From 81e9c3b36e9499c2a8f25f03d047f74a93ade614 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Mar 2025 19:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/57xxx/CVE-2024-57348.json | 2 +- 2025/25xxx/CVE-2025-25363.json | 61 +++++++++++++++++-- 2025/2xxx/CVE-2025-2229.json | 104 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2230.json | 104 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2293.json | 18 ++++++ 2025/2xxx/CVE-2025-2294.json | 18 ++++++ 2025/2xxx/CVE-2025-2295.json | 18 ++++++ 2025/2xxx/CVE-2025-2296.json | 18 ++++++ 2025/30xxx/CVE-2025-30009.json | 18 ++++++ 2025/30xxx/CVE-2025-30010.json | 18 ++++++ 2025/30xxx/CVE-2025-30011.json | 18 ++++++ 2025/30xxx/CVE-2025-30012.json | 18 ++++++ 2025/30xxx/CVE-2025-30013.json | 18 ++++++ 2025/30xxx/CVE-2025-30014.json | 18 ++++++ 2025/30xxx/CVE-2025-30015.json | 18 ++++++ 2025/30xxx/CVE-2025-30016.json | 18 ++++++ 2025/30xxx/CVE-2025-30017.json | 18 ++++++ 2025/30xxx/CVE-2025-30018.json | 18 ++++++ 18 files changed, 508 insertions(+), 15 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2293.json create mode 100644 2025/2xxx/CVE-2025-2294.json create mode 100644 2025/2xxx/CVE-2025-2295.json create mode 100644 2025/2xxx/CVE-2025-2296.json create mode 100644 2025/30xxx/CVE-2025-30009.json create mode 100644 2025/30xxx/CVE-2025-30010.json create mode 100644 2025/30xxx/CVE-2025-30011.json create mode 100644 2025/30xxx/CVE-2025-30012.json create mode 100644 2025/30xxx/CVE-2025-30013.json create mode 100644 2025/30xxx/CVE-2025-30014.json create mode 100644 2025/30xxx/CVE-2025-30015.json create mode 100644 2025/30xxx/CVE-2025-30016.json create mode 100644 2025/30xxx/CVE-2025-30017.json create mode 100644 2025/30xxx/CVE-2025-30018.json diff --git a/2024/57xxx/CVE-2024-57348.json b/2024/57xxx/CVE-2024-57348.json index 83c1b90d984..1329c980268 100644 --- a/2024/57xxx/CVE-2024-57348.json +++ b/2024/57xxx/CVE-2024-57348.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross Site Scripting vulnerability in PecanProject pecan v.1.7.2 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters." + "value": "Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters." } ] }, diff --git a/2025/25xxx/CVE-2025-25363.json b/2025/25xxx/CVE-2025-25363.json index 3d3aa039ebb..46683c3d38a 100644 --- a/2025/25xxx/CVE-2025-25363.json +++ b/2025/25xxx/CVE-2025-25363.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25363", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25363", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh/version-history?versionHistoryHosting=dataCenter", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh/version-history?versionHistoryHosting=dataCenter" + }, + { + "refsource": "MISC", + "name": "https://github.com/florkie/CVE/blob/main/CVE-2025-25363.md", + "url": "https://github.com/florkie/CVE/blob/main/CVE-2025-25363.md" } ] } diff --git a/2025/2xxx/CVE-2025-2229.json b/2025/2xxx/CVE-2025-2229.json index 6650be71ef0..fe9c3774459 100644 --- a/2025/2xxx/CVE-2025-2229.json +++ b/2025/2xxx/CVE-2025-2229.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2229", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A token is created using the username, current date/time, and a fixed \nAES-128 encryption key, which is the same across all installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1391", + "cweId": "CWE-1391" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Philips", + "product": { + "product_data": [ + { + "product_name": "Intellispace Cardiovascular (ISCV)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01" + }, + { + "url": "https://www.philips.com/a-w/security/security-advisories.html", + "refsource": "MISC", + "name": "https://www.philips.com/a-w/security/security-advisories.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSMA-25-072-01", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Philips recommends the following mitigations:

