diff --git a/2024/12xxx/CVE-2024-12248.json b/2024/12xxx/CVE-2024-12248.json
index b659ead6337..16ba4d73254 100644
--- a/2024/12xxx/CVE-2024-12248.json
+++ b/2024/12xxx/CVE-2024-12248.json
@@ -1,18 +1,91 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12248",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The affected product is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Contec Health",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CMS8000 Patient Monitor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version smart3250-2.6.27-wlan2.1.7.cramfs"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.075.08/0.74(0.75)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.120.01/0.93(0.95)"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.
Please note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication.
\n\n
"
+ }
+ ],
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.\n\nPlease note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/13xxx/CVE-2024-13806.json b/2024/13xxx/CVE-2024-13806.json
new file mode 100644
index 00000000000..a13b20c6acf
--- /dev/null
+++ b/2024/13xxx/CVE-2024-13806.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-13806",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/44xxx/CVE-2024-44142.json b/2024/44xxx/CVE-2024-44142.json
index c6f94369bb7..5b1a850d79c 100644
--- a/2024/44xxx/CVE-2024-44142.json
+++ b/2024/44xxx/CVE-2024-44142.json
@@ -1,17 +1,63 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44142",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@apple.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apple",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GarageBand",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "unspecified",
+ "version_value": "10.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.apple.com/en-us/121866",
+ "refsource": "MISC",
+ "name": "https://support.apple.com/en-us/121866"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0626.json b/2025/0xxx/CVE-2025-0626.json
index 1f2bacb74c7..9c239d32b42 100644
--- a/2025/0xxx/CVE-2025-0626.json
+++ b/2025/0xxx/CVE-2025-0626.json
@@ -1,18 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0626",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-912 Hidden Functionality",
+ "cweId": "CWE-912"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Contec Health",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CMS8000 Patient Monitor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version smart3250-2.6.27-wlan2.1.7.cramfs"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.075.08/0.74(0.75)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.120.01/0.93(0.95)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "All versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.
Please note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication.
\n\n
"
+ }
+ ],
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.\n\nPlease note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0680.json b/2025/0xxx/CVE-2025-0680.json
index 08c3a16e591..3d46357e54b 100644
--- a/2025/0xxx/CVE-2025-0680.json
+++ b/2025/0xxx/CVE-2025-0680.json
@@ -1,17 +1,134 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0680",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "New Rock Technologies",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OM500 IP-PBX",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "MX8G VoIP Gateway",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "NRP1302/P Desktop IP Phone",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
+ },
+ {
+ "url": "https://www.newrocktech.com/ContactUs/index.html",
+ "refsource": "MISC",
+ "name": "https://www.newrocktech.com/ContactUs/index.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "ICSA-25-030-02",
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support for additional information.
"
+ }
+ ],
+ "value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support\u00a0for additional information."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0681.json b/2025/0xxx/CVE-2025-0681.json
index 048e1225bfa..c2fdd3ca1f9 100644
--- a/2025/0xxx/CVE-2025-0681.json
+++ b/2025/0xxx/CVE-2025-0681.json
@@ -1,17 +1,134 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0681",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-155",
+ "cweId": "CWE-155"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "New Rock Technologies",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OM500 IP-PBX",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "MX8G VoIP Gateway",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "NRP1302/P Desktop IP Phone",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
+ },
+ {
+ "url": "https://www.newrocktech.com/ContactUs/index.html",
+ "refsource": "MISC",
+ "name": "https://www.newrocktech.com/ContactUs/index.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "ICSA-25-030-02",
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies customer support for additional information.\n\n
"
+ }
+ ],
+ "value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies customer support https://www.newrocktech.com/ContactUs/index.html for additional information."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0683.json b/2025/0xxx/CVE-2025-0683.json
index 0da0465534e..b1dbb6d572c 100644
--- a/2025/0xxx/CVE-2025-0683.json
+++ b/2025/0xxx/CVE-2025-0683.json
@@ -1,18 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0683",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
+ "cweId": "CWE-359"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Contec Health",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CMS8000 Patient Monitor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version smart3250-2.6.27-wlan2.1.7.cramfs"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.075.08/0.74(0.75)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Firmware version CMS7.820.120.01/0.93(0.95)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "All versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.
Please note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication.
