From cc6e2ac17a236fe5ad65c9ffb486b6bc49b601bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Apr 2025 21:02:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/21xxx/CVE-2025-21960.json | 125 ++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21961.json | 103 +++++++++++++++++++++++- 2025/21xxx/CVE-2025-21981.json | 125 ++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21982.json | 103 +++++++++++++++++++++++- 2025/24xxx/CVE-2025-24262.json | 54 ++++++++++++- 2025/24xxx/CVE-2025-24263.json | 54 ++++++++++++- 2025/24xxx/CVE-2025-24264.json | 139 ++++++++++++++++++++++++++++++++- 2025/24xxx/CVE-2025-24265.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24266.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24267.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24269.json | 54 ++++++++++++- 2025/24xxx/CVE-2025-24272.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24273.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24276.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24277.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24278.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24279.json | 64 ++++++++++++++- 2025/24xxx/CVE-2025-24280.json | 59 +++++++++++++- 2025/24xxx/CVE-2025-24281.json | 54 ++++++++++++- 2025/24xxx/CVE-2025-24282.json | 54 ++++++++++++- 2025/24xxx/CVE-2025-24283.json | 88 ++++++++++++++++++++- 2025/24xxx/CVE-2025-24517.json | 79 ++++++++++++++++++- 2025/24xxx/CVE-2025-24852.json | 79 ++++++++++++++++++- 2025/25xxx/CVE-2025-25015.json | 13 ++- 2025/25xxx/CVE-2025-25041.json | 94 +++++++++++++++++++++- 2025/25xxx/CVE-2025-25060.json | 84 +++++++++++++++++++- 2025/27xxx/CVE-2025-27568.json | 18 +++++ 2025/27xxx/CVE-2025-27575.json | 18 +++++ 2025/27xxx/CVE-2025-27719.json | 18 +++++ 2025/27xxx/CVE-2025-27927.json | 18 +++++ 2025/27xxx/CVE-2025-27929.json | 18 +++++ 2025/27xxx/CVE-2025-27938.json | 18 +++++ 2025/27xxx/CVE-2025-27939.json | 18 +++++ 2025/2xxx/CVE-2025-2483.json | 81 ++++++++++++++++++- 2025/30xxx/CVE-2025-30254.json | 18 +++++ 2025/30xxx/CVE-2025-30257.json | 18 +++++ 2025/30xxx/CVE-2025-30510.json | 18 +++++ 2025/30xxx/CVE-2025-30511.json | 18 +++++ 2025/30xxx/CVE-2025-30512.json | 18 +++++ 2025/30xxx/CVE-2025-30514.json | 18 +++++ 2025/30xxx/CVE-2025-30802.json | 113 ++++++++++++++++++++++++++- 2025/30xxx/CVE-2025-30807.json | 113 ++++++++++++++++++++++++++- 2025/30xxx/CVE-2025-30808.json | 113 ++++++++++++++++++++++++++- 2025/30xxx/CVE-2025-30825.json | 113 ++++++++++++++++++++++++++- 2025/30xxx/CVE-2025-30827.json | 113 ++++++++++++++++++++++++++- 2025/31xxx/CVE-2025-31147.json | 18 +++++ 2025/31xxx/CVE-2025-31357.json | 18 +++++ 2025/31xxx/CVE-2025-31360.json | 18 +++++ 2025/31xxx/CVE-2025-31654.json | 18 +++++ 2025/31xxx/CVE-2025-31793.json | 18 +++++ 2025/31xxx/CVE-2025-31794.json | 18 +++++ 2025/31xxx/CVE-2025-31795.json | 18 +++++ 2025/31xxx/CVE-2025-31796.json | 18 +++++ 2025/31xxx/CVE-2025-31797.json | 18 +++++ 2025/31xxx/CVE-2025-31798.json | 18 +++++ 2025/31xxx/CVE-2025-31799.json | 18 +++++ 2025/31xxx/CVE-2025-31800.json | 18 +++++ 2025/31xxx/CVE-2025-31801.json | 18 +++++ 2025/31xxx/CVE-2025-31802.json | 18 +++++ 2025/31xxx/CVE-2025-31803.json | 18 +++++ 2025/31xxx/CVE-2025-31804.json | 18 +++++ 2025/31xxx/CVE-2025-31805.json | 18 +++++ 2025/31xxx/CVE-2025-31806.json | 18 +++++ 2025/31xxx/CVE-2025-31807.json | 18 +++++ 2025/31xxx/CVE-2025-31808.json | 18 +++++ 2025/31xxx/CVE-2025-31809.json | 18 +++++ 2025/31xxx/CVE-2025-31810.json | 18 +++++ 2025/31xxx/CVE-2025-31811.json | 18 +++++ 2025/31xxx/CVE-2025-31812.json | 18 +++++ 2025/31xxx/CVE-2025-31813.json | 18 +++++ 2025/31xxx/CVE-2025-31933.json | 18 +++++ 2025/31xxx/CVE-2025-31941.json | 18 +++++ 2025/31xxx/CVE-2025-31945.json | 18 +++++ 2025/31xxx/CVE-2025-31951.json | 18 +++++ 2025/31xxx/CVE-2025-31952.json | 18 +++++ 2025/31xxx/CVE-2025-31953.json | 18 +++++ 2025/31xxx/CVE-2025-31954.json | 18 +++++ 2025/31xxx/CVE-2025-31955.json | 18 +++++ 2025/31xxx/CVE-2025-31956.json | 18 +++++ 2025/31xxx/CVE-2025-31957.json | 18 +++++ 2025/31xxx/CVE-2025-31958.json | 18 +++++ 2025/31xxx/CVE-2025-31959.json | 18 +++++ 2025/31xxx/CVE-2025-31960.json | 18 +++++ 2025/31xxx/CVE-2025-31961.json | 18 +++++ 2025/31xxx/CVE-2025-31962.json | 18 +++++ 2025/31xxx/CVE-2025-31963.json | 18 +++++ 2025/31xxx/CVE-2025-31964.json | 18 +++++ 2025/31xxx/CVE-2025-31965.json | 18 +++++ 2025/31xxx/CVE-2025-31966.json | 18 +++++ 2025/31xxx/CVE-2025-31967.json | 18 +++++ 2025/31xxx/CVE-2025-31968.json | 18 +++++ 2025/31xxx/CVE-2025-31969.json | 18 +++++ 2025/31xxx/CVE-2025-31970.json | 18 +++++ 2025/31xxx/CVE-2025-31971.json | 18 +++++ 2025/3xxx/CVE-2025-3082.json | 104 ++++++++++++++++++++++++ 2025/3xxx/CVE-2025-3083.json | 99 +++++++++++++++++++++++ 2025/3xxx/CVE-2025-3128.json | 18 +++++ 2025/3xxx/CVE-2025-3150.json | 18 +++++ 2025/3xxx/CVE-2025-3151.json | 18 +++++ 2025/3xxx/CVE-2025-3152.json | 18 +++++ 100 files changed, 3846 insertions(+), 128 deletions(-) create mode 100644 2025/27xxx/CVE-2025-27568.json create mode 100644 2025/27xxx/CVE-2025-27575.json create mode 100644 2025/27xxx/CVE-2025-27719.json create mode 100644 2025/27xxx/CVE-2025-27927.json create mode 100644 2025/27xxx/CVE-2025-27929.json create mode 100644 2025/27xxx/CVE-2025-27938.json create mode 100644 2025/27xxx/CVE-2025-27939.json create mode 100644 2025/30xxx/CVE-2025-30254.json create mode 100644 2025/30xxx/CVE-2025-30257.json create mode 100644 2025/30xxx/CVE-2025-30510.json create mode 100644 2025/30xxx/CVE-2025-30511.json create mode 100644 2025/30xxx/CVE-2025-30512.json create mode 100644 2025/30xxx/CVE-2025-30514.json create mode 100644 2025/31xxx/CVE-2025-31147.json create mode 100644 2025/31xxx/CVE-2025-31357.json create mode 100644 