From d00983a728175a92d32904ce76b052a546c7aa21 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2025 01:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11396.json | 76 ++++++++++++++++- 2024/12xxx/CVE-2024-12083.json | 151 ++++++++++++++++++++++++++++++++- 2024/12xxx/CVE-2024-12298.json | 108 ++++++++++++++++++++++- 2024/13xxx/CVE-2024-13379.json | 18 ++++ 2024/57xxx/CVE-2024-57615.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57616.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57617.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57618.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57619.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57620.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57621.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57622.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57623.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57624.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57625.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57626.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57627.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57628.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57629.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57630.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57631.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57632.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57633.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57634.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57635.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57636.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57637.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57638.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57639.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57640.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57641.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57642.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57643.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57644.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57645.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57646.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57647.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57648.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57649.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57650.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57651.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57652.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57653.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57654.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57655.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57656.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57657.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57658.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57659.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57660.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57661.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57662.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57663.json | 56 ++++++++++-- 2024/57xxx/CVE-2024-57664.json | 56 ++++++++++-- 2025/0xxx/CVE-2025-0053.json | 131 +++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0055.json | 83 +++++++++++++++++- 2025/0xxx/CVE-2025-0056.json | 83 +++++++++++++++++- 2025/0xxx/CVE-2025-0057.json | 91 +++++++++++++++++++- 2025/0xxx/CVE-2025-0058.json | 115 ++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0059.json | 111 +++++++++++++++++++++++- 2025/0xxx/CVE-2025-0060.json | 91 +++++++++++++++++++- 2025/0xxx/CVE-2025-0061.json | 91 +++++++++++++++++++- 2025/0xxx/CVE-2025-0063.json | 135 ++++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0066.json | 147 +++++++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0067.json | 83 +++++++++++++++++- 2025/0xxx/CVE-2025-0068.json | 135 ++++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0069.json | 83 +++++++++++++++++- 2025/0xxx/CVE-2025-0070.json | 135 ++++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0451.json | 18 ++++ 2025/0xxx/CVE-2025-0452.json | 18 ++++ 2025/0xxx/CVE-2025-0453.json | 18 ++++ 2025/0xxx/CVE-2025-0454.json | 18 ++++ 2025/20xxx/CVE-2025-20036.json | 18 ++++ 2025/20xxx/CVE-2025-20086.json | 18 ++++ 2025/20xxx/CVE-2025-20088.json | 18 ++++ 2025/21xxx/CVE-2025-21083.json | 18 ++++ 2025/23xxx/CVE-2025-23030.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23031.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23032.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23033.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23034.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23035.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23036.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23037.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23038.json | 63 +++++++++++++- 2025/23xxx/CVE-2025-23223.json | 18 ++++ 2025/23xxx/CVE-2025-23224.json | 18 ++++ 2025/23xxx/CVE-2025-23225.json | 18 ++++ 2025/23xxx/CVE-2025-23226.json | 18 ++++ 2025/23xxx/CVE-2025-23227.json | 18 ++++ 2025/23xxx/CVE-2025-23228.json | 18 ++++ 2025/23xxx/CVE-2025-23229.json | 18 ++++ 2025/23xxx/CVE-2025-23230.json | 18 ++++ 2025/23xxx/CVE-2025-23231.json | 18 ++++ 2025/23xxx/CVE-2025-23232.json | 18 ++++ 95 files changed, 5156 insertions(+), 402 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13379.json create mode 100644 2025/0xxx/CVE-2025-0451.json create mode 100644 2025/0xxx/CVE-2025-0452.json create mode 100644 2025/0xxx/CVE-2025-0453.json create mode 100644 2025/0xxx/CVE-2025-0454.json create mode 100644 2025/20xxx/CVE-2025-20036.json create mode 100644 2025/20xxx/CVE-2025-20086.json create mode 100644 2025/20xxx/CVE-2025-20088.json create mode 100644 2025/21xxx/CVE-2025-21083.json create mode 100644 2025/23xxx/CVE-2025-23223.json create mode 100644 2025/23xxx/CVE-2025-23224.json create mode 100644 2025/23xxx/CVE-2025-23225.json create mode 100644 2025/23xxx/CVE-2025-23226.json create mode 100644 2025/23xxx/CVE-2025-23227.json create mode 100644 2025/23xxx/CVE-2025-23228.json create mode 100644 2025/23xxx/CVE-2025-23229.json create mode 100644 2025/23xxx/CVE-2025-23230.json create mode 100644 2025/23xxx/CVE-2025-23231.json create mode 100644 2025/23xxx/CVE-2025-23232.json diff --git a/2024/11xxx/CVE-2024-11396.json b/2024/11xxx/CVE-2024-11396.json index 1031d455dee..51da3c47426 100644 --- a/2024/11xxx/CVE-2024-11396.json +++ b/2024/11xxx/CVE-2024-11396.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", + "cweId": "CWE-359" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "awordpresslife", + "product": { + "product_data": [ + { + "product_name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/event-monster/tags/1.4.3/em-ajax-prossesing/em-visitor-ajax.php#L92", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/event-monster/tags/1.4.3/em-ajax-prossesing/em-visitor-ajax.php#L92" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mike harris" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12083.json b/2024/12xxx/CVE-2024-12083.json index 4c14705a403..0fb085d2093 100644 --- a/2024/12xxx/CVE-2024-12083.json +++ b/2024/12xxx/CVE-2024-12083.json @@ -1,17 +1,162 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12083", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "Machine Automation Controller NJ-series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "NJ101-[][][][] Ver.1.64.05 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ301-[][][][] Ver.1.64.05 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-1[]0[] Ver.1.64.05 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-1[]2[] Ver.1.64.04 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-1340 Ver.1.64.04 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-4[][][] Ver.1.64.04 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-5300 Ver.1.64.04 and lower" + }, + { + "version_affected": "=", + "version_value": "NJ501-R[][][] Ver.1.64.04 and lower" + } + ] + } + }, + { + "product_name": "Machine Automation Controller NX-series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "NX1P2-[][][][][][] Ver.1.64.04 and lower" + }, + { + "version_affected": "=", + "version_value": "NX1P2-[][][][][][]1 Ver.1.64.04 and lower" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-001_en.pdf", + "refsource": "MISC", + "name": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-001_en.pdf" + }, + { + "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-001_ja.pdf", + "refsource": "MISC", + "name": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-001_ja.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "OMSR-2025-001", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.

