From 961799431d7980f73f8cee69ddda5d72cf6d4293 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 Jan 2025 16:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/38xxx/CVE-2023-38739.json | 84 +++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11741.json | 99 ++++++++++++++++++++++++++++++++-- 2024/40xxx/CVE-2024-40696.json | 84 +++++++++++++++++++++++++++-- 2024/44xxx/CVE-2024-44911.json | 2 +- 2024/45xxx/CVE-2024-45089.json | 84 +++++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45650.json | 79 +++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47103.json | 84 +++++++++++++++++++++++++++-- 2024/49xxx/CVE-2024-49807.json | 84 +++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53319.json | 56 ++++++++++++++++--- 2024/53xxx/CVE-2024-53320.json | 56 ++++++++++++++++--- 2024/53xxx/CVE-2024-53537.json | 61 ++++++++++++++++++--- 2025/0xxx/CVE-2025-0934.json | 18 +++++++ 2025/0xxx/CVE-2025-0935.json | 18 +++++++ 2025/22xxx/CVE-2025-22994.json | 56 ++++++++++++++++--- 2025/23xxx/CVE-2025-23215.json | 77 ++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25009.json | 18 +++++++ 2025/25xxx/CVE-2025-25010.json | 18 +++++++ 2025/25xxx/CVE-2025-25011.json | 18 +++++++ 2025/25xxx/CVE-2025-25012.json | 18 +++++++ 2025/25xxx/CVE-2025-25013.json | 18 +++++++ 2025/25xxx/CVE-2025-25014.json | 18 +++++++ 2025/25xxx/CVE-2025-25015.json | 18 +++++++ 2025/25xxx/CVE-2025-25016.json | 18 +++++++ 2025/25xxx/CVE-2025-25017.json | 18 +++++++ 2025/25xxx/CVE-2025-25018.json | 18 +++++++ 25 files changed, 1065 insertions(+), 57 deletions(-) create mode 100644 2025/0xxx/CVE-2025-0934.json create mode 100644 2025/0xxx/CVE-2025-0935.json create mode 100644 2025/25xxx/CVE-2025-25009.json create mode 100644 2025/25xxx/CVE-2025-25010.json create mode 100644 2025/25xxx/CVE-2025-25011.json create mode 100644 2025/25xxx/CVE-2025-25012.json create mode 100644 2025/25xxx/CVE-2025-25013.json create mode 100644 2025/25xxx/CVE-2025-25014.json create mode 100644 2025/25xxx/CVE-2025-25015.json create mode 100644 2025/25xxx/CVE-2025-25016.json create mode 100644 2025/25xxx/CVE-2025-25017.json create mode 100644 2025/25xxx/CVE-2025-25018.json diff --git a/2023/38xxx/CVE-2023-38739.json b/2023/38xxx/CVE-2023-38739.json index 8826d7ea5b0..722d9abf3c1 100644 --- a/2023/38xxx/CVE-2023-38739.json +++ b/2023/38xxx/CVE-2023-38739.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.1.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0.0", + "version_value": "6.2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182004", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11741.json b/2024/11xxx/CVE-2024-11741.json index 29b4c35377f..6c93ebb5721 100644 --- a/2024/11xxx/CVE-2024-11741.json +++ b/2024/11xxx/CVE-2024-11741.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@grafana.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3,\u00a0 11.2.6, 11.1.11, 11.0.11 and 10.4.15" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Grafana", + "product": { + "product_data": [ + { + "product_name": "Grafana", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.4.0", + "version_value": "11.4.1" + }, + { + "version_affected": "<", + "version_name": "11.3.0", + "version_value": "11.3.3" + }, + { + "version_affected": "<", + "version_name": "11.2.0", + "version_value": "11.2.6" + }, + { + "version_affected": "<", + "version_name": "11.1.0", + "version_value": "11.1.11" + }, + { + "version_affected": "<", + "version_name": "10.4.0", + "version_value": "10.4.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://grafana.com/security/security-advisories/cve-2024-11741/", + "refsource": "MISC", + "name": "https://grafana.com/security/security-advisories/cve-2024-11741/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/40xxx/CVE-2024-40696.json b/2024/40xxx/CVE-2024-40696.json index 47b81decfda..dde11210ebb 100644 --- a/2024/40xxx/CVE-2024-40696.json +++ b/2024/40xxx/CVE-2024-40696.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-40696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.1.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0.0", + "version_value": "6.2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182011", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182011" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44911.json b/2024/44xxx/CVE-2024-44911.json index 8ee1784fb4f..f5dde282461 100644 --- a/2024/44xxx/CVE-2024-44911.json +++ b/2024/44xxx/CVE-2024-44911.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c)." + "value": "NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c)." } ] }, diff --git a/2024/45xxx/CVE-2024-45089.json b/2024/45xxx/CVE-2024-45089.json index 1c3776bc6fb..1414d86f009 100644 --- a/2024/45xxx/CVE-2024-45089.json +++ b/2024/45xxx/CVE-2024-45089.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45089", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203 Observable Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.1.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0.0", + "version_value": "6.2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182063", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182063" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45650.json b/2024/45xxx/CVE-2024-45650.json index 19c2d115051..fbfca6ae685 100644 --- a/2024/45xxx/CVE-2024-45650.json +++ b/2024/45xxx/CVE-2024-45650.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Directory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "10.0.0", + "version_value": "10.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182169", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182169" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47103.json b/2024/47xxx/CVE-2024-47103.json index 2aa8d4c45b5..abdc0ff6c11 100644 --- a/2024/47xxx/CVE-2024-47103.json +++ b/2024/47xxx/CVE-2024-47103.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.1.