admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-13 07:00:32 +00:00
parent bc90625243
commit a16aecec8c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 549 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
2024/11xxx/CVE-2024-11218.json
View File

@ -289,7 +289,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-22.rhaos4.14.el9",
"version": "3:4.4.1-22.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -310,7 +310,21 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-33.rhaos4.15.el9",
"version": "3:4.4.1-33.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.29.5-1.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -359,7 +373,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.33.12-1.rhaos4.16.el8",
"version": "2:1.33.12-1.rhaos4.16.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -394,7 +408,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5:5.2.2-2.rhaos4.17.el9",
"version": "5:5.2.2-2.rhaos4.17.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -408,7 +422,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.33.12-1.rhaos4.17.el8",
"version": "2:1.33.12-1.rhaos4.17.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -562,6 +576,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2454"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2456"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11218",
"refsource": "MISC",

100
2024/7xxx/CVE-2024-7296.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.5",
"version_value": "17.7.7"
},
{
"version_affected": "<",
"version_name": "17.8",
"version_value": "17.8.5"
},
{
"version_affected": "<",
"version_name": "17.9",
"version_value": "17.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/475056",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/475056"
},
{
"url": "https://hackerone.com/reports/2602274",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2602274"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.7.7, 17.8.5, 17.9.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
}
]
}

76
2025/1xxx/CVE-2025-1119.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "croixhaug",
"product": {
"product_data": [
{
"product_name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be557db-daa8-4d86-819a-462f29da884b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be557db-daa8-4d86-819a-462f29da884b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3250719/simply-schedule-appointments/trunk/booking-app-new/page-appointment-edit.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3250719/simply-schedule-appointments/trunk/booking-app-new/page-appointment-edit.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Luciano Hanna"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

100
2025/1xxx/CVE-2025-1257.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "17.7.7"
},
{
"version_affected": "<",
"version_name": "17.8",
"version_value": "17.8.5"
},
{
"version_affected": "<",
"version_name": "17.9",
"version_value": "17.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/519348",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/519348"
},
{
"url": "https://hackerone.com/reports/2984218",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2984218"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 17.9.2, 17.8.5, 17.7.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

88
2025/1xxx/CVE-2025-1354.json
View File

@ -11,11 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Asus RT-N12E 2.0.0.19 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei sysinfo.asp. Durch das Manipulieren des Arguments SSID mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN"
}
]
},
@ -25,19 +21,10 @@
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
@ -45,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Asus",
"vendor_name": "ASUS",
"product": {
"product_data": [
{
@ -53,8 +40,35 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0.19"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "before 2.0.0.39"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "RT-N10E",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "before 2.0.0.39"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -83,37 +97,27 @@
"name": "https://vuldb.com/?submit.496013"
},
{
"url": "https://www.asus.com/",
"url": "https://www.asus.com/supportonly/rt-n10e/helpdesk_bios/",
"refsource": "MISC",
"name": "https://www.asus.com/"
"name": "https://www.asus.com/supportonly/rt-n10e/helpdesk_bios/"
},
{
"url": "https://www.asus.com/supportonly/rt-n12e/helpdesk_bios/",
"refsource": "MISC",
"name": "https://www.asus.com/supportonly/rt-n12e/helpdesk_bios/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Fergod (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}
]
}

18
2025/29xxx/CVE-2025-29993.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/29xxx/CVE-2025-29994.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/29xxx/CVE-2025-29995.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29995",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/29xxx/CVE-2025-29996.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29996",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/29xxx/CVE-2025-29997.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/29xxx/CVE-2025-29998.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

107
2025/2xxx/CVE-2025-2271.json Normal file
View File

@ -0,0 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-2271",
"ASSIGNER": "ict.security@gridware.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "issuetrak",
"product": {
"product_data": [
{
"product_name": "audit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Issuetrak 17.2.2 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes",
"refsource": "MISC",
"name": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "USER"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update to issuetrak to version 17.3 and beyond.</p>"
}
],
"value": "Update to issuetrak to version 17.3 and beyond."
}
],
"credits": [
{
"lang": "en",
"value": "Francesco Varotto"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}