From dc93b73b1ef98fc65cedb57cf43e3e797a6eac13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jan 2025 18:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/55xxx/CVE-2024-55408.json | 2 +- 2024/55xxx/CVE-2024-55410.json | 2 +- 2024/57xxx/CVE-2024-57211.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57212.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57213.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57214.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57222.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57223.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57224.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57225.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57226.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57227.json | 56 ++++++++++++++++++--- 2024/57xxx/CVE-2024-57228.json | 56 ++++++++++++++++++--- 2024/6xxx/CVE-2024-6662.json | 71 ++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6880.json | 71 ++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0390.json | 18 +++++++ 2025/0xxx/CVE-2025-0391.json | 18 +++++++ 2025/0xxx/CVE-2025-0392.json | 18 +++++++ 2025/0xxx/CVE-2025-0393.json | 18 +++++++ 2025/23xxx/CVE-2025-23072.json | 18 +++++++ 2025/23xxx/CVE-2025-23073.json | 18 +++++++ 2025/23xxx/CVE-2025-23074.json | 18 +++++++ 2025/23xxx/CVE-2025-23075.json | 18 +++++++ 2025/23xxx/CVE-2025-23076.json | 18 +++++++ 2025/23xxx/CVE-2025-23077.json | 18 +++++++ 2025/23xxx/CVE-2025-23078.json | 92 ++++++++++++++++++++++++++++++++++ 2025/23xxx/CVE-2025-23079.json | 18 +++++++ 2025/23xxx/CVE-2025-23080.json | 18 +++++++ 2025/23xxx/CVE-2025-23081.json | 18 +++++++ 29 files changed, 1012 insertions(+), 76 deletions(-) create mode 100644 2025/0xxx/CVE-2025-0390.json create mode 100644 2025/0xxx/CVE-2025-0391.json create mode 100644 2025/0xxx/CVE-2025-0392.json create mode 100644 2025/0xxx/CVE-2025-0393.json create mode 100644 2025/23xxx/CVE-2025-23072.json create mode 100644 2025/23xxx/CVE-2025-23073.json create mode 100644 2025/23xxx/CVE-2025-23074.json create mode 100644 2025/23xxx/CVE-2025-23075.json create mode 100644 2025/23xxx/CVE-2025-23076.json create mode 100644 2025/23xxx/CVE-2025-23077.json create mode 100644 2025/23xxx/CVE-2025-23078.json create mode 100644 2025/23xxx/CVE-2025-23079.json create mode 100644 2025/23xxx/CVE-2025-23080.json create mode 100644 2025/23xxx/CVE-2025-23081.json diff --git a/2024/55xxx/CVE-2024-55408.json b/2024/55xxx/CVE-2024-55408.json index a75be088379..ea6cd5170ff 100644 --- a/2024/55xxx/CVE-2024-55408.json +++ b/2024/55xxx/CVE-2024-55408.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@asus.com", "ID": "CVE-2024-55408", "STATE": "PUBLIC" }, diff --git a/2024/55xxx/CVE-2024-55410.json b/2024/55xxx/CVE-2024-55410.json index 0baa9900064..70791e34718 100644 --- a/2024/55xxx/CVE-2024-55410.json +++ b/2024/55xxx/CVE-2024-55410.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@asus.com", "ID": "CVE-2024-55410", "STATE": "PUBLIC" }, diff --git a/2024/57xxx/CVE-2024-57211.json b/2024/57xxx/CVE-2024-57211.json index 1f5f1f6a3ad..7c03418995f 100644 --- a/2024/57xxx/CVE-2024-57211.json +++ b/2024/57xxx/CVE-2024-57211.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_11_enable_wsh/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_11_enable_wsh/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57212.json b/2024/57xxx/CVE-2024-57212.json index 61cba9b9b2c..5fff4076733 100644 --- a/2024/57xxx/CVE-2024-57212.json +++ b/2024/57xxx/CVE-2024-57212.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_10_action_reboot/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_10_action_reboot/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57213.json b/2024/57xxx/CVE-2024-57213.json index dfb36f7389f..b5d68c20db1 100644 --- a/2024/57xxx/CVE-2024-57213.json +++ b/2024/57xxx/CVE-2024-57213.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57213", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57213", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_9_action_passwd/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_9_action_passwd/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57214.json b/2024/57xxx/CVE-2024-57214.json index 8ac045d4ef9..51d87d6e619 100644 --- a/2024/57xxx/CVE-2024-57214.json +++ b/2024/57xxx/CVE-2024-57214.