diff --git a/2024/45xxx/CVE-2024-45744.json b/2024/45xxx/CVE-2024-45744.json index bc93b35d5ab..d442418d76a 100644 --- a/2024/45xxx/CVE-2024-45744.json +++ b/2024/45xxx/CVE-2024-45744.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally." + "value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets." } ] }, @@ -73,30 +73,35 @@ "url": "https://www.topquadrant.com/release-note/7-3/", "refsource": "MISC", "name": "https://www.topquadrant.com/release-note/7-3/" + }, + { + "url": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt", + "refsource": "MISC", + "name": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt" } ] }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Donald Macary" + } + ], "impact": { "cvss": [ { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", "scope": "CHANGED", - "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3, + "attackVector": "NETWORK", + "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", - "version": "3.1" + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "HIGH", + "confidentialityImpact": "LOW" } ] } diff --git a/2024/45xxx/CVE-2024-45774.json b/2024/45xxx/CVE-2024-45774.json index e911aecd7e8..198eeeb57e1 100644 --- a/2024/45xxx/CVE-2024-45774.json +++ b/2024/45xxx/CVE-2024-45774.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-45774", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-45774" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Do not process untrusted JPEG files with grub2." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/49xxx/CVE-2024-49589.json b/2024/49xxx/CVE-2024-49589.json index 83c8900a0a9..cc5a7f2da3e 100644 --- a/2024/49xxx/CVE-2024-49589.json +++ b/2024/49xxx/CVE-2024-49589.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. \nThe affected service have been patched and automatically deployed to all Apollo-managed Foundry instances." + "value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.", - "cweId": "CWE-862" + "value": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.", + "cweId": "CWE-770" } ] } @@ -36,13 +36,13 @@ "product": { "product_data": [ { - "product_name": "com.palantir.gotham:external-artifacts", + "product_name": "com.palantir.artifacts:artifacts", "version": { "version_data": [ { "version_affected": "<", "version_name": "*", - "version_value": "105.115.0" + "version_value": "0.1337.0" } ] } @@ -56,25 +56,25 @@ "references": { "reference_data": [ { - "url": "https://palantir.safebase.us/?tcuUid=b60db1ee-4b1a-475d-848e-c5a670a0da16", + "url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3", "refsource": "MISC", - "name": "https://palantir.safebase.us/?tcuUid=b60db1ee-4b1a-475d-848e-c5a670a0da16" + "name": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3" } ] }, "source": { + "discovery": "INTERNAL", "defect": [ - "PLTRSEC-2024-47" - ], - "discovery": "INTERNAL" + "PLTRSEC-2024-48" + ] }, "impact": { "cvss": [ { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM", - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" + "baseScore": 6.5 } ] } diff --git a/2024/50xxx/CVE-2024-50608.json b/2024/50xxx/CVE-2024-50608.json index 00a6b6a93be..19bd4cb4d70 100644 --- a/2024/50xxx/CVE-2024-50608.json +++ b/2024/50xxx/CVE-2024-50608.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50608", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50608", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fluentbit.io/announcements/", + "refsource": "MISC", + "name": "https://fluentbit.io/announcements/" + }, + { + "url": "https://github.com/fluent/fluent-bit/releases", + "refsource": "MISC", + "name": "https://github.com/fluent/fluent-bit/releases" + }, + { + "refsource": "MISC", + "name": "https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609", + "url": "https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609" } ] } diff --git a/2024/50xxx/CVE-2024-50609.json b/2024/50xxx/CVE-2024-50609.json index a68a70ad9df..ca3f9b4acb2 100644 --- a/2024/50xxx/CVE-2024-50609.json +++ b/2024/50xxx/CVE-2024-50609.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50609", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50609", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fluentbit.io/announcements/", + "refsource": "MISC", + "name": "https://fluentbit.io/announcements/" + }, + { + "url": "https://github.com/fluent/fluent-bit/releases", + "refsource": "MISC", + "name": "https://github.com/fluent/fluent-bit/releases" + }, + { + "refsource": "MISC", + "name": "https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609", + "url": "https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609" } ] } diff --git a/2024/57xxx/CVE-2024-57055.json b/2024/57xxx/CVE-2024-57055.json index fd7daac1481..9b741b75a9a 100644 --- a/2024/57xxx/CVE-2024-57055.json +++ b/2024/57xxx/CVE-2024-57055.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.wombatdialer.com/blog/blog/2025/02/18/CVE/", + "url": "https://www.wombatdialer.com/blog/blog/2025/02/18/CVE/" } ] } diff --git a/2024/57xxx/CVE-2024-57056.json b/2024/57xxx/CVE-2024-57056.json index fc2dfdc3b0e..fc416d99ce9 100644 --- a/2024/57xxx/CVE-2024-57056.json +++ b/2024/57xxx/CVE-2024-57056.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57056", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.wombatdialer.com/blog/blog/2025/02/18/CVE/", + "url": "https://www.wombatdialer.com/blog/blog/2025/02/18/CVE/" } ] } diff --git a/2025/1xxx/CVE-2025-1453.json b/2025/1xxx/CVE-2025-1453.json new file mode 100644 index 00000000000..8e22a80cbb9 --- /dev/null +++ b/2025/1xxx/CVE-2025-1453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1454.json b/2025/1xxx/CVE-2025-1454.json new file mode 100644 index 00000000000..9af7d6c6f09 --- /dev/null +++ b/2025/1xxx/CVE-2025-1454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21608.json b/2025/21xxx/CVE-2025-21608.json index 340c55bb959..52d38987ab2 100644 --- a/2025/21xxx/CVE-2025-21608.json +++ b/2025/21xxx/CVE-2025-21608.