diff --git a/2019/13xxx/CVE-2019-13454.json b/2019/13xxx/CVE-2019-13454.json index 423d53b2bde..0f5542df39e 100644 --- a/2019/13xxx/CVE-2019-13454.json +++ b/2019/13xxx/CVE-2019-13454.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c." + "value": "ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c." } ] