From 76cd00fcfb72d21ce292784eca2e529a715d326a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 11 Feb 2025 22:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3180.json | 66 +++- 2023/20xxx/CVE-2023-20507.json | 357 +++++++++++++++++++- 2023/20xxx/CVE-2023-20515.json | 574 ++++++++++++++++++++++++++++++++- 2023/20xxx/CVE-2023-20581.json | 113 ++++++- 2023/20xxx/CVE-2023-20582.json | 114 ++++++- 2023/31xxx/CVE-2023-31331.json | 338 ++++++++++++++++++- 2024/11xxx/CVE-2024-11831.json | 32 +- 2024/32xxx/CVE-2024-32037.json | 95 +++++- 2024/51xxx/CVE-2024-51324.json | 56 +++- 2024/53xxx/CVE-2024-53996.json | 2 +- 2024/55xxx/CVE-2024-55062.json | 2 +- 2024/55xxx/CVE-2024-55212.json | 56 +++- 2024/57xxx/CVE-2024-57241.json | 56 +++- 2024/57xxx/CVE-2024-57686.json | 5 + 2024/57xxx/CVE-2024-57777.json | 56 +++- 2025/1xxx/CVE-2025-1240.json | 78 +++++ 2025/26xxx/CVE-2025-26509.json | 18 ++ 2025/26xxx/CVE-2025-26510.json | 18 ++ 2025/26xxx/CVE-2025-26511.json | 18 ++ 2025/26xxx/CVE-2025-26512.json | 18 ++ 2025/26xxx/CVE-2025-26513.json | 18 ++ 2025/26xxx/CVE-2025-26514.json | 18 ++ 2025/26xxx/CVE-2025-26515.json | 18 ++ 2025/26xxx/CVE-2025-26516.json | 18 ++ 2025/26xxx/CVE-2025-26517.json | 18 ++ 2025/26xxx/CVE-2025-26518.json | 18 ++ 26 files changed, 2120 insertions(+), 60 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1240.json create mode 100644 2025/26xxx/CVE-2025-26509.json create mode 100644 2025/26xxx/CVE-2025-26510.json create mode 100644 2025/26xxx/CVE-2025-26511.json create mode 100644 2025/26xxx/CVE-2025-26512.json create mode 100644 2025/26xxx/CVE-2025-26513.json create mode 100644 2025/26xxx/CVE-2025-26514.json create mode 100644 2025/26xxx/CVE-2025-26515.json create mode 100644 2025/26xxx/CVE-2025-26516.json create mode 100644 2025/26xxx/CVE-2025-26517.json create mode 100644 2025/26xxx/CVE-2025-26518.json diff --git a/2022/3xxx/CVE-2022-3180.json b/2022/3xxx/CVE-2022-3180.json index 66f39c87fc1..dc13d70d817 100644 --- a/2022/3xxx/CVE-2022-3180.json +++ b/2022/3xxx/CVE-2022-3180.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jack Hopman", + "product": { + "product_data": [ + { + "product_name": "WPGateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20507.json b/2023/20xxx/CVE-2023-20507.json index 3df0f4d63a9..67f452eece5 100644 --- a/2023/20xxx/CVE-2023-20507.json +++ b/2023/20xxx/CVE-2023-20507.json @@ -1,17 +1,366 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4V2 1.2.0.A" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.0.0.6" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4V2 1.2.0.A" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4V2 1.2.0.A" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.0.0.6" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RenoirPI-FP6 1.0.0.C" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "CezannePI-FP6 1.0.0.E" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "MendocinoPI-FT6 1.0.0.5" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RembrandtPI-FP7 1.0.0.8" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RembrandtPI-FP7 1.0.0.8" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Mobile Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "DragonRangeFL1 1.0.0.2b" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbAM4PI 1.0.0.5" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 7000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedAM5PI 1.0.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP6 1.0.0.8" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP7r2 1.0.0.6" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/20xxx/CVE-2023-20515.json b/2023/20xxx/CVE-2023-20515.json index e012b9a7625..9f056664220 100644 --- a/2023/20xxx/CVE-2023-20515.json +++ b/2023/20xxx/CVE-2023-20515.json @@ -1,17 +1,583 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.0.8.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + }, + { + "status": "unaffected", + "version": "ComboAM4PI 1.0.0.B" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.0.8.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "CastlePeakPI-SP3r3 1.0.0.C" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "CastlePeakWSPI-sWRX8 1.0.0.E" + }, + { + "status": "unaffected", + "version": "ChagallWSPI-sWRX8 1.0.0.9" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ChagallWSPI-sWRX8 1.0.0.7" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Pollock-FT5 1.0.0.7" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Picasso-FP5 1.0.1.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RenoirPI-FP6 1.0.0.D" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Cezanne-FP6 1.0.1.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "MendocinoPI-FT6 1.0.0.6" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RembrandtPI-FP7 1.0.0.9b" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RembrandtPI-FP7 1.0.0.9b" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "PhoenixPI-FP8-FP7 1.0.8.