2025/31xxx/CVE-2025-31360.json create mode 100644 2025/31xxx/CVE-2025-31654.json create mode 100644 2025/31xxx/CVE-2025-31793.json create mode 100644 2025/31xxx/CVE-2025-31794.json create mode 100644 2025/31xxx/CVE-2025-31795.json create mode 100644 2025/31xxx/CVE-2025-31796.json create mode 100644 2025/31xxx/CVE-2025-31797.json create mode 100644 2025/31xxx/CVE-2025-31798.json create mode 100644 2025/31xxx/CVE-2025-31799.json create mode 100644 2025/31xxx/CVE-2025-31800.json create mode 100644 2025/31xxx/CVE-2025-31801.json create mode 100644 2025/31xxx/CVE-2025-31802.json create mode 100644 2025/31xxx/CVE-2025-31803.json create mode 100644 2025/31xxx/CVE-2025-31804.json create mode 100644 2025/31xxx/CVE-2025-31805.json create mode 100644 2025/31xxx/CVE-2025-31806.json create mode 100644 2025/31xxx/CVE-2025-31807.json create mode 100644 2025/31xxx/CVE-2025-31808.json create mode 100644 2025/31xxx/CVE-2025-31809.json create mode 100644 2025/31xxx/CVE-2025-31810.json create mode 100644 2025/31xxx/CVE-2025-31811.json create mode 100644 2025/31xxx/CVE-2025-31812.json create mode 100644 2025/31xxx/CVE-2025-31813.json create mode 100644 2025/31xxx/CVE-2025-31933.json create mode 100644 2025/31xxx/CVE-2025-31941.json create mode 100644 2025/31xxx/CVE-2025-31945.json create mode 100644 2025/31xxx/CVE-2025-31951.json create mode 100644 2025/31xxx/CVE-2025-31952.json create mode 100644 2025/31xxx/CVE-2025-31953.json create mode 100644 2025/31xxx/CVE-2025-31954.json create mode 100644 2025/31xxx/CVE-2025-31955.json create mode 100644 2025/31xxx/CVE-2025-31956.json create mode 100644 2025/31xxx/CVE-2025-31957.json create mode 100644 2025/31xxx/CVE-2025-31958.json create mode 100644 2025/31xxx/CVE-2025-31959.json create mode 100644 2025/31xxx/CVE-2025-31960.json create mode 100644 2025/31xxx/CVE-2025-31961.json create mode 100644 2025/31xxx/CVE-2025-31962.json create mode 100644 2025/31xxx/CVE-2025-31963.json create mode 100644 2025/31xxx/CVE-2025-31964.json create mode 100644 2025/31xxx/CVE-2025-31965.json create mode 100644 2025/31xxx/CVE-2025-31966.json create mode 100644 2025/31xxx/CVE-2025-31967.json create mode 100644 2025/31xxx/CVE-2025-31968.json create mode 100644 2025/31xxx/CVE-2025-31969.json create mode 100644 2025/31xxx/CVE-2025-31970.json create mode 100644 2025/31xxx/CVE-2025-31971.json create mode 100644 2025/3xxx/CVE-2025-3082.json create mode 100644 2025/3xxx/CVE-2025-3083.json create mode 100644 2025/3xxx/CVE-2025-3128.json create mode 100644 2025/3xxx/CVE-2025-3150.json create mode 100644 2025/3xxx/CVE-2025-3151.json create mode 100644 2025/3xxx/CVE-2025-3152.json diff --git a/2025/21xxx/CVE-2025-21960.json b/2025/21xxx/CVE-2025-21960.json index 4544ea13eab..41166da8d37 100644 --- a/2025/21xxx/CVE-2025-21960.json +++ b/2025/21xxx/CVE-2025-21960.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff <0f> 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1dc4c557bfedfcdf7fc0c46795857773b7ad66e7", + "version_value": "e8e3e03d69f2420eaa578199a65d281c58867105" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.132", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.84", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.20", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.8", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e8e3e03d69f2420eaa578199a65d281c58867105", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e8e3e03d69f2420eaa578199a65d281c58867105" + }, + { + "url": "https://git.kernel.org/stable/c/ee086c8e775f9690282e3d26471dbcfd5dad5a6a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ee086c8e775f9690282e3d26471dbcfd5dad5a6a" + }, + { + "url": "https://git.kernel.org/stable/c/5b57ed14a1b85e7ab0074d9668a0baa6c94826c7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5b57ed14a1b85e7ab0074d9668a0baa6c94826c7" + }, + { + "url": "https://git.kernel.org/stable/c/44578bc6460b8fca530fc7bd5897c115d9bd27e2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/44578bc6460b8fca530fc7bd5897c115d9bd27e2" + }, + { + "url": "https://git.kernel.org/stable/c/c03e7d05aa0e2f7e9a9ce5ad8a12471a53f941dc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c03e7d05aa0e2f7e9a9ce5ad8a12471a53f941dc" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21961.json b/2025/21xxx/CVE-2025-21961.json index 61624c01272..7370f2d2ff4 100644 --- a/2025/21xxx/CVE-2025-21961.json +++ b/2025/21xxx/CVE-2025-21961.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo->nr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo->nr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff <0f> 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1dc4c557bfedfcdf7fc0c46795857773b7ad66e7", + "version_value": "19107e71be330dbccb9f8f9f4cf0a9abeadad802" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.20", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.8", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/19107e71be330dbccb9f8f9f4cf0a9abeadad802" + }, + { + "url": "https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b4679807c6083ade4d47f03f80da891afcb6ef62" + }, + { + "url": "https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21981.json b/2025/21xxx/CVE-2025-21981.json index 10c6b8560ec..06491525565 100644 --- a/2025/21xxx/CVE-2025-21981.json +++ b/2025/21xxx/CVE-2025-21981.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [] __kmalloc_cache_noprof+0x275/0x340\n [] ice_init_arfs+0x3a/0xe0 [ice]\n [] ice_vsi_cfg_def+0x607/0x850 [ice]\n [] ice_vsi_setup+0x5b/0x130 [ice]\n [] ice_init+0x1c1/0x460 [ice]\n [] ice_probe+0x2af/0x520 [ice]\n [] local_pci_probe+0x43/0xa0\n [] work_for_cpu_fn+0x13/0x20\n [] process_one_work+0x179/0x390\n [] worker_thread+0x239/0x340\n [] kthread+0xcc/0x100\n [] ret_from_fork+0x2d/0x50\n [] ret_from_fork_asm+0x1a/0x30\n ..." