diff --git a/2023/52xxx/CVE-2023-52163.json b/2023/52xxx/CVE-2023-52163.json index 75d5c24a4c6..7bad693e41f 100644 --- a/2023/52xxx/CVE-2023-52163.json +++ b/2023/52xxx/CVE-2023-52163.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-52163", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-52163", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/digiever-fixes-sorely-needed/", + "url": "https://www.txone.com/blog/digiever-fixes-sorely-needed/" + }, + { + "refsource": "MISC", + "name": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing", + "url": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing" } ] } diff --git a/2023/52xxx/CVE-2023-52164.json b/2023/52xxx/CVE-2023-52164.json index b58649f251a..02a7aca40a8 100644 --- a/2023/52xxx/CVE-2023-52164.json +++ b/2023/52xxx/CVE-2023-52164.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-52164", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-52164", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/digiever-fixes-sorely-needed/", + "url": "https://www.txone.com/blog/digiever-fixes-sorely-needed/" + }, + { + "refsource": "MISC", + "name": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing", + "url": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing" } ] } diff --git a/2024/35xxx/CVE-2024-35177.json b/2024/35xxx/CVE-2024-35177.json index 40bc5d2d5de..e672f33faf1 100644 --- a/2024/35xxx/CVE-2024-35177.json +++ b/2024/35xxx/CVE-2024-35177.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wazuh", + "product": { + "product_data": [ + { + "product_name": "wazuh", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 4.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv", + "refsource": "MISC", + "name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv" + } + ] + }, + "source": { + "advisory": "GHSA-pmr2-2r83-h3cv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47770.json b/2024/47xxx/CVE-2024-47770.json index e11dd4476f9..59e6223c7ea 100644 --- a/2024/47xxx/CVE-2024-47770.json +++ b/2024/47xxx/CVE-2024-47770.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wazuh", + "product": { + "product_data": [ + { + "product_name": "wazuh", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv", + "refsource": "MISC", + "name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv" + } + ] + }, + "source": { + "advisory": "GHSA-648q-8m78-5cwv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1006.json b/2025/1xxx/CVE-2025-1006.json new file mode 100644 index 00000000000..ceb82227e5b --- /dev/null +++ b/2025/1xxx/CVE-2025-1006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22129.json b/2025/22xxx/CVE-2025-22129.json index 714fa3c4969..6003cf31543 100644 --- a/2025/22xxx/CVE-2025-22129.json +++ b/2025/22xxx/CVE-2025-22129.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Enalean", + "product": { + "product_data": [ + { + "product_name": "tuleap", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 16.3.99.1736242932" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=41434", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/tracker/?aid=41434" + } + ] + }, + "source": { + "advisory": "GHSA-f34g-wc2m-mf76", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23210.json b/2025/23xxx/CVE-2025-23210.json index 1657b60af0d..5f0108efee8 100644 --- a/2025/23xxx/CVE-2025-23210.json +++ b/2025/23xxx/CVE-2025-23210.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPOffice", + "product": { + "product_data": [ + { + "product_name": "PhpSpreadsheet", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.9.0" + }, + { + "version_affected": "=", + "version_value": ">= 2.2.0, < 2.3.7" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.1.8" + }, + { + "version_affected": "=", + "version_value": "< 1.29.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r57h-547h-w24f", + "refsource": "MISC", + "name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r57h-547h-w24f" + }, + { + "url": "https://github.com/PHPOffice/PhpSpreadsheet/commit/cde2926a9e2baf146783f8fd1771bbed7d1dc7b3", + "refsource": "MISC", + "name": "https://github.com/PHPOffice/PhpSpreadsheet/commit/cde2926a9e2baf146783f8fd1771bbed7d1dc7b3" + } + ] + }, + "source": { + "advisory": "GHSA-r57h-547h-w24f", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24029.json b/2025/24xxx/CVE-2025-24029.json index 1dc2656bad3..9543621369b 100644 --- a/2025/24xxx/CVE-2025-24029.json +++ b/2025/24xxx/CVE-2025-24029.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Enalean", + "product": { + "product_data": [ + { + "product_name": "tuleap", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 16.3.99.1737562605" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=41476", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/tracker/?aid=41476" + } + ] + }, + "source": { + "advisory": "GHSA-hq46-63pc-xfv9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24370.json b/2025/24xxx/CVE-2025-24370.json index c8fac5ed801..8e0abf0e7e5 100644 --- a/2025/24xxx/CVE-2025-24370.json +++ b/2025/24xxx/CVE-2025-24370.