++ b/2024/55xxx/CVE-2024-55411.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sunix.com/tw/", + "refsource": "MISC", + "name": "https://www.sunix.com/tw/" + }, + { + "refsource": "MISC", + "name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55411/CVE-2024-55411_snxpcamd.sys_README.md", + "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55411/CVE-2024-55411_snxpcamd.sys_README.md" } ] } diff --git a/2024/55xxx/CVE-2024-55412.json b/2024/55xxx/CVE-2024-55412.json index 38ea1be17ee..f1ee57ec761 100644 --- a/2024/55xxx/CVE-2024-55412.json +++ b/2024/55xxx/CVE-2024-55412.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sunix.com/tw/", + "refsource": "MISC", + "name": "https://www.sunix.com/tw/" + }, + { + "refsource": "MISC", + "name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55412/CVE-2024-55412_snxpsamd.sys_README.md", + "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55412/CVE-2024-55412_snxpsamd.sys_README.md" } ] } diff --git a/2024/55xxx/CVE-2024-55413.json b/2024/55xxx/CVE-2024-55413.json index e52e7ae1bf5..e69a7149d74 100644 --- a/2024/55xxx/CVE-2024-55413.json +++ b/2024/55xxx/CVE-2024-55413.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sunix.com/tw/", + "refsource": "MISC", + "name": "https://www.sunix.com/tw/" + }, + { + "refsource": "MISC", + "name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55413/CVE-2024-55413_snxppamd.sys_README.md", + "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55413/CVE-2024-55413_snxppamd.sys_README.md" } ] } diff --git a/2024/55xxx/CVE-2024-55414.json b/2024/55xxx/CVE-2024-55414.json index 7918d093198..f10e249b1a1 100644 --- a/2024/55xxx/CVE-2024-55414.json +++ b/2024/55xxx/CVE-2024-55414.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://us.motorola.com/", + "refsource": "MISC", + "name": "https://us.motorola.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md", + "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md" } ] } diff --git a/2025/0xxx/CVE-2025-0300.json b/2025/0xxx/CVE-2025-0300.json index 035ddc6ef46..fed459af66c 100644 --- a/2025/0xxx/CVE-2025-0300.json +++ b/2025/0xxx/CVE-2025-0300.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0300", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In code-projects Online Book Shop 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /subcat.php. Mittels dem Manipulieren des Arguments cat mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book Shop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290449", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290449" + }, + { + "url": "https://vuldb.com/?ctiid.290449", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290449" + }, + { + "url": "https://vuldb.com/?submit.475286", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.475286" + }, + { + "url": "https://gist.github.com/th4s1s/21abb650b4b70fe8392d8449445703f7", + "refsource": "MISC", + "name": "https://gist.github.com/th4s1s/21abb650b4b70fe8392d8449445703f7" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lio346 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0311.json b/2025/0xxx/CVE-2025-0311.json new file mode 100644 index 00000000000..af9f5836155 --- /dev/null +++ b/2025/0xxx/CVE-2025-0311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0312.json b/2025/0xxx/CVE-2025-0312.json new file mode 100644 index 00000000000..6caa6952206 --- /dev/null +++ b/2025/0xxx/CVE-2025-0312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file