diff --git a/2023/35xxx/CVE-2023-35894.json b/2023/35xxx/CVE-2023-35894.json
index b8b14446dc6..585fcae1b23 100644
--- a/2023/35xxx/CVE-2023-35894.json
+++ b/2023/35xxx/CVE-2023-35894.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35894",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
+ "cweId": "CWE-644"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Control Center",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "6.2.1",
+ "version_value": "6.3.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7185101",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7185101"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/43xxx/CVE-2023-43052.json b/2023/43xxx/CVE-2023-43052.json
index 9252f20e5bd..567937b63cb 100644
--- a/2023/43xxx/CVE-2023-43052.json
+++ b/2023/43xxx/CVE-2023-43052.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43052",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities",
+ "cweId": "CWE-435"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Control Center",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "6.2.1",
+ "version_value": "6.3.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7185102",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7185102"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12975.json b/2024/12xxx/CVE-2024-12975.json
index 4f570bc63a4..b6a2f108c17 100644
--- a/2024/12xxx/CVE-2024-12975.json
+++ b/2024/12xxx/CVE-2024-12975.json
@@ -1,18 +1,85 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12975",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@silabs.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-129 Improper Validation of Array Index",
+ "cweId": "CWE-129"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125 Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Silicon Labs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Simplicity SDK",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2024.12.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://community.silabs.com/069Vm00000LWXMeIAP",
+ "refsource": "MISC",
+ "name": "https://community.silabs.com/069Vm00000LWXMeIAP"
+ },
+ {
+ "url": "https://github.com/SiliconLabs/simplicity_sdk/releases",
+ "refsource": "MISC",
+ "name": "https://github.com/SiliconLabs/simplicity_sdk/releases"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2024/13xxx/CVE-2024-13086.json b/2024/13xxx/CVE-2024-13086.json
index 5700cfb26d9..745fdad741f 100644
--- a/2024/13xxx/CVE-2024-13086.json
+++ b/2024/13xxx/CVE-2024-13086.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13086",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200",
+ "cweId": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.x",
+ "version_value": "QTS 5.2.0.2851 build 20240808"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.x",
+ "version_value": "QuTS hero h5.2.0.2851 build 20240808"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-25-03",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-25-03"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-25-03",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Christoph Kretz"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/38xxx/CVE-2024-38638.json b/2024/38xxx/CVE-2024-38638.json
index 264f21c9216..e87181083f0 100644
--- a/2024/38xxx/CVE-2024-38638.json
+++ b/2024/38xxx/CVE-2024-38638.json
@@ -1,18 +1,131 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38638",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nQTS 5.2.x/QuTS hero h5.2.x are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQuTS hero h5.1.9.2954 build 20241120 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.1.9.2954 build 20241120",
+ "status": "affected",
+ "version": "5.1.x",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "5.2.x",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "h5.1.9.2954 build 20241120",
+ "status": "affected",
+ "version": "h5.1.x",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "h5.2.x",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-52",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-52"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-52",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QuTS hero h5.1.9.2954 build 20241120 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQuTS hero h5.1.9.2954 build 20241120 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "leeya_bug"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/48xxx/CVE-2024-48864.json b/2024/48xxx/CVE-2024-48864.json
index c2ce8c3e1b7..b1b2537d7f6 100644
--- a/2024/48xxx/CVE-2024-48864.json
+++ b/2024/48xxx/CVE-2024-48864.json
@@ -1,18 +1,91 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48864",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4741 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-552",
+ "cweId": "CWE-552"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "File Station 5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.5.x",
+ "version_value": "5.5.6.4741"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-55",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-55"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-55",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
File Station 5 5.5.6.4741 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4741 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Pwn2Own 2024 - ExLuck of ANHTUD"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/50xxx/CVE-2024-50390.json b/2024/50xxx/CVE-2024-50390.json
index 3fbfafc46c5..498622adbfb 100644
--- a/2024/50xxx/CVE-2024-50390.json
+++ b/2024/50xxx/CVE-2024-50390.json
@@ -1,18 +1,96 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50390",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-1188",
+ "cweId": "CWE-1188"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuRouter",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.4.x",
+ "version_value": "2.4.5.032"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-25-01",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-25-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-25-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Pwn2Own 2024 - Daan Keuper (@daankeuper), Thijs Alkemade, and Khaled Nassar from Computest Sector 7"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/50xxx/CVE-2024-50394.json b/2024/50xxx/CVE-2024-50394.json
index 6a2d19a8561..10c621d5f39 100644
--- a/2024/50xxx/CVE-2024-50394.json
+++ b/2024/50xxx/CVE-2024-50394.json
@@ -1,18 +1,91 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50394",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-295",
