diff --git a/2024/6xxx/CVE-2024-6221.json b/2024/6xxx/CVE-2024-6221.json index 19494eedd35..5608dc25a22 100644 --- a/2024/6xxx/CVE-2024-6221.json +++ b/2024/6xxx/CVE-2024-6221.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions." + "value": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions." } ] }, @@ -40,9 +40,9 @@ "version": { "version_data": [ { - "version_affected": "<=", + "version_affected": "<", "version_name": "unspecified", - "version_value": "latest" + "version_value": "5.0.0" } ] } @@ -59,6 +59,11 @@ "url": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d", "refsource": "MISC", "name": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d" + }, + { + "url": "https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf", + "refsource": "MISC", + "name": "https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf" } ] }, diff --git a/2025/28xxx/CVE-2025-28400.json b/2025/28xxx/CVE-2025-28400.json index 3ddaef5278b..91140eb6c66 100644 --- a/2025/28xxx/CVE-2025-28400.json +++ b/2025/28xxx/CVE-2025-28400.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28400", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28400", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md" } ] } diff --git a/2025/28xxx/CVE-2025-28401.json b/2025/28xxx/CVE-2025-28401.json index 51098bc6374..0dd3a4a9ee7 100644 --- a/2025/28xxx/CVE-2025-28401.json +++ b/2025/28xxx/CVE-2025-28401.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28401", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28401", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" } ] } diff --git a/2025/28xxx/CVE-2025-28402.json b/2025/28xxx/CVE-2025-28402.json index fc00a4c72fc..a01841ded42 100644 --- a/2025/28xxx/CVE-2025-28402.json +++ b/2025/28xxx/CVE-2025-28402.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28402", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28402", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md" } ] } diff --git a/2025/28xxx/CVE-2025-28403.json b/2025/28xxx/CVE-2025-28403.json index 288d2708adf..978c1b7bb0f 100644 --- a/2025/28xxx/CVE-2025-28403.json +++ b/2025/28xxx/CVE-2025-28403.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28403", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28403", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md" } ] } diff --git a/2025/28xxx/CVE-2025-28405.json b/2025/28xxx/CVE-2025-28405.json index 202d2d6f252..6c714b2d345 100644 --- a/2025/28xxx/CVE-2025-28405.json +++ b/2025/28xxx/CVE-2025-28405.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28405", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28405", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md" } ] } diff --git a/2025/28xxx/CVE-2025-28406.json b/2025/28xxx/CVE-2025-28406.json index 62cf20a17f9..4aaa10b6c36 100644 --- a/2025/28xxx/CVE-2025-28406.json +++ b/2025/28xxx/CVE-2025-28406.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28406", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28406", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md" } ] } diff --git a/2025/28xxx/CVE-2025-28407.json b/2025/28xxx/CVE-2025-28407.json index fa456320f82..cc295adbed9 100644 --- a/2025/28xxx/CVE-2025-28407.json +++ b/2025/28xxx/CVE-2025-28407.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28407", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28407", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md" } ] } diff --git a/2025/28xxx/CVE-2025-28408.json b/2025/28xxx/CVE-2025-28408.json index 6eb8e9e24d7..15e19680414 100644 --- a/2025/28xxx/CVE-2025-28408.json +++ b/2025/28xxx/CVE-2025-28408.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28408", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28408", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md" } ] } diff --git a/2025/28xxx/CVE-2025-28409.json b/2025/28xxx/CVE-2025-28409.json index f562e7d6e3d..68f514a7b1f 100644 --- a/2025/28xxx/CVE-2025-28409.json +++ b/2025/28xxx/CVE-2025-28409.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28409", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28409", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md" } ] } diff --git a/2025/28xxx/CVE-2025-28410.json b/2025/28xxx/CVE-2025-28410.json index ea9ca887c59..cf780e56197 100644 --- a/2025/28xxx/CVE-2025-28410.json +++ b/2025/28xxx/CVE-2025-28410.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28410", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28410", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md" } ] } diff --git a/2025/28xxx/CVE-2025-28411.json b/2025/28xxx/CVE-2025-28411.json index c4a552fca61..4a6fe90f50f 100644 --- a/2025/28xxx/CVE-2025-28411.json +++ b/2025/28xxx/CVE-2025-28411.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28411.