From e6749ff954e2bb619241810763b6e8d6b2e543f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 11 Feb 2025 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12547.json | 68 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12548.json | 68 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12549.json | 68 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12550.json | 68 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12551.json | 68 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12833.json | 68 +++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13862.json | 18 ++++++++ 2024/13xxx/CVE-2024-13863.json | 18 ++++++++ 2024/13xxx/CVE-2024-13864.json | 18 ++++++++ 2024/13xxx/CVE-2024-13865.json | 18 ++++++++ 2024/21xxx/CVE-2024-21966.json | 78 ++++++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0899.json | 68 +++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0901.json | 68 +++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0902.json | 68 +++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0903.json | 68 +++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0904.json | 68 +++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0905.json | 68 +++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1052.json | 68 +++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1239.json | 18 ++++++++ 2025/25xxx/CVE-2025-25523.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25524.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25525.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25526.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25527.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25528.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25529.json | 56 +++++++++++++++++++++--- 2025/25xxx/CVE-2025-25530.json | 56 +++++++++++++++++++++--- 27 files changed, 1396 insertions(+), 104 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13862.json create mode 100644 2024/13xxx/CVE-2024-13863.json create mode 100644 2024/13xxx/CVE-2024-13864.json create mode 100644 2024/13xxx/CVE-2024-13865.json create mode 100644 2025/1xxx/CVE-2025-1239.json diff --git a/2024/12xxx/CVE-2024-12547.json b/2024/12xxx/CVE-2024-12547.json index d617462dfce..96c8957bfd4 100644 --- a/2024/12xxx/CVE-2024-12547.json +++ b/2024/12xxx/CVE-2024-12547.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tungsten Automation", + "product": { + "product_data": [ + { + "product_name": "Power PDF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.1.0.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1681/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1681/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12548.json b/2024/12xxx/CVE-2024-12548.json index c8538c950d1..f7e054e0272 100644 --- a/2024/12xxx/CVE-2024-12548.json +++ b/2024/12xxx/CVE-2024-12548.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files.The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tungsten Automation", + "product": { + "product_data": [ + { + "product_name": "Power PDF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.1.0.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1680/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1680/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/12xxx/CVE-2024-12549.json b/2024/12xxx/CVE-2024-12549.json index 8313c68b4ef..1640dd23bbd 100644 --- a/2024/12xxx/CVE-2024-12549.json +++ b/2024/12xxx/CVE-2024-12549.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tungsten Automation", + "product": { + "product_data": [ + { + "product_name": "Power PDF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.1.0.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1679/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1679/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12550.json b/2024/12xxx/CVE-2024-12550.json index ab299824791..149ca3e395e 100644 --- a/2024/12xxx/CVE-2024-12550.json +++ b/2024/12xxx/CVE-2024-12550.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25566." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tungsten Automation", + "product": { + "product_data": [ + { + "product_name": "Power PDF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.1.0.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1678/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1678/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/12xxx/CVE-2024-12551.json b/2024/12xxx/CVE-2024-12551.json index d171b063e96..083b56de130 100644 --- a/2024/12xxx/CVE-2024-12551.json +++ b/2024/12xxx/CVE-2024-12551.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tungsten Automation", + "product": { + "product_data": [ + { + "product_name": "Power PDF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.1.0.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1677/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1677/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12833.json b/2024/12xxx/CVE-2024-12833.json index 8dba27495d9..63077e80b22 100644 --- a/2024/12xxx/CVE-2024-12833.json +++ b/2024/12xxx/CVE-2024-12833.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability.\n\nThe specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Paessler", + "product": { + "product_data": [ + { + "product_name": "PRTG Network Monitor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "24.1.92.1554 x64" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1736/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1736/" + } + ] + }, + "source": { + "lang": "en", + "value": "Andreas Finstad" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13862.json b/2024/13xxx/CVE-2024-13862.json new file mode 100644 index 00000000000..afdb18d0d07 --- /dev/null +++ b/2024/13xxx/CVE-2024-13862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13863.json b/2024/13xxx/CVE-2024-13863.json new file mode 100644 index 00000000000..18009e9db43 --- /dev/null +++ b/2024/13xxx/CVE-2024-13863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13864.json b/2024/13xxx/CVE-2024-13864.json new file mode 100644 index 00000000000..a40d5e7d8a6 --- /dev/null +++ b/2024/13xxx/CVE-2024-13864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13865.json b/2024/13xxx/CVE-2024-13865.json new file mode 100644 index 00000000000..7ded604c351 --- /dev/null +++ b/2024/13xxx/CVE-2024-13865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21966.json b/2024/21xxx/CVE-2024-21966.json index e092cbed02c..db56a1c2353 100644 --- a/2024/21xxx/CVE-2024-21966.json +++ b/2024/21xxx/CVE-2024-21966.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A DLL hijacking vulnerability in the AMD Ryzen\u2122 Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 Master Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.14.0.3205" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html", + "refsource": "MISC", + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0899.json b/2025/0xxx/CVE-2025-0899.json index b1bf0a7a51a..690e57c52ad 100644 --- a/2025/0xxx/CVE-2025-0899.json +++ b/2025/0xxx/CVE-2025-0899.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25349." