admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-05 17:00:58 +00:00
parent 7613af58ac
commit d89da64443
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 285 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2025/0xxx/CVE-2025-0223.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0223",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in IObit Protected Folder bis 13.6.0.5 ausgemacht. Es geht dabei um die Funktion 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in der Bibliothek IURegistryFilter.sys der Komponente IOCTL Handler. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IObit",
"product": {
"product_data": [
{
"product_name": "Protected Folder",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.6.0.0"
},
{
"version_affected": "=",
"version_value": "13.6.0.1"
},
{
"version_affected": "=",
"version_value": "13.6.0.2"
},
{
"version_affected": "=",
"version_value": "13.6.0.3"
},
{
"version_affected": "=",
"version_value": "13.6.0.4"
},
{
"version_affected": "=",
"version_value": "13.6.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290202",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290202"
},
{
"url": "https://vuldb.com/?ctiid.290202",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290202"
},
{
"url": "https://vuldb.com/?submit.466963",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.466963"
},
{
"url": "https://shareforall.notion.site/IOBit-Uninstaller-IURegistryFilter-0x8001E000-NPD-DOS-15260437bb1e80e482e0e3c9b22b58d0",
"refsource": "MISC",
"name": "https://shareforall.notion.site/IOBit-Uninstaller-IURegistryFilter-0x8001E000-NPD-DOS-15260437bb1e80e482e0e3c9b22b58d0"
}
]
},
"credits": [
{
"lang": "en",
"value": "TopGun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C"
}
]
}

164
2025/0xxx/CVE-2025-0224.json
View File

@ -1,17 +1,173 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX bis 20241220 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /server.js. Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Provision-ISR",
"product": {
"product_data": [
{
"product_name": "SH-4050A-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
},
{
"product_name": "SH-4100A-2L(MM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
},
{
"product_name": "SH-8100A-2L(MM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
},
{
"product_name": "SH-16200A-2(1U)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
},
{
"product_name": "SH-16200A-5(1U)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
},
{
"product_name": "NVR5-8200PX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241220"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290203",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290203"
},
{
"url": "https://vuldb.com/?ctiid.290203",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290203"
},
{
"url": "https://vuldb.com/?submit.467085",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.467085"
},
{
"url": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6?pvs=4",
"refsource": "MISC",
"name": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6?pvs=4"
}
]
},
"credits": [
{
"lang": "en",
"value": "netsecfish (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}