admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-15 12:00:32 +00:00
parent 17642aef93
commit 8d4ee2d352
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 411 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/12xxx/CVE-2024-12014.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
"value": "Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
]
},

77
2025/46xxx/CVE-2025-46397.json
View File

@ -5,13 +5,86 @@
"CVE_data_meta": {
"ID": "CVE-2025-46397",
"ASSIGNER": "secalert@redhat.com",
"STATE": "REJECT"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** Red Hat Product Security has come to the conclusion that this CVE is not needed."
"value": "In xfig diagramming tool, a stack-overflow\u00a0while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-46397",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2025-46397"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362058",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2362058"
},
{
"url": "https://sourceforge.net/p/mcj/tickets/192/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/mcj/tickets/192/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

77
2025/46xxx/CVE-2025-46398.json
View File

@ -5,13 +5,86 @@
"CVE_data_meta": {
"ID": "CVE-2025-46398",
"ASSIGNER": "secalert@redhat.com",
"STATE": "REJECT"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** Red Hat Product Security has come to the conclusion that this CVE is not needed."
"value": "In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-46398",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2025-46398"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362055",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2362055"
},
{
"url": "https://sourceforge.net/p/mcj/tickets/191/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/mcj/tickets/191/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

81
2025/4xxx/CVE-2025-4564.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4564",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "facturaone",
"product": {
"product_data": [
{
"product_name": "TicketBAI Facturas para WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.18"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2927aa13-b012-41eb-93bd-38a4e5fc5455?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2927aa13-b012-41eb-93bd-38a4e5fc5455?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ticketbai/trunk/wp-ticketbai.php#L240",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-ticketbai/trunk/wp-ticketbai.php#L240"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3292061/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3292061/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Alexander Chikaylo"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

18
2025/4xxx/CVE-2025-4761.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

129
2025/4xxx/CVE-2025-4762.json Normal file
View File

@ -0,0 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-4762",
"ASSIGNER": "security@edgewatch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lleidanet PKI",
"product": {
"product_data": [
{
"product_name": "eSigna",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1.3.2"
},
{
"status": "unaffected",
"version": "1.4.4"
},
{
"status": "unaffected",
"version": "4.0.4"
},
{
"status": "unaffected",
"version": "4.1.4"
},
{
"status": "unaffected",
"version": "5.0.2"
},
{
"status": "unaffected",
"version": "5.1.2"
},
{
"status": "unaffected",
"version": "5.2.4"
},
{
"status": "unaffected",
"version": "5.3.3"
},
{
"status": "unaffected",
"version": "5.4.1"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/",
"refsource": "MISC",
"name": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"credits": [
{
"lang": "en",
"value": "Pablo Alcarria Lozano"
}
]
}

18
2025/4xxx/CVE-2025-4763.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4764.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}