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "28bf26724fdb0e02267d19e280d6717ee810a10d", + "version_value": "fcbacc47d16306c87ad1b820b7a575f6e9eae58b" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.8", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.132", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.84", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.20", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.8", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fcbacc47d16306c87ad1b820b7a575f6e9eae58b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fcbacc47d16306c87ad1b820b7a575f6e9eae58b" + }, + { + "url": "https://git.kernel.org/stable/c/5d30d256661fc11b6e73fac6c3783a702e1006a3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d30d256661fc11b6e73fac6c3783a702e1006a3" + }, + { + "url": "https://git.kernel.org/stable/c/3b27e6e10a32589fcd293b8933ab6de9387a460e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3b27e6e10a32589fcd293b8933ab6de9387a460e" + }, + { + "url": "https://git.kernel.org/stable/c/78f3d64b30210c0e521c59357431aca14024cb79", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/78f3d64b30210c0e521c59357431aca14024cb79" + }, + { + "url": "https://git.kernel.org/stable/c/23d97f18901ef5e4e264e3b1777fe65c760186b5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/23d97f18901ef5e4e264e3b1777fe65c760186b5" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21982.json b/2025/21xxx/CVE-2025-21982.json index 072e9e404c6..13e1fc31308 100644 --- a/2025/21xxx/CVE-2025-21982.json +++ b/2025/21xxx/CVE-2025-21982.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw\n\ndevm_kasprintf() calls can return null pointers on failure.\nBut the return values were not checked in npcm8xx_gpio_fw().\nAdd NULL check in npcm8xx_gpio_fw(), to handle kernel NULL\npointer dereference error." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "acf4884a571709cad99f98aabe08b7cacd62dc80", + "version_value": "a585f6ea42ec259a9a57e3e2580fa527c92187d0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.20", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.8", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a585f6ea42ec259a9a57e3e2580fa527c92187d0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a585f6ea42ec259a9a57e3e2580fa527c92187d0" + }, + { + "url": "https://git.kernel.org/stable/c/6a08a86e5aff8e65368ccd463348fdda26100821", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6a08a86e5aff8e65368ccd463348fdda26100821" + }, + { + "url": "https://git.kernel.org/stable/c/acf40ab42799e4ae1397ee6f5c5941092d66f999", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/acf40ab42799e4ae1397ee6f5c5941092d66f999" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24262.json b/2025/24xxx/CVE-2025-24262.json index b3dad97f4b7..d652e28e4e9 100644 --- a/2025/24xxx/CVE-2025-24262.json +++ b/2025/24xxx/CVE-2025-24262.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A sandboxed app may be able to access sensitive user data in system logs" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" } ] } diff --git a/2025/24xxx/CVE-2025-24263.json b/2025/24xxx/CVE-2025-24263.json index 16a88cab996..c80748b9699 100644 --- a/2025/24xxx/CVE-2025-24263.json +++ b/2025/24xxx/CVE-2025-24263.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to observe unprotected user data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" } ] } diff --git a/2025/24xxx/CVE-2025-24264.json b/2025/24xxx/CVE-2025-24264.json index a92dd7a00cb..e78f0c430bb 100644 --- a/2025/24xxx/CVE-2025-24264.json +++ b/2025/24xxx/CVE-2025-24264.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to an unexpected Safari crash" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "17.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "visionOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122377", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122377" + }, + { + "url": "https://support.apple.com/en-us/122371", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122371" + }, + { + "url": "https://support.apple.com/en-us/122372", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122372" + }, + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122378", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122378" + }, + { + "url": "https://support.apple.com/en-us/122379", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122379" } ] } diff --git a/2025/24xxx/CVE-2025-24265.json b/2025/24xxx/CVE-2025-24265.json index 2d98eccbd61..e75c8b1aed5 100644 --- a/2025/24xxx/CVE-2025-24265.json +++ b/2025/24xxx/CVE-2025-24265.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to cause unexpected system termination" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24266.json b/2025/24xxx/CVE-2025-24266.json index e866a23d2af..17b3928d3da 100644 --- a/2025/24xxx/CVE-2025-24266.json +++ b/2025/24xxx/CVE-2025-24266.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to cause unexpected system termination" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24267.json b/2025/24xxx/CVE-2025-24267.json index 2cf6148cdc0..4c613e088a8 100644 --- a/2025/24xxx/CVE-2025-24267.json +++ b/2025/24xxx/CVE-2025-24267.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to gain root privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24269.json b/2025/24xxx/CVE-2025-24269.json index 2f563c21d98..0914eb17527 100644 --- a/2025/24xxx/CVE-2025-24269.json +++ b/2025/24xxx/CVE-2025-24269.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to cause unexpected system termination" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" } ] } diff --git a/2025/24xxx/CVE-2025-24272.json b/2025/24xxx/CVE-2025-24272.json index a1379be7ef6..37d9ca3b890 100644 --- a/2025/24xxx/CVE-2025-24272.json +++ b/2025/24xxx/CVE-2025-24272.