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0.0", + "version_value": "6.2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182011", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182011" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/49xxx/CVE-2024-49807.json b/2024/49xxx/CVE-2024-49807.json index 417eba33fe3..a72be0ee47c 100644 --- a/2024/49xxx/CVE-2024-49807.json +++ b/2024/49xxx/CVE-2024-49807.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.1.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0.0", + "version_value": "6.2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7182011", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7182011" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53319.json b/2024/53xxx/CVE-2024-53319.json index f192d37458d..e8a3580c863 100644 --- a/2024/53xxx/CVE-2024-53319.json +++ b/2024/53xxx/CVE-2024-53319.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53319", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53319", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/qualisys/qualisys_cpp_sdk/issues/49", + "url": "https://github.com/qualisys/qualisys_cpp_sdk/issues/49" } ] } diff --git a/2024/53xxx/CVE-2024-53320.json b/2024/53xxx/CVE-2024-53320.json index f79da8e0e6a..c68402d6d9f 100644 --- a/2024/53xxx/CVE-2024-53320.json +++ b/2024/53xxx/CVE-2024-53320.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/qualisys/qualisys_cpp_sdk/issues/47", + "url": "https://github.com/qualisys/qualisys_cpp_sdk/issues/47" } ] } diff --git a/2024/53xxx/CVE-2024-53537.json b/2024/53xxx/CVE-2024-53537.json index a2732eaa2d3..8bbd9a6d49d 100644 --- a/2024/53xxx/CVE-2024-53537.json +++ b/2024/53xxx/CVE-2024-53537.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53537", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53537", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes", + "refsource": "MISC", + "name": "https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/188913/", + "url": "https://packetstorm.news/files/id/188913/" } ] } diff --git a/2025/0xxx/CVE-2025-0934.json b/2025/0xxx/CVE-2025-0934.json new file mode 100644 index 00000000000..0c4715ad6fd --- /dev/null +++ b/2025/0xxx/CVE-2025-0934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0935.json b/2025/0xxx/CVE-2025-0935.json new file mode 100644 index 00000000000..1e9528e912d --- /dev/null +++ b/2025/0xxx/CVE-2025-0935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22994.json b/2025/22xxx/CVE-2025-22994.json index c45ab7ff844..971e35c9083 100644 --- a/2025/22xxx/CVE-2025-22994.json +++ b/2025/22xxx/CVE-2025-22994.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22994", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/o2oa/o2oa/issues/167", + "refsource": "MISC", + "name": "https://github.com/o2oa/o2oa/issues/167" } ] } diff --git a/2025/23xxx/CVE-2025-23215.json b/2025/23xxx/CVE-2025-23215.json index 5b2da11bc47..f46d7e6eb0d 100644 --- a/2025/23xxx/CVE-2025-23215.json +++ b/2025/23xxx/CVE-2025-23215.json @@ -1,18 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-540: Inclusion of Sensitive Information in Source Code", + "cweId": "CWE-540" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pmd", + "product": { + "product_data": [ + { + "product_name": "pmd", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 7.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84", + "refsource": "MISC", + "name": "https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84" + }, + { + "url": "https://github.com/pmd/pmd-designer/commit/1548f5f27ba2981b890827fecbd0612fa70a0362", + "refsource": "MISC", + "name": "https://github.com/pmd/pmd-designer/commit/1548f5f27ba2981b890827fecbd0612fa70a0362" + }, + { + "url": "https://github.com/pmd/pmd-designer/commit/e87a45312753ec46b3e5576c6f6ac1f7de2f5891", + "refsource": "MISC", + "name": "https://github.com/pmd/pmd-designer/commit/e87a45312753ec46b3e5576c6f6ac1f7de2f5891" + } + ] + }, + "source": { + "advisory": "GHSA-88m4-h43f-wx84", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25009.json b/2025/25xxx/CVE-2025-25009.json new file mode 100644 index 00000000000..8a7bd9bf139 --- /dev/null +++ b/2025/25xxx/CVE-2025-25009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25010.json b/2025/25xxx/CVE-2025-25010.json new file mode 100644 index 00000000000..816a3e37b59 --- /dev/null +++ b/2025/25xxx/CVE-2025-25010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25011.json b/2025/25xxx/CVE-2025-25011.json new file mode 100644 index 00000000000..d418fe193d1 --- /dev/null +++ b/2025/25xxx/CVE-2025-25011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25012.json b/2025/25xxx/CVE-2025-25012.json new file mode 100644 index 00000000000..dfd2cb12447 --- /dev/null +++ b/2025/25xxx/CVE-2025-25012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25013.json b/2025/25xxx/CVE-2025-25013.json new file mode 100644 index 00000000000..7fe4837b2e6 --- /dev/null +++ b/2025/25xxx/CVE-2025-25013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25014.json b/2025/25xxx/CVE-2025-25014.json new file mode 100644 index 00000000000..43b8d5ac286 --- /dev/null +++ b/2025/25xxx/CVE-2025-25014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25015.json b/2025/25xxx/CVE-2025-25015.json new file mode 100644 index 00000000000..ecff7baacdd --- /dev/null +++ b/2025/25xxx/CVE-2025-25015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25016.json b/2025/25xxx/CVE-2025-25016.json new file mode 100644 index 00000000000..17475e9eeb2 --- /dev/null +++ b/2025/25xxx/CVE-2025-25016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25017.json b/2025/25xxx/CVE-2025-25017.json new file mode 100644 index 00000000000..f20548e693c --- /dev/null +++ b/2025/25xxx/CVE-2025-25017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25018.json b/2025/25xxx/CVE-2025-25018.json new file mode 100644 index 00000000000..bbb4b91cf66 --- /dev/null +++ b/2025/25xxx/CVE-2025-25018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file