admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-11 10:00:32 +00:00
parent 4062631c9f
commit b11b3b0b61
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 473 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2025/0xxx/CVE-2025-0525.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@octopus.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Existence Disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2020.6.4592",
"version_value": "2024.3.13007"
},
{
"version_affected": "<",
"version_name": "2024.4.401",
"version_value": "2024.4.6995"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisories.octopus.com/post/2024/sa2025-02/",
"refsource": "MISC",
"name": "https://advisories.octopus.com/post/2024/sa2025-02/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
}
}

18
2025/1xxx/CVE-2025-1226.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/1xxx/CVE-2025-1227.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

102
2025/26xxx/CVE-2025-26408.json
View File

@ -1,18 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"cweId": "CWE-1191"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wattsense",
"product": {
"product_data": [
{
"product_name": "Wattsense Bridge",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/wattsense",
"refsource": "MISC",
"name": "https://r.sec-consult.com/wattsense"
},
{
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes",
"refsource": "MISC",
"name": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The device is meant to be installed at a restricted access physical location according to the vendor and exploitation requires&nbsp;</span>more attacker knowledge and higher physical access. The issue will be put in the backlog of the Wattsense team."
}
],
"value": "The device is meant to be installed at a restricted access physical location according to the vendor and exploitation requires\u00a0more attacker knowledge and higher physical access. The issue will be put in the backlog of the Wattsense team."
}
],
"credits": [
{
"lang": "en",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
]
}

104
2025/26xxx/CVE-2025-26409.json
View File

@ -1,18 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in\u00a0recent firmware versions BSP >= 6.4.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"cweId": "CWE-1299"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"cweId": "CWE-1191"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wattsense",
"product": {
"product_data": [
{
"product_name": "Wattsense Bridge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "6.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/wattsense",
"refsource": "MISC",
"name": "https://r.sec-consult.com/wattsense"
},
{
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes",
"refsource": "MISC",
"name": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in recent firmware versions BSP &gt;= 6.4.1."
}
],
"value": "This issue is fixed in recent firmware versions BSP >= 6.4.1."
}
],
"credits": [
{
"lang": "en",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
]
}

95
2025/26xxx/CVE-2025-26410.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wattsense",
"product": {
"product_data": [
{
"product_name": "Wattsense Bridge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "6.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/wattsense",
"refsource": "MISC",
"name": "https://r.sec-consult.com/wattsense"
},
{
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes",
"refsource": "MISC",
"name": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in recent firmware versions BSP &gt;= 6.4.1."
}
],
"value": "This issue is fixed in recent firmware versions BSP >= 6.4.1."
}
],
"credits": [
{
"lang": "en",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
]
}

95
2025/26xxx/CVE-2025-26411.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface\u00a0to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wattsense",
"product": {
"product_data": [
{
"product_name": "Wattsense Bridge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "6.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/wattsense",
"refsource": "MISC",
"name": "https://r.sec-consult.com/wattsense"
},
{
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes",
"refsource": "MISC",
"name": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in recent firmware versions BSP &gt;= 6.1.0."
}
],
"value": "This issue is fixed in recent firmware versions BSP >= 6.1.0."
}
],
"credits": [
{
"lang": "en",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
]
}