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24273.json b/2025/24xxx/CVE-2025-24273.json index 0a729be1cf5..878cc320116 100644 --- a/2025/24xxx/CVE-2025-24273.json +++ b/2025/24xxx/CVE-2025-24273.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24273", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to cause unexpected system termination or corrupt kernel memory" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24276.json b/2025/24xxx/CVE-2025-24276.json index 14b594e8263..acb5c0f5aab 100644 --- a/2025/24xxx/CVE-2025-24276.json +++ b/2025/24xxx/CVE-2025-24276.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24276", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious app may be able to access private information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24277.json b/2025/24xxx/CVE-2025-24277.json index 0b03787b877..8c7c71b165e 100644 --- a/2025/24xxx/CVE-2025-24277.json +++ b/2025/24xxx/CVE-2025-24277.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to gain root privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24278.json b/2025/24xxx/CVE-2025-24278.json index ecd57e938c5..592b1a272ff 100644 --- a/2025/24xxx/CVE-2025-24278.json +++ b/2025/24xxx/CVE-2025-24278.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access protected user data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24279.json b/2025/24xxx/CVE-2025-24279.json index 8b8a5c0b93b..7ef0fc43846 100644 --- a/2025/24xxx/CVE-2025-24279.json +++ b/2025/24xxx/CVE-2025-24279.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access contacts" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" + }, + { + "url": "https://support.apple.com/en-us/122375", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122375" } ] } diff --git a/2025/24xxx/CVE-2025-24280.json b/2025/24xxx/CVE-2025-24280.json index 5e30ffc03d8..9176b801b23 100644 --- a/2025/24xxx/CVE-2025-24280.json +++ b/2025/24xxx/CVE-2025-24280.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access user-sensitive data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122374", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122374" } ] } diff --git a/2025/24xxx/CVE-2025-24281.json b/2025/24xxx/CVE-2025-24281.json index b3fc10dbcc2..5fb14f4e9a6 100644 --- a/2025/24xxx/CVE-2025-24281.json +++ b/2025/24xxx/CVE-2025-24281.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access sensitive user data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" } ] } diff --git a/2025/24xxx/CVE-2025-24282.json b/2025/24xxx/CVE-2025-24282.json index 4f849bca4f9..00aafbf9a4c 100644 --- a/2025/24xxx/CVE-2025-24282.json +++ b/2025/24xxx/CVE-2025-24282.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" } ] } diff --git a/2025/24xxx/CVE-2025-24283.json b/2025/24xxx/CVE-2025-24283.json index 3bebf370c2b..59524abcb30 100644 --- a/2025/24xxx/CVE-2025-24283.json +++ b/2025/24xxx/CVE-2025-24283.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access sensitive user data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "18.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "visionOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/122371", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122371" + }, + { + "url": "https://support.apple.com/en-us/122373", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122373" + }, + { + "url": "https://support.apple.com/en-us/122378", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/122378" } ] } diff --git a/2025/24xxx/CVE-2025-24517.json b/2025/24xxx/CVE-2025-24517.json index 159717c42fa..4585b4ad7d5 100644 --- a/2025/24xxx/CVE-2025-24517.json +++ b/2025/24xxx/CVE-2025-24517.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of client-side authentication", + "cweId": "CWE-603" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Inaba Denki Sangyo Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "CHOCO TEI WATCHER mini (IB-MCT001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", + "refsource": "MISC", + "name": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91154745/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91154745/" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04" + }, + { + "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2025/24xxx/CVE-2025-24852.json b/2025/24xxx/CVE-2025-24852.json index 1d4620f3d7e..a24744ee938 100644 --- a/2025/24xxx/CVE-2025-24852.json +++ b/2025/24xxx/CVE-2025-24852.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Storing passwords in a recoverable format", + "cweId": "CWE-257" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Inaba Denki Sangyo Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "CHOCO TEI WATCHER mini (IB-MCT001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", + "refsource": "MISC", + "name": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91154745/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91154745/" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04" + }, + { + "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2025/25xxx/CVE-2025-25015.json b/2025/25xxx/CVE-2025-25015.json index 878fe03d3bb..14ab7c43386 100644 --- a/2025/25xxx/CVE-2025-25015.json +++ b/2025/25xxx/CVE-2025-25015.json @@ -40,9 +40,14 @@ "version": { "version_data": [ { - "version_affected": "<=", + "version_affected": "<", "version_name": "8.15.0", - "version_value": "8.17.2" + "version_value": "8.16.6" + }, + { + "version_affected": "<", + "version_name": "8.17.0", + "version_value": "8.17.3" } ] } @@ -56,9 +61,9 @@ "references": { "reference_data": [ { - "url": "https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441", + "url": "https://discuss.elastic.co/t/kibana-8-17-3-8-16-6-security-update-esa-2025-06/375441", "refsource": "MISC", - "name": "https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441" + "name": "https://discuss.elastic.co/t/kibana-8-17-3-8-16-6-security-update-esa-2025-06/375441" } ] }, diff --git a/2025/25xxx/CVE-2025-25041.json b/2025/25xxx/CVE-2025-25041.json index 593350e64f6..3a1c0d7eda7 100644 --- a/2025/25xxx/CVE-2025-25041.json +++ b/2025/25xxx/CVE-2025-25041.