1. Secure Communication Function
The secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.
- NJ series, NX1P2 CPU Unit: Version 1.49 or higher

2. Anti-virus protection
Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.

3. Security measures to prevent unauthorized access
- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.
- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.
- Use a virtual private network (VPN) for remote access to control systems and equipment.
- Use strong passwords and change them frequently.
- Install physical controls so that only authorized personnel can access control systems and equipment.
- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.
- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.

4. Data input and output protection
Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.

5. Data recovery
Periodical data backup and maintenance to prepare for data loss.
" + } + ], + "value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.\n\n1. Secure Communication Function\nThe secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.\n- NJ series, NX1P2 CPU Unit: Version 1.49 or higher\n\n2. Anti-virus protection\nProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.\n\n3. Security measures to prevent unauthorized access\n- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.\n- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.\n- Use a virtual private network (VPN) for remote access to control systems and equipment.\n- Use strong passwords and change them frequently.\n- Install physical controls so that only authorized personnel can access control systems and equipment.\n- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\n- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.\n\n4. Data input and output protection\nValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.\n\n5. Data recovery\nPeriodical data backup and maintenance to prepare for data loss." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The countermeasure against the vulnerabilities can be implemented by updating each product to the countermeasure version.
For information on how to obtain and update the firmware for the countermeasure version of the product, please contact our sales office or distributors.
" + } + ], + "value": "The countermeasure against the vulnerabilities can be implemented by updating each product to the countermeasure version.\nFor information on how to obtain and update the firmware for the countermeasure version of the product, please contact our sales office or distributors." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/12xxx/CVE-2024-12298.json b/2024/12xxx/CVE-2024-12298.json index b480e20200e..01e5dd15d11 100644 --- a/2024/12xxx/CVE-2024-12298.json +++ b/2024/12xxx/CVE-2024-12298.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12298", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "Programable Terminals NB-Designer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver.1.63 or lower" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-002_en.pdf", + "refsource": "MISC", + "name": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-002_en.pdf" + }, + { + "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-002_ja.pdf", + "refsource": "MISC", + "name": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-002_ja.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "OMSR-2025-002", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.

1. Secure Communication Function
The secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.
- NJ series, NX1P2 CPU Unit: Version 1.49 or higher

2. Anti-virus protection
Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.

3. Security measures to prevent unauthorized access
- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.
- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.
- Use a virtual private network (VPN) for remote access to control systems and equipment.
- Use strong passwords and change them frequently.
- Install physical controls so that only authorized personnel can access control systems and equipment.
- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.
- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.

4. Data input and output protection
Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.

5. Data recovery
Periodical data backup and maintenance to prepare for data loss.
" + } + ], + "value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.\n\n1. Secure Communication Function\nThe secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.\n- NJ series, NX1P2 CPU Unit: Version 1.49 or higher\n\n2. Anti-virus protection\nProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.\n\n3. Security measures to prevent unauthorized access\n- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.\n- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.\n- Use a virtual private network (VPN) for remote access to control systems and equipment.\n- Use strong passwords and change them frequently.\n- Install physical controls so that only authorized personnel can access control systems and equipment.\n- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\n- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.\n\n4. Data input and output protection\nValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.\n\n5. Data recovery\nPeriodical data backup and maintenance to prepare for data loss." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The countermeasure against the vulnerabilities can be implemented by updating each product to the countermeasure version.
For information on how to obtain and update the countermeasure version of the product, please contact our sales office or distributors.
