From c16bd1ce67e85e935317cdba6003bef813772d11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 23 Apr 2025 21:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/30xxx/CVE-2025-30289.json | 2 +- 2025/3xxx/CVE-2025-3911.json | 18 +++++++ 2025/46xxx/CVE-2025-46397.json | 88 ++++++++++++++++++++++++++++++++++ 2025/46xxx/CVE-2025-46398.json | 88 ++++++++++++++++++++++++++++++++++ 2025/46xxx/CVE-2025-46399.json | 88 ++++++++++++++++++++++++++++++++++ 2025/46xxx/CVE-2025-46400.json | 88 ++++++++++++++++++++++++++++++++++ 2025/46xxx/CVE-2025-46401.json | 18 +++++++ 2025/46xxx/CVE-2025-46402.json | 18 +++++++ 2025/46xxx/CVE-2025-46403.json | 18 +++++++ 9 files changed, 425 insertions(+), 1 deletion(-) create mode 100644 2025/3xxx/CVE-2025-3911.json create mode 100644 2025/46xxx/CVE-2025-46397.json create mode 100644 2025/46xxx/CVE-2025-46398.json create mode 100644 2025/46xxx/CVE-2025-46399.json create mode 100644 2025/46xxx/CVE-2025-46400.json create mode 100644 2025/46xxx/CVE-2025-46401.json create mode 100644 2025/46xxx/CVE-2025-46402.json create mode 100644 2025/46xxx/CVE-2025-46403.json diff --git a/2025/30xxx/CVE-2025-30289.json b/2025/30xxx/CVE-2025-30289.json index b1232bcadc2..d561cf2230d 100644 --- a/2025/30xxx/CVE-2025-30289.json +++ b/2025/30xxx/CVE-2025-30289.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application." + "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. Scope is changed." } ] }, diff --git a/2025/3xxx/CVE-2025-3911.json b/2025/3xxx/CVE-2025-3911.json new file mode 100644 index 00000000000..88fadc44a05 --- /dev/null +++ b/2025/3xxx/CVE-2025-3911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46397.json b/2025/46xxx/CVE-2025-46397.json new file mode 100644 index 00000000000..a61e994e2d7 --- /dev/null +++ b/2025/46xxx/CVE-2025-46397.json @@ -0,0 +1,88 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-46397", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xfig", + "product": { + "product_data": [ + { + "product_name": "fig2dev", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.9a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mcj/tickets/192/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mcj/tickets/192/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46398.json b/2025/46xxx/CVE-2025-46398.json new file mode 100644 index 00000000000..575d9ff8357 --- /dev/null +++ b/2025/46xxx/CVE-2025-46398.json @@ -0,0 +1,88 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-46398", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xfig", + "product": { + "product_data": [ + { + "product_name": "fig2dev", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.9a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mcj/tickets/191/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mcj/tickets/191/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46399.json b/2025/46xxx/CVE-2025-46399.json new file mode 100644 index 00000000000..1d00b426372 --- /dev/null +++ b/2025/46xxx/CVE-2025-46399.json @@ -0,0 +1,88 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-46399", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Segmentation fault in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0genge_itp_spline function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xfig", + "product": { + "product_data": [ + { + "product_name": "fig2dev", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.9a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mcj/tickets/190/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mcj/tickets/190/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46400.json b/2025/46xxx/CVE-2025-46400.json new file mode 100644 index 00000000000..352a80760c1 --- /dev/null +++ b/2025/46xxx/CVE-2025-46400.json @@ -0,0 +1,88 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-46400", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xfig", + "product": { + "product_data": [ + { + "product_name": "fig2dev", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.9a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mcj/tickets/187/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mcj/tickets/187/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46401.json b/2025/46xxx/CVE-2025-46401.json new file mode 100644 index 00000000000..4ac7ece6ed8 --- /dev/null +++ b/2025/46xxx/CVE-2025-46401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46402.json b/2025/46xxx/CVE-2025-46402.json new file mode 100644 index 00000000000..fb7f40433e2 --- /dev/null +++ b/2025/46xxx/CVE-2025-46402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46403.json b/2025/46xxx/CVE-2025-46403.json new file mode 100644 index 00000000000..07e79a264f3 --- /dev/null +++ b/2025/46xxx/CVE-2025-46403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file