admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-14 08:00:31 +00:00
parent d7fc91606a
commit 8bdb855e6e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 336 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2025/30xxx/CVE-2025-30280.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application."
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application."
}
]
},
@ -54,7 +54,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V10.12.16"
}
]
}
@ -78,7 +78,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V10.6.22"
}
]
}

109
2025/31xxx/CVE-2025-31344.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "securities@openeuler.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.\n\nThis issue affects giflib: through 5.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openEuler",
"product": {
"product_data": [
{
"product_name": "giflib",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2c10c1abf8ff2e88b1da04e050bb721487b73fa3",
"status": "affected"
}
],
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1292",
"refsource": "MISC",
"name": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1292"
},
{
"url": "https://gitee.com/src-openeuler/giflib/pulls/54",
"refsource": "MISC",
"name": "https://gitee.com/src-openeuler/giflib/pulls/54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jiaxuan Song(m202372152@hust.edu.cn)"
},
{
"lang": "en",
"value": "bale.cen (cenxianlong@huawei.com)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

109
2025/3xxx/CVE-2025-3555.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in ScriptAndTools eCommerce-website-in-PHP 3.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /login.php. Mittels Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ScriptAndTools",
"product": {
"product_data": [
{
"product_name": "eCommerce-website-in-PHP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.304596",
"refsource": "MISC",
"name": "https://vuldb.com/?id.304596"
},
{
"url": "https://vuldb.com/?ctiid.304596",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.304596"
},
{
"url": "https://vuldb.com/?submit.549168",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.549168"
},
{
"url": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30-loginphp.html",
"refsource": "MISC",
"name": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30-loginphp.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "MaloyRoyOrko (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

109
2025/3xxx/CVE-2025-3556.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In ScriptAndTools eCommerce-website-in-PHP 3.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/login.php. Durch das Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ScriptAndTools",
"product": {
"product_data": [
{
"product_name": "eCommerce-website-in-PHP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.304597",
"refsource": "MISC",
"name": "https://vuldb.com/?id.304597"
},
{
"url": "https://vuldb.com/?ctiid.304597",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.304597"
},
{
"url": "https://vuldb.com/?submit.549187",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.549187"
},
{
"url": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30.html",
"refsource": "MISC",
"name": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "MaloyRoyOrko (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

18
2025/3xxx/CVE-2025-3573.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}