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Mobile Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "DragonRangeFL1PI 1.0.0.3b" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP5 1.2.0.C" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedR2KPI-FP5 1.0.0.3" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbAM4PI 1.0.0.5" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 7000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedAM5PI 1.0.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP6 1.0.0.9" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "No Fix Planned" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Embedded-PIFP7r2 1.0.0.8" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/20xxx/CVE-2023-20581.json b/2023/20xxx/CVE-2023-20581.json index 642497de9bf..8a21c848d9d 100644 --- a/2023/20xxx/CVE-2023-20581.json +++ b/2023/20xxx/CVE-2023-20581.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD EPYC\u2122 9004 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "GenoaPI 1.0.0.C" + }, + { + "status": "unaffected", + "version": "SEV FW1.55.36" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 9004", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbGenoaPI-SP5 1.0.0.7" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/20xxx/CVE-2023-20582.json b/2023/20xxx/CVE-2023-20582.json index 2c3a549f79c..5f40e4987ef 100644 --- a/2023/20xxx/CVE-2023-20582.json +++ b/2023/20xxx/CVE-2023-20582.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD EPYC\u2122 9004 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "GenoaPI 1.0.0.C" + }, + { + "status": "unaffected", + "version": "SEV FW1.55.36" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 9004", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbGenoaPI-SP5 1.0.0.7" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31331.json b/2023/31xxx/CVE-2023-31331.json index a8513249f06..62820432097 100644 --- a/2023/31xxx/CVE-2023-31331.json +++ b/2023/31xxx/CVE-2023-31331.json @@ -1,17 +1,347 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.1.0.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.CA" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.1.0.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "RenoirPI-FP6 1.0.0.D" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Cezanne-FP6 1.0.1.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Rembrandt-FP7 1.0.0.A" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Rembrandt-FP7 1.0.0.A" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "PhoenixPI-FP8-FP7 1.1.0.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "PhoenixPI-FP8-FP7 1.1.0.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Mobile Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "DragonRangeFL1PI 1.0.0.3C" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 7000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedAM5PI 1.0.0.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP6 1.0.0.9" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "Embedded-PI FP7r2 1.0.0.9" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11831.json b/2024/11xxx/CVE-2024-11831.json index a23f390a09f..40e01715e2c 100644 --- a/2024/11xxx/CVE-2024-11831.json +++ b/2024/11xxx/CVE-2024-11831.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Advanced Cluster Security 4.5", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.6-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Cryostat 3", "version": { @@ -218,12 +239,6 @@ "defaultStatus": "unaffected" } }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -813,6 +828,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:1334", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:1334" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-11831", "refsource": "MISC", diff --git a/2024/32xxx/CVE-2024-32037.json b/2024/32xxx/CVE-2024-32037.json index dd10af6d343..93496ff0eb1 100644 --- a/2024/32xxx/CVE-2024-32037.json +++ b/2024/32xxx/CVE-2024-32037.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "geonetwork", + "product": { + "product_data": [ + { + "product_name": "core-geonetwork", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.2.10" + }, + { + "version_affected": "=", + "version_value": ">= 4.4.0, < 4.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33", + "refsource": "MISC", + "name": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33" + }, + { + "url": "https://docs.geonetwork-opensource.org/4.4/api/search", + "refsource": "MISC", + "name": "https://docs.geonetwork-opensource.org/4.4/api/search" + }, + { + "url": "https://github.com/geonetwork/core-geonetwork/releases/tag/4.2.10", + "refsource": "MISC", + "name": "https://github.com/geonetwork/core-geonetwork/releases/tag/4.2.10" + }, + { + "url": "https://github.com/geonetwork/core-geonetwork/releases/tag/4.4.5", + "refsource": "MISC", + "name": "https://github.com/geonetwork/core-geonetwork/releases/tag/4.4.5" + } + ] + }, + "source": { + "advisory": "GHSA-52rf-25hq-5m33", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 0, + "baseSeverity": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51324.json b/2024/51xxx/CVE-2024-51324.json index 239bc04e0a1..dbdadcc23f5 100644 --- a/2024/51xxx/CVE-2024-51324.json +++ b/2024/51xxx/CVE-2024-51324.