admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-07 20:00:32 +00:00
parent fe1fb31d2b
commit e0f88a9c79
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 341 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2021/27xxx/CVE-2021-27017.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@perforce.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PuppetPu",
"product": {
"product_data": [
{
"product_name": "Puppet Agent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "7.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.puppet.com/security/cve/cve-2021-27017-deserialization-untrusted-data",
"refsource": "MISC",
"name": "https://www.puppet.com/security/cve/cve-2021-27017-deserialization-untrusted-data"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

60
2021/41xxx/CVE-2021-41527.json
View File

@ -1,18 +1,70 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the\u00a0saas-2021-12-29 release\u00a0can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn\u2019t been completed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Critical Step in Authentication"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Flexera",
"product": {
"product_data": [
{
"product_name": "RISC Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "saas-2021-12-29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB",
"refsource": "MISC",
"name": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2021/41xxx/CVE-2021-41528.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to\u00a0access the import / export functionality with low privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Flexera",
"product": {
"product_data": [
{
"product_name": "RISC Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "saas-2021-12-29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB",
"refsource": "MISC",
"name": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

18
2025/1xxx/CVE-2025-1124.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

58
2025/24xxx/CVE-2025-24980.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204: Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
"product_name": "admin-ui-classic-bundle",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.7.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24",
"refsource": "MISC",
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
]
},
"source": {
"advisory": "GHSA-vr5f-php7-rg24",
"discovery": "UNKNOWN"
}
}

86
2025/25xxx/CVE-2025-25183.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354: Improper Validation of Integrity Check Value",
"cweId": "CWE-354"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vllm-project",
"product": {
"product_data": [
{
"product_name": "vllm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8",
"refsource": "MISC",
"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"
},
{
"url": "https://github.com/vllm-project/vllm/pull/12621",
"refsource": "MISC",
"name": "https://github.com/vllm-project/vllm/pull/12621"
},
{
"url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7"
}
]
},
"source": {
"advisory": "GHSA-rm76-4mrf-v9r8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}