admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-07 17:00:35 +00:00
parent 0cbb6e7d41
commit 97db3511a6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
26 changed files with 1963 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2023/35xxx/CVE-2023-35894.json
View File

@ -1,17 +1,88 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-35894", "ID": "CVE-2023-35894",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"cweId": "CWE-644"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Control Center",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.2.1",
"version_value": "6.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7185101",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7185101"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

79
2023/43xxx/CVE-2023-43052.json
View File

@ -1,17 +1,88 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-43052", "ID": "CVE-2023-43052",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities",
"cweId": "CWE-435"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Control Center",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.2.1",
"version_value": "6.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7185102",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7185102"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
} }
] ]
} }

75
2024/12xxx/CVE-2024-12975.json
View File

@ -1,18 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12975", "ID": "CVE-2024-12975",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "product-security@silabs.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index",
"cweId": "CWE-129"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Simplicity SDK",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.silabs.com/069Vm00000LWXMeIAP",
"refsource": "MISC",
"name": "https://community.silabs.com/069Vm00000LWXMeIAP"
},
{
"url": "https://github.com/SiliconLabs/simplicity_sdk/releases",
"refsource": "MISC",
"name": "https://github.com/SiliconLabs/simplicity_sdk/releases"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

111
2024/13xxx/CVE-2024-13086.json
View File

@ -1,17 +1,120 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-13086", "ID": "CVE-2024-13086",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.x",
"version_value": "QTS 5.2.0.2851 build 20240808"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.x",
"version_value": "QuTS hero h5.2.0.2851 build 20240808"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-03",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-25-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-25-03",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QTS 5.2.0.2851 build 20240808 and later<br>QuTS hero h5.2.0.2851 build 20240808 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Christoph Kretz"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

123
2024/38xxx/CVE-2024-38638.json
View File

@ -1,18 +1,131 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-38638", "ID": "CVE-2024-38638",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nQTS 5.2.x/QuTS hero h5.2.x are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQuTS hero h5.1.9.2954 build 20241120 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "5.1.9.2954 build 20241120",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.2.x",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "h5.1.9.2954 build 20241120",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "h5.2.x",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-52",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-52"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-52",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.9.2954 build 20241120 and later<br>QuTS hero h5.1.9.2954 build 20241120 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQuTS hero h5.1.9.2954 build 20241120 and later"
}
],
"credits": [
{
"lang": "en",
"value": "leeya_bug"
}
]
} }

83
2024/48xxx/CVE-2024-48864.json
View File

@ -1,18 +1,91 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-48864", "ID": "CVE-2024-48864",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4741 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "File Station 5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.5.x",
"version_value": "5.5.6.4741"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-55",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-55"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-55",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>File Station 5 5.5.6.4741 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4741 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Pwn2Own 2024 - ExLuck of ANHTUD"
}
]
} }

88
2024/50xxx/CVE-2024-50390.json
View File

@ -1,18 +1,96 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-50390", "ID": "CVE-2024-50390",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1188",
"cweId": "CWE-1188"
},
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuRouter",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.x",
"version_value": "2.4.5.032"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-01",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-25-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-25-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.4.5.032 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Pwn2Own 2024 - Daan Keuper (@daankeuper), Thijs Alkemade, and Khaled Nassar from Computest Sector 7"
}
]
} }

83
2024/50xxx/CVE-2024-50394.json
View File

@ -1,18 +1,91 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-50394", "ID": "CVE-2024-50394",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "Helpdesk",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.x",
"version_value": "3.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-05",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-25-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-25-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>Helpdesk 3.3.3 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Corentin '@OnlyTheDuck' BAYET"
}
]
} }

100
2024/50xxx/CVE-2024-50405.json
View File

@ -1,18 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-50405", "ID": "CVE-2024-50405",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-93",
"cweId": "CWE-93"
},
{
"lang": "eng",
"value": "CWE-94",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Searat and izut"
}
]
} }

100
2024/53xxx/CVE-2024-53692.json
View File

@ -1,18 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53692", "ID": "CVE-2024-53692",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77",
"cweId": "CWE-77"
},
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "ZIEN"
}
]
} }

105
2024/53xxx/CVE-2024-53693.json
View File

@ -1,18 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53693", "ID": "CVE-2024-53693",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-93",
"cweId": "CWE-93"
},
{
"lang": "eng",
"value": "CWE-94",
"cweId": "CWE-94"
},
{
"lang": "eng",
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Searat and izut"
}
]
} }

107
2024/53xxx/CVE-2024-53694.json
View File

@ -1,18 +1,115 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53694", "ID": "CVE-2024-53694",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources.\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Device Client for Mac 2.2.5 and later\nQsync for Mac 5.1.3 and later\nQfinder Pro Mac 7.11.1 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QVPN Device Client for Mac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.5"
}
]
}
},
{
"product_name": "Qsync for Mac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.3"
}
]
}
},
{
"product_name": "Qfinder Pro Mac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.11.x",
"version_value": "7.11.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-51",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-51"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-51",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QVPN Device Client for Mac 2.2.5 and later<br>Qsync for Mac 5.1.3 and later<br>Qfinder Pro Mac 7.11.1 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQVPN Device Client for Mac 2.2.5 and later\nQsync for Mac 5.1.3 and later\nQfinder Pro Mac 7.11.1 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Mykola Grymalyuk"
}
]
} }

88
2024/53xxx/CVE-2024-53695.json
View File

@ -1,18 +1,96 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53695", "ID": "CVE-2024-53695",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
},
{
"lang": "eng",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "HBS 3 Hybrid Backup Sync",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "25.1.x",
"version_value": "25.1.4.952"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-06",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-25-06"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-25-06",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>HBS 3 Hybrid Backup Sync 25.1.4.952 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
}
],
"credits": [
{
"lang": "en",
"value": "CataLpa of Hatlab, Dbappsecurity Co. Ltd."
}
]
} }

