admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-21 13:00:33 +00:00
parent d461d0462a
commit 879ad8f3dc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 192 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/13xxx/CVE-2024-13416.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log."
"value": "Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log.\n\n\n\n\n2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS."
}
]
},

2
2024/13xxx/CVE-2024-13417.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state."
"value": "Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state.\n\n\n\n\n2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS."
}
]
},

2
2024/47xxx/CVE-2024-47256.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older."
"value": "Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older.\n\n\n\n\n\n\n2N has released an updated version 3.3 of 2N Access Commander, where this vulnerability is mitigated. It is recommended that all customers update 2N Access Commander to the latest version."
}
]
},

2
2024/47xxx/CVE-2024-47258.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices."
"value": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. \n\n\n\n\n\n2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices."
}
]
},

109
2025/1xxx/CVE-2025-1535.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Baiyi Cloud Asset Management System 8.142.100.161 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /wuser/admin.ticket.close.php. Durch die Manipulation des Arguments ticket_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baiyi",
"product": {
"product_data": [
{
"product_name": "Cloud Asset Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.142.100.161"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.296475",
"refsource": "MISC",
"name": "https://vuldb.com/?id.296475"
},
{
"url": "https://vuldb.com/?ctiid.296475",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.296475"
},
{
"url": "https://vuldb.com/?submit.496969",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.496969"
},
{
"url": "https://github.com/sekaino-sakura/CVE/blob/main/CVE_2.md",
"refsource": "MISC",
"name": "https://github.com/sekaino-sakura/CVE/blob/main/CVE_2.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "sekainosakura (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2025/1xxx/CVE-2025-1551.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2025/22xxx/CVE-2025-22208.json
View File

@ -58,6 +58,11 @@
"url": "https://joomsky.com/js-jobs-joomla/",
"refsource": "MISC",
"name": "https://joomsky.com/js-jobs-joomla/"
},
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208",
"refsource": "MISC",
"name": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208"
}
]
},

5
2025/22xxx/CVE-2025-22209.json
View File

@ -58,6 +58,11 @@
"url": "https://joomsky.com/js-jobs-joomla/",
"refsource": "MISC",
"name": "https://joomsky.com/js-jobs-joomla/"
},
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209",
"refsource": "MISC",
"name": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209"
}
]
},

61
2025/26xxx/CVE-2025-26794.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-26794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://exim.org",
"url": "https://exim.org"
},
{
"url": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt",
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt"
}
]
}