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24370", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes", + "cweId": "CWE-915" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "adamghill", + "product": { + "product_data": [ + { + "product_name": "django-unicorn", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.62.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43", + "refsource": "MISC", + "name": "https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43" + }, + { + "url": "https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c", + "refsource": "MISC", + "name": "https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c" + } + ] + }, + "source": { + "advisory": "GHSA-g9wf-5777-gq43", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24371.json b/2025/24xxx/CVE-2025-24371.json index 6a19a32f500..285a309b385 100644 --- a/2025/24xxx/CVE-2025-24371.json +++ b/2025/24xxx/CVE-2025-24371.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn't check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703: Improper Check or Handling of Exceptional Conditions", + "cweId": "CWE-703" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cometbft", + "product": { + "product_data": [ + { + "product_name": "cometbft", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.38.17" + }, + { + "version_affected": "=", + "version_value": "= 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4", + "refsource": "MISC", + "name": "https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4" + }, + { + "url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.17", + "refsource": "MISC", + "name": "https://github.com/cometbft/cometbft/releases/tag/v0.38.17" + }, + { + "url": "https://github.com/cometbft/cometbft/releases/tag/v1.0.1", + "refsource": "MISC", + "name": "https://github.com/cometbft/cometbft/releases/tag/v1.0.1" + } + ] + }, + "source": { + "advisory": "GHSA-22qq-3xwm-r5x4", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24899.json b/2025/24xxx/CVE-2025-24899.json index 9615c1a715b..7e2594adca4 100644 --- a/2025/24xxx/CVE-2025-24899.json +++ b/2025/24xxx/CVE-2025-24899.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yogeshojha", + "product": { + "product_data": [ + { + "product_name": "rengine", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38", + "refsource": "MISC", + "name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38" + }, + { + "url": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99", + "refsource": "MISC", + "name": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99" + } + ] + }, + "source": { + "advisory": "GHSA-r3fp-xr9f-wv38", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24901.json b/2025/24xxx/CVE-2025-24901.json index d5083a2065a..2960495bb83 100644 --- a/2025/24xxx/CVE-2025-24901.json +++ b/2025/24xxx/CVE-2025-24901.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc" + } + ] + }, + "source": { + "advisory": "GHSA-jp48-94wm-3gmc", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24902.json b/2025/24xxx/CVE-2025-24902.json index baf40256339..525ed601ab8 100644 --- a/2025/24xxx/CVE-2025-24902.json +++ b/2025/24xxx/CVE-2025-24902.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp" + } + ] + }, + "source": { + "advisory": "GHSA-pg73-w9vx-8mgp", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24905.json b/2025/24xxx/CVE-2025-24905.json index 916b5fca426..652a3c20bf5 100644 --- a/2025/24xxx/CVE-2025-24905.json +++ b/2025/24xxx/CVE-2025-24905.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m" + } + ] + }, + "source": { + "advisory": "GHSA-qjc6-5qv6-fr8m", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24906.json b/2025/24xxx/CVE-2025-24906.json index bb28f892e2f..905a7b898ed 100644 --- a/2025/24xxx/CVE-2025-24906.json +++ b/2025/24xxx/CVE-2025-24906.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm" + } + ] + }, + "source": { + "advisory": "GHSA-jpph-g9p7-9jrm", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24957.json b/2025/24xxx/CVE-2025-24957.json index 88357ee3490..e2946df1f80 100644 --- a/2025/24xxx/CVE-2025-24957.json +++ b/2025/24xxx/CVE-2025-24957.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9" + } + ] + }, + "source": { + "advisory": "GHSA-x28g-6228-99p9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24958.json b/2025/24xxx/CVE-2025-24958.json index 1616421c4ec..1862269f0a1 100644 --- a/2025/24xxx/CVE-2025-24958.json +++ b/2025/24xxx/CVE-2025-24958.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx" + } + ] + }, + "source": { + "advisory": "GHSA-2mhx-5998-46hx", + "discovery": "UNKNOWN" } } \ No newline at end of file