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Virtual Intranet Access (VIA)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.7.0", + "status": "affected", + "version": "4.0.0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04841en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04841en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNW04841", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gee-netics" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25060.json b/2025/25xxx/CVE-2025-25060.json index 9345ac4a6f4..5788b9f6239 100644 --- a/2025/25xxx/CVE-2025-25060.json +++ b/2025/25xxx/CVE-2025-25060.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing authentication for critical function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hammock Corporation", + "product": { + "product_data": [ + { + "product_name": "AssetView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to Ver 13.2.4.3408 (13.2.4O)" + } + ] + } + }, + { + "product_name": "AssetView CLOUD", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to Ver 13.2.4.3408 (13.2.4O)" + }, + { + "version_affected": "=", + "version_value": "prior to Ver 13.3.4.3004 (13.3.4K)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hammock.jp/assetview/info/250325.html", + "refsource": "MISC", + "name": "https://www.hammock.jp/assetview/info/250325.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26321838/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN26321838/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "HIGH", + "baseScore": 8.2, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ] } diff --git a/2025/27xxx/CVE-2025-27568.json b/2025/27xxx/CVE-2025-27568.json new file mode 100644 index 00000000000..93a4805d5bc --- /dev/null +++ b/2025/27xxx/CVE-2025-27568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27575.json b/2025/27xxx/CVE-2025-27575.json new file mode 100644 index 00000000000..91f39c8ceb2 --- /dev/null +++ b/2025/27xxx/CVE-2025-27575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27719.json b/2025/27xxx/CVE-2025-27719.json new file mode 100644 index 00000000000..bd808adb2f5 --- /dev/null +++ b/2025/27xxx/CVE-2025-27719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27927.json b/2025/27xxx/CVE-2025-27927.json new file mode 100644 index 00000000000..3c7e07db5ff --- /dev/null +++ b/2025/27xxx/CVE-2025-27927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27929.json b/2025/27xxx/CVE-2025-27929.json new file mode 100644 index 00000000000..83df42b58ac --- /dev/null +++ b/2025/27xxx/CVE-2025-27929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27938.json b/2025/27xxx/CVE-2025-27938.json new file mode 100644 index 00000000000..27dfcbd0a75 --- /dev/null +++ b/2025/27xxx/CVE-2025-27938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27939.json b/2025/27xxx/CVE-2025-27939.json new file mode 100644 index 00000000000..4c31c05bc95 --- /dev/null +++ b/2025/27xxx/CVE-2025-27939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2483.json b/2025/2xxx/CVE-2025-2483.json index 00c069e6589..f1080ec1912 100644 --- a/2025/2xxx/CVE-2025-2483.json +++ b/2025/2xxx/CVE-2025-2483.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018receip_address\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bobcares_plugins", + "product": { + "product_data": [ + { + "product_name": "Gift Certificate Creator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adbebe61-3adc-4ba1-8767-863dc2310cad?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adbebe61-3adc-4ba1-8767-863dc2310cad?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gift-certificate-creator/trunk/giftcertificates.php#L312", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gift-certificate-creator/trunk/giftcertificates.php#L312" + }, + { + "url": "https://wordpress.org/plugins/gift-certificate-creator/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/gift-certificate-creator/#developers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Johannes Skamletz" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/30xxx/CVE-2025-30254.json b/2025/30xxx/CVE-2025-30254.json new file mode 100644 index 00000000000..d11f04e4600 --- /dev/null +++ b/2025/30xxx/CVE-2025-30254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30257.json b/2025/30xxx/CVE-2025-30257.json new file mode 100644 index 00000000000..00c0845af91 --- /dev/null +++ b/2025/30xxx/CVE-2025-30257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30510.json b/2025/30xxx/CVE-2025-30510.json new file mode 100644 index 00000000000..33e125f2868 --- /dev/null +++ b/2025/30xxx/CVE-2025-30510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30511.json b/2025/30xxx/CVE-2025-30511.json new file mode 100644 index 00000000000..6d85bfbb267 --- /dev/null +++ b/2025/30xxx/CVE-2025-30511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30512.json b/2025/30xxx/CVE-2025-30512.json new file mode 100644 index 00000000000..92387eaa429 --- /dev/null +++ b/2025/30xxx/CVE-2025-30512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30514.json b/2025/30xxx/CVE-2025-30514.json new file mode 100644 index 00000000000..9925268267e --- /dev/null +++ b/2025/30xxx/CVE-2025-30514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30802.json b/2025/30xxx/CVE-2025-30802.json index 1836ec03312..76fabd7a959 100644 --- a/2025/30xxx/CVE-2025-30802.json +++ b/2025/30xxx/CVE-2025-30802.