admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-06 09:00:34 +00:00
parent 3e93dc50cb
commit 8f931ca7a9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 416 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2024/12xxx/CVE-2024-12297.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Moxa\u2019s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device."
"value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device."
}
]
},
@ -46,6 +46,114 @@
}
]
}
},
{
"product_name": "PT-508 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.8"
}
]
}
},
{
"product_name": "PT-510 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.8"
}
]
}
},
{
"product_name": "PT-7528 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.0"
}
]
}
},
{
"product_name": "PT-7728 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.9"
}
]
}
},
{
"product_name": "PT-7828 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "4.0"
}
]
}
},
{
"product_name": "PT-G503 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.3"
}
]
}
},
{
"product_name": "PT-G510 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "6.5"
}
]
}
},
{
"product_name": "PT-G7728 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "6.5"
}
]
}
},
{
"product_name": "PT-G7828 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "6.5"
}
]
}
}
]
}
@ -59,6 +167,11 @@
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series"
},
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches"
}
]
},
@ -66,7 +179,7 @@
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
"discovery": "EXTERNAL"
},
"work_around": [
{
@ -88,10 +201,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.</p><ul><li><p>EDS-508A Series: Please contact Moxa Technical Support for the security patch</p></li></ul>"
"value": "<p>Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.</p><ul><li><p>EDS-508A Series: Please contact Moxa Technical Support for the security patch</p></li><li><p>PT Series:&nbsp;Please contact Moxa Technical Support for the security patch<br><br></p></li></ul>"
}
],
"value": "Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n * EDS-508A Series: Please contact Moxa Technical Support for the security patch"
"value": "Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n * EDS-508A Series: Please contact Moxa Technical Support for the security patch\n\n\n * PT Series:\u00a0Please contact Moxa Technical Support for the security patch"
}
],
"credits": [

81
2024/13xxx/CVE-2024-13897.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "katsushi-kawamori",
"product": {
"product_data": [
{
"product_name": "Moving Media Library",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.22"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/815ce00b-3753-4c38-8a30-5242a5841734?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/815ce00b-3753-4c38-8a30-5242a5841734?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php#L166",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php#L166"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3244709/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3244709/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Emil"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

100
2025/1xxx/CVE-2025-1540.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.5",
"version_value": "17.6.5"
},
{
"version_affected": "<",
"version_name": "17.7",
"version_value": "17.7.4"
},
{
"version_affected": "<",
"version_name": "17.8",
"version_value": "17.8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512765",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/512765"
},
{
"url": "https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/#saml-authentication-misconfigures-external-user-attribute",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/#saml-authentication-misconfigures-external-user-attribute"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 17.8.2, 17.7.4 or 17.6.5."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [Renato Alves](https://gitlab.com/unode) for reporting this vulnerability."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
}
]
}

18
2025/27xxx/CVE-2025-27755.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/27xxx/CVE-2025-27756.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2028.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2031.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2032.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}