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57214", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57214", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/tree/main/TOTOLINK/A6000R/CI_8_reset_wifi", + "url": "https://github.com/yanggao017/vuln/tree/main/TOTOLINK/A6000R/CI_8_reset_wifi" } ] } diff --git a/2024/57xxx/CVE-2024-57222.json b/2024/57xxx/CVE-2024-57222.json index 5e9134db49b..296817a6585 100644 --- a/2024/57xxx/CVE-2024-57222.json +++ b/2024/57xxx/CVE-2024-57222.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57222", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_5_apcli_cancel_wps/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_5_apcli_cancel_wps/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57223.json b/2024/57xxx/CVE-2024-57223.json index fa11714ab43..514540c1bf2 100644 --- a/2024/57xxx/CVE-2024-57223.json +++ b/2024/57xxx/CVE-2024-57223.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_6_apcli_wps_gen_pincode/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_6_apcli_wps_gen_pincode/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57224.json b/2024/57xxx/CVE-2024-57224.json index 37f26213faf..fb6f56252bb 100644 --- a/2024/57xxx/CVE-2024-57224.json +++ b/2024/57xxx/CVE-2024-57224.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57224", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57224", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_3_apcli_do_enr_pin_wps/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_3_apcli_do_enr_pin_wps/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57225.json b/2024/57xxx/CVE-2024-57225.json index 2dc30525974..ea106ee860c 100644 --- a/2024/57xxx/CVE-2024-57225.json +++ b/2024/57xxx/CVE-2024-57225.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57225", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57225", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_7_reset_wifi/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_7_reset_wifi/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57226.json b/2024/57xxx/CVE-2024-57226.json index 530a4841709..250353417c2 100644 --- a/2024/57xxx/CVE-2024-57226.json +++ b/2024/57xxx/CVE-2024-57226.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57226", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57226", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_2_vif_enable/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_2_vif_enable/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57227.json b/2024/57xxx/CVE-2024-57227.json index d7ee9f87ce2..f2ff7a3e031 100644 --- a/2024/57xxx/CVE-2024-57227.json +++ b/2024/57xxx/CVE-2024-57227.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57227", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57227", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_4_apcli_do_enr_pbc_wps/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_4_apcli_do_enr_pbc_wps/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57228.json b/2024/57xxx/CVE-2024-57228.json index 49d0ba0b6fa..5fe2d5beb12 100644 --- a/2024/57xxx/CVE-2024-57228.json +++ b/2024/57xxx/CVE-2024-57228.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57228", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57228", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_1_vif_disable/README.md", + "refsource": "MISC", + "name": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_1_vif_disable/README.md" } ] } diff --git a/2024/6xxx/CVE-2024-6662.json b/2024/6xxx/CVE-2024-6662.json index f2f27120ea5..56d4ef91b17 100644 --- a/2024/6xxx/CVE-2024-6662.json +++ b/2024/6xxx/CVE-2024-6662.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under\u00a0\"/edytor/index.php?id=7,7,0\" lacks protection mechanisms.\nA user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jan Syski", + "product": { + "product_data": [ + { + "product_name": "MegaBIP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/09/CVE-2024-6662", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/09/CVE-2024-6662" + }, + { + "url": "https://megabip.pl/", + "refsource": "MISC", + "name": "https://megabip.pl/" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "refsource": "MISC", + "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6880.json b/2024/6xxx/CVE-2024-6880.json index 7fe1d23f1ca..c50d6e4fd7f 100644 --- a/2024/6xxx/CVE-2024-6880.json +++ b/2024/6xxx/CVE-2024-6880.