admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-09 09:01:01 +00:00
parent 26abcfc793
commit b5e64e2424
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 682 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2024/13xxx/CVE-2024-13153.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-13153", "ID": "CVE-2024-13153",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "unitecms",
"product": {
"product_data": [
{
"product_name": "Unlimited Elements For Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.135"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve"
},
{
"url": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers"
},
{
"url": "https://unlimited-elements.com/change-log/",
"refsource": "MISC",
"name": "https://unlimited-elements.com/change-log/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Craig Smith"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
} }
] ]
} }

32
2024/13xxx/CVE-2024-13205.json
View File

@ -11,11 +11,11 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}, },
{ {
"lang": "deu", "lang": "deu",
"value": "Eine problematische Schwachstelle wurde in kurniaramadhan E-Commerce-PHP 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/create_product.php der Komponente Create Product Page. Mit der Manipulation des Arguments Name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." "value": "Eine problematische Schwachstelle wurde in kurniaramadhan E-Commerce-PHP 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/create_product.php der Komponente Create Product Page. Mit der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
} }
] ]
}, },
@ -25,8 +25,8 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "SQL Injection", "value": "Cross Site Scripting",
"cweId": "CWE-89" "cweId": "CWE-79"
} }
] ]
}, },
@ -34,8 +34,8 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Injection", "value": "Code Injection",
"cweId": "CWE-74" "cweId": "CWE-94"
} }
] ]
} }
@ -90,6 +90,10 @@
] ]
}, },
"credits": [ "credits": [
{
"lang": "en",
"value": "MaloyRoyOrko (VulDB User)"
},
{ {
"lang": "en", "lang": "en",
"value": "MaloyRoyOrko (VulDB User)" "value": "MaloyRoyOrko (VulDB User)"
@ -99,20 +103,20 @@
"cvss": [ "cvss": [
{ {
"version": "3.1", "version": "3.1",
"baseScore": 4.3, "baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM" "baseSeverity": "LOW"
}, },
{ {
"version": "3.0", "version": "3.0",
"baseScore": 4.3, "baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM" "baseSeverity": "LOW"
}, },
{ {
"version": "2.0", "version": "2.0",
"baseScore": 5.8, "baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
} }
] ]
} }

26
2024/45xxx/CVE-2024-45496.json
View File

@ -139,6 +139,27 @@
} }
] ]
} }
},
{
"product_name": "Red Hat OpenShift Container Platform 4.17",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.17.0-202409182235.p0.g7682a61.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
} }
] ]
} }
@ -148,6 +169,11 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:3718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{ {
"url": "https://access.redhat.com/errata/RHSA-2024:6685", "url": "https://access.redhat.com/errata/RHSA-2024:6685",
"refsource": "MISC", "refsource": "MISC",

26
2024/6xxx/CVE-2024-6508.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat OpenShift Container Platform 4.13", "product_name": "Red Hat OpenShift Container Platform 4.13",
"version": { "version": {
@ -173,6 +194,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9620" "name": "https://access.redhat.com/errata/RHSA-2024:9620"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2025:0014",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0014"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-6508", "url": "https://access.redhat.com/security/cve/CVE-2024-6508",
"refsource": "MISC", "refsource": "MISC",

26
2024/7xxx/CVE-2024-7387.json
View File

@ -139,6 +139,27 @@
} }
] ]
} }
},
{
"product_name": "Red Hat OpenShift Container Platform 4.17",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
} }
] ]
} }
@ -148,6 +169,11 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:3718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{ {
"url": "https://access.redhat.com/errata/RHSA-2024:6685", "url": "https://access.redhat.com/errata/RHSA-2024:6685",
"refsource": "MISC", "refsource": "MISC",

36
2025/0xxx/CVE-2025-0237.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -80,6 +104,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0238.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19." "value": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -85,6 +109,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-03/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0239.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -80,6 +104,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0240.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." "value": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -80,6 +104,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0241.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -80,6 +104,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0242.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19." "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -85,6 +109,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-03/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-03/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-03/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

36
2025/0xxx/CVE-2025-0243.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6." "value": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6."
} }
] ]
}, },
@ -57,6 +57,30 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.6"
}
]
}
} }
] ]
} }
@ -80,6 +104,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-02/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-05/"
} }
] ]
}, },

19
2025/0xxx/CVE-2025-0247.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134." "value": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134."
} }
] ]
}, },
@ -45,6 +45,18 @@
} }
] ]
} }
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "134"
}
]
}
} }
] ]
} }
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/", "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-01/" "name": "https://www.mozilla.org/security/advisories/mfsa2025-01/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2025-04/"
} }
] ]
}, },

109
2025/0xxx/CVE-2025-0344.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-0344", "ID": "CVE-2025-0344",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In leiyuxi cy-fast 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion listData der Datei /commpara/listData. Mittels Manipulieren des Arguments order mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "leiyuxi",
"product": {
"product_data": [
{
"product_name": "cy-fast",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290857",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290857"
},
{
"url": "https://vuldb.com/?ctiid.290857",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290857"
},
{
"url": "https://vuldb.com/?submit.475747",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.475747"
},
{
"url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md",
"refsource": "MISC",
"name": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "d3do (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

109
2025/0xxx/CVE-2025-0345.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-0345", "ID": "CVE-2025-0345",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in leiyuxi cy-fast 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion listData der Datei /sys/menu/listData. Durch das Manipulieren des Arguments order mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "leiyuxi",
"product": {
"product_data": [
{
"product_name": "cy-fast",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290858",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290858"
},
{
"url": "https://vuldb.com/?ctiid.290858",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290858"
},
{
"url": "https://vuldb.com/?submit.475748",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.475748"
},
{
"url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli4.md",
"refsource": "MISC",
"name": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli4.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "d3do (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

18
2025/0xxx/CVE-2025-0360.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0361.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}