diff --git a/2024/5xxx/CVE-2024-5174.json b/2024/5xxx/CVE-2024-5174.json index e946be9d487..31d5c6bb006 100644 --- a/2024/5xxx/CVE-2024-5174.json +++ b/2024/5xxx/CVE-2024-5174.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Gliffy results in broken authentication through the reset functionality of the application." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gliffy", + "product": { + "product_data": [ + { + "product_name": "Gliffy Online", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0.0", + "version_value": "4.14.0-7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001ScD3YAK", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001ScD3YAK" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0545.json b/2025/0xxx/CVE-2025-0545.json index 5f2af9ef6cb..bf30f0c9b20 100644 --- a/2025/0xxx/CVE-2025-0545.json +++ b/2025/0xxx/CVE-2025-0545.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tekrom Technology", + "product": { + "product_data": [ + { + "product_name": "T-Soft E-Commerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "v5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0041", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-25-0041" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-25-0041", + "defect": [ + "TR-25-0041" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Berat ARSLAN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1632.json b/2025/1xxx/CVE-2025-1632.json index 3f5b3336d2a..c7e65e3151c 100644 --- a/2025/1xxx/CVE-2025-1632.json +++ b/2025/1xxx/CVE-2025-1632.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in libarchive bis 3.7.7 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion list der Datei bsdunzip.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libarchive", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.0" + }, + { + "version_affected": "=", + "version_value": "3.7.1" + }, + { + "version_affected": "=", + "version_value": "3.7.2" + }, + { + "version_affected": "=", + "version_value": "3.7.3" + }, + { + "version_affected": "=", + "version_value": "3.7.4" + }, + { + "version_affected": "=", + "version_value": "3.7.5" + }, + { + "version_affected": "=", + "version_value": "3.7.6" + }, + { + "version_affected": "=", + "version_value": "3.7.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.296619", + "refsource": "MISC", + "name": "https://vuldb.com/?id.296619" + }, + { + "url": "https://vuldb.com/?ctiid.296619", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.296619" + }, + { + "url": "https://vuldb.com/?submit.496460", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.496460" + }, + { + "url": "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "refsource": "MISC", + "name": "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "rookie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.7, + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P" } ] }