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members. This issue affects Our Team Members: from n/a through 2.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPBean", + "product": { + "product_data": [ + { + "product_name": "Our Team Members", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/our-team-members/vulnerability/wordpress-our-team-members-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/our-team-members/vulnerability/wordpress-our-team-members-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Our Team Members plugin to the latest available version (at least 2.3)." + } + ], + "value": "Update the WordPress Our Team Members plugin to the latest available version (at least 2.3)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Anhchangmutrang (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30807.json b/2025/30xxx/CVE-2025-30807.json index 90a66650959..ce671ab9193 100644 --- a/2025/30xxx/CVE-2025-30807.json +++ b/2025/30xxx/CVE-2025-30807.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a through 3.9.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Martin Nguyen", + "product": { + "product_data": [ + { + "product_name": "Next-Cart Store to WooCommerce Migration", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.9.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.9.5", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/nextcart-woocommerce-migration/vulnerability/wordpress-next-cart-store-to-woocommerce-migration-plugin-3-9-4-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/nextcart-woocommerce-migration/vulnerability/wordpress-next-cart-store-to-woocommerce-migration-plugin-3-9-4-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Next-Cart Store to WooCommerce Migration plugin to the latest available version (at least 3.9.5)." + } + ], + "value": "Update the WordPress Next-Cart Store to WooCommerce Migration plugin to the latest available version (at least 3.9.5)." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 9.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseSeverity": "CRITICAL", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30808.json b/2025/30xxx/CVE-2025-30808.json index 1a25b3363b4..96cc96d1751 100644 --- a/2025/30xxx/CVE-2025-30808.json +++ b/2025/30xxx/CVE-2025-30808.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weblizar About Author allows Reflected XSS. This issue affects About Author: from n/a through 1.6.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weblizar", + "product": { + "product_data": [ + { + "product_name": "About Author", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.6.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.6.3", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/about-author/vulnerability/wordpress-about-author-plugin-1-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/about-author/vulnerability/wordpress-about-author-plugin-1-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress About Author plugin to the latest available version (at least 1.6.3)." + } + ], + "value": "Update the WordPress About Author plugin to the latest available version (at least 1.6.3)." + } + ], + "credits": [ + { + "lang": "en", + "value": "0xd4rk5id3 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30825.json b/2025/30xxx/CVE-2025-30825.json index 33890c6cabb..b46ee2f527e 100644 --- a/2025/30xxx/CVE-2025-30825.json +++ b/2025/30xxx/CVE-2025-30825.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPClever", + "product": { + "product_data": [ + { + "product_name": "WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.3.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.6", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpc-smart-linked-products/vulnerability/wordpress-wpc-smart-linked-products-plugin-1-3-5-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wpc-smart-linked-products/vulnerability/wordpress-wpc-smart-linked-products-plugin-1-3-5-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce plugin to the latest available version (at least 1.3.6)." + } + ], + "value": "Update the WordPress WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce plugin to the latest available version (at least 1.3.6)." + } + ], + "credits": [ + { + "lang": "en", + "value": "theviper17 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30827.json b/2025/30xxx/CVE-2025-30827.json index f08f55afb45..7041968c63b 100644 --- a/2025/30xxx/CVE-2025-30827.json +++ b/2025/30xxx/CVE-2025-30827.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.4.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Saleswonder Team Tobias", + "product": { + "product_data": [ + { + "product_name": "WP2LEADS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.4.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4.7", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP2LEADS plugin to the latest available version (at least 3.4.7)." + } + ], + "value": "Update the WordPress WP2LEADS plugin to the latest available version (at least 3.4.7)." + } + ], + "credits": [ + { + "lang": "en", + "value": "johska (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31147.json b/2025/31xxx/CVE-2025-31147.json new file mode 100644 index 00000000000..db992b07a42 --- /dev/null +++ b/2025/31xxx/CVE-2025-31147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31357.json b/2025/31xxx/CVE-2025-31357.json new file mode 100644 index 00000000000..23c01babc84 --- /dev/null +++ b/2025/31xxx/CVE-2025-31357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31360.json b/2025/31xxx/CVE-2025-31360.json new file mode 100644 index 