admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-04 01:00:32 +00:00
parent daab42fdfd
commit e108db5d4c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
3 changed files with 310 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2025/1xxx/CVE-2025-1695.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS). \u00a0There is no control plane exposure; this is a data plane issue only. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "NGINX Unit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11.0",
"version_value": "1.34.2"
},
{
"version_affected": "<",
"version_name": "*",
"version_value": "d7afeb2b94f1cd72ed02403609e5484f9514e5eb"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://my.f5.com/manage/s/article/K000149959",
"refsource": "MISC",
"name": "https://my.f5.com/manage/s/article/K000149959"
}
]
},
"generator": {
"engine": "F5 SIRTBot v1.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Tan Bui of Singapore Management University (SMU)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

109
2025/1xxx/CVE-2025-1892.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in shishuocms 1.1 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /manage/folder/add.json der Komponente Directory Deletion Page. Mit der Manipulation des Arguments folderName mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "shishuocms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.298410",
"refsource": "MISC",
"name": "https://vuldb.com/?id.298410"
},
{
"url": "https://vuldb.com/?ctiid.298410",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.298410"
},
{
"url": "https://vuldb.com/?submit.505754",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.505754"
},
{
"url": "https://github.com/caigo8/CVE-md/blob/main/shishuocms/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md",
"refsource": "MISC",
"name": "https://github.com/caigo8/CVE-md/blob/main/shishuocms/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Caigo (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

123
2025/1xxx/CVE-2025-1893.json
View File

@ -1,17 +1,132 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component UDM Subscriber Data Management. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue."
},
{
"lang": "deu",
"value": "In Open5GS bis 2.7.2 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion gmm_state_authentication der Datei src/amf/gmm-sm.c der Komponente UDM Subscriber Data Management. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als e31e9965f00d9c744a7f728497cb4f3e97744ee8 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Open5GS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.7.0"
},
{
"version_affected": "=",
"version_value": "2.7.1"
},
{
"version_affected": "=",
"version_value": "2.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.298411",
"refsource": "MISC",
"name": "https://vuldb.com/?id.298411"
},
{
"url": "https://vuldb.com/?ctiid.298411",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.298411"
},
{
"url": "https://vuldb.com/?submit.505952",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.505952"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3707",
"refsource": "MISC",
"name": "https://github.com/open5gs/open5gs/issues/3707"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3707#issuecomment-2639620554",
"refsource": "MISC",
"name": "https://github.com/open5gs/open5gs/issues/3707#issuecomment-2639620554"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3707#issue-2833194192",
"refsource": "MISC",
"name": "https://github.com/open5gs/open5gs/issues/3707#issue-2833194192"
},
{
"url": "https://github.com/open5gs/open5gs/commit/e31e9965f00d9c744a7f728497cb4f3e97744ee8",
"refsource": "MISC",
"name": "https://github.com/open5gs/open5gs/commit/e31e9965f00d9c744a7f728497cb4f3e97744ee8"
}
]
},
"credits": [
{
"lang": "en",
"value": "EnginerStaticPower (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}