admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-04 14:00:33 +00:00
parent 0b43e6ffe5
commit 8361562c82
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 290 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2024/11xxx/CVE-2024-11623.json
View File

@ -1,18 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11623", "ID": "CVE-2024-11623",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cvd@cert.pl",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Authentik project is vulnerable to Stored XSS attacks through\u00a0uploading crafted SVG files that are used as application icons.\u00a0\nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in\u00a02024.10.4 release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "goauthentik",
"product": {
"product_data": [
{
"product_name": "authentik",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.10.4"
} }
] ]
} }
} }
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability",
"refsource": "MISC",
"name": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability"
},
{
"url": "https://github.com/goauthentik/authentik/pull/12092",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/pull/12092"
},
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Daniel Basta (NASK-PIB)"
}
]
}

26
2024/11xxx/CVE-2024-11704.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133." "value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7."
} }
] ]
}, },
@ -21,7 +21,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Potential Double-Free Vulnerability in PKCS#7 Decryption Handling" "value": "Potential double-free vulnerability in PKCS#7 decryption handling"
} }
] ]
} }
@ -57,6 +57,18 @@
} }
] ]
} }
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.7"
}
]
}
} }
] ]
} }
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-67/" "name": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
} }
] ]
}, },

2
2025/0xxx/CVE-2025-0240.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Parsing a JavaScript module as JSON could under some circumstances cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6." "value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6."
} }
] ]
}, },

70
2025/0xxx/CVE-2025-0510.json
View File

@ -1,18 +1,80 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-0510", "ID": "CVE-2025-0510",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Address of e-mail sender can be spoofed by malicious email"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.7"
} }
] ]
} }
} }
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fabian Densborn"
}
]
}

109
2025/1xxx/CVE-2025-1009.json
View File

@ -1,18 +1,119 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-1009", "ID": "CVE-2025-1009",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in XSLT"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "135"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.20"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.7"
} }
] ]
} }
} }
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936613"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-07/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-08/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-11/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ivan Fratric of Google Project Zero"
}
]
}

18
2025/1xxx/CVE-2025-1026.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}