From d6446c7ed6bec75136e9605648f4560b9aadf274 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Jun 2025 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/50xxx/CVE-2023-50854.json | 36 +++++++++-- 2025/23xxx/CVE-2025-23099.json | 61 ++++++++++++++++-- 2025/23xxx/CVE-2025-23105.json | 61 ++++++++++++++++-- 2025/25xxx/CVE-2025-25090.json | 44 ++++++++++--- 2025/49xxx/CVE-2025-49069.json | 113 +++++++++++++++++++++++++++++++-- 2025/49xxx/CVE-2025-49159.json | 18 ++++++ 2025/49xxx/CVE-2025-49160.json | 18 ++++++ 7 files changed, 323 insertions(+), 28 deletions(-) create mode 100644 2025/49xxx/CVE-2025-49159.json create mode 100644 2025/49xxx/CVE-2025-49160.json diff --git a/2023/50xxx/CVE-2023-50854.json b/2023/50xxx/CVE-2023-50854.json index 8d2bd87c206..cd2f945dd10 100644 --- a/2023/50xxx/CVE-2023-50854.json +++ b/2023/50xxx/CVE-2023-50854.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8.\n\n" + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.3.8" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.02", + "status": "unaffected" + } + ], + "lessThan": "2.4.02", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.02 or a higher version." + } + ], + "value": "Update to\u00a02.4.02 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2025/23xxx/CVE-2025-23099.json b/2025/23xxx/CVE-2025-23099.json index d1577efa1bc..d68bdb7e6c4 100644 --- a/2025/23xxx/CVE-2025-23099.json +++ b/2025/23xxx/CVE-2025-23099.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-23099", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-23099", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + }, + { + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23099/", + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23099/" } ] } diff --git a/2025/23xxx/CVE-2025-23105.json b/2025/23xxx/CVE-2025-23105.json index 54d9332f100..f3e2ccdad4b 100644 --- a/2025/23xxx/CVE-2025-23105.json +++ b/2025/23xxx/CVE-2025-23105.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-23105", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-23105", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + }, + { + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23105/", + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23105/" } ] } diff --git a/2025/25xxx/CVE-2025-25090.json b/2025/25xxx/CVE-2025-25090.json index 8c36ad52172..f539f56673d 100644 --- a/2025/25xxx/CVE-2025-25090.json +++ b/2025/25xxx/CVE-2025-25090.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Dreamstime Stock Photos allows Reflected XSS. This issue affects Dreamstime Stock Photos: from n/a through 4.0." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through 4.1." } ] }, @@ -32,7 +32,7 @@ "vendor": { "vendor_data": [ { - "vendor_name": "NotFound", + "vendor_name": "Dreamstime", "product": { "product_data": [ { @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "4.0" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.2 or a higher version." + } + ], + "value": "Update to\u00a04.2 or a higher version." + } + ], "credits": [ { "lang": "en", @@ -77,17 +105,17 @@ "impact": { "cvss": [ { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } ] diff --git a/2025/49xxx/CVE-2025-49069.json b/2025/49xxx/CVE-2025-49069.json index 67471a35eda..40735f9d335 100644 --- a/2025/49xxx/CVE-2025-49069.json +++ b/2025/49xxx/CVE-2025-49069.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-49069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cimatti Consulting", + "product": { + "product_data": [ + { + "product_name": "Contact Forms by Cimatti", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.9.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.9.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-forms/vulnerability/wordpress-contact-forms-by-cimatti-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/contact-forms/vulnerability/wordpress-contact-forms-by-cimatti-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Contact Forms by Cimatti plugin to the latest available version (at least 1.9.9)." + } + ], + "value": "Update the WordPress Contact Forms by Cimatti plugin to the latest available version (at least 1.9.9)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Shivam Khanna (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/49xxx/CVE-2025-49159.json b/2025/49xxx/CVE-2025-49159.json new file mode 100644 index 00000000000..17c64f233ab --- /dev/null +++ b/2025/49xxx/CVE-2025-49159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49160.json b/2025/49xxx/CVE-2025-49160.json new file mode 100644 index 00000000000..3c0239d4052 --- /dev/null +++ b/2025/49xxx/CVE-2025-49160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file