diff --git a/2024/13xxx/CVE-2024-13153.json b/2024/13xxx/CVE-2024-13153.json index 86a86fbd576..57e9f460b1e 100644 --- a/2024/13xxx/CVE-2024-13153.json +++ b/2024/13xxx/CVE-2024-13153.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "unitecms", + "product": { + "product_data": [ + { + "product_name": "Unlimited Elements For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.5.135" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve" + }, + { + "url": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers" + }, + { + "url": "https://unlimited-elements.com/change-log/", + "refsource": "MISC", + "name": "https://unlimited-elements.com/change-log/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13205.json b/2024/13xxx/CVE-2024-13205.json index 391f3c837ee..9816853c55a 100644 --- a/2024/13xxx/CVE-2024-13205.json +++ b/2024/13xxx/CVE-2024-13205.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in kurniaramadhan E-Commerce-PHP 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/create_product.php der Komponente Create Product Page. Mit der Manipulation des Arguments Name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "Eine problematische Schwachstelle wurde in kurniaramadhan E-Commerce-PHP 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/create_product.php der Komponente Create Product Page. Mit der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, @@ -25,8 +25,8 @@ "description": [ { "lang": "eng", - "value": "SQL Injection", - "cweId": "CWE-89" + "value": "Cross Site Scripting", + "cweId": "CWE-79" } ] }, @@ -34,8 +34,8 @@ "description": [ { "lang": "eng", - "value": "Injection", - "cweId": "CWE-74" + "value": "Code Injection", + "cweId": "CWE-94" } ] } @@ -90,6 +90,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "MaloyRoyOrko (VulDB User)" + }, { "lang": "en", "value": "MaloyRoyOrko (VulDB User)" @@ -99,20 +103,20 @@ "cvss": [ { "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" }, { "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" }, { "version": "2.0", - "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/45xxx/CVE-2024-45496.json b/2024/45xxx/CVE-2024-45496.json index 54ce7106017..bf93e744052 100644 --- a/2024/45xxx/CVE-2024-45496.json +++ b/2024/45xxx/CVE-2024-45496.json @@ -139,6 +139,27 @@ } ] } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.17", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v4.17.0-202409182235.p0.g7682a61.assembly.stream.el9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } } ] } @@ -148,6 +169,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3718", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3718" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:6685", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6508.json b/2024/6xxx/CVE-2024-6508.json index 0e25fcf851c..237a1bccb8c 100644 --- a/2024/6xxx/CVE-2024-6508.json +++ b/2024/6xxx/CVE-2024-6508.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat OpenShift Container Platform 4.12", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift Container Platform 4.13", "version": { @@ -173,6 +194,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:9620" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:0014", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:0014" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-6508", "refsource": "MISC", diff --git a/2024/7xxx/CVE-2024-7387.json b/2024/7xxx/CVE-2024-7387.json index 3e98d72520c..24dba8536c8 100644 --- a/2024/7xxx/CVE-2024-7387.json +++ b/2024/7xxx/CVE-2024-7387.json @@ -139,6 +139,27 @@ } ] } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.17", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } } ] } @@ -148,6 +169,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3718", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3718" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:6685", "refsource": "MISC", diff --git a/2025/0xxx/CVE-2025-0237.json b/2025/0xxx/CVE-2025-0237.json index d953bc210f9..8dde74f2d59 100644 --- a/2025/0xxx/CVE-2025-0237.json +++ b/2025/0xxx/CVE-2025-0237.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." + "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -80,6 +104,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0238.json b/2025/0xxx/CVE-2025-0238.json index 6c4e36a1841..66f9eecc457 100644 --- a/2025/0xxx/CVE-2025-0238.json +++ b/2025/0xxx/CVE-2025-0238.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19." + "value": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -85,6 +109,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0239.json b/2025/0xxx/CVE-2025-0239.json index 8c0881a4141..8d78da3cac9 100644 --- a/2025/0xxx/CVE-2025-0239.json +++ b/2025/0xxx/CVE-2025-0239.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." + "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -80,6 +104,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0240.json b/2025/0xxx/CVE-2025-0240.json index 6958abe60f1..8cc76e9f457 100644 --- a/2025/0xxx/CVE-2025-0240.json +++ b/2025/0xxx/CVE-2025-0240.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." + "value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -80,6 +104,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0241.json b/2025/0xxx/CVE-2025-0241.json index 1a0fef5dea9..6a4e9d8dcfc 100644 --- a/2025/0xxx/CVE-2025-0241.json +++ b/2025/0xxx/CVE-2025-0241.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." + "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -80,6 +104,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0242.json b/2025/0xxx/CVE-2025-0242.json index cc942bb5684..b77142a7f0d 100644 --- a/2025/0xxx/CVE-2025-0242.json +++ b/2025/0xxx/CVE-2025-0242.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19." + "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -85,6 +109,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0243.json b/2025/0xxx/CVE-2025-0243.json index 701f2dd8d86..e37b8151261 100644 --- a/2025/0xxx/CVE-2025-0243.json +++ b/2025/0xxx/CVE-2025-0243.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." + "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6." } ] }, @@ -57,6 +57,30 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "128.6" + } + ] + } } ] } @@ -80,6 +104,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-05/" } ] }, diff --git a/2025/0xxx/CVE-2025-0247.json b/2025/0xxx/CVE-2025-0247.json index d95f63b094a..34da921f635 100644 --- a/2025/0xxx/CVE-2025-0247.json +++ b/2025/0xxx/CVE-2025-0247.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134." + "value": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134." } ] }, @@ -45,6 +45,18 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "134" + } + ] + } } ] } @@ -63,6 +75,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2025-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-04/" } ] }, diff --git a/2025/0xxx/CVE-2025-0344.json b/2025/0xxx/CVE-2025-0344.json index 2d15ff95eba..a976f116c21 100644 --- a/2025/0xxx/CVE-2025-0344.json +++ b/2025/0xxx/CVE-2025-0344.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In leiyuxi cy-fast 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion listData der Datei /commpara/listData. Mittels Manipulieren des Arguments order mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "leiyuxi", + "product": { + "product_data": [ + { + "product_name": "cy-fast", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290857", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290857" + }, + { + "url": "https://vuldb.com/?ctiid.290857", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290857" + }, + { + "url": "https://vuldb.com/?submit.475747", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.475747" + }, + { + "url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md", + "refsource": "MISC", + "name": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "d3do (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0345.json b/2025/0xxx/CVE-2025-0345.json index f6b6cb941bf..5e57a05ea76 100644 --- a/2025/0xxx/CVE-2025-0345.json +++ b/2025/0xxx/CVE-2025-0345.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0345", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in leiyuxi cy-fast 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion listData der Datei /sys/menu/listData. Durch das Manipulieren des Arguments order mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "leiyuxi", + "product": { + "product_data": [ + { + "product_name": "cy-fast", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290858", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290858" + }, + { + "url": "https://vuldb.com/?ctiid.290858", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290858" + }, + { + "url": "https://vuldb.com/?submit.475748", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.475748" + }, + { + "url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli4.md", + "refsource": "MISC", + "name": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli4.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "d3do (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0360.json b/2025/0xxx/CVE-2025-0360.json new file mode 100644 index 00000000000..4749c770a9e --- /dev/null +++ b/2025/0xxx/CVE-2025-0360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0361.json b/2025/0xxx/CVE-2025-0361.json new file mode 100644 index 00000000000..b9f1246e14d --- /dev/null +++ b/2025/0xxx/CVE-2025-0361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file