diff --git a/2024/13xxx/CVE-2024-13416.json b/2024/13xxx/CVE-2024-13416.json index 25bc216ff6f..62a66f2c4ee 100644 --- a/2024/13xxx/CVE-2024-13416.json +++ b/2024/13xxx/CVE-2024-13416.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log." + "value": "Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log.\n\n\n\n\n2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS." } ] }, diff --git a/2024/13xxx/CVE-2024-13417.json b/2024/13xxx/CVE-2024-13417.json index 1d018906ad6..fba99c4a56e 100644 --- a/2024/13xxx/CVE-2024-13417.json +++ b/2024/13xxx/CVE-2024-13417.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state." + "value": "Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state.\n\n\n\n\n2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS." } ] }, diff --git a/2024/47xxx/CVE-2024-47256.json b/2024/47xxx/CVE-2024-47256.json index 310fb3ba64e..22552e6673e 100644 --- a/2024/47xxx/CVE-2024-47256.json +++ b/2024/47xxx/CVE-2024-47256.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older." + "value": "Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older.\n\n\n\n\n\n\n2N has released an updated version 3.3 of 2N Access Commander, where this vulnerability is mitigated. It is recommended that all customers update 2N Access Commander to the latest version." } ] }, diff --git a/2024/47xxx/CVE-2024-47258.json b/2024/47xxx/CVE-2024-47258.json index b780b4862f4..b8106d6943d 100644 --- a/2024/47xxx/CVE-2024-47258.json +++ b/2024/47xxx/CVE-2024-47258.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices." + "value": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. \n\n\n\n\n\n2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices." } ] }, diff --git a/2025/1xxx/CVE-2025-1535.json b/2025/1xxx/CVE-2025-1535.json index dc1840d9a4a..a27438ac788 100644 --- a/2025/1xxx/CVE-2025-1535.json +++ b/2025/1xxx/CVE-2025-1535.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Baiyi Cloud Asset Management System 8.142.100.161 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /wuser/admin.ticket.close.php. Durch die Manipulation des Arguments ticket_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baiyi", + "product": { + "product_data": [ + { + "product_name": "Cloud Asset Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.142.100.161" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.296475", + "refsource": "MISC", + "name": "https://vuldb.com/?id.296475" + }, + { + "url": "https://vuldb.com/?ctiid.296475", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.296475" + }, + { + "url": "https://vuldb.com/?submit.496969", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.496969" + }, + { + "url": "https://github.com/sekaino-sakura/CVE/blob/main/CVE_2.md", + "refsource": "MISC", + "name": "https://github.com/sekaino-sakura/CVE/blob/main/CVE_2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "sekainosakura (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1551.json b/2025/1xxx/CVE-2025-1551.json new file mode 100644 index 00000000000..1e4a5ff59c8 --- /dev/null +++ b/2025/1xxx/CVE-2025-1551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22208.json b/2025/22xxx/CVE-2025-22208.json index 5a2201bbc23..3327d3cbbc8 100644 --- a/2025/22xxx/CVE-2025-22208.json +++ b/2025/22xxx/CVE-2025-22208.json @@ -58,6 +58,11 @@ "url": "https://joomsky.com/js-jobs-joomla/", "refsource": "MISC", "name": "https://joomsky.com/js-jobs-joomla/" + }, + { + "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208", + "refsource": "MISC", + "name": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208" } ] }, diff --git a/2025/22xxx/CVE-2025-22209.json b/2025/22xxx/CVE-2025-22209.json index 1a4c7fb8f34..9cfe832fa89 100644 --- a/2025/22xxx/CVE-2025-22209.json +++ b/2025/22xxx/CVE-2025-22209.json @@ -58,6 +58,11 @@ "url": "https://joomsky.com/js-jobs-joomla/", "refsource": "MISC", "name": "https://joomsky.com/js-jobs-joomla/" + }, + { + "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209", + "refsource": "MISC", + "name": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209" } ] }, diff --git a/2025/26xxx/CVE-2025-26794.json b/2025/26xxx/CVE-2025-26794.json index ffff6740a62..4c04ff4ad53 100644 --- a/2025/26xxx/CVE-2025-26794.json +++ b/2025/26xxx/CVE-2025-26794.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-26794", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-26794", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://exim.org", + "url": "https://exim.org" + }, + { + "url": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt", + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt" } ] }