+ "cweId": "CWE-295"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Helpdesk",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "3.3.x",
+ "version_value": "3.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-25-05",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-25-05"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-25-05",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
Helpdesk 3.3.3 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Corentin '@OnlyTheDuck' BAYET"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/50xxx/CVE-2024-50405.json b/2024/50xxx/CVE-2024-50405.json
index 6bf2dacef88..8f0c9ff3313 100644
--- a/2024/50xxx/CVE-2024-50405.json
+++ b/2024/50xxx/CVE-2024-50405.json
@@ -1,18 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50405",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-93",
+ "cweId": "CWE-93"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-94",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Searat and izut"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53692.json b/2024/53xxx/CVE-2024-53692.json
index b32cf2dc054..47186aa4c75 100644
--- a/2024/53xxx/CVE-2024-53692.json
+++ b/2024/53xxx/CVE-2024-53692.json
@@ -1,18 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53692",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-77",
+ "cweId": "CWE-77"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "ZIEN"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53693.json b/2024/53xxx/CVE-2024-53693.json
index 324ae3842fb..fb8300e32ef 100644
--- a/2024/53xxx/CVE-2024-53693.json
+++ b/2024/53xxx/CVE-2024-53693.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53693",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-93",
+ "cweId": "CWE-93"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-94",
+ "cweId": "CWE-94"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-400",
+ "cweId": "CWE-400"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Searat and izut"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53694.json b/2024/53xxx/CVE-2024-53694.json
index 7fbb118729e..8788227851d 100644
--- a/2024/53xxx/CVE-2024-53694.json
+++ b/2024/53xxx/CVE-2024-53694.json
@@ -1,18 +1,115 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53694",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources.\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Device Client for Mac 2.2.5 and later\nQsync for Mac 5.1.3 and later\nQfinder Pro Mac 7.11.1 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-367",
+ "cweId": "CWE-367"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QVPN Device Client for Mac",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.2.x",
+ "version_value": "2.2.5"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Qsync for Mac",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.3"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Qfinder Pro Mac",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "7.11.x",
+ "version_value": "7.11.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-51",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-51"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-51",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QVPN Device Client for Mac 2.2.5 and later
Qsync for Mac 5.1.3 and later
Qfinder Pro Mac 7.11.1 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQVPN Device Client for Mac 2.2.5 and later\nQsync for Mac 5.1.3 and later\nQfinder Pro Mac 7.11.1 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Mykola Grymalyuk"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53695.json b/2024/53xxx/CVE-2024-53695.json
index 7531fa56df4..6d33f4dbeab 100644
--- a/2024/53xxx/CVE-2024-53695.json
+++ b/2024/53xxx/CVE-2024-53695.json
@@ -1,18 +1,96 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53695",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-121",
+ "cweId": "CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "HBS 3 Hybrid Backup Sync",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "25.1.x",
+ "version_value": "25.1.4.952"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-25-06",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-25-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-25-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.4.952 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "CataLpa of Hatlab, Dbappsecurity Co. Ltd."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53696.json b/2024/53xxx/CVE-2024-53696.json
index 93fd5f2647e..d668ee2331b 100644
--- a/2024/53xxx/CVE-2024-53696.json
+++ b/2024/53xxx/CVE-2024-53696.json
@@ -1,18 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53696",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-918",
+ "cweId": "CWE-918"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuLog Center",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.7.x.x",
+ "version_value": "1.7.0.829 ( 2024/10/01 )"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.8.x.x",
+ "version_value": "1.8.0.888 ( 2024/10/15 )"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "4.5.x",
+ "version_value": "4.5.4.2957 build 20241119"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h4.5.x",
+ "version_value": "h4.5.4.2956 build 20241119"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-53",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-53"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-53",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
QTS 4.5.4.2957 build 20241119 and later
QuTS hero h4.5.4.2956 build 20241119 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Aymen BORGI and Ibrahim AYADHI from RandoriSec"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53697.json b/2024/53xxx/CVE-2024-53697.json
index e6353fe59e5..8a2c940a48e 100644
--- a/2024/53xxx/CVE-2024-53697.json
+++ b/2024/53xxx/CVE-2024-53697.json
@@ -1,18 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53697",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "binhnt"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53698.json b/2024/53xxx/CVE-2024-53698.json
index 29c457bbac3..de0ac2b7509 100644
--- a/2024/53xxx/CVE-2024-53698.json
+++ b/2024/53xxx/CVE-2024-53698.json
@@ -1,18 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53698",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-415",
+ "cweId": "CWE-415"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "binhnt"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53699.json b/2024/53xxx/CVE-2024-53699.json
index 79542bcb66e..95cf47bb448 100644
--- a/2024/53xxx/CVE-2024-53699.json
+++ b/2024/53xxx/CVE-2024-53699.json
@@ -1,18 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53699",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.2.x",
