admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-05 00:00:32 +00:00
parent e9eb1349a0
commit b4284b9cba
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
20 changed files with 722 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/13xxx/CVE-2024-13920.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13921.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13922.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13922",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13923.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

98
2025/1xxx/CVE-2025-1316.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Edimax",
"product": {
"product_data": [
{
"product_name": "IC-7100 IP Camera",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-063-08",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/\">Edimax customer support</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to Edimax customer support https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/ ."
}
],
"credits": [
{
"lang": "en",
"value": "Akamai SIRT reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

24
2025/1xxx/CVE-2025-1930.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8."
"value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -85,6 +97,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1931.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8."
"value": "It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -85,6 +97,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1932.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
"value": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1933.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8."
"value": "On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -85,6 +97,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1934.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
"value": "It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1935.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
"value": "A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1936.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
"value": "jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1937.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8."
"value": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -85,6 +97,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

24
2025/1xxx/CVE-2025-1938.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
"value": "Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-18/"
}
]
},

19
2025/1xxx/CVE-2025-1942.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136."
"value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-14/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
}
]
},

19
2025/1xxx/CVE-2025-1943.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136."
"value": "Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "136"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-14/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-17/"
}
]
},

109
2025/1xxx/CVE-2025-1962.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in projectworlds Online Hotel Booking 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/addroom.php. Dank Manipulation des Arguments roomname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "projectworlds",
"product": {
"product_data": [
{
"product_name": "Online Hotel Booking",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.298563",
"refsource": "MISC",
"name": "https://vuldb.com/?id.298563"
},
{
"url": "https://vuldb.com/?ctiid.298563",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.298563"
},
{
"url": "https://vuldb.com/?submit.511426",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.511426"
},
{
"url": "https://github.com/ubfbuz3/cve/issues/1",
"refsource": "MISC",
"name": "https://github.com/ubfbuz3/cve/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "lql120 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2025/1xxx/CVE-2025-1976.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

99
2025/21xxx/CVE-2025-21092.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GMOD",
"product": {
"product_data": [
{
"product_name": "Apollo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-063-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">GMOD recommends users to update to the newest Version </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/GMOD/Apollo\">2.8.0</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "GMOD recommends users to update to the newest Version 2.8.0 https://github.com/GMOD/Apollo ."
}
],
"credits": [
{
"lang": "en",
"value": "CISA reported these vulnerabilities to GMOD."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

99
2025/23xxx/CVE-2025-23410.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When uploading organism or sequence data via the web interface, \n GMOD Apollo\n\n will unzip and inspect the files and will not check for path\n traversal in supported archive types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GMOD",
"product": {
"product_data": [
{
"product_name": "Apollo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-063-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">GMOD recommends users to update to the newest Version </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/GMOD/Apollo\">2.8.0</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "GMOD recommends users to update to the newest Version 2.8.0 https://github.com/GMOD/Apollo ."
}
],
"credits": [
{
"lang": "en",
"value": "CISA reported these vulnerabilities to GMOD."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}