" + } + ], + "value": "The countermeasure against the vulnerabilities can be implemented by updating each product to the countermeasure version.\nFor information on how to obtain and update the countermeasure version of the product, please contact our sales office or distributors." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/13xxx/CVE-2024-13379.json b/2024/13xxx/CVE-2024-13379.json new file mode 100644 index 00000000000..f0bdbf2db6b --- /dev/null +++ b/2024/13xxx/CVE-2024-13379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/57xxx/CVE-2024-57615.json b/2024/57xxx/CVE-2024-57615.json index 49a7531d595..00e83c944cf 100644 --- a/2024/57xxx/CVE-2024-57615.json +++ b/2024/57xxx/CVE-2024-57615.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57615", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57615", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7413", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7413" } ] } diff --git a/2024/57xxx/CVE-2024-57616.json b/2024/57xxx/CVE-2024-57616.json index 6da1be91f81..7a16f128709 100644 --- a/2024/57xxx/CVE-2024-57616.json +++ b/2024/57xxx/CVE-2024-57616.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7412", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7412" } ] } diff --git a/2024/57xxx/CVE-2024-57617.json b/2024/57xxx/CVE-2024-57617.json index 76e7e93ca3d..47b14986926 100644 --- a/2024/57xxx/CVE-2024-57617.json +++ b/2024/57xxx/CVE-2024-57617.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57617", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57617", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7432", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7432" } ] } diff --git a/2024/57xxx/CVE-2024-57618.json b/2024/57xxx/CVE-2024-57618.json index 157caa06cc6..d45e824ab45 100644 --- a/2024/57xxx/CVE-2024-57618.json +++ b/2024/57xxx/CVE-2024-57618.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57618", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57618", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7418", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7418" } ] } diff --git a/2024/57xxx/CVE-2024-57619.json b/2024/57xxx/CVE-2024-57619.json index 84924a6dfc5..d7267c2a57f 100644 --- a/2024/57xxx/CVE-2024-57619.json +++ b/2024/57xxx/CVE-2024-57619.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57619", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57619", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7416", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7416" } ] } diff --git a/2024/57xxx/CVE-2024-57620.json b/2024/57xxx/CVE-2024-57620.json index d06f87738a0..f133a74218c 100644 --- a/2024/57xxx/CVE-2024-57620.json +++ b/2024/57xxx/CVE-2024-57620.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7417", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7417" } ] } diff --git a/2024/57xxx/CVE-2024-57621.json b/2024/57xxx/CVE-2024-57621.json index 371a53f976d..8d5df8ebf3f 100644 --- a/2024/57xxx/CVE-2024-57621.json +++ b/2024/57xxx/CVE-2024-57621.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57621", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57621", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the GDKanalytical_correlation component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7414", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7414" } ] } diff --git a/2024/57xxx/CVE-2024-57622.json b/2024/57xxx/CVE-2024-57622.json index e25cb751eff..31bab080b8a 100644 --- a/2024/57xxx/CVE-2024-57622.json +++ b/2024/57xxx/CVE-2024-57622.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57622", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57622", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exp_bin component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7434", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7434" } ] } diff --git a/2024/57xxx/CVE-2024-57623.json b/2024/57xxx/CVE-2024-57623.json index 47b3fc64140..9e22cd275a0 100644 --- a/2024/57xxx/CVE-2024-57623.json +++ b/2024/57xxx/CVE-2024-57623.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57623", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57623", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7415", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7415" } ] } diff --git a/2024/57xxx/CVE-2024-57624.json b/2024/57xxx/CVE-2024-57624.json index d7a7721e1f0..89b9db48fa2 100644 --- a/2024/57xxx/CVE-2024-57624.json +++ b/2024/57xxx/CVE-2024-57624.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7433", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7433" } ] } diff --git a/2024/57xxx/CVE-2024-57625.json b/2024/57xxx/CVE-2024-57625.json index b8ec2141a53..d90c0bbcb8d 100644 --- a/2024/57xxx/CVE-2024-57625.json +++ b/2024/57xxx/CVE-2024-57625.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57625", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57625", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7443", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7443" } ] } diff --git a/2024/57xxx/CVE-2024-57626.json b/2024/57xxx/CVE-2024-57626.json index 2b150c0e8e8..201055fd112 100644 --- a/2024/57xxx/CVE-2024-57626.json +++ b/2024/57xxx/CVE-2024-57626.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57626", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57626", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7442", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7442" } ] } diff --git a/2024/57xxx/CVE-2024-57627.json b/2024/57xxx/CVE-2024-57627.json index 9d4cc061133..868d2320c5b 100644 --- a/2024/57xxx/CVE-2024-57627.json +++ b/2024/57xxx/CVE-2024-57627.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57627", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7440", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7440" } ] } diff --git a/2024/57xxx/CVE-2024-57628.json b/2024/57xxx/CVE-2024-57628.json index cac3531b8ce..af40b442467 100644 --- a/2024/57xxx/CVE-2024-57628.json +++ b/2024/57xxx/CVE-2024-57628.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57628", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57628", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7437", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7437" } ] } diff --git a/2024/57xxx/CVE-2024-57629.json b/2024/57xxx/CVE-2024-57629.json index f237fd7514a..d3426dc056c 100644 --- a/2024/57xxx/CVE-2024-57629.json +++ b/2024/57xxx/CVE-2024-57629.