admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-15 11:00:34 +00:00
parent 7a54911f51
commit 991513b2ee
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 190 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2025/1xxx/CVE-2025-1688.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@milestonesys.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Milestone Systems",
"product": {
"product_data": [
{
"product_name": "XProtect",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "24.1",
"version_value": "24.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US",
"refsource": "MISC",
"name": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm?Highlight=System%20configuration%20password%20(explained)#Changethesystemconfigurationpasswordsettings\">Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2</a>"
}
],
"value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2 https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

4
2025/22xxx/CVE-2025-22371.json
View File

@ -66,9 +66,9 @@
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22371",
"url": "https://csirt.divd.nl/CVE-2025-22371",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22371"
"name": "https://csirt.divd.nl/CVE-2025-22371"
}
]
},

4
2025/22xxx/CVE-2025-22372.json
View File

@ -66,9 +66,9 @@
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22372",
"url": "https://csirt.divd.nl/CVE-2025-22372",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22372"
"name": "https://csirt.divd.nl/CVE-2025-22372"
}
]
},

4
2025/22xxx/CVE-2025-22373.json
View File

@ -66,9 +66,9 @@
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22373",
"url": "https://csirt.divd.nl/CVE-2025-22373",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22373"
"name": "https://csirt.divd.nl/CVE-2025-22373"
}
]
},

82
2025/32xxx/CVE-2025-32943.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows any authenticated user to leak the contents of arbitrary \u201c.m3u8\u201d files from the PeerTube server due to a path traversal in the HLS endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1",
"refsource": "MISC",
"name": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"
},
{
"url": "https://research.jfrog.com/vulnerabilities/peertube-hls-path-traversal/",
"refsource": "MISC",
"name": "https://research.jfrog.com/vulnerabilities/peertube-hls-path-traversal/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

18
2025/3xxx/CVE-2025-3635.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}