admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-05 23:00:32 +00:00
parent f50de77c1d
commit a4a423b045
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 356 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2019/20xxx/CVE-2019-20208.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow."
"value": "dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/blob/v0.5.2/src/isomedia/box_code_3gpp.c#L1100",
"url": "https://github.com/gpac/gpac/blob/v0.5.2/src/isomedia/box_code_3gpp.c#L1100"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e",
"url": "https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"
}
]
}

12
2020/24xxx/CVE-2020-24829.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file."
"value": "An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file."
}
]
},
@ -56,6 +56,16 @@
"url": "https://github.com/gpac/gpac/issues/1422",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1422"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2",
"url": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204",
"url": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204"
}
]
}

7
2021/30xxx/CVE-2021-30014.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash."
"value": "There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"url": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/blob/v0.9.0-preview/src/media_tools/av_parsers.c#L6731",
"url": "https://github.com/gpac/gpac/blob/v0.9.0-preview/src/media_tools/av_parsers.c#L6731"
}
]
}

7
2021/30xxx/CVE-2021-30022.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash."
"value": "There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"url": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/av_parsers.c#L2344",
"url": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/av_parsers.c#L2344"
}
]
}

18
2022/43xxx/CVE-2022-43454.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

41
2024/9xxx/CVE-2024-9355.json
View File

@ -165,7 +165,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
},
{
@ -329,6 +329,19 @@
]
}
},
{
"product_name": "Streams for Apache Kafka 2.9.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "NBDE Tang Server",
"version": {
@ -616,6 +629,12 @@
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -658,7 +677,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
}
]
@ -864,19 +883,6 @@
}
]
}
},
{
"product_name": "streams for Apache Kafka",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -921,6 +927,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9551"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2416",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2416"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9355",
"refsource": "MISC",

69
2025/27xxx/CVE-2025-27622.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27622",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495"
}
]
}

69
2025/27xxx/CVE-2025-27623.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27623",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496"
}
]
}

69
2025/27xxx/CVE-2025-27624.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3498",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3498"
}
]
}

69
2025/27xxx/CVE-2025-27625.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501"
}
]
}

18
2025/2xxx/CVE-2025-2011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}