admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-31 18:00:36 +00:00
parent 20465092b7
commit acfc0e031d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 269 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/13xxx/CVE-2024-13818.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

48
2025/0xxx/CVE-2025-0626.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device."
"value": "Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device."
}
]
},
@ -39,18 +39,6 @@
"product_name": "CMS8000 Patient Monitor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Firmware version smart3250-2.6.27-wlan2.1.7.cramfs"
},
{
"version_affected": "=",
"version_value": "Firmware version CMS7.820.075.08/0.74(0.75)"
},
{
"version_affected": "=",
"version_value": "Firmware version CMS7.820.120.01/0.93(0.95)"
},
{
"version_affected": "=",
"version_value": "All versions"
@ -70,6 +58,11 @@
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01"
},
{
"url": "https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication",
"refsource": "MISC",
"name": "https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication"
}
]
},
@ -77,7 +70,8 @@
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
"advisory": "ICSMA-25-030-01",
"discovery": "EXTERNAL"
},
"solution": [
{
@ -91,5 +85,29 @@
],
"value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.\n\nPlease note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ."
}
]
],
"credits": [
{
"lang": "en",
"value": "An anonymous researcher reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

48
2025/0xxx/CVE-2025-0683.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario."
"value": "In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text \npatient data to a hard-coded public IP address when a patient is hooked \nup to the monitor. This could lead to a leakage of confidential patient \ndata to any device with that IP address or an attacker in a \nmachine-in-the-middle scenario."
}
]
},
@ -39,18 +39,6 @@
"product_name": "CMS8000 Patient Monitor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Firmware version smart3250-2.6.27-wlan2.1.7.cramfs"
},
{
"version_affected": "=",
"version_value": "Firmware version CMS7.820.075.08/0.74(0.75)"
},
{
"version_affected": "=",
"version_value": "Firmware version CMS7.820.120.01/0.93(0.95)"
},
{
"version_affected": "=",
"version_value": "All versions"
@ -70,6 +58,11 @@
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01"
},
{
"url": "https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication",
"refsource": "MISC",
"name": "https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication"
}
]
},
@ -77,7 +70,8 @@
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
"advisory": "ICSMA-25-030-01",
"discovery": "EXTERNAL"
},
"solution": [
{
@ -91,5 +85,29 @@
],
"value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.\n\nPlease note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ."
}
]
],
"credits": [
{
"lang": "en",
"value": "An anonymous researcher reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

18
2025/0xxx/CVE-2025-0936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0937.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

76
2025/0xxx/CVE-2025-0938.json Normal file
View File

@ -0,0 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-0938",
"ASSIGNER": "cna@python.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Python Software Foundation",
"product": {
"product_data": [
{
"product_name": "CPython",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.14.0a5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/python/cpython/issues/105704",
"refsource": "MISC",
"name": "https://github.com/python/cpython/issues/105704"
},
{
"url": "https://github.com/python/cpython/pull/129418",
"refsource": "MISC",
"name": "https://github.com/python/cpython/pull/129418"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

18
2025/0xxx/CVE-2025-0939.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2025/23xxx/CVE-2025-23001.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-23001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CTFd/CTFd",
"refsource": "MISC",
"name": "https://github.com/CTFd/CTFd"
},
{
"refsource": "MISC",
"name": "https://codetoanbug.com/poc-cve-2025-23001-ctfd-english/",
"url": "https://codetoanbug.com/poc-cve-2025-23001-ctfd-english/"
}
]
}