+ "version_value": "5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.2.x",
+ "version_value": "h5.2.3.3006 build 20250108"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "binhnt"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/53xxx/CVE-2024-53700.json b/2024/53xxx/CVE-2024-53700.json
index 5dc3b971efa..6dac982e6e6 100644
--- a/2024/53xxx/CVE-2024-53700.json
+++ b/2024/53xxx/CVE-2024-53700.json
@@ -1,18 +1,96 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53700",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-77",
+ "cweId": "CWE-77"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuRouter",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.4.x",
+ "version_value": "2.4.6.028"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-25-07",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-25-07"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-25-07",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QuRouter 2.4.6.028 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Freddo Espresso (Evangelos Daravigkas)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0162.json b/2025/0xxx/CVE-2025-0162.json
index de42966c449..a6a42d7c250 100644
--- a/2025/0xxx/CVE-2025-0162.json
+++ b/2025/0xxx/CVE-2025-0162.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0162",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-611 Improper Restriction of XML External Entity Reference",
+ "cweId": "CWE-611"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Aspera Shares",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.9.9",
+ "version_value": "1.10.0 PL7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7185096",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7185096"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27370.json b/2025/27xxx/CVE-2025-27370.json
index 1b9066c1ad2..d328319fe10 100644
--- a/2025/27xxx/CVE-2025-27370.json
+++ b/2025/27xxx/CVE-2025-27370.json
@@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/",
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/OWASP/ASVS/issues/2678",
+ "url": "https://github.com/OWASP/ASVS/issues/2678"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27371.json b/2025/27xxx/CVE-2025-27371.json
index f73816f7921..121448dbf30 100644
--- a/2025/27xxx/CVE-2025-27371.json
+++ b/2025/27xxx/CVE-2025-27371.json
@@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/",
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/OWASP/ASVS/issues/2678",
+ "url": "https://github.com/OWASP/ASVS/issues/2678"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27603.json b/2025/27xxx/CVE-2025-27603.json
index 8ed31143b1f..ed1090c9aa4 100644
--- a/2025/27xxx/CVE-2025-27603.json
+++ b/2025/27xxx/CVE-2025-27603.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27603",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
+ "cweId": "CWE-95"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "xwikisas",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "application-confluence-migrator-pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "> 1.0, < 1.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8",
+ "refsource": "MISC",
+ "name": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8"
+ },
+ {
+ "url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d",
+ "refsource": "MISC",
+ "name": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-6qvp-39mm-95v8",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27604.json b/2025/27xxx/CVE-2025-27604.json
index 9903a8f04ae..fb75c62e7a9 100644
--- a/2025/27xxx/CVE-2025-27604.json
+++ b/2025/27xxx/CVE-2025-27604.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27604",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
+ "cweId": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "xwikisas",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "application-confluence-migrator-pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.11.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc",
+ "refsource": "MISC",
+ "name": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc"
+ },
+ {
+ "url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb",
+ "refsource": "MISC",
+ "name": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-3w9f-2pph-j5vc",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27607.json b/2025/27xxx/CVE-2025-27607.json
index d748c34746b..64cd4cb91f2 100644
--- a/2025/27xxx/CVE-2025-27607.json
+++ b/2025/27xxx/CVE-2025-27607.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27607",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
+ "cweId": "CWE-829"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "nhairs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "python-json-logger",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 3.2.0, < 3.3.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24",
+ "refsource": "MISC",
+ "name": "https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24"
+ },
+ {
+ "url": "https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a",
+ "refsource": "MISC",
+ "name": "https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a"
+ },
+ {
+ "url": "https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72",
+ "refsource": "MISC",
+ "name": "https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-wmxh-pxcx-9w24",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27795.json b/2025/27xxx/CVE-2025-27795.json
index c1a370cc2fc..6c3dec3a56b 100644
--- a/2025/27xxx/CVE-2025-27795.json
+++ b/2025/27xxx/CVE-2025-27795.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits."
+ "value": "ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits."
}
]
},
@@ -61,6 +61,21 @@
"refsource": "MISC",
"name": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42",
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://issues.oss-fuzz.com/issues/42536330#comment6",
+ "url": "https://issues.oss-fuzz.com/issues/42536330#comment6"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280",
+ "url": "https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387",
+ "url": "https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27796.json b/2025/27xxx/CVE-2025-27796.json
index f6800724216..259edfd59b3 100644
--- a/2025/27xxx/CVE-2025-27796.json
+++ b/2025/27xxx/CVE-2025-27796.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation."
+ "value": "WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob."
}
]
},
@@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f",
+ "url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f"
+ },
{
"url": "http://www.graphicsmagick.org/NEWS.html",
"refsource": "MISC",