From e5ac33eacf36f695b78d7bcdac41ea41baef7da0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Mar 2025 15:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12097.json | 4 +- 2024/12xxx/CVE-2024-12799.json | 74 ++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13147.json | 89 ++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1714.json | 70 ++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1985.json | 18 +++++++ 2025/1xxx/CVE-2025-1986.json | 18 +++++++ 2025/1xxx/CVE-2025-1987.json | 18 +++++++ 2025/1xxx/CVE-2025-1988.json | 18 +++++++ 8 files changed, 295 insertions(+), 14 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1985.json create mode 100644 2025/1xxx/CVE-2025-1986.json create mode 100644 2025/1xxx/CVE-2025-1987.json create mode 100644 2025/1xxx/CVE-2025-1988.json diff --git a/2024/12xxx/CVE-2024-12097.json b/2024/12xxx/CVE-2024-12097.json index 3050d6c9a5a..cc6ae01e457 100644 --- a/2024/12xxx/CVE-2024-12097.json +++ b/2024/12xxx/CVE-2024-12097.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2025." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024." } ] }, @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "15.12.2025" + "version_value": "15.12.2024" } ] } diff --git a/2024/12xxx/CVE-2024-12799.json b/2024/12xxx/CVE-2024-12799.json index 859092e8347..85c1203c8f3 100644 --- a/2024/12xxx/CVE-2024-12799.json +++ b/2024/12xxx/CVE-2024-12799.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "Identity Manager Advanced Edition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.8.7.0102", + "status": "affected", + "version": "4.8.0.0", + "versionType": "rpm, exe" + }, + { + "status": "affected", + "version": "4.9.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.microfocus.com/s/article/KM000037455", + "refsource": "MISC", + "name": "https://portal.microfocus.com/s/article/KM000037455" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13147.json b/2024/13xxx/CVE-2024-13147.json index 3e84d8d5747..1eebcd5688d 100644 --- a/2024/13xxx/CVE-2024-13147.json +++ b/2024/13xxx/CVE-2024-13147.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Merkur Software", + "product": { + "product_data": [ + { + "product_name": "B2B Login Panel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "15.01.2025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0054", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-25-0054" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-25-0054", + "defect": [ + "TR-25-0054" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Yunus ORNEK" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1714.json b/2025/1xxx/CVE-2025-1714.json index 13cc3b17e41..6b61d0ce44a 100644 --- a/2025/1xxx/CVE-2025-1714.json +++ b/2025/1xxx/CVE-2025-1714.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts", + "cweId": "CWE-307" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perforce", + "product": { + "product_data": [ + { + "product_name": "Gliffy", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.14.0-7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://perforce1.lightning.force.com/lightning/r/a91PA000001ScY1YAK/view", + "refsource": "MISC", + "name": "https://perforce1.lightning.force.com/lightning/r/a91PA000001ScY1YAK/view" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1985.json b/2025/1xxx/CVE-2025-1985.json new file mode 100644 index 00000000000..c272d003063 --- /dev/null +++ b/2025/1xxx/CVE-2025-1985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1986.json b/2025/1xxx/CVE-2025-1986.json new file mode 100644 index 00000000000..1753256657b --- /dev/null +++ b/2025/1xxx/CVE-2025-1986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1987.json b/2025/1xxx/CVE-2025-1987.json new file mode 100644 index 00000000000..271631f1071 --- /dev/null +++ b/2025/1xxx/CVE-2025-1987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1988.json b/2025/1xxx/CVE-2025-1988.json new file mode 100644 index 00000000000..5cd86a983d9 --- /dev/null +++ b/2025/1xxx/CVE-2025-1988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file