admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-04 18:00:33 +00:00
parent b22c6c634c
commit de72a55027
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 271 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2024/10xxx/CVE-2024-10930.json
View File

@ -1,18 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productsecurity@carrier.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Carrier",
"product": {
"product_data": [
{
"product_name": "Block Load",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.00, 4.10-4.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in Block Load version 4.2, available for download on the Carrier eDesign Program Downloads website."
}
],
"value": "The vulnerability has been fixed in Block Load version 4.2, available for download on the Carrier eDesign Program Downloads website."
}
]
}

24
2024/11xxx/CVE-2024-11218.json
View File

@ -379,15 +379,30 @@
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"product_name": "Red Hat OpenShift Container Platform 4.18",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.33.12-1.rhaos4.18.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -485,6 +500,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1713"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1908",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1908"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11218",
"refsource": "MISC",

78
2024/41xxx/CVE-2024-41147.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Miniaudio",
"product": {
"product_data": [
{
"product_name": "Miniaudio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v0.11.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
]
}

18
2025/1xxx/CVE-2025-1968.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2025/27xxx/CVE-2025-27402.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Enalean",
"product": {
"product_data": [
{
"product_name": "tuleap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 16.4.99.1740414959"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-66pg-cpjf-2mfg",
"refsource": "MISC",
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-66pg-cpjf-2mfg"
},
{
"url": "https://github.com/Enalean/tuleap/commit/ea6319e2ad40beeda335af4ccd7a204a6912765c",
"refsource": "MISC",
"name": "https://github.com/Enalean/tuleap/commit/ea6319e2ad40beeda335af4ccd7a204a6912765c"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=41857",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/tracker/?aid=41857"
}
]
},
"source": {
"advisory": "GHSA-66pg-cpjf-2mfg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}