From a9c27c9d85207d9203df3b04a06580c833fde571 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 1 Apr 2025 21:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/29xxx/CVE-2025-29033.json | 56 +++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29036.json | 66 ++++++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29049.json | 61 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29069.json | 56 +++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29070.json | 56 +++++++++++++++++++++++++---- 5 files changed, 265 insertions(+), 30 deletions(-) diff --git a/2025/29xxx/CVE-2025-29033.json b/2025/29xxx/CVE-2025-29033.json index 16efa99fb33..e311501170e 100644 --- a/2025/29xxx/CVE-2025-29033.json +++ b/2025/29xxx/CVE-2025-29033.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=\" HTTP GET parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect", + "refsource": "MISC", + "name": "https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect" } ] } diff --git a/2025/29xxx/CVE-2025-29036.json b/2025/29xxx/CVE-2025-29036.json index b526cacdbcd..a32c787af47 100644 --- a/2025/29xxx/CVE-2025-29036.json +++ b/2025/29xxx/CVE-2025-29036.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sahat/hackathon-starter/issues/1326", + "refsource": "MISC", + "name": "https://github.com/sahat/hackathon-starter/issues/1326" + }, + { + "url": "https://github.com/sahat/hackathon-starter/pull/1328", + "refsource": "MISC", + "name": "https://github.com/sahat/hackathon-starter/pull/1328" + }, + { + "refsource": "MISC", + "name": "https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036", + "url": "https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036" } ] } diff --git a/2025/29xxx/CVE-2025-29049.json b/2025/29xxx/CVE-2025-29049.json index 471a20e95d0..e91fa0fd7db 100644 --- a/2025/29xxx/CVE-2025-29049.json +++ b/2025/29xxx/CVE-2025-29049.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/advisories/GHSA-qwj6-q94f-8425", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-qwj6-q94f-8425" + }, + { + "url": "https://github.com/arnog/mathlive/commit/abc26056fd5e29a99edfa96a0bbe855ea2a8b678", + "refsource": "MISC", + "name": "https://github.com/arnog/mathlive/commit/abc26056fd5e29a99edfa96a0bbe855ea2a8b678" } ] } diff --git a/2025/29xxx/CVE-2025-29069.json b/2025/29xxx/CVE-2025-29069.json index e3a0be9eabe..a848fd77667 100644 --- a/2025/29xxx/CVE-2025-29069.json +++ b/2025/29xxx/CVE-2025-29069.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mm2/Little-CMS/issues/476", + "refsource": "MISC", + "name": "https://github.com/mm2/Little-CMS/issues/476" } ] } diff --git a/2025/29xxx/CVE-2025-29070.json b/2025/29xxx/CVE-2025-29070.json index de4aa52b8f1..6192da95172 100644 --- a/2025/29xxx/CVE-2025-29070.json +++ b/2025/29xxx/CVE-2025-29070.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mm2/Little-CMS/issues/475", + "refsource": "MISC", + "name": "https://github.com/mm2/Little-CMS/issues/475" } ] }