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57629", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57629", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7472", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7472" } ] } diff --git a/2024/57xxx/CVE-2024-57630.json b/2024/57xxx/CVE-2024-57630.json index c89d6314f37..7d2dca0a2cd 100644 --- a/2024/57xxx/CVE-2024-57630.json +++ b/2024/57xxx/CVE-2024-57630.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57630", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57630", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7439", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7439" } ] } diff --git a/2024/57xxx/CVE-2024-57631.json b/2024/57xxx/CVE-2024-57631.json index 77b6e86918b..1e7e780d14c 100644 --- a/2024/57xxx/CVE-2024-57631.json +++ b/2024/57xxx/CVE-2024-57631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7436", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7436" } ] } diff --git a/2024/57xxx/CVE-2024-57632.json b/2024/57xxx/CVE-2024-57632.json index 6dd94ed0f68..31afa1d9b8c 100644 --- a/2024/57xxx/CVE-2024-57632.json +++ b/2024/57xxx/CVE-2024-57632.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7441", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7441" } ] } diff --git a/2024/57xxx/CVE-2024-57633.json b/2024/57xxx/CVE-2024-57633.json index a99b236972a..99d2e0535a5 100644 --- a/2024/57xxx/CVE-2024-57633.json +++ b/2024/57xxx/CVE-2024-57633.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57633", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57633", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7438", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7438" } ] } diff --git a/2024/57xxx/CVE-2024-57634.json b/2024/57xxx/CVE-2024-57634.json index 8290a3ec545..3a7c4209645 100644 --- a/2024/57xxx/CVE-2024-57634.json +++ b/2024/57xxx/CVE-2024-57634.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MonetDB/MonetDB/issues/7435", + "refsource": "MISC", + "name": "https://github.com/MonetDB/MonetDB/issues/7435" } ] } diff --git a/2024/57xxx/CVE-2024-57635.json b/2024/57xxx/CVE-2024-57635.json index 3ff007340fd..1f5dcfbc974 100644 --- a/2024/57xxx/CVE-2024-57635.json +++ b/2024/57xxx/CVE-2024-57635.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57635", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57635", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1182", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1182" } ] } diff --git a/2024/57xxx/CVE-2024-57636.json b/2024/57xxx/CVE-2024-57636.json index 17ed631b549..e1b420aeb6f 100644 --- a/2024/57xxx/CVE-2024-57636.json +++ b/2024/57xxx/CVE-2024-57636.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57636", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57636", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1194", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1194" } ] } diff --git a/2024/57xxx/CVE-2024-57637.json b/2024/57xxx/CVE-2024-57637.json index 79c65611f1e..0a355d04843 100644 --- a/2024/57xxx/CVE-2024-57637.json +++ b/2024/57xxx/CVE-2024-57637.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57637", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57637", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1192", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1192" } ] } diff --git a/2024/57xxx/CVE-2024-57638.json b/2024/57xxx/CVE-2024-57638.json index b57a359431a..277da27b5ee 100644 --- a/2024/57xxx/CVE-2024-57638.json +++ b/2024/57xxx/CVE-2024-57638.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57638", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57638", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1190", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1190" } ] } diff --git a/2024/57xxx/CVE-2024-57639.json b/2024/57xxx/CVE-2024-57639.json index d4281b1ce51..197a2c4aac5 100644 --- a/2024/57xxx/CVE-2024-57639.json +++ b/2024/57xxx/CVE-2024-57639.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57639", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57639", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1185", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1185" } ] } diff --git a/2024/57xxx/CVE-2024-57640.json b/2024/57xxx/CVE-2024-57640.json index 9ea6fe05f3d..daeabf8fdca 100644 --- a/2024/57xxx/CVE-2024-57640.json +++ b/2024/57xxx/CVE-2024-57640.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57640", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57640", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1184", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1184" } ] } diff --git a/2024/57xxx/CVE-2024-57641.json b/2024/57xxx/CVE-2024-57641.json index a5e34096d6f..d3cca62edec 100644 --- a/2024/57xxx/CVE-2024-57641.json +++ b/2024/57xxx/CVE-2024-57641.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57641", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57641", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1183", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1183" } ] } diff --git a/2024/57xxx/CVE-2024-57642.json b/2024/57xxx/CVE-2024-57642.json index f67bb3a0646..bd340eae82d 100644 --- a/2024/57xxx/CVE-2024-57642.json +++ b/2024/57xxx/CVE-2024-57642.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57642", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57642", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1191", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1191" } ] } diff --git a/2024/57xxx/CVE-2024-57643.json b/2024/57xxx/CVE-2024-57643.json index 5dd12b6bd6e..bcf8de2d953 100644 --- a/2024/57xxx/CVE-2024-57643.json +++ b/2024/57xxx/CVE-2024-57643.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57643", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57643", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1181", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1181" } ] } diff --git a/2024/57xxx/CVE-2024-57644.json b/2024/57xxx/CVE-2024-57644.json index d31ce620c8e..2a069ef546c 100644 --- a/2024/57xxx/CVE-2024-57644.json +++ b/2024/57xxx/CVE-2024-57644.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57644", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57644", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1193", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1193" } ] } diff --git a/2024/57xxx/CVE-2024-57645.json b/2024/57xxx/CVE-2024-57645.json index 3adfd25d859..a4d87f651e2 100644 --- a/2024/57xxx/CVE-2024-57645.json +++ b/2024/57xxx/CVE-2024-57645.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57645", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57645", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1197", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1197" } ] } diff --git a/2024/57xxx/CVE-2024-57646.json b/2024/57xxx/CVE-2024-57646.json index 6e87a9727da..0bdf951b28c 100644 --- a/2024/57xxx/CVE-2024-57646.json +++ b/2024/57xxx/CVE-2024-57646.