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.1.387" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-061/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-061/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/0xxx/CVE-2025-0901.json b/2025/0xxx/CVE-2025-0901.json index 08d3aed90f7..d2c5389623f 100644 --- a/2025/0xxx/CVE-2025-0901.json +++ b/2025/0xxx/CVE-2025-0901.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.0.388" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-062/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-062/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/0xxx/CVE-2025-0902.json b/2025/0xxx/CVE-2025-0902.json index 48964b304a3..ec1a6aecba4 100644 --- a/2025/0xxx/CVE-2025-0902.json +++ b/2025/0xxx/CVE-2025-0902.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.0.388" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-072/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-072/" + } + ] + }, + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2025/0xxx/CVE-2025-0903.json b/2025/0xxx/CVE-2025-0903.json index d93609139fa..63117494604 100644 --- a/2025/0xxx/CVE-2025-0903.json +++ b/2025/0xxx/CVE-2025-0903.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25421." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.0.388" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-070/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-070/" + } + ] + }, + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/0xxx/CVE-2025-0904.json b/2025/0xxx/CVE-2025-0904.json index c4fca1bd0da..118bbfbc20f 100644 --- a/2025/0xxx/CVE-2025-0904.json +++ b/2025/0xxx/CVE-2025-0904.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25422." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.0.388" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-071/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-071/" + } + ] + }, + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2025/0xxx/CVE-2025-0905.json b/2025/0xxx/CVE-2025-0905.json index 68d38e8f44d..ff5b7a46abc 100644 --- a/2025/0xxx/CVE-2025-0905.json +++ b/2025/0xxx/CVE-2025-0905.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25433." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PDF-XChange", + "product": { + "product_data": [ + { + "product_name": "PDF-XChange Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.0.388" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-067/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-067/" + } + ] + }, + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2025/1xxx/CVE-2025-1052.json b/2025/1xxx/CVE-2025-1052.json index 745f67577f1..16de4757d9b 100644 --- a/2025/1xxx/CVE-2025-1052.json +++ b/2025/1xxx/CVE-2025-1052.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mintty", + "product": { + "product_data": [ + { + "product_name": "Mintty", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.1 (Git-2.45.1-64-bit.exe)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-084/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-25-084/" + } + ] + }, + "source": { + "lang": "en", + "value": "solid-snail" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/1xxx/CVE-2025-1239.json b/2025/1xxx/CVE-2025-1239.json new file mode 100644 index 00000000000..26d3004c69c --- /dev/null +++ b/2025/1xxx/CVE-2025-1239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25523.json b/2025/25xxx/CVE-2025-25523.json index 07de3cc7446..4fe0ab50fd8 100644 --- a/2025/25xxx/CVE-2025-25523.json +++ b/2025/25xxx/CVE-2025-25523.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25523", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25523", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/cb190038c9402c9f89681a0e116996f6", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/cb190038c9402c9f89681a0e116996f6" } ] } diff --git a/2025/25xxx/CVE-2025-25524.json b/2025/25xxx/CVE-2025-25524.json index d9c4e9d0dd4..f265e9f67c6 100644 --- a/2025/25xxx/CVE-2025-25524.json +++ b/2025/25xxx/CVE-2025-25524.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25524", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25524", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/ce1f80afd2d8be8ca543437f16eae96b", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/ce1f80afd2d8be8ca543437f16eae96b" } ] } diff --git a/2025/25xxx/CVE-2025-25525.json b/2025/25xxx/CVE-2025-25525.json index f6c44b9c08c..a57b1b45e4c 100644 --- a/2025/25xxx/CVE-2025-25525.json +++ b/2025/25xxx/CVE-2025-25525.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25525", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25525", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/d797c3cce41678028ff2d20c4e12137e", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/d797c3cce41678028ff2d20c4e12137e" } ] } diff --git a/2025/25xxx/CVE-2025-25526.json b/2025/25xxx/CVE-2025-25526.json index 81e22c01980..cbcfbd399fc 100644 --- a/2025/25xxx/CVE-2025-25526.json +++ b/2025/25xxx/CVE-2025-25526.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/5e3770d5e78e0aa5f9d51ba3882c35cd", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/5e3770d5e78e0aa5f9d51ba3882c35cd" } ] } diff --git a/2025/25xxx/CVE-2025-25527.json b/2025/25xxx/CVE-2025-25527.json index f042028f690..726561fcff8 100644 --- a/2025/25xxx/CVE-2025-25527.json +++ b/2025/25xxx/CVE-2025-25527.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25527", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25527", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/354620285280aca98acba94a9c5fffb6", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/354620285280aca98acba94a9c5fffb6" } ] } diff --git a/2025/25xxx/CVE-2025-25528.json b/2025/25xxx/CVE-2025-25528.json index eeac17e5aa8..545829b5dba 100644 --- a/2025/25xxx/CVE-2025-25528.json +++ b/2025/25xxx/CVE-2025-25528.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25528", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25528", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any authorization verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/87f3a4412c46fa9c27d2f723136920b8", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/87f3a4412c46fa9c27d2f723136920b8" } ] } diff --git a/2025/25xxx/CVE-2025-25529.json b/2025/25xxx/CVE-2025-25529.json index 14e852333fc..c7aa71d5957 100644 --- a/2025/25xxx/CVE-2025-25529.json +++ b/2025/25xxx/CVE-2025-25529.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25529", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25529", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/121e150c1cc100eab2cbd8ba3b55626b", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/121e150c1cc100eab2cbd8ba3b55626b" } ] } diff --git a/2025/25xxx/CVE-2025-25530.json b/2025/25xxx/CVE-2025-25530.json index 90113be05f9..db909ecc9e5 100644 --- a/2025/25xxx/CVE-2025-25530.json +++ b/2025/25xxx/CVE-2025-25530.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25530", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25530", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/XiaoCurry/570a765f6812b8c53d35f623ee701b19", + "refsource": "MISC", + "name": "https://gist.github.com/XiaoCurry/570a765f6812b8c53d35f623ee701b19" } ] }