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.\u00a0\nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.\u00a0\u00a0\n\nThis issue affects MegaBIP software versions below 5.15" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory", + "cweId": "CWE-538" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jan Syski", + "product": { + "product_data": [ + { + "product_name": "MegaBIP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/09/CVE-2024-6680", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/09/CVE-2024-6680" + }, + { + "url": "https://megabip.pl/", + "refsource": "MISC", + "name": "https://megabip.pl/" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "refsource": "MISC", + "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0390.json b/2025/0xxx/CVE-2025-0390.json new file mode 100644 index 00000000000..f9e1dbffcb7 --- /dev/null +++ b/2025/0xxx/CVE-2025-0390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0391.json b/2025/0xxx/CVE-2025-0391.json new file mode 100644 index 00000000000..b2ca2033c8a --- /dev/null +++ b/2025/0xxx/CVE-2025-0391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0392.json b/2025/0xxx/CVE-2025-0392.json new file mode 100644 index 00000000000..a7074c90f70 --- /dev/null +++ b/2025/0xxx/CVE-2025-0392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0393.json b/2025/0xxx/CVE-2025-0393.json new file mode 100644 index 00000000000..f55c2ab295a --- /dev/null +++ b/2025/0xxx/CVE-2025-0393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23072.json b/2025/23xxx/CVE-2025-23072.json new file mode 100644 index 00000000000..7714f648bab --- /dev/null +++ b/2025/23xxx/CVE-2025-23072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23073.json b/2025/23xxx/CVE-2025-23073.json new file mode 100644 index 00000000000..d0e28427172 --- /dev/null +++ b/2025/23xxx/CVE-2025-23073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23074.json b/2025/23xxx/CVE-2025-23074.json new file mode 100644 index 00000000000..1e90b07060a --- /dev/null +++ b/2025/23xxx/CVE-2025-23074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23075.json b/2025/23xxx/CVE-2025-23075.json new file mode 100644 index 00000000000..39a87ab77e8 --- /dev/null +++ b/2025/23xxx/CVE-2025-23075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23076.json b/2025/23xxx/CVE-2025-23076.json new file mode 100644 index 00000000000..569a667ab68 --- /dev/null +++ b/2025/23xxx/CVE-2025-23076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23077.json b/2025/23xxx/CVE-2025-23077.json new file mode 100644 index 00000000000..36e02750b89 --- /dev/null +++ b/2025/23xxx/CVE-2025-23077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23078.json b/2025/23xxx/CVE-2025-23078.json new file mode 100644 index 00000000000..f7eaf90822d --- /dev/null +++ b/2025/23xxx/CVE-2025-23078.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-23078", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "Mediawiki - Breadcrumbs2 extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.39.x", + "version_value": "1.39.11" + }, + { + "version_affected": "<", + "version_name": "1.41.x", + "version_value": "1.41.5" + }, + { + "version_affected": "<", + "version_name": "1.42.x", + "version_value": "1.42.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T382043", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T382043" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/I7878f8f7bc067080f80427b90f8d85337f172711", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/I7878f8f7bc067080f80427b90f8d85337f172711" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "BlankEclair (Claire)" + } + ] +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23079.json b/2025/23xxx/CVE-2025-23079.json new file mode 100644 index 00000000000..7206e6e5ea2 --- /dev/null +++ b/2025/23xxx/CVE-2025-23079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23080.json b/2025/23xxx/CVE-2025-23080.json new file mode 100644 index 00000000000..443a2f13e0c --- /dev/null +++ b/2025/23xxx/CVE-2025-23080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23081.json b/2025/23xxx/CVE-2025-23081.json new file mode 100644 index 00000000000..6a5ea671b35 --- /dev/null +++ b/2025/23xxx/CVE-2025-23081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file