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57646", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57646", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1199", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1199" } ] } diff --git a/2024/57xxx/CVE-2024-57647.json b/2024/57xxx/CVE-2024-57647.json index 30800e05bb6..29c0806ebed 100644 --- a/2024/57xxx/CVE-2024-57647.json +++ b/2024/57xxx/CVE-2024-57647.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57647", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57647", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1207", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1207" } ] } diff --git a/2024/57xxx/CVE-2024-57648.json b/2024/57xxx/CVE-2024-57648.json index 907c608b91b..05d3592fb7a 100644 --- a/2024/57xxx/CVE-2024-57648.json +++ b/2024/57xxx/CVE-2024-57648.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57648", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57648", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1195", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1195" } ] } diff --git a/2024/57xxx/CVE-2024-57649.json b/2024/57xxx/CVE-2024-57649.json index 386c56cac11..2bd414b1bee 100644 --- a/2024/57xxx/CVE-2024-57649.json +++ b/2024/57xxx/CVE-2024-57649.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57649", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57649", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1206", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1206" } ] } diff --git a/2024/57xxx/CVE-2024-57650.json b/2024/57xxx/CVE-2024-57650.json index e6ac46f819f..9a71746740a 100644 --- a/2024/57xxx/CVE-2024-57650.json +++ b/2024/57xxx/CVE-2024-57650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1204", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1204" } ] } diff --git a/2024/57xxx/CVE-2024-57651.json b/2024/57xxx/CVE-2024-57651.json index 949c7277f20..53d77ba5e3a 100644 --- a/2024/57xxx/CVE-2024-57651.json +++ b/2024/57xxx/CVE-2024-57651.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57651", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1196", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1196" } ] } diff --git a/2024/57xxx/CVE-2024-57652.json b/2024/57xxx/CVE-2024-57652.json index cb04e7d5996..a91f512058e 100644 --- a/2024/57xxx/CVE-2024-57652.json +++ b/2024/57xxx/CVE-2024-57652.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1198", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1198" } ] } diff --git a/2024/57xxx/CVE-2024-57653.json b/2024/57xxx/CVE-2024-57653.json index bd249eed4ff..3415ae0a954 100644 --- a/2024/57xxx/CVE-2024-57653.json +++ b/2024/57xxx/CVE-2024-57653.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57653", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57653", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1208", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1208" } ] } diff --git a/2024/57xxx/CVE-2024-57654.json b/2024/57xxx/CVE-2024-57654.json index bb42ec12166..02523c84b4e 100644 --- a/2024/57xxx/CVE-2024-57654.json +++ b/2024/57xxx/CVE-2024-57654.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57654", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57654", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1205", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1205" } ] } diff --git a/2024/57xxx/CVE-2024-57655.json b/2024/57xxx/CVE-2024-57655.json index 9873923c659..d6be7337a59 100644 --- a/2024/57xxx/CVE-2024-57655.json +++ b/2024/57xxx/CVE-2024-57655.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1216", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1216" } ] } diff --git a/2024/57xxx/CVE-2024-57656.json b/2024/57xxx/CVE-2024-57656.json index e84574533cc..396386e4c3d 100644 --- a/2024/57xxx/CVE-2024-57656.json +++ b/2024/57xxx/CVE-2024-57656.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57656", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57656", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1210", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1210" } ] } diff --git a/2024/57xxx/CVE-2024-57657.json b/2024/57xxx/CVE-2024-57657.json index 670f566a3e9..55106750937 100644 --- a/2024/57xxx/CVE-2024-57657.json +++ b/2024/57xxx/CVE-2024-57657.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1219", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1219" } ] } diff --git a/2024/57xxx/CVE-2024-57658.json b/2024/57xxx/CVE-2024-57658.json index 6182fe1ff59..5d463790fb8 100644 --- a/2024/57xxx/CVE-2024-57658.json +++ b/2024/57xxx/CVE-2024-57658.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57658", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57658", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1209", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1209" } ] } diff --git a/2024/57xxx/CVE-2024-57659.json b/2024/57xxx/CVE-2024-57659.json index 5a9a38d783b..20f5bb9f265 100644 --- a/2024/57xxx/CVE-2024-57659.json +++ b/2024/57xxx/CVE-2024-57659.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57659", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57659", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1212", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1212" } ] } diff --git a/2024/57xxx/CVE-2024-57660.json b/2024/57xxx/CVE-2024-57660.json index 0a2afe9289e..1943cf00914 100644 --- a/2024/57xxx/CVE-2024-57660.json +++ b/2024/57xxx/CVE-2024-57660.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1221", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1221" } ] } diff --git a/2024/57xxx/CVE-2024-57661.json b/2024/57xxx/CVE-2024-57661.json index 58bb7746646..cdf6148eab1 100644 --- a/2024/57xxx/CVE-2024-57661.json +++ b/2024/57xxx/CVE-2024-57661.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1220", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1220" } ] } diff --git a/2024/57xxx/CVE-2024-57662.json b/2024/57xxx/CVE-2024-57662.json index eae41a987d3..568c3716f61 100644 --- a/2024/57xxx/CVE-2024-57662.json +++ b/2024/57xxx/CVE-2024-57662.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1217", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1217" } ] } diff --git a/2024/57xxx/CVE-2024-57663.json b/2024/57xxx/CVE-2024-57663.json index 7691944ab6a..4ee3d221686 100644 --- a/2024/57xxx/CVE-2024-57663.json +++ b/2024/57xxx/CVE-2024-57663.