112
2024/53xxx/CVE-2024-53696.json
View File

@ -1,18 +1,120 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53696", "ID": "CVE-2024-53696",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuLog Center",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.x.x",
"version_value": "1.7.0.829 ( 2024/10/01 )"
},
{
"version_affected": "<",
"version_name": "1.8.x.x",
"version_value": "1.8.0.888 ( 2024/10/15 )"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.5.x",
"version_value": "4.5.4.2957 build 20241119"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h4.5.x",
"version_value": "h4.5.4.2956 build 20241119"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-53",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-53"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-53",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.7.0.829 ( 2024/10/01 ) and later<br>QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br>QTS 4.5.4.2957 build 20241119 and later<br>QuTS hero h4.5.4.2956 build 20241119 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Aymen BORGI and Ibrahim AYADHI from RandoriSec"
}
]
} }

95
2024/53xxx/CVE-2024-53697.json
View File

@ -1,18 +1,103 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53697", "ID": "CVE-2024-53697",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "binhnt"
}
]
} }

95
2024/53xxx/CVE-2024-53698.json
View File

@ -1,18 +1,103 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53698", "ID": "CVE-2024-53698",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "binhnt"
}
]
} }

95
2024/53xxx/CVE-2024-53699.json
View File

@ -1,18 +1,103 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53699", "ID": "CVE-2024-53699",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.x",
"version_value": "5.2.3.3006 build 20250108"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.2.x",
"version_value": "h5.2.3.3006 build 20250108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-24-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-24-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.3.3006 build 20250108 and later<br>QuTS hero h5.2.3.3006 build 20250108 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
}
],
"credits": [
{
"lang": "en",
"value": "binhnt"
}
]
} }

88
2024/53xxx/CVE-2024-53700.json
View File

@ -1,18 +1,96 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-53700", "ID": "CVE-2024-53700",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@qnap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77",
"cweId": "CWE-77"
},
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuRouter",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.x",
"version_value": "2.4.6.028"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-07",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-25-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-25-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.4.6.028 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
}
],
"credits": [
{
"lang": "en",
"value": "Freddo Espresso (Evangelos Daravigkas)"
}
]
} }

79
2025/0xxx/CVE-2025-0162.json
View File

@ -1,17 +1,88 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-0162", "ID": "CVE-2025-0162",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Aspera Shares",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.9.9",
"version_value": "1.10.0 PL7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7185096",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7185096"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
} }
] ]
} }

5
2025/27xxx/CVE-2025-27370.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/", "name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/",
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/" "url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
},
{
"refsource": "MISC",
"name": "https://github.com/OWASP/ASVS/issues/2678",
"url": "https://github.com/OWASP/ASVS/issues/2678"
} }
] ]
} }

5
2025/27xxx/CVE-2025-27371.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/", "name": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/",
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/" "url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
},
{
"refsource": "MISC",
"name": "https://github.com/OWASP/ASVS/issues/2678",
"url": "https://github.com/OWASP/ASVS/issues/2678"
} }
] ]
} }

81
2025/27xxx/CVE-2025-27603.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27603", "ID": "CVE-2025-27603",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwikisas",
"product": {
"product_data": [
{
"product_name": "application-confluence-migrator-pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "> 1.0, < 1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8",
"refsource": "MISC",
"name": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8"
},
{
"url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d",
"refsource": "MISC",
"name": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d"
}
]
},
"source": {
"advisory": "GHSA-6qvp-39mm-95v8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

81
2025/27xxx/CVE-2025-27604.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27604", "ID": "CVE-2025-27604",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwikisas",
"product": {
"product_data": [
{
"product_name": "application-confluence-migrator-pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.11.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc",
"refsource": "MISC",
"name": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc"
},
{
"url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb",
"refsource": "MISC",
"name": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb"
}
]
},
"source": {
"advisory": "GHSA-3w9f-2pph-j5vc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

86
2025/27xxx/CVE-2025-27607.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27607", "ID": "CVE-2025-27607",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"cweId": "CWE-829"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nhairs",
"product": {
"product_data": [
{
"product_name": "python-json-logger",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.2.0, < 3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24",
"refsource": "MISC",
"name": "https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24"
},
{
"url": "https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a",
"refsource": "MISC",
"name": "https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a"
},
{
"url": "https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72",
"refsource": "MISC",
"name": "https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72"
}
]
},
"source": {
"advisory": "GHSA-wmxh-pxcx-9w24",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

17
2025/27xxx/CVE-2025-27795.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits." "value": "ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits."
} }
] ]
}, },
@ -61,6 +61,21 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42", "name": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42",
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42" "url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42"
},
{
"refsource": "MISC",
"name": "https://issues.oss-fuzz.com/issues/42536330#comment6",
"url": "https://issues.oss-fuzz.com/issues/42536330#comment6"
},
{
"refsource": "MISC",
"name": "https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280",
"url": "https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280"
},
{
"refsource": "MISC",
"name": "https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387",
"url": "https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387"
} }
] ]
} }

7
2025/27xxx/CVE-2025-27796.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation." "value": "WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob."
} }
] ]
}, },
@ -52,6 +52,11 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "MISC",
"name": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f",
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f"
},
{ {
"url": "http://www.graphicsmagick.org/NEWS.html", "url": "http://www.graphicsmagick.org/NEWS.html",
"refsource": "MISC", "refsource": "MISC",