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28411.md" } ] } diff --git a/2025/28xxx/CVE-2025-28412.json b/2025/28xxx/CVE-2025-28412.json index 43ede3aacfc..7971dcb670f 100644 --- a/2025/28xxx/CVE-2025-28412.json +++ b/2025/28xxx/CVE-2025-28412.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28412.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28412.md" } ] } diff --git a/2025/28xxx/CVE-2025-28413.json b/2025/28xxx/CVE-2025-28413.json index 3cc0e781ce8..04ec03eeeed 100644 --- a/2025/28xxx/CVE-2025-28413.json +++ b/2025/28xxx/CVE-2025-28413.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangzongzhuan/RuoYi", + "refsource": "MISC", + "name": "https://github.com/yangzongzhuan/RuoYi" + }, + { + "refsource": "MISC", + "name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28413.md", + "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28413.md" } ] } diff --git a/2025/2xxx/CVE-2025-2877.json b/2025/2xxx/CVE-2025-2877.json index e8bbb36b3e1..56ae9b4a7bf 100644 --- a/2025/2xxx/CVE-2025-2877.json +++ b/2025/2xxx/CVE-2025-2877.json @@ -36,12 +36,41 @@ "product": { "product_data": [ { - "product_name": "Red Hat Ansible Automation Platform 2", + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.0.8-2.el8ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.0.8-2.el9ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -56,6 +85,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:3636", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3636" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-2877", "refsource": "MISC", @@ -68,6 +102,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], "impact": { "cvss": [ { diff --git a/2025/32xxx/CVE-2025-32408.json b/2025/32xxx/CVE-2025-32408.json new file mode 100644 index 00000000000..53a4a1509d4 --- /dev/null +++ b/2025/32xxx/CVE-2025-32408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-32408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3372.json b/2025/3xxx/CVE-2025-3372.json index 80564d66459..51d88125ebd 100644 --- a/2025/3xxx/CVE-2025-3372.json +++ b/2025/3xxx/CVE-2025-3372.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3372", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente MKDIR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303618", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303618" + }, + { + "url": "https://vuldb.com/?ctiid.303618", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303618" + }, + { + "url": "https://vuldb.com/?submit.552273", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.552273" + }, + { + "url": "https://fitoxs.com/exploit/01-exploit.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/01-exploit.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3373.json b/2025/3xxx/CVE-2025-3373.json index ba54cb613a9..0cb2b41cca0 100644 --- a/2025/3xxx/CVE-2025-3373.json +++ b/2025/3xxx/CVE-2025-3373.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In PCMan FTP Server 2.0.7 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente SITE CHMOD Command Handler. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303619", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303619" + }, + { + "url": "https://vuldb.com/?ctiid.303619", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303619" + }, + { + "url": "https://vuldb.com/?submit.552274", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.552274" + }, + { + "url": "https://fitoxs.com/exploit/exploit2.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit2.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3424.json b/2025/3xxx/CVE-2025-3424.json new file mode 100644 index 00000000000..9b90b1b4fb1 --- /dev/null +++ b/2025/3xxx/CVE-2025-3424.json @@ -0,0 +1,80 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-3424", + "ASSIGNER": "productsecurity@philips.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IntelliSpace portal application utilizes .NET\nRemoting for its functionality. The vulnerability arises from the exploitation\nof port 755 through the \"Object Marshalling\" technique, which allows\nan attacker to read internal files without any authentication. This is possible\nby crafting specific .NET Remoting URLs derived from information enumerated in\nthe client-side configuration files.\n\n\n\n\n\n\n\nThis issue affects IntelliSpace Portal: 12 and prior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Philips", + "product": { + "product_data": [ + { + "product_name": "IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cve.org/CVERecord?id=CVE-2025-3424", + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2025-3424" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Victor A Morales" + }, + { + "lang": "en", + "value": "Omar A Crespo" + } + ] +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3425.json b/2025/3xxx/CVE-2025-3425.json new file mode 100644 index 00000000000..99be80ce5a7 --- /dev/null +++ b/2025/3xxx/CVE-2025-3425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file