\n\n
"
+ }
+ ],
+ "value": "Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.\n\nPlease note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0874.json b/2025/0xxx/CVE-2025-0874.json
index 8c8b8ba1f52..0113ec1e0a4 100644
--- a/2025/0xxx/CVE-2025-0874.json
+++ b/2025/0xxx/CVE-2025-0874.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0874",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in code-projects Simple Plugins Car Rental Management 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /admin/approve.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "code-projects",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Simple Plugins Car Rental Management",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.294068",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.294068"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.294068",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.294068"
+ },
+ {
+ "url": "https://vuldb.com/?submit.488538",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.488538"
+ },
+ {
+ "url": "https://github.com/magic2353112890/cve/issues/8",
+ "refsource": "MISC",
+ "name": "https://github.com/magic2353112890/cve/issues/8"
+ },
+ {
+ "url": "https://code-projects.org/",
+ "refsource": "MISC",
+ "name": "https://code-projects.org/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lyp123 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0890.json b/2025/0xxx/CVE-2025-0890.json
new file mode 100644
index 00000000000..27e88acd463
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0890.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0890",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0891.json b/2025/0xxx/CVE-2025-0891.json
new file mode 100644
index 00000000000..1cfdbaa8aac
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0891.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0891",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0892.json b/2025/0xxx/CVE-2025-0892.json
new file mode 100644
index 00000000000..375c009481b
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0892.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0892",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0893.json b/2025/0xxx/CVE-2025-0893.json
new file mode 100644
index 00000000000..f4f57468482
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0893.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0893",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0894.json b/2025/0xxx/CVE-2025-0894.json
new file mode 100644
index 00000000000..f64492709b9
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0894.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0894",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0895.json b/2025/0xxx/CVE-2025-0895.json
new file mode 100644
index 00000000000..8265a28c4eb
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0895.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0895",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0896.json b/2025/0xxx/CVE-2025-0896.json
new file mode 100644
index 00000000000..7a36ae724c7
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0896.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0896",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24500.json b/2025/24xxx/CVE-2025-24500.json
index 2cf82aaf4dc..d519e1a9e20 100644
--- a/2025/24xxx/CVE-2025-24500.json
+++ b/2025/24xxx/CVE-2025-24500.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24500",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows an unauthenticated attacker to access information in PAM database."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24501.json b/2025/24xxx/CVE-2025-24501.json
index c596f138c71..708e9a97127 100644
--- a/2025/24xxx/CVE-2025-24501.json
+++ b/2025/24xxx/CVE-2025-24501.json
@@ -1,18 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24501",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24502.json b/2025/24xxx/CVE-2025-24502.json
index cbc70960c8a..cc1c84e7535 100644
--- a/2025/24xxx/CVE-2025-24502.json
+++ b/2025/24xxx/CVE-2025-24502.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24502",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24503.json b/2025/24xxx/CVE-2025-24503.json
index d31d0208181..4256a8f2447 100644
--- a/2025/24xxx/CVE-2025-24503.json
+++ b/2025/24xxx/CVE-2025-24503.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24503",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24504.json b/2025/24xxx/CVE-2025-24504.json
index 04fafaac7c1..8ca964f0cbe 100644
--- a/2025/24xxx/CVE-2025-24504.json
+++ b/2025/24xxx/CVE-2025-24504.json
@@ -1,18 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24504",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper input validation the CSRF filter results in unsanitized user input written to the application logs."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24505.json b/2025/24xxx/CVE-2025-24505.json
index a6635ddb5bc..cc3496866e6 100644
--- a/2025/24xxx/CVE-2025-24505.json
+++ b/2025/24xxx/CVE-2025-24505.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24505",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24506.json b/2025/24xxx/CVE-2025-24506.json
index 9676781f436..2e318efa1ff 100644
--- a/2025/24xxx/CVE-2025-24506.json
+++ b/2025/24xxx/CVE-2025-24506.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24506",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24507.json b/2025/24xxx/CVE-2025-24507.json
index 38f170eca77..40b21f9dfaa 100644
--- a/2025/24xxx/CVE-2025-24507.json
+++ b/2025/24xxx/CVE-2025-24507.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24507",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@symantec.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows appliance compromise at boot time."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Broadcom",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Symantec Privileged Access Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "3.4.6"
+ },
+ {
+ "lessThanOrEqual": "4.1.8",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "status": "affected",
+ "version": "4.2.0"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",
+ "refsource": "MISC",
+ "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stefan Gr\u00f6nke (gronke@radicallyopensecurity.com)"
+ }
+ ]
}
\ No newline at end of file