admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-08 09:00:39 +00:00
parent 81484ba863
commit a721d2b5cb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 385 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
2025/1xxx/CVE-2025-1252.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RTI",
"product": {
"product_data": [
{
"product_name": "Connext Professional",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.4.0",
"version_value": "7.5.0"
},
{
"version_affected": "<",
"version_name": "7.0.0",
"version_value": "7.3.0.7"
},
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "6.1.2.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1252",
"refsource": "MISC",
"name": "https://www.rti.com/vulnerabilities/#cve-2025-1252"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

69
2025/1xxx/CVE-2025-1253.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RTI",
"product": {
"product_data": [
{
"product_name": "Connext Professional",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.4.0",
"version_value": "7.5.0"
},
{
"version_affected": "<",
"version_name": "7.0.0",
"version_value": "7.3.0.7"
},
{
"version_affected": "<",
"version_name": "4.5",
"version_value": "6.1.2.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1253",
"refsource": "MISC",
"name": "https://www.rti.com/vulnerabilities/#cve-2025-1253"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

78
2025/1xxx/CVE-2025-1254.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RTI",
"product": {
"product_data": [
{
"product_name": "Connext Professional",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.4.0",
"version_value": "7.5.0"
},
{
"version_affected": "<",
"version_name": "7.0.0",
"version_value": "7.3.0.7"
},
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.1.2.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1254",
"refsource": "MISC",
"name": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

6
2025/2xxx/CVE-2025-2308.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was \"reject\" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to \"dispute\" the entries which is why they are flagged as such until further details become available."
"value": "A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release."
},
{
"lang": "deu",
"value": "** DISPUTED ** Es wurde eine kritische Schwachstelle in HDF5 1.14.6 gefunden. Hiervon betroffen ist die Funktion H5Z__scaleoffset_decompress_one_byte der Komponente Scale-Offset Filter. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
"value": "Es wurde eine kritische Schwachstelle in HDF5 1.14.6 gefunden. Hiervon betroffen ist die Funktion H5Z__scaleoffset_decompress_one_byte der Komponente Scale-Offset Filter. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -92,7 +92,7 @@
"credits": [
{
"lang": "en",
"value": "Zhang Yaoliang (VulDB User)"
"value": "NPU Unmanned Systems Safety Laboratory (VulDB User)"
}
],
"impact": {

6
2025/2xxx/CVE-2025-2309.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was \"reject\" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to \"dispute\" the entries which is why they are flagged as such until further details become available."
"value": "A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release."
},
{
"lang": "deu",
"value": "** DISPUTED ** In HDF5 1.14.6 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion H5T__bit_copy der Komponente Type Conversion Logic. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."
"value": "In HDF5 1.14.6 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion H5T__bit_copy der Komponente Type Conversion Logic. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -92,7 +92,7 @@
"credits": [
{
"lang": "en",
"value": "Zhang Yaoliang (VulDB User)"
"value": "NPU Unmanned Systems Safety Laboratory (VulDB User)"
}
],
"impact": {

6
2025/2xxx/CVE-2025-2310.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was \"reject\" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to \"dispute\" the entries which is why they are flagged as such until further details become available."
"value": "A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release."
},
{
"lang": "deu",
"value": "** DISPUTED ** Eine kritische Schwachstelle wurde in HDF5 1.14.6 gefunden. Betroffen davon ist die Funktion H5MM_strndup der Komponente Metadata Attribute Decoder. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
"value": "Eine kritische Schwachstelle wurde in HDF5 1.14.6 gefunden. Betroffen davon ist die Funktion H5MM_strndup der Komponente Metadata Attribute Decoder. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -92,7 +92,7 @@
"credits": [
{
"lang": "en",
"value": "Zhang Yaoliang (VulDB User)"
"value": "NPU Unmanned Systems Safety Laboratory (VulDB User)"
}
],
"impact": {

83
2025/40xxx/CVE-2025-40846.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-40846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@ncsc.ch",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and\u00a0inject JavaScript code to perform cross site scripting attack.\n\nThe vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HaloITSM",
"product": {
"product_data": [
{
"product_name": "ITSM",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": ">= 2.174.101",
"versionType": "patch"
},
{
"status": "unaffected",
"version": ">= 2.184.21",
"versionType": "Any version"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.haloservicedesk.com/kb?id=2501",
"refsource": "MISC",
"name": "https://support.haloservicedesk.com/kb?id=2501"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

18
2025/47xxx/CVE-2025-47724.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/47xxx/CVE-2025-47725.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/47xxx/CVE-2025-47726.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/47xxx/CVE-2025-47727.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47727",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/47xxx/CVE-2025-47728.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}