admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-28 21:00:34 +00:00
parent 8eff410834
commit bae88dd4cf
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 275 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
2024/13xxx/CVE-2024-13484.json
View File

@ -35,6 +35,153 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat OpenShift GitOps 1.14",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v1.14.4-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat OpenShift GitOps 1.15", "product_name": "Red Hat OpenShift GitOps 1.15",
"version": { "version": {
@ -195,6 +342,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:7753" "name": "https://access.redhat.com/errata/RHSA-2025:7753"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2025:8274",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-13484", "url": "https://access.redhat.com/security/cve/CVE-2024-13484",
"refsource": "MISC", "refsource": "MISC",

60
2025/27xxx/CVE-2025-27702.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27702", "ID": "CVE-2025-27702",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "securityresponse@absolute.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "CVE-2025-27702 is a vulnerability in the management console of Absolute \nSecure Access prior to version 13.54. Attackers with administrative \naccess to the console and who have been assigned a certain set of \npermissions can bypass those permissions to improperly modify settings. \nThe attack complexity is low, there are no preexisting attack \nrequirements; the privileges required are high, and there is no user \ninteraction required. There is no impact to system confidentiality or \navailability, impact to system integrity is high."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Absolute Security",
"product": {
"product_data": [
{
"product_name": "Secure Access",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "13.54"
} }
] ]
} }
} }
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702",
"refsource": "MISC",
"name": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
}
}

60
2025/27xxx/CVE-2025-27703.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-27703", "ID": "CVE-2025-27703",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "securityresponse@absolute.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "CVE-2025-27703 is a privilege escalation vulnerability in the management\n console of Absolute Secure Access prior to version 13.54. Attackers \nwith administrative access to a specific subset of privileged features \nin the console can elevate their permissions to access additional \nfeatures in the console. The attack complexity is low, there are no \npreexisting attack requirements; the privileges required are high, and \nthere is no user interaction required. The impact to system \nconfidentiality is low, the impact to system integrity is high and the \nimpact to system availability is low."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Absolute Security",
"product": {
"product_data": [
{
"product_name": "Secure Access",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "13.54"
} }
] ]
} }
} }
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703",
"refsource": "MISC",
"name": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
}
}

12
2025/35xxx/CVE-2025-35939.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at `/var/lib/php/sessions`. Such session files are named `sess_[session_value]`, where `[session_value]` is provided to the client in a `Set-Cookie` response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue." "value": "Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue."
} }
] ]
}, },
@ -92,6 +92,16 @@
"url": "https://github.com/craftcms/cms/releases/tag/5.7.5", "url": "https://github.com/craftcms/cms/releases/tag/5.7.5",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/craftcms/cms/releases/tag/5.7.5" "name": "https://github.com/craftcms/cms/releases/tag/5.7.5"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35939",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2025-35939"
},
{
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json"
} }
] ]
}, },