From 8361562c82ea588c23155a0ce7fe5a316cc44f35 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 4 Feb 2025 14:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11623.json | 79 +++++++++++++++++++++-- 2024/11xxx/CVE-2024-11704.json | 26 +++++++- 2025/0xxx/CVE-2025-0240.json | 2 +- 2025/0xxx/CVE-2025-0510.json | 72 +++++++++++++++++++-- 2025/1xxx/CVE-2025-1009.json | 111 +++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1026.json | 18 ++++++ 6 files changed, 290 insertions(+), 18 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1026.json diff --git a/2024/11xxx/CVE-2024-11623.json b/2024/11xxx/CVE-2024-11623.json index e67f2939d46..022d6c2c1a2 100644 --- a/2024/11xxx/CVE-2024-11623.json +++ b/2024/11xxx/CVE-2024-11623.json @@ -1,18 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentik project is vulnerable to Stored XSS attacks through\u00a0uploading crafted SVG files that are used as application icons.\u00a0\nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in\u00a02024.10.4 release." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "goauthentik", + "product": { + "product_data": [ + { + "product_name": "authentik", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.10.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability", + "refsource": "MISC", + "name": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability" + }, + { + "url": "https://github.com/goauthentik/authentik/pull/12092", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/pull/12092" + }, + { + "url": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Basta (NASK-PIB)" + } + ] } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11704.json b/2024/11xxx/CVE-2024-11704.json index a48d90736ed..999fa0e7e8c 100644 --- a/2024/11xxx/CVE-2024-11704.json +++ b/2024/11xxx/CVE-2024-11704.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133." + "value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Potential Double-Free Vulnerability in PKCS#7 Decryption Handling" + "value": "Potential double-free vulnerability in PKCS#7 decryption handling" } ] } @@ -57,6 +57,18 @@ } ] } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.7" + } + ] + } } ] } @@ -80,6 +92,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-67/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-09/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-10/" } ] }, diff --git a/2025/0xxx/CVE-2025-0240.json b/2025/0xxx/CVE-2025-0240.json index e81664c18cc..2a945588550 100644 --- a/2025/0xxx/CVE-2025-0240.json +++ b/2025/0xxx/CVE-2025-0240.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Parsing a JavaScript module as JSON could under some circumstances cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6." + "value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6." } ] }, diff --git a/2025/0xxx/CVE-2025-0510.json b/2025/0xxx/CVE-2025-0510.json index cbedb98ef13..23ca0331444 100644 --- a/2025/0xxx/CVE-2025-0510.json +++ b/2025/0xxx/CVE-2025-0510.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address of e-mail sender can be spoofed by malicious email" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-10/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-11/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fabian Densborn" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1009.json b/2025/1xxx/CVE-2025-1009.json index 40e1ee310cc..70380169e91 100644 --- a/2025/1xxx/CVE-2025-1009.json +++ b/2025/1xxx/CVE-2025-1009.json @@ -1,18 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in XSLT" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "135" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.20" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-07/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-08/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-09/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-10/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-11/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ivan Fratric of Google Project Zero" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1026.json b/2025/1xxx/CVE-2025-1026.json new file mode 100644 index 00000000000..b59ed6cd58f --- /dev/null +++ b/2025/1xxx/CVE-2025-1026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file