admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-25 09:00:34 +00:00
parent 663c5a6168
commit cc8ef2344a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 836 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2024/13xxx/CVE-2024-13690.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ashishajani",
"product": {
"product_data": [
{
"product_name": "WP Church Donation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8ac20f-d6ae-4e55-9337-4fb5ebd4f24a?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8ac20f-d6ae-4e55-9337-4fb5ebd4f24a?source=cve"
},
{
"url": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-form-display.php",
"refsource": "MISC",
"name": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-form-display.php"
},
{
"url": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-listings.php",
"refsource": "MISC",
"name": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-listings.php"
},
{
"url": "https://wordpress.org/plugins/wp-church-donation/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-church-donation/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Johannes Skamletz"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

76
2024/13xxx/CVE-2024-13710.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "estatebud",
"product": {
"product_data": [
{
"product_name": "Estatebud \u2013 Properties & Listings",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve"
},
{
"url": "https://wordpress.org/plugins/estatebud-properties-listings/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/estatebud-properties-listings/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Dhabaleshwar Das"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

84
2024/13xxx/CVE-2024-13731.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Alert Box Block \u2013 Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bplugins",
"product": {
"product_data": [
{
"product_name": "Alert Box Block \u2013 Display notice/alerts in the front end.",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d63cd13e-4a16-483f-8165-6c8090ceebab?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d63cd13e-4a16-483f-8165-6c8090ceebab?source=cve"
},
{
"url": "https://wordpress.org/plugins/alert-box-block/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/alert-box-block/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Nguyen Vuong Quoc"
},
{
"lang": "en",
"value": "Pham Van Tam"
},
{
"lang": "en",
"value": "Nguyen Khanh Hao"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

116
2025/2xxx/CVE-2025-2319.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "scheeeli",
"product": {
"product_data": [
{
"product_name": "EZ SQL Reports Shortcode Widget and DB Backup",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.11.13",
"version_value": "5.25.08"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.25.08/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.25.08/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.21.35/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.21.35/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.42/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.42/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.38/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.38/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.16.38/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.16.38/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.11.37/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.11.37/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.33/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.33/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.15/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.15/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.13/index.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.13/index.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "lucky_buddy"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

76
2025/2xxx/CVE-2025-2510.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bittokazi",
"product": {
"product_data": [
{
"product_name": "Frndzk Expandable Bottom Bar",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4261c81e-13a2-4022-8048-aeb0ea4e9ee4?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4261c81e-13a2-4022-8048-aeb0ea4e9ee4?source=cve"
},
{
"url": "https://wordpress.org/plugins/frndzk-expandable-bottom-bar/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/frndzk-expandable-bottom-bar/#developers"
}
]
},
"credits": [
{
"lang": "en",
"value": "Johannes Skamletz"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

92
2025/2xxx/CVE-2025-2559.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Build of Keycloak",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-2559",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2025-2559"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

114
2025/2xxx/CVE-2025-2752.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Open Asset Import Library Assimp 5.4.3 gefunden. Dies betrifft die Funktion fast_atoreal_move in der Bibliothek include/assimp/fast_atof.h der Komponente CSM File Handler. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open Asset Import Library",
"product": {
"product_data": [
{
"product_name": "Assimp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300857",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300857"
},
{
"url": "https://vuldb.com/?ctiid.300857",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300857"
},
{
"url": "https://vuldb.com/?submit.517786",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.517786"
},
{
"url": "https://github.com/assimp/assimp/issues/6013",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6013"
},
{
"url": "https://github.com/assimp/assimp/issues/6013#issue-2877371176",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6013#issue-2877371176"
}
]
},
"credits": [
{
"lang": "en",
"value": "d3ng03 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

114
2025/2xxx/CVE-2025-2753.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Open Asset Import Library Assimp 5.4.3 ausgemacht. Dabei betrifft es die Funktion SceneCombiner::MergeScenes der Datei code/AssetLib/LWS/LWSLoader.cpp der Komponente LWS File Handler. Durch Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open Asset Import Library",
"product": {
"product_data": [
{
"product_name": "Assimp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300858",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300858"
},
{
"url": "https://vuldb.com/?ctiid.300858",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300858"
},
{
"url": "https://vuldb.com/?submit.517787",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.517787"
},
{
"url": "https://github.com/assimp/assimp/issues/6014",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6014"
},
{
"url": "https://github.com/assimp/assimp/issues/6014#issue-2877372462",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6014#issue-2877372462"
}
]
},
"credits": [
{
"lang": "en",
"value": "d3ng03 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

114
2025/2xxx/CVE-2025-2754.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In Open Asset Import Library Assimp 5.4.3 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion Assimp::AC3DImporter::ConvertObjectSection der Datei code/AssetLib/AC/ACLoader.cpp der Komponente AC3D File Handler. Durch das Beeinflussen des Arguments it mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open Asset Import Library",
"product": {
"product_data": [
{
"product_name": "Assimp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.300859",
"refsource": "MISC",
"name": "https://vuldb.com/?id.300859"
},
{
"url": "https://vuldb.com/?ctiid.300859",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.300859"
},
{
"url": "https://vuldb.com/?submit.517788",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.517788"
},
{
"url": "https://github.com/assimp/assimp/issues/6015",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6015"
},
{
"url": "https://github.com/assimp/assimp/issues/6015#issue-2877373501",
"refsource": "MISC",
"name": "https://github.com/assimp/assimp/issues/6015#issue-2877373501"
}
]
},
"credits": [
{
"lang": "en",
"value": "d3ng03 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}