admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-02 11:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-12 21:00:37 +00:00
parent 92a3a8d925
commit e0f12c4e43
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 259 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2024/12xxx/CVE-2024-12840.json
View File

@ -5,90 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-12840",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-12840",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-12840"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333494",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2333494"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
"value": "** REJECT ** Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug."
}
]
}

85
2025/1xxx/CVE-2025-1079.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1079",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61",
"cweId": "CWE-61"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Web Designer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "16.2.0.0128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079",
"refsource": "MISC",
"name": "https://balintmagyar.com/articles/google-web-designer-symlink-client-side-rce-cve-2025-1079"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "B\u00e1lint Magyar"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

125
2025/3xxx/CVE-2025-3659.json
View File

@ -1,18 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: \n\n * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022\n\n\n * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build date 10/19/2020\n\n\n * Digi One IAP \u2013 prior to and including 82000770 Z, build date 10/19/2020\n\n\n\n\nA specially crafted POST request to the device\u2019s web interface may allow an unauthenticated attacker to modify configuration settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Digi International",
"product": {
"product_data": [
{
"product_name": "Digi PortServer TS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "82000747_AA",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Digi One SP/Digi One SP IA/Digi One IA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "82000774_Z",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Digi One IAP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "82000770 Z",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hub.digi.com/support/products/infrastructure-management/digi-portserver-ts/",
"refsource": "MISC",
"name": "https://hub.digi.com/support/products/infrastructure-management/digi-portserver-ts/"
},
{
"url": "https://hub.digi.com/support/products/infrastructure-management/digi-one-sp-ia/",
"refsource": "MISC",
"name": "https://hub.digi.com/support/products/infrastructure-management/digi-one-sp-ia/"
},
{
"url": "https://hub.digi.com/support/products/infrastructure-management/digi-one-iap-haz/",
"refsource": "MISC",
"name": "https://hub.digi.com/support/products/infrastructure-management/digi-one-iap-haz/"
},
{
"url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Improper-authentication-handling-for-Digi-PortServ/improper-authentication-handling.pdf",
"refsource": "MISC",
"name": "https://www.digi.com/getattachment/Resources/Security/Alerts/Improper-authentication-handling-for-Digi-PortServ/improper-authentication-handling.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
}
}

18
2025/4xxx/CVE-2025-4608.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4609.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4609",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4610.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}