From e6b0d1cbe9d2bb16b7db539633483db565d63a73 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Apr 2025 21:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/57xxx/CVE-2024-57698.json | 56 ++++++++++++++++-- 2025/3xxx/CVE-2025-3501.json | 98 ++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3910.json | 91 ++++++++++++++++++++++++++++-- 2025/46xxx/CVE-2025-46344.json | 68 ++++++++++++++++++++-- 2025/46xxx/CVE-2025-46348.json | 90 +++++++++++++++++++++++++++-- 2025/46xxx/CVE-2025-46549.json | 81 ++++++++++++++++++++++++-- 2025/46xxx/CVE-2025-46550.json | 81 ++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4078.json | 100 +++++++++++++++++++++++++++++++-- 8 files changed, 631 insertions(+), 34 deletions(-) diff --git a/2024/57xxx/CVE-2024-57698.json b/2024/57xxx/CVE-2024-57698.json index 39d81621a46..2db873b3f76 100644 --- a/2024/57xxx/CVE-2024-57698.json +++ b/2024/57xxx/CVE-2024-57698.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57698", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57698", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rodolfomarianocy/xpl-ModernWMS", + "url": "https://github.com/rodolfomarianocy/xpl-ModernWMS" } ] } diff --git a/2025/3xxx/CVE-2025-3501.json b/2025/3xxx/CVE-2025-3501.json index 1100d5044eb..b40d2e59657 100644 --- a/2025/3xxx/CVE-2025-3501.json +++ b/2025/3xxx/CVE-2025-3501.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Certificate with Host Mismatch", + "cweId": "CWE-297" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Build of Keycloak", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3501", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3501" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Use the correct TLS configuration and avoid using \"--tls-hostname-verifier=any\"." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3910.json b/2025/3xxx/CVE-2025-3910.json index 0ec91ce0a8b..7bd7dc6d6db 100644 --- a/2025/3xxx/CVE-2025-3910.json +++ b/2025/3xxx/CVE-2025-3910.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Build of Keycloak", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3910", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3910" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "No current mitigations are available for this vulnerability." + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Marek Posolda (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/46xxx/CVE-2025-46344.json b/2025/46xxx/CVE-2025-46344.json index a3f1ffb7ce7..47a990fd078 100644 --- a/2025/46xxx/CVE-2025-46344.json +++ b/2025/46xxx/CVE-2025-46344.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "auth0", + "product": { + "product_data": [ + { + "product_name": "nextjs-auth0", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.1, < 4.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-pjr6-jx7r-j4r6", + "refsource": "MISC", + "name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-pjr6-jx7r-j4r6" + }, + { + "url": "https://github.com/auth0/nextjs-auth0/commit/a4f061aed02ffa132feca8adfbd11704df17e1c3", + "refsource": "MISC", + "name": "https://github.com/auth0/nextjs-auth0/commit/a4f061aed02ffa132feca8adfbd11704df17e1c3" + }, + { + "url": "https://github.com/auth0/nextjs-auth0/releases/tag/v4.5.1", + "refsource": "MISC", + "name": "https://github.com/auth0/nextjs-auth0/releases/tag/v4.5.1" + } + ] + }, + "source": { + "advisory": "GHSA-pjr6-jx7r-j4r6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46348.json b/2025/46xxx/CVE-2025-46348.json index 63663eca29e..ba585a854ac 100644 --- a/2025/46xxx/CVE-2025-46348.json +++ b/2025/46xxx/CVE-2025-46348.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95" + }, + { + "url": "https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530" + } + ] + }, + "source": { + "advisory": "GHSA-wc9g-6j9w-hr95", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/46xxx/CVE-2025-46549.json b/2025/46xxx/CVE-2025-46549.json index 042c5b8a9df..b02a8b5edfe 100644 --- a/2025/46xxx/CVE-2025-46549.json +++ b/2025/46xxx/CVE-2025-46549.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f" + }, + { + "url": "https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5" + } + ] + }, + "source": { + "advisory": "GHSA-r9gv-qffm-xw6f", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/46xxx/CVE-2025-46550.json b/2025/46xxx/CVE-2025-46550.json index 488a8969487..55699bef3a4 100644 --- a/2025/46xxx/CVE-2025-46550.json +++ b/2025/46xxx/CVE-2025-46550.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YesWiki", + "product": { + "product_data": [ + { + "product_name": "yeswiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp" + }, + { + "url": "https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a", + "refsource": "MISC", + "name": "https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a" + } + ] + }, + "source": { + "advisory": "GHSA-ggqx-43h2-55jp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4078.json b/2025/4xxx/CVE-2025-4078.json index 8adaad94ec3..fba915ffd66 100644 --- a/2025/4xxx/CVE-2025-4078.json +++ b/2025/4xxx/CVE-2025-4078.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4078", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Wangshen SecGate 3600 2400 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei ?g=log_export_file. Dank der Manipulation des Arguments file_name mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wangshen", + "product": { + "product_data": [ + { + "product_name": "SecGate 3600", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2400" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306515", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306515" + }, + { + "url": "https://vuldb.com/?ctiid.306515", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306515" + }, + { + "url": "https://vuldb.com/?submit.560540", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.560540" + }, + { + "url": "https://flowus.cn/share/f5c70c53-737b-470b-aa2e-6d5524f849fb?code=G8A6P3", + "refsource": "MISC", + "name": "https://flowus.cn/share/f5c70c53-737b-470b-aa2e-6d5524f849fb?code=G8A6P3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0menc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] }