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668: Exposure of Resource to Wrong Sphere", + "cweId": "CWE-668" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "meshtastic", + "product": { + "product_data": [ + { + "product_name": "firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.5.0, <= 2.5.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meshtastic/firmware/security/advisories/GHSA-c967-qc39-3hf5", + "refsource": "MISC", + "name": "https://github.com/meshtastic/firmware/security/advisories/GHSA-c967-qc39-3hf5" + } + ] + }, + "source": { + "advisory": "GHSA-c967-qc39-3hf5", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24894.json b/2025/24xxx/CVE-2025-24894.json index 05ea6875eb8..4600f9771ed 100644 --- a/2025/24xxx/CVE-2025-24894.json +++ b/2025/24xxx/CVE-2025-24894.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This vulnerability has been addressed in version 3.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "italia", + "product": { + "product_data": [ + { + "product_name": "spid-aspnetcore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw", + "refsource": "MISC", + "name": "https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw" + } + ] + }, + "source": { + "advisory": "GHSA-36h8-r92j-w9vw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24895.json b/2025/24xxx/CVE-2025-24895.json index 40fc692a70c..9d5b56dd425 100644 --- a/2025/24xxx/CVE-2025-24895.json +++ b/2025/24xxx/CVE-2025-24895.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; 2. Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library cie-aspnetcore refers to the second entity, the SP, and implements the validation logic of SAML assertions within SAML responses. In affected versions there is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This issue has been addressed in version 2.1.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "italia", + "product": { + "product_data": [ + { + "product_name": "cie-aspnetcore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/italia/cie-aspnetcore/security/advisories/GHSA-vq63-8f72-f486", + "refsource": "MISC", + "name": "https://github.com/italia/cie-aspnetcore/security/advisories/GHSA-vq63-8f72-f486" + } + ] + }, + "source": { + "advisory": "GHSA-vq63-8f72-f486", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25284.json b/2025/25xxx/CVE-2025-25284.json index 7ef9878d05b..842a8398f94 100644 --- a/2025/25xxx/CVE-2025-25284.json +++ b/2025/25xxx/CVE-2025-25284.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn't properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT's raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit `5f155a8` and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZOO-Project", + "product": { + "product_data": [ + { + "product_name": "ZOO-Project", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Commits before 5f155a8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-8c27-wmvv-3p38", + "refsource": "MISC", + "name": "https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-8c27-wmvv-3p38" + }, + { + "url": "https://github.com/ZOO-Project/ZOO-Project/commit/5f155a8", + "refsource": "MISC", + "name": "https://github.com/ZOO-Project/ZOO-Project/commit/5f155a8" + } + ] + }, + "source": { + "advisory": "GHSA-8c27-wmvv-3p38", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25305.json b/2025/25xxx/CVE-2025-25305.json index 7946332bbaf..d4c3402ed2f 100644 --- a/2025/25xxx/CVE-2025-25305.json +++ b/2025/25xxx/CVE-2025-25305.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past, `aiohttp-session`/`request` had the parameter `verify_ssl` to control SSL certificate verification. This was a boolean value. In `aiohttp` 3.0, this parameter was deprecated in favor of the `ssl` parameter. Only when `ssl` is set to `None` or provided with a correct configured SSL context the standard SSL certificate verification will happen. When migrating integrations in Home Assistant and libraries used by Home Assistant, in some cases the `verify_ssl` parameter value was just moved to the new `ssl` parameter. This resulted in these integrations and 3rd party libraries using `request.ssl = True`, which unintentionally turned off SSL certificate verification and opened up a man-in-the-middle attack vector. This issue has been addressed in version 2024.1.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-940: Improper Verification of Source of a Communication Channel", + "cweId": "CWE-940" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "home-assistant", + "product": { + "product_data": [ + { + "product_name": "core", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2024.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/home-assistant/core/security/advisories/GHSA-m3pm-rpgg-5wj6", + "refsource": "MISC", + "name": "https://github.com/home-assistant/core/security/advisories/GHSA-m3pm-rpgg-5wj6" + } + ] + }, + "source": { + "advisory": "GHSA-m3pm-rpgg-5wj6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26465.json b/2025/26xxx/CVE-2025-26465.json index 0324672eabe..9baf201b7f4 100644 --- a/2025/26xxx/CVE-2025-26465.json +++ b/2025/26xxx/CVE-2025-26465.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Detection of Error Condition Without Action", + "cweId": "CWE-390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26465", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-26465" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] }