\n\n

Refer to the Philips advisoryfor more details.\n\n

" + } + ], + "value": "Philips recommends the following mitigations:\n\n\n\n * Resolved in ISCV 5.2, which was released in September 2020.\n\n\n * Philips recommends users upgrade ISCV installed base to the latest \nISCV version (at the time of this publication is 830089 \u2013 IntelliSpace \nCardiovacular 8.0.0.0)\n\n * Please contact a local Philips sales (service) representative to learn how to engage this upgrade process.\n\n * For managed services users, new releases will be made available upon\n resource availability. Releases are subject to country-specific \nregulations.\n\n\n\n\nRefer to the Philips advisory https://www.philips.com/a-w/security/security-advisories.html for more details." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joe Dillon reported these vulnerabilities to Philips." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2230.json b/2025/2xxx/CVE-2025-2230.json index 9e4eddd438c..05520264787 100644 --- a/2025/2xxx/CVE-2025-2230.json +++ b/2025/2xxx/CVE-2025-2230.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw exists in the Windows login flow where an AuthContext token can \nbe exploited for replay attacks and authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Philips", + "product": { + "product_data": [ + { + "product_name": "Intellispace Cardiovascular (ISCV)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01" + }, + { + "url": "https://www.philips.com/a-w/security/security-advisories.html", + "refsource": "MISC", + "name": "https://www.philips.com/a-w/security/security-advisories.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSMA-25-072-01", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Philips recommends the following mitigations:

\n\n

Refer to the Philips advisoryfor more details.\n\n

" + } + ], + "value": "Philips recommends the following mitigations:\n\n\n\n * CVE-2025-2230: Resolved in ISCV 4.2 build 20589, which was released in May 2019.\n\n\n * Philips recommends users upgrade ISCV installed base to the latest \nISCV version (at the time of this publication is 830089 \u2013 IntelliSpace \nCardiovacular 8.0.0.0)\n\n * Please contact a local Philips sales (service) representative to learn how to engage this upgrade process.\n\n * For managed services users, new releases will be made available upon\n resource availability. Releases are subject to country-specific \nregulations.\n\n\n\n\nRefer to the Philips advisory https://www.philips.com/a-w/security/security-advisories.html for more details." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joe Dillon reported these vulnerabilities to Philips." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2293.json b/2025/2xxx/CVE-2025-2293.json new file mode 100644 index 00000000000..c7783f66504 --- /dev/null +++ b/2025/2xxx/CVE-2025-2293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2294.json b/2025/2xxx/CVE-2025-2294.json new file mode 100644 index 00000000000..cf5f6a4f95a --- /dev/null +++ b/2025/2xxx/CVE-2025-2294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2295.json b/2025/2xxx/CVE-2025-2295.json new file mode 100644 index 00000000000..5747205d898 --- /dev/null +++ b/2025/2xxx/CVE-2025-2295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2296.json b/2025/2xxx/CVE-2025-2296.json new file mode 100644 index 00000000000..0600171b5e9 --- /dev/null +++ b/2025/2xxx/CVE-2025-2296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30009.json b/2025/30xxx/CVE-2025-30009.json new file mode 100644 index 00000000000..855c57d7b10 --- /dev/null +++ b/2025/30xxx/CVE-2025-30009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30010.json b/2025/30xxx/CVE-2025-30010.json new file mode 100644 index 00000000000..4413d731b37 --- /dev/null +++ b/2025/30xxx/CVE-2025-30010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30011.json b/2025/30xxx/CVE-2025-30011.json new file mode 100644 index 00000000000..f03e7e1b747 --- /dev/null +++ b/2025/30xxx/CVE-2025-30011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30012.json b/2025/30xxx/CVE-2025-30012.json new file mode 100644 index 00000000000..bbd1e8bd858 --- /dev/null +++ b/2025/30xxx/CVE-2025-30012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30013.json b/2025/30xxx/CVE-2025-30013.json new file mode 100644 index 00000000000..d0f00d2b826 --- /dev/null +++ b/2025/30xxx/CVE-2025-30013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30014.json b/2025/30xxx/CVE-2025-30014.json new file mode 100644 index 00000000000..9bcc2b4ed45 --- /dev/null +++ b/2025/30xxx/CVE-2025-30014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30015.json b/2025/30xxx/CVE-2025-30015.json new file mode 100644 index 00000000000..462d36689c9 --- /dev/null +++ b/2025/30xxx/CVE-2025-30015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30016.json b/2025/30xxx/CVE-2025-30016.json new file mode 100644 index 00000000000..569053c1615 --- /dev/null +++ b/2025/30xxx/CVE-2025-30016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30017.json b/2025/30xxx/CVE-2025-30017.json new file mode 100644 index 00000000000..6205edf4890 --- /dev/null +++ b/2025/30xxx/CVE-2025-30017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30018.json b/2025/30xxx/CVE-2025-30018.json new file mode 100644 index 00000000000..cc3521ef2eb --- /dev/null +++ b/2025/30xxx/CVE-2025-30018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file