diff --git a/2024/32xxx/CVE-2024-32861.json b/2024/32xxx/CVE-2024-32861.json
index c3ae8831d2e..68a44f1b9a1 100644
--- a/2024/32xxx/CVE-2024-32861.json
+++ b/2024/32xxx/CVE-2024-32861.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Under certain circumstances the Software House C\u25cfCURE 9000 Site Server provides insufficient protection of directories containing executables."
+ "value": "Under certain circumstances the impacted Software House C\u2022CURE 9000 installer will utilize unnecessarily wide permissions."
}
]
},
@@ -89,10 +89,10 @@
{
"base64": false,
"type": "text/html",
- "value": "\n\nRemove write permissions from C:\\CouchDB\\bin folder within Software House C\u25cfCURE 9000 Site Server for non-administrators.\n\n
"
+ "value": "\u2022 Remove Full control and Write permissions. For non-administrator accounts, limit permissions to Read & Execute on the following path:
\u2003\u2003\u2003o C:\\CouchDB\\bin
"
}
],
- "value": "Remove write permissions from C:\\CouchDB\\bin folder within Software House C\u25cfCURE 9000 Site Server for non-administrators."
+ "value": "\u2022 Remove Full control and Write permissions. For non-administrator accounts, limit permissions to Read & Execute on the following path:\n\u2003\u2003\u2003o C:\\CouchDB\\bin"
}
],
"credits": [
diff --git a/2024/47xxx/CVE-2024-47796.json b/2024/47xxx/CVE-2024-47796.json
index e61b664daa0..ce1e7d4299f 100644
--- a/2024/47xxx/CVE-2024-47796.json
+++ b/2024/47xxx/CVE-2024-47796.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47796",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
+ "cweId": "CWE-119"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OFFIS",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DCMTK",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.6.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122"
+ },
+ {
+ "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6",
+ "refsource": "MISC",
+ "name": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Discovered by Emmanuel Tacheau of Cisco Talos."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2024/51xxx/CVE-2024-51073.json b/2024/51xxx/CVE-2024-51073.json
index bb189601c72..d6a617caa71 100644
--- a/2024/51xxx/CVE-2024-51073.json
+++ b/2024/51xxx/CVE-2024-51073.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus."
+ "value": "** DISPUTED ** An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification."
}
]
},
diff --git a/2024/51xxx/CVE-2024-51074.json b/2024/51xxx/CVE-2024-51074.json
index f72d607156e..c8e24d959c9 100644
--- a/2024/51xxx/CVE-2024-51074.json
+++ b/2024/51xxx/CVE-2024-51074.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "** DISPUTED ** Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which has no value to an adversary)."
+ "value": "** DISPUTED ** Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which typically has no value to an adversary). Also, this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the observed behavior follows the UDS (Unified Diagnostic Services) specification."
}
]
},
diff --git a/2024/52xxx/CVE-2024-52333.json b/2024/52xxx/CVE-2024-52333.json
index 9b3588c406e..16f6e8b05e6 100644
--- a/2024/52xxx/CVE-2024-52333.json
+++ b/2024/52xxx/CVE-2024-52333.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52333",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
+ "cweId": "CWE-119"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OFFIS",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DCMTK",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.6.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121"
+ },
+ {
+ "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03",
+ "refsource": "MISC",
+ "name": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Discovered by Emmanuel Tacheau of Cisco Talos."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0421.json b/2025/0xxx/CVE-2025-0421.json
new file mode 100644
index 00000000000..66fbdf84f49
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0421.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0421",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0422.json b/2025/0xxx/CVE-2025-0422.json
new file mode 100644
index 00000000000..ef3e2735914
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0422.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0422",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0423.json b/2025/0xxx/CVE-2025-0423.json
new file mode 100644
index 00000000000..d52bd779c84
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0423.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0423",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0424.json b/2025/0xxx/CVE-2025-0424.json
new file mode 100644
index 00000000000..d770a255363
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0424.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0424",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0425.json b/2025/0xxx/CVE-2025-0425.json
new file mode 100644
index 00000000000..97500f4f965
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0425.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0425",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/23xxx/CVE-2025-23195.json b/2025/23xxx/CVE-2025-23195.json
new file mode 100644
index 00000000000..323391b70fe
--- /dev/null
+++ b/2025/23xxx/CVE-2025-23195.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-23195",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/23xxx/CVE-2025-23196.json b/2025/23xxx/CVE-2025-23196.json
new file mode 100644
index 00000000000..edb68333d28
--- /dev/null
+++ b/2025/23xxx/CVE-2025-23196.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-23196",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file