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51324", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51324", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/magicsword-io/LOLDrivers/issues/204", + "url": "https://github.com/magicsword-io/LOLDrivers/issues/204" } ] } diff --git a/2024/53xxx/CVE-2024-53996.json b/2024/53xxx/CVE-2024-53996.json index 8fbb4d6f796..0f5ac6a00e8 100644 --- a/2024/53xxx/CVE-2024-53996.json +++ b/2024/53xxx/CVE-2024-53996.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** Unused spare CVE" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. Notes: none." } ] } diff --git a/2024/55xxx/CVE-2024-55062.json b/2024/55xxx/CVE-2024-55062.json index 66062d53002..04ade6439a2 100644 --- a/2024/55xxx/CVE-2024-55062.json +++ b/2024/55xxx/CVE-2024-55062.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command injection." + "value": "Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/." } ] }, diff --git a/2024/55xxx/CVE-2024-55212.json b/2024/55xxx/CVE-2024-55212.json index 514039eca61..adc7f52d5fc 100644 --- a/2024/55xxx/CVE-2024-55212.json +++ b/2024/55xxx/CVE-2024-55212.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.invokesec.com/2025/01/13/a-real-world-example-of-blind-sqli/", + "url": "https://www.invokesec.com/2025/01/13/a-real-world-example-of-blind-sqli/" } ] } diff --git a/2024/57xxx/CVE-2024-57241.json b/2024/57xxx/CVE-2024-57241.json index 8390d177bb4..35498ecc578 100644 --- a/2024/57xxx/CVE-2024-57241.json +++ b/2024/57xxx/CVE-2024-57241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/woshidaheike/dedecms-url-redirection", + "url": "https://github.com/woshidaheike/dedecms-url-redirection" } ] } diff --git a/2024/57xxx/CVE-2024-57686.json b/2024/57xxx/CVE-2024-57686.json index e883314c1db..5cf2765093e 100644 --- a/2024/57xxx/CVE-2024-57686.json +++ b/2024/57xxx/CVE-2024-57686.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/lhRaMk7/notebook/blob/main/phar_rce", + "url": "https://github.com/lhRaMk7/notebook/blob/main/phar_rce" + }, { "url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/Reflected%20Cross%20Site%20Scripting.pdf", "refsource": "MISC", diff --git a/2024/57xxx/CVE-2024-57777.json b/2024/57xxx/CVE-2024-57777.json index be893ac36df..d9d6db79d79 100644 --- a/2024/57xxx/CVE-2024-57777.json +++ b/2024/57xxx/CVE-2024-57777.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57777", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57777", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ffay/lanproxy/issues/192", + "refsource": "MISC", + "name": "https://github.com/ffay/lanproxy/issues/192" } ] } diff --git a/2025/1xxx/CVE-2025-1240.json b/2025/1xxx/CVE-2025-1240.json new file mode 100644 index 00000000000..8ee3c01f332 --- /dev/null +++ b/2025/1xxx/CVE-2025-1240.json @@ -0,0 +1,78 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-1240", + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WinZip Computing", + "product": { + "product_data": [ + { + "product_name": "WinZip", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "28.0 16022" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-047/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-047/" + } + ] + }, + "source": { + "lang": "en", + "value": "Anonymous" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26509.json b/2025/26xxx/CVE-2025-26509.json new file mode 100644 index 00000000000..c6f87550aef --- /dev/null +++ b/2025/26xxx/CVE-2025-26509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26510.json b/2025/26xxx/CVE-2025-26510.json new file mode 100644 index 00000000000..686c37f6685 --- /dev/null +++ b/2025/26xxx/CVE-2025-26510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26511.json b/2025/26xxx/CVE-2025-26511.json new file mode 100644 index 00000000000..76660340c5b --- /dev/null +++ b/2025/26xxx/CVE-2025-26511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26512.json b/2025/26xxx/CVE-2025-26512.json new file mode 100644 index 00000000000..96b484a43fb --- /dev/null +++ b/2025/26xxx/CVE-2025-26512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26513.json b/2025/26xxx/CVE-2025-26513.json new file mode 100644 index 00000000000..bc02a519c3f --- /dev/null +++ b/2025/26xxx/CVE-2025-26513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26514.json b/2025/26xxx/CVE-2025-26514.json new file mode 100644 index 00000000000..ae21dd4af4e --- /dev/null +++ b/2025/26xxx/CVE-2025-26514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26515.json b/2025/26xxx/CVE-2025-26515.json new file mode 100644 index 00000000000..b59b9d1ef71 --- /dev/null +++ b/2025/26xxx/CVE-2025-26515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26516.json b/2025/26xxx/CVE-2025-26516.json new file mode 100644 index 00000000000..96a53ac5f4e --- /dev/null +++ b/2025/26xxx/CVE-2025-26516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26517.json b/2025/26xxx/CVE-2025-26517.json new file mode 100644 index 00000000000..4e4d1de907d --- /dev/null +++ b/2025/26xxx/CVE-2025-26517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26518.json b/2025/26xxx/CVE-2025-26518.json new file mode 100644 index 00000000000..8ab36c70c3b --- /dev/null +++ b/2025/26xxx/CVE-2025-26518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file