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1218", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1218" } ] } diff --git a/2024/57xxx/CVE-2024-57664.json b/2024/57xxx/CVE-2024-57664.json index 22d0866cb8c..94fd48b240d 100644 --- a/2024/57xxx/CVE-2024-57664.json +++ b/2024/57xxx/CVE-2024-57664.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openlink/virtuoso-opensource/issues/1211", + "refsource": "MISC", + "name": "https://github.com/openlink/virtuoso-opensource/issues/1211" } ] } diff --git a/2025/0xxx/CVE-2025-0053.json b/2025/0xxx/CVE-2025-0053.json index 15ae2f811a7..257d7368414 100644 --- a/2025/0xxx/CVE-2025-0053.json +++ b/2025/0xxx/CVE-2025-0053.json @@ -1,17 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 700" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 701" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 702" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 731" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 740" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 750" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 751" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 752" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3536461", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3536461" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0055.json b/2025/0xxx/CVE-2025-0055.json index 7e573511dbb..60d18f248e1 100644 --- a/2025/0xxx/CVE-2025-0055.json +++ b/2025/0xxx/CVE-2025-0055.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim\ufffds user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP GUI for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "BC-FES-GUI 8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3472837", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3472837" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0056.json b/2025/0xxx/CVE-2025-0056.json index 0886c0aa980..17225fc9c17 100644 --- a/2025/0xxx/CVE-2025-0056.json +++ b/2025/0xxx/CVE-2025-0056.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim\ufffds user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP GUI for Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "BC-FES-JAV 7.80" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3502459", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3502459" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0057.json b/2025/0xxx/CVE-2025-0057.json index 0dffb2665bc..b822d64367b 100644 --- a/2025/0xxx/CVE-2025-0057.json +++ b/2025/0xxx/CVE-2025-0057.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS JAVA (User Admin Application)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "ENGINEAPI 7.50" + }, + { + "version_affected": "=", + "version_value": "SERVERCORE 7.50" + }, + { + "version_affected": "=", + "version_value": "UMEADMIN 7.50" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3514421", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3514421" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0058.json b/2025/0xxx/CVE-2025-0058.json index f1707e1135c..0fba602d6c7 100644 --- a/2025/0xxx/CVE-2025-0058.json +++ b/2025/0xxx/CVE-2025-0058.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business Workflow and SAP Flexible Workflow", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 758" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 912" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 913" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 914" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3542698", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3542698" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0059.json b/2025/0xxx/CVE-2025-0059.json index b2b650c9063..9477a3c6997 100644 --- a/2025/0xxx/CVE-2025-0059.json +++ b/2025/0xxx/CVE-2025-0059.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim\ufffds user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KRNL64UC 7.53" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.53" + }, + { + "version_affected": "=", + "version_value": "7.54" + }, + { + "version_affected": "=", + "version_value": "7.77" + }, + { + "version_affected": "=", + "version_value": "7.89" + }, + { + "version_affected": "=", + "version_value": "7.93" + }, + { + "version_affected": "=", + "version_value": "9.12" + }, + { + "version_affected": "=", + "version_value": "9.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3503138", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3503138" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0060.json b/2025/0xxx/CVE-2025-0060.json index 9510bc20166..1bd5823b670 100644 --- a/2025/0xxx/CVE-2025-0060.json +++ b/2025/0xxx/CVE-2025-0060.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "ENTERPRISE 420" + }, + { + "version_affected": "=", + "version_value": "430" + }, + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3474398", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3474398" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0061.json b/2025/0xxx/CVE-2025-0061.json index 96e718677a5..b061fff78d9 100644 --- a/2025/0xxx/CVE-2025-0061.json +++ b/2025/0xxx/CVE-2025-0061.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "ENTERPRISE 420" + }, + { + "version_affected": "=", + "version_value": "430" + }, + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3474398", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3474398" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0063.json b/2025/0xxx/CVE-2025-0063.json index a9fc0e04ef4..7cb2f39401e 100644 --- a/2025/0xxx/CVE-2025-0063.json +++ b/2025/0xxx/CVE-2025-0063.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS ABAP and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 700" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 701" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 702" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 731" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 740" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 750" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 751" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 752" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 758" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3550816", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3550816" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0066.json b/2025/0xxx/CVE-2025-0066.json index 3e74af7aa24..41e012d01fa 100644 --- a/2025/0xxx/CVE-2025-0066.json +++ b/2025/0xxx/CVE-2025-0066.json @@ -1,17 +1,156 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 700" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 701" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 702" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 731" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 740" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 750" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 751" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 752" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 758" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 912" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 913" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 914" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3550708", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3550708" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0067.json b/2025/0xxx/CVE-2025-0067.json index 4b556751221..fdfe568b463 100644 --- a/2025/0xxx/CVE-2025-0067.json +++ b/2025/0xxx/CVE-2025-0067.