From e4b8d1d93b445aabba9ea36fa8d92fcab10d3859 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Apr 2025 18:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/3xxx/CVE-2025-3911.json | 61 ++++++++++++++++-- 2025/46xxx/CVE-2025-46347.json | 63 ++++++++++++++++-- 2025/46xxx/CVE-2025-46349.json | 81 +++++++++++++++++++++-- 2025/46xxx/CVE-2025-46350.json | 81 +++++++++++++++++++++-- 2025/4xxx/CVE-2025-4073.json | 114 +++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4074.json | 114 +++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4075.json | 104 ++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4095.json | 61 ++++++++++++++++-- 2025/4xxx/CVE-2025-4099.json | 18 ++++++ 2025/4xxx/CVE-2025-4100.json | 18 ++++++ 10 files changed, 683 insertions(+), 32 deletions(-) create mode 100644 2025/4xxx/CVE-2025-4099.json create mode 100644 2025/4xxx/CVE-2025-4100.json diff --git a/2025/3xxx/CVE-2025-3911.json b/2025/3xxx/CVE-2025-3911.json index 88fadc44a05..418b3ff49c8 100644 --- a/2025/3xxx/CVE-2025-3911.json +++ b/2025/3xxx/CVE-2025-3911.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@docker.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u00a0unintentional disclosure of sensitive information such as api keys, passwords, etc.\n\nA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Docker", + "product": { + "product_data": [ + { + "product_name": "Docker Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.41.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs", + "refsource": "MISC", + "name": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46347.json b/2025/46xxx/CVE-2025-46347.json index ee8a69201c8..240cf0d1864 100644 --- a/2025/46xxx/CVE-2025-46347.json +++ b/2025/46xxx/CVE-2025-46347.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116: Improper Encoding or Escaping of Output", + "cweId": "CWE-116" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf" + }, + { + "url": "https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066" + } + ] + }, + "source": { + "advisory": "GHSA-88xg-v53p-fpvf", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46349.json b/2025/46xxx/CVE-2025-46349.json index 9f39e389841..c25635610f5 100644 --- a/2025/46xxx/CVE-2025-46349.json +++ b/2025/46xxx/CVE-2025-46349.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2" + }, + { + "url": "https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524" + } + ] + }, + "source": { + "advisory": "GHSA-2f8p-qqx2-gwr2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/46xxx/CVE-2025-46350.json b/2025/46xxx/CVE-2025-46350.json index 16afdef9762..f1b47e7ad5a 100644 --- a/2025/46xxx/CVE-2025-46350.json +++ b/2025/46xxx/CVE-2025-46350.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8" + }, + { + "url": "https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9" + } + ] + }, + "source": { + "advisory": "GHSA-cg4f-cq8h-3ch8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4073.json b/2025/4xxx/CVE-2025-4073.json index 9891eb0c6a4..5120a8018d5 100644 --- a/2025/4xxx/CVE-2025-4073.json +++ b/2025/4xxx/CVE-2025-4073.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in PHPGurukul Student Record System 3.20 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /change-password.php. Mittels Manipulieren des Arguments currentpassword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Student Record System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306510", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306510" + }, + { + "url": "https://vuldb.com/?ctiid.306510", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306510" + }, + { + "url": "https://vuldb.com/?submit.559947", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.559947" + }, + { + "url": "https://github.com/bleakTS/myCVE/issues/1", + "refsource": "MISC", + "name": "https://github.com/bleakTS/myCVE/issues/1" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "QKset (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4074.json b/2025/4xxx/CVE-2025-4074.json index 9dc577df07d..ecb23432af2 100644 --- a/2025/4xxx/CVE-2025-4074.json +++ b/2025/4xxx/CVE-2025-4074.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In PHPGurukul Curfew e-Pass Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/pass-bwdates-report.php. Durch das Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Curfew e-Pass Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306511", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306511" + }, + { + "url": "https://vuldb.com/?ctiid.306511", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306511" + }, + { + "url": "https://vuldb.com/?submit.559983", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.559983" + }, + { + "url": "https://github.com/bluechips-zhao/myCVE/issues/3", + "refsource": "MISC", + "name": "https://github.com/bluechips-zhao/myCVE/issues/3" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "bluechips (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4075.json b/2025/4xxx/CVE-2025-4075.json index 5515b27c443..650839291df 100644 --- a/2025/4xxx/CVE-2025-4075.json +++ b/2025/4xxx/CVE-2025-4075.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4075", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input \"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in VMSMan bis 20250416 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /login.php. Durch Manipulieren des Arguments Email mit der Eingabe \"> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMSMan", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250416" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306512", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306512" + }, + { + "url": "https://vuldb.com/?ctiid.306512", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306512" + }, + { + "url": "https://vuldb.com/?submit.560212", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.560212" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "elsec (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/4xxx/CVE-2025-4095.json b/2025/4xxx/CVE-2025-4095.json index 771ff747243..fd5bf009a05 100644 --- a/2025/4xxx/CVE-2025-4095.json +++ b/2025/4xxx/CVE-2025-4095.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@docker.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Docker", + "product": { + "product_data": [ + { + "product_name": "Docker Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.36.0", + "version_value": "4.41.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management", + "refsource": "MISC", + "name": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4099.json b/2025/4xxx/CVE-2025-4099.json new file mode 100644 index 00000000000..94891427519 --- /dev/null +++ b/2025/4xxx/CVE-2025-4099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4100.json b/2025/4xxx/CVE-2025-4100.json new file mode 100644 index 00000000000..5efc56078ae --- /dev/null +++ b/2025/4xxx/CVE-2025-4100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file