From bef58901006acf4e48523fc0c6584174a7898c5c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Jun 2025 05:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/25xxx/CVE-2025-25179.json | 90 ++++++++++++++++++++++++-- 2025/49xxx/CVE-2025-49112.json | 72 +++++++++++++++++++++ 2025/49xxx/CVE-2025-49113.json | 92 +++++++++++++++++++++++++++ 2025/5xxx/CVE-2025-5428.json | 111 +++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5429.json | 111 +++++++++++++++++++++++++++++++-- 5 files changed, 464 insertions(+), 12 deletions(-) create mode 100644 2025/49xxx/CVE-2025-49112.json create mode 100644 2025/49xxx/CVE-2025-49113.json diff --git a/2025/25xxx/CVE-2025-25179.json b/2025/25xxx/CVE-2025-25179.json index c69900657d3..7592b2c3cae 100644 --- a/2025/25xxx/CVE-2025-25179.json +++ b/2025/25xxx/CVE-2025-25179.json @@ -1,18 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@imgtec.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Imagination Technologies", + "product": { + "product_data": [ + { + "product_name": "Graphics DDK", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "1.15 RTM", + "versionType": "custom" + }, + { + "status": "affected", + "version": "1.17 RTM", + "versionType": "custom" + }, + { + "status": "affected", + "version": "1.18 RTM", + "versionType": "custom" + }, + { + "lessThanOrEqual": "24.3 RTM", + "status": "affected", + "version": "23.2 RTM", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "25.1 RTM", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", + "refsource": "MISC", + "name": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49112.json b/2025/49xxx/CVE-2025-49112.json new file mode 100644 index 00000000000..c95c45861fa --- /dev/null +++ b/2025/49xxx/CVE-2025-49112.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-49112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886", + "refsource": "MISC", + "name": "https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886" + }, + { + "url": "https://github.com/valkey-io/valkey/pull/2101", + "refsource": "MISC", + "name": "https://github.com/valkey-io/valkey/pull/2101" + }, + { + "url": "https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783", + "refsource": "MISC", + "name": "https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783" + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49113.json b/2025/49xxx/CVE-2025-49113.json new file mode 100644 index 00000000000..75815c4a003 --- /dev/null +++ b/2025/49xxx/CVE-2025-49113.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-49113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10", + "refsource": "MISC", + "name": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10" + }, + { + "url": "https://github.com/roundcube/roundcubemail/pull/9865", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/pull/9865" + }, + { + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.11", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.11" + }, + { + "url": "https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d" + }, + { + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.10", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.10" + }, + { + "url": "https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695" + }, + { + "url": "https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e" + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5428.json b/2025/5xxx/CVE-2025-5428.json index 004424ed236..5ed5f849386 100644 --- a/2025/5xxx/CVE-2025-5428.json +++ b/2025/5xxx/CVE-2025-5428.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in juzaweb CMS bis 3.4.2 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin-cp/log-viewer der Komponente Error Logs Page. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "juzaweb", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "=", + "version_value": "3.4.1" + }, + { + "version_affected": "=", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310761", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310761" + }, + { + "url": "https://vuldb.com/?ctiid.310761", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310761" + }, + { + "url": "https://vuldb.com/?submit.584056", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.584056" + }, + { + "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_delete_logs.md", + "refsource": "MISC", + "name": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_delete_logs.md" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5429.json b/2025/5xxx/CVE-2025-5429.json index 4721fea4447..bf6251789c7 100644 --- a/2025/5xxx/CVE-2025-5429.json +++ b/2025/5xxx/CVE-2025-5429.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In juzaweb CMS bis 3.4.2 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin-cp/plugin/install der Komponente Plugins Page. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "juzaweb", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "=", + "version_value": "3.4.1" + }, + { + "version_affected": "=", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310762", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310762" + }, + { + "url": "https://vuldb.com/?ctiid.310762", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310762" + }, + { + "url": "https://vuldb.com/?submit.584057", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.584057" + }, + { + "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_install_plugins.md", + "refsource": "MISC", + "name": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_install_plugins.md" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }