admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-26 22:00:34 +00:00
parent ed21ab8749
commit dc465cec89
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 432 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2025/20xxx/CVE-2025-20231.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \u201cadmin\u201c or \u201cpower\u201c Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.4",
"version_value": "9.4.1"
},
{
"version_affected": "<",
"version_name": "9.3",
"version_value": "9.3.3"
},
{
"version_affected": "<",
"version_name": "9.2",
"version_value": "9.2.5"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.8"
}
]
}
},
{
"product_name": "Splunk Secure Gateway",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.8",
"version_value": "3.8.38"
},
{
"version_affected": "<",
"version_name": "3.7",
"version_value": "3.7.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0302",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2025-0302"
}
]
},
"source": {
"advisory": "SVD-2025-0302"
},
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
]
}

90
2025/2xxx/CVE-2025-2787.json
View File

@ -1,18 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@knime.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\n\n\n\nBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \n\n\n\n * 1.13.3 or above \n\n\n\n\n\n\n * 1.12.4 or above \n\n\n\n\n\n\n * 1.11.4 or above \n\n\n\n\n\n\n * 1.10.4 or above\n\n\n\n\n\n\n\n\n *"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KNIME",
"product": {
"product_data": [
{
"product_name": "KNIME Business Hub",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.13.0",
"version_value": "1.13.2"
},
{
"version_affected": "<=",
"version_name": "1.12.0",
"version_value": "1.12.3"
},
{
"version_affected": "<=",
"version_name": "1.11.0",
"version_value": "1.11.3"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.10.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.knime.com/security/advisories",
"refsource": "MISC",
"name": "https://www.knime.com/security/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UPSTREAM"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>For a workaround see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.knime.com/security-advisory-cve-2025-2787\">https://www.knime.com/security-advisory-cve-2025-2787</a>.</div><br>"
}
],
"value": "For a workaround see https://www.knime.com/security-advisory-cve-2025-2787 ."
}
]
}

18
2025/2xxx/CVE-2025-2836.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

83
2025/2xxx/CVE-2025-2837.json Normal file
View File

@ -0,0 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-2837",
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23245."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Gecko OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.46"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-871/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-871/"
},
{
"url": "https://community.silabs.com/a45Vm0000000Atp",
"refsource": "MISC",
"name": "https://community.silabs.com/a45Vm0000000Atp"
}
]
},
"source": {
"lang": "en",
"value": "Jack Dates of RET2 Systems"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

83
2025/2xxx/CVE-2025-2838.json Normal file
View File

@ -0,0 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-2838",
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Gecko OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.46"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-872/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-872/"
},
{
"url": "https://community.silabs.com/a45Vm0000000Atp",
"refsource": "MISC",
"name": "https://community.silabs.com/a45Vm0000000Atp"
}
]
},
"source": {
"lang": "en",
"value": "PCAutomotive"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}
}

65
2025/30xxx/CVE-2025-30407.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "39713"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-8414",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-8414"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
]
}