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "WD-RUNTIME 7.50" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3540108", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3540108" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0068.json b/2025/0xxx/CVE-2025-0068.json index f28a364912e..6217f33cd06 100644 --- a/2025/0xxx/CVE-2025-0068.json +++ b/2025/0xxx/CVE-2025-0068.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server ABAP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 700" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 701" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 702" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 731" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 740" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 750" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 751" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 752" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 758" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3550674", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3550674" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0069.json b/2025/0xxx/CVE-2025-0069.json index 9367e05357b..ec05222df61 100644 --- a/2025/0xxx/CVE-2025-0069.json +++ b/2025/0xxx/CVE-2025-0069.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user\ufffds Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAPSetup", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LMSAPSETUP 9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3542533", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3542533" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0070.json b/2025/0xxx/CVE-2025-0070.json index 0022d597813..10a88d05648 100644 --- a/2025/0xxx/CVE-2025-0070.json +++ b/2025/0xxx/CVE-2025-0070.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: (Improper Authentication)", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KRNL64NUC 7.22" + }, + { + "version_affected": "=", + "version_value": "7.22EXT" + }, + { + "version_affected": "=", + "version_value": "KRNL64UC 7.22" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "8.04" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.22" + }, + { + "version_affected": "=", + "version_value": "7.54" + }, + { + "version_affected": "=", + "version_value": "7.77" + }, + { + "version_affected": "=", + "version_value": "7.89" + }, + { + "version_affected": "=", + "version_value": "7.93" + }, + { + "version_affected": "=", + "version_value": "7.97" + }, + { + "version_affected": "=", + "version_value": "9.12" + }, + { + "version_affected": "=", + "version_value": "9.13" + }, + { + "version_affected": "=", + "version_value": "9.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3537476", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3537476" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0451.json b/2025/0xxx/CVE-2025-0451.json new file mode 100644 index 00000000000..a74d6c53989 --- /dev/null +++ b/2025/0xxx/CVE-2025-0451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0452.json b/2025/0xxx/CVE-2025-0452.json new file mode 100644 index 00000000000..4407a075bd9 --- /dev/null +++ b/2025/0xxx/CVE-2025-0452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0453.json b/2025/0xxx/CVE-2025-0453.json new file mode 100644 index 00000000000..8d3b224ec33 --- /dev/null +++ b/2025/0xxx/CVE-2025-0453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0454.json b/2025/0xxx/CVE-2025-0454.json new file mode 100644 index 00000000000..3dd50665d2d --- /dev/null +++ b/2025/0xxx/CVE-2025-0454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/20xxx/CVE-2025-20036.json b/2025/20xxx/CVE-2025-20036.json new file mode 100644 index 00000000000..47e2a4b67e3 --- /dev/null +++ b/2025/20xxx/CVE-2025-20036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-20036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/20xxx/CVE-2025-20086.json b/2025/20xxx/CVE-2025-20086.json new file mode 100644 index 00000000000..c4a6782dcb5 --- /dev/null +++ b/2025/20xxx/CVE-2025-20086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-20086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/20xxx/CVE-2025-20088.json b/2025/20xxx/CVE-2025-20088.json new file mode 100644 index 00000000000..f53fbaf66ae --- /dev/null +++ b/2025/20xxx/CVE-2025-20088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-20088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21083.json b/2025/21xxx/CVE-2025-21083.json new file mode 100644 index 00000000000..af8fb5880a4 --- /dev/null +++ b/2025/21xxx/CVE-2025-21083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-21083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23030.json b/2025/23xxx/CVE-2025-23030.json index e365bfe542d..ac9e77ea68a 100644 --- a/2025/23xxx/CVE-2025-23030.json +++ b/2025/23xxx/CVE-2025-23030.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-88c9-gpgh-6vvr", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-88c9-gpgh-6vvr" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/420b88e7aceed53c42e9eff7d21beee8465f93b8", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/420b88e7aceed53c42e9eff7d21beee8465f93b8" + } + ] + }, + "source": { + "advisory": "GHSA-88c9-gpgh-6vvr", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23031.json b/2025/23xxx/CVE-2025-23031.json index ccf0d4bc9b4..17956eb551f 100644 --- a/2025/23xxx/CVE-2025-23031.json +++ b/2025/23xxx/CVE-2025-23031.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_alergia.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wp4f-qhh2-8vfv", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wp4f-qhh2-8vfv" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f35910cb8b9205a6f038ef1e8b3413ea8eee850b", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f35910cb8b9205a6f038ef1e8b3413ea8eee850b" + } + ] + }, + "source": { + "advisory": "GHSA-wp4f-qhh2-8vfv", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23032.json b/2025/23xxx/CVE-2025-23032.json index 033dc3b48b0..6c13cdf4b62 100644 --- a/2025/23xxx/CVE-2025-23032.json +++ b/2025/23xxx/CVE-2025-23032.