00000000000..74187ce13fd --- /dev/null +++ b/2025/31xxx/CVE-2025-31360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31654.json b/2025/31xxx/CVE-2025-31654.json new file mode 100644 index 00000000000..86576b7b3a9 --- /dev/null +++ b/2025/31xxx/CVE-2025-31654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31793.json b/2025/31xxx/CVE-2025-31793.json new file mode 100644 index 00000000000..4fa29ee40c0 --- /dev/null +++ b/2025/31xxx/CVE-2025-31793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31794.json b/2025/31xxx/CVE-2025-31794.json new file mode 100644 index 00000000000..e68d00a1ce7 --- /dev/null +++ b/2025/31xxx/CVE-2025-31794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31795.json b/2025/31xxx/CVE-2025-31795.json new file mode 100644 index 00000000000..7c439d3ebfa --- /dev/null +++ b/2025/31xxx/CVE-2025-31795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31796.json b/2025/31xxx/CVE-2025-31796.json new file mode 100644 index 00000000000..b80fca67029 --- /dev/null +++ b/2025/31xxx/CVE-2025-31796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31797.json b/2025/31xxx/CVE-2025-31797.json new file mode 100644 index 00000000000..71426b4dacc --- /dev/null +++ b/2025/31xxx/CVE-2025-31797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31798.json b/2025/31xxx/CVE-2025-31798.json new file mode 100644 index 00000000000..7de8d96fe26 --- /dev/null +++ b/2025/31xxx/CVE-2025-31798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31799.json b/2025/31xxx/CVE-2025-31799.json new file mode 100644 index 00000000000..225d79daf92 --- /dev/null +++ b/2025/31xxx/CVE-2025-31799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31800.json b/2025/31xxx/CVE-2025-31800.json new file mode 100644 index 00000000000..c2506d3bd96 --- /dev/null +++ b/2025/31xxx/CVE-2025-31800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31801.json b/2025/31xxx/CVE-2025-31801.json new file mode 100644 index 00000000000..8842e2a43ed --- /dev/null +++ b/2025/31xxx/CVE-2025-31801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31802.json b/2025/31xxx/CVE-2025-31802.json new file mode 100644 index 00000000000..a9928432fa7 --- /dev/null +++ b/2025/31xxx/CVE-2025-31802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31803.json b/2025/31xxx/CVE-2025-31803.json new file mode 100644 index 00000000000..9eb71ade4ec --- /dev/null +++ b/2025/31xxx/CVE-2025-31803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31804.json b/2025/31xxx/CVE-2025-31804.json new file mode 100644 index 00000000000..fd5c02ae22d --- /dev/null +++ b/2025/31xxx/CVE-2025-31804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31805.json b/2025/31xxx/CVE-2025-31805.json new file mode 100644 index 00000000000..9cf62733dd8 --- /dev/null +++ b/2025/31xxx/CVE-2025-31805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31806.json b/2025/31xxx/CVE-2025-31806.json new file mode 100644 index 00000000000..bfcb5fe9f29 --- /dev/null +++ b/2025/31xxx/CVE-2025-31806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31807.json b/2025/31xxx/CVE-2025-31807.json new file mode 100644 index 00000000000..366be56298a --- /dev/null +++ b/2025/31xxx/CVE-2025-31807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31808.json b/2025/31xxx/CVE-2025-31808.json new file mode 100644 index 00000000000..d7a95df4c05 --- /dev/null +++ b/2025/31xxx/CVE-2025-31808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31809.json b/2025/31xxx/CVE-2025-31809.json new file mode 100644 index 00000000000..f3cc670e0fb --- /dev/null +++ b/2025/31xxx/CVE-2025-31809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31810.json b/2025/31xxx/CVE-2025-31810.json new file mode 100644 index 00000000000..30bd1e0d72a --- /dev/null +++ b/2025/31xxx/CVE-2025-31810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31811.json b/2025/31xxx/CVE-2025-31811.json new file mode 100644 index 00000000000..a58ac62537f --- /dev/null +++ b/2025/31xxx/CVE-2025-31811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31812.json b/2025/31xxx/CVE-2025-31812.json new file mode 100644 index 00000000000..ee39aa31495 --- /dev/null +++ b/2025/31xxx/CVE-2025-31812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31813.json b/2025/31xxx/CVE-2025-31813.json new file mode 100644 index 00000000000..1188a5239ce --- /dev/null +++ b/2025/31xxx/CVE-2025-31813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31933.json b/2025/31xxx/CVE-2025-31933.json new file mode 100644 index 00000000000..c0aae6d3f97 --- /dev/null +++ b/2025/31xxx/CVE-2025-31933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31941.json b/2025/31xxx/CVE-2025-31941.json new file mode 100644 index 00000000000..46a9eaeadbc --- /dev/null +++ b/2025/31xxx/CVE-2025-31941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31945.json b/2025/31xxx/CVE-2025-31945.json new file mode 100644 index 00000000000..8c956b0a317 --- /dev/null +++ b/2025/31xxx/CVE-2025-31945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31951.json b/2025/31xxx/CVE-2025-31951.json new file mode 100644 index 00000000000..ea1f9cf9d7d --- /dev/null +++ b/2025/31xxx/CVE-2025-31951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31952.json b/2025/31xxx/CVE-2025-31952.json new file mode 100644 index 00000000000..a18d17a7a2a --- /dev/null +++ b/2025/31xxx/CVE-2025-31952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31953.json b/2025/31xxx/CVE-2025-31953.json new file mode 100644 index 00000000000..014b90c547d --- /dev/null +++ b/2025/31xxx/CVE-2025-31953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31954.json b/2025/31xxx/CVE-2025-31954.json new file mode 100644 index 00000000000..fa61f8b7e82 --- /dev/null +++ b/2025/31xxx/CVE-2025-31954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31955.json