From d7fc91606a9c4be9bba8fa625f6128ca9ae57ef3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Apr 2025 07:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/30xxx/CVE-2025-30516.json | 115 ++++++++++++++++++++++++++- 2025/32xxx/CVE-2025-32093.json | 139 ++++++++++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3553.json | 109 +++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3554.json | 109 +++++++++++++++++++++++++- 4 files changed, 456 insertions(+), 16 deletions(-) diff --git a/2025/30xxx/CVE-2025-30516.json b/2025/30xxx/CVE-2025-30516.json index 621a6e741eb..56a53f69430 100644 --- a/2025/30xxx/CVE-2025-30516.json +++ b/2025/30xxx/CVE-2025-30516.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost Mobile Apps versions <=2.25.0\u00a0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.25.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "2.26.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00415", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-61974" + ], + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Mobile Apps to versions 2.26.0 or higher.

" + } + ], + "value": "Update Mattermost Mobile Apps to versions 2.26.0 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Elias Nahum" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/32xxx/CVE-2025-32093.json b/2025/32xxx/CVE-2025-32093.json index 8a8cd907ec1..7841817dbcc 100644 --- a/2025/32xxx/CVE-2025-32093.json +++ b/2025/32xxx/CVE-2025-32093.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the \"Edit Other Users\" permission to perform unauthorized modifications to system administrators via improper permission validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "10.5.1", + "status": "affected", + "version": "10.5.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "10.4.3", + "status": "affected", + "version": "10.4.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.11.9", + "status": "affected", + "version": "9.11.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "10.6.0" + }, + { + "status": "unaffected", + "version": "10.5.2" + }, + { + "status": "unaffected", + "version": "10.4.4" + }, + { + "status": "unaffected", + "version": "9.11.10" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2025-00447", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-62686" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost to versions 10.6.0, 10.5.2, 10.4.4, 9.11.10 or higher.

" + } + ], + "value": "Update Mattermost to versions 10.6.0, 10.5.2, 10.4.4, 9.11.10 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Bob10x1" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3553.json b/2025/3xxx/CVE-2025-3553.json index c8dbf9015bc..10b1e1fd898 100644 --- a/2025/3xxx/CVE-2025-3553.json +++ b/2025/3xxx/CVE-2025-3553.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In phpshe 1.8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion pe_delete der Datei /admin.php?mod=brand&act=del. Durch Manipulation des Arguments brand_id[] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "phpshe", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.304594", + "refsource": "MISC", + "name": "https://vuldb.com/?id.304594" + }, + { + "url": "https://vuldb.com/?ctiid.304594", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.304594" + }, + { + "url": "https://vuldb.com/?submit.548265", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.548265" + }, + { + "url": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/oz331okguefvaob4?singleDoc", + "refsource": "MISC", + "name": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/oz331okguefvaob4?singleDoc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "sjdalu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3554.json b/2025/3xxx/CVE-2025-3554.json index 7043bf50e23..410dd48d36b 100644 --- a/2025/3xxx/CVE-2025-3554.json +++ b/2025/3xxx/CVE-2025-3554.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in phpshe 1.8 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei api.php?mod=cron&act=buyer. Mittels dem Manipulieren des Arguments act mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "phpshe", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.304595", + "refsource": "MISC", + "name": "https://vuldb.com/?id.304595" + }, + { + "url": "https://vuldb.com/?ctiid.304595", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.304595" + }, + { + "url": "https://vuldb.com/?submit.548411", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.548411" + }, + { + "url": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/zwhcyq1585ec8g37?singleDoc", + "refsource": "MISC", + "name": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/zwhcyq1585ec8g37?singleDoc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "sjdalu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] }