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_escala.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6mm4-fcfv-55x3", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6mm4-fcfv-55x3" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/09affa8ae0dc5f385907137302f7e3d4636147b0", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/09affa8ae0dc5f385907137302f7e3d4636147b0" + } + ] + }, + "source": { + "advisory": "GHSA-6mm4-fcfv-55x3", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23033.json b/2025/23xxx/CVE-2025-23033.json index 7f45c600fd2..6b9365cf430 100644 --- a/2025/23xxx/CVE-2025-23033.json +++ b/2025/23xxx/CVE-2025-23033.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23033", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `situacao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_situacao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r8fq-hqr2-v5j9", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r8fq-hqr2-v5j9" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/e6bfae095258e1200192f15bea68a933e9f310b9", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/e6bfae095258e1200192f15bea68a933e9f310b9" + } + ] + }, + "source": { + "advisory": "GHSA-r8fq-hqr2-v5j9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23034.json b/2025/23xxx/CVE-2025-23034.json index c2aa802bf0d..f7a98dc1a38 100644 --- a/2025/23xxx/CVE-2025-23034.json +++ b/2025/23xxx/CVE-2025-23034.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v68m-2rvf-8r25", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v68m-2rvf-8r25" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8a37021417d9c55e61392b3cc52baa3c73102bab", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8a37021417d9c55e61392b3cc52baa3c73102bab" + } + ] + }, + "source": { + "advisory": "GHSA-v68m-2rvf-8r25", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23035.json b/2025/23xxx/CVE-2025-23035.json index 35df07d1fec..7c322cd082b 100644 --- a/2025/23xxx/CVE-2025-23035.json +++ b/2025/23xxx/CVE-2025-23035.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23035", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_tipo_quadro_horario.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qfmh-qrr2-5c4g", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qfmh-qrr2-5c4g" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/673d7a36baebb1a0093f421cfd51e3df8a55c84a", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/673d7a36baebb1a0093f421cfd51e3df8a55c84a" + } + ] + }, + "source": { + "advisory": "GHSA-qfmh-qrr2-5c4g", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23036.json b/2025/23xxx/CVE-2025-23036.json index 98f56e03c47..4aa2f827ed6 100644 --- a/2025/23xxx/CVE-2025-23036.json +++ b/2025/23xxx/CVE-2025-23036.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.7. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2vpg-j5jh-j22x", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2vpg-j5jh-j22x" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8369b75f88e64916151e5413a8b7d517d438d7a9", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8369b75f88e64916151e5413a8b7d517d438d7a9" + } + ] + }, + "source": { + "advisory": "GHSA-2vpg-j5jh-j22x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23037.json b/2025/23xxx/CVE-2025-23037.json index ba0f8e9b355..692a53fc1b3 100644 --- a/2025/23xxx/CVE-2025-23037.json +++ b/2025/23xxx/CVE-2025-23037.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/3e4d5a3302164617314edfd6dfdef063dc255cbd", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/3e4d5a3302164617314edfd6dfdef063dc255cbd" + } + ] + }, + "source": { + "advisory": "GHSA-rjjp-w2wm-7f9j", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23038.json b/2025/23xxx/CVE-2025-23038.json index 5571159f301..51928105915 100644 --- a/2025/23xxx/CVE-2025-23038.json +++ b/2025/23xxx/CVE-2025-23038.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `remuneracao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LabRedesCefetRJ", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rp2v-7hpw-m6qc", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rp2v-7hpw-m6qc" + }, + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/0d81074c6fc0470373ecc85738f47b83357a0a7e", + "refsource": "MISC", + "name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/0d81074c6fc0470373ecc85738f47b83357a0a7e" + } + ] + }, + "source": { + "advisory": "GHSA-rp2v-7hpw-m6qc", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23223.json b/2025/23xxx/CVE-2025-23223.json new file mode 100644 index 00000000000..d163c7ea615 --- /dev/null +++ b/2025/23xxx/CVE-2025-23223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23224.json b/2025/23xxx/CVE-2025-23224.json new file mode 100644 index 00000000000..294a175752e --- /dev/null +++ b/2025/23xxx/CVE-2025-23224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23225.json b/2025/23xxx/CVE-2025-23225.json new file mode 100644 index 00000000000..9546f2e29b9 --- /dev/null +++ b/2025/23xxx/CVE-2025-23225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23226.json b/2025/23xxx/CVE-2025-23226.json new file mode 100644 index 00000000000..3b899bb34ea --- /dev/null +++ b/2025/23xxx/CVE-2025-23226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23227.json b/2025/23xxx/CVE-2025-23227.json new file mode 100644 index 00000000000..a96bd647c78 --- /dev/null +++ b/2025/23xxx/CVE-2025-23227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23228.json b/2025/23xxx/CVE-2025-23228.json new file mode 100644 index 00000000000..9d3fb0bb605 --- /dev/null +++ b/2025/23xxx/CVE-2025-23228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23229.json b/2025/23xxx/CVE-2025-23229.json new file mode 100644 index 00000000000..1bc0c6c6b64 --- /dev/null +++ b/2025/23xxx/CVE-2025-23229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23230.json b/2025/23xxx/CVE-2025-23230.json new file mode 100644 index 00000000000..9e4ca4c1e39 --- /dev/null +++ b/2025/23xxx/CVE-2025-23230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23231.json b/2025/23xxx/CVE-2025-23231.json new file mode 100644 index 00000000000..2e2c2a4c5fb --- /dev/null +++ b/2025/23xxx/CVE-2025-23231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23232.json b/2025/23xxx/CVE-2025-23232.json new file mode 100644 index 00000000000..21650a9ca27 --- /dev/null +++ b/2025/23xxx/CVE-2025-23232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file