b/2025/31xxx/CVE-2025-31955.json new file mode 100644 index 00000000000..38a4c3f8a33 --- /dev/null +++ b/2025/31xxx/CVE-2025-31955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31956.json b/2025/31xxx/CVE-2025-31956.json new file mode 100644 index 00000000000..c7269309b4a --- /dev/null +++ b/2025/31xxx/CVE-2025-31956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31957.json b/2025/31xxx/CVE-2025-31957.json new file mode 100644 index 00000000000..fabc2613b81 --- /dev/null +++ b/2025/31xxx/CVE-2025-31957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31958.json b/2025/31xxx/CVE-2025-31958.json new file mode 100644 index 00000000000..eb529c0cb8a --- /dev/null +++ b/2025/31xxx/CVE-2025-31958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31959.json b/2025/31xxx/CVE-2025-31959.json new file mode 100644 index 00000000000..19fa01bbff8 --- /dev/null +++ b/2025/31xxx/CVE-2025-31959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31960.json b/2025/31xxx/CVE-2025-31960.json new file mode 100644 index 00000000000..bb02396ed33 --- /dev/null +++ b/2025/31xxx/CVE-2025-31960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31961.json b/2025/31xxx/CVE-2025-31961.json new file mode 100644 index 00000000000..0e6804bb40b --- /dev/null +++ b/2025/31xxx/CVE-2025-31961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31962.json b/2025/31xxx/CVE-2025-31962.json new file mode 100644 index 00000000000..1d2b8ca6c84 --- /dev/null +++ b/2025/31xxx/CVE-2025-31962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31963.json b/2025/31xxx/CVE-2025-31963.json new file mode 100644 index 00000000000..5f30f2c5583 --- /dev/null +++ b/2025/31xxx/CVE-2025-31963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31964.json b/2025/31xxx/CVE-2025-31964.json new file mode 100644 index 00000000000..91cd4e15e4e --- /dev/null +++ b/2025/31xxx/CVE-2025-31964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31965.json b/2025/31xxx/CVE-2025-31965.json new file mode 100644 index 00000000000..dc2f974dd8e --- /dev/null +++ b/2025/31xxx/CVE-2025-31965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31966.json b/2025/31xxx/CVE-2025-31966.json new file mode 100644 index 00000000000..61b0d20d2db --- /dev/null +++ b/2025/31xxx/CVE-2025-31966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31967.json b/2025/31xxx/CVE-2025-31967.json new file mode 100644 index 00000000000..a83f16d223c --- /dev/null +++ b/2025/31xxx/CVE-2025-31967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31968.json b/2025/31xxx/CVE-2025-31968.json new file mode 100644 index 00000000000..056ef649e55 --- /dev/null +++ b/2025/31xxx/CVE-2025-31968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31969.json b/2025/31xxx/CVE-2025-31969.json new file mode 100644 index 00000000000..dc66a1d7ad6 --- /dev/null +++ b/2025/31xxx/CVE-2025-31969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31970.json b/2025/31xxx/CVE-2025-31970.json new file mode 100644 index 00000000000..d829d2af907 --- /dev/null +++ b/2025/31xxx/CVE-2025-31970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31971.json b/2025/31xxx/CVE-2025-31971.json new file mode 100644 index 00000000000..9982452450e --- /dev/null +++ b/2025/31xxx/CVE-2025-31971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3082.json b/2025/3xxx/CVE-2025-3082.json new file mode 100644 index 00000000000..89413ed9edb --- /dev/null +++ b/2025/3xxx/CVE-2025-3082.json @@ -0,0 +1,104 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-3082", + "ASSIGNER": "cna@mongodb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MongoDB Inc", + "product": { + "product_data": [ + { + "product_name": "MongoDB Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0", + "version_value": "5.0.31" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "6.0.20" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "7.0.14" + }, + { + "version_affected": "<", + "version_name": "7.3", + "version_value": "7.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jira.mongodb.org/browse/SERVER-103151", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/SERVER-103151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3083.json b/2025/3xxx/CVE-2025-3083.json new file mode 100644 index 00000000000..675391a5dee --- /dev/null +++ b/2025/3xxx/CVE-2025-3083.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-3083", + "ASSIGNER": "cna@mongodb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MongoDB Inc", + "product": { + "product_data": [ + { + "product_name": "MongoDB Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0", + "version_value": "5.0.31" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "6.0.20" + }, + { + "version_affected": "<", + "version_name": "7.0.", + "version_value": "7.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jira.mongodb.org/browse/SERVER-103152", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/SERVER-103152" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3128.json b/2025/3xxx/CVE-2025-3128.json new file mode 100644 index 00000000000..2baf3319ecf --- /dev/null +++ b/2025/3xxx/CVE-2025-3128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3150.json b/2025/3xxx/CVE-2025-3150.json new file mode 100644 index 00000000000..205650b5bf7 --- /dev/null +++ b/2025/3xxx/CVE-2025-3150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3151.json b/2025/3xxx/CVE-2025-3151.json new file mode 100644 index 00000000000..a0ff2dd4844 --- /dev/null +++ b/2025/3xxx/CVE-2025-3151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3152.json b/2025/3xxx/CVE-2025-3152.json new file mode 100644 index 00000000000..c9cd5cb9ac5 --- /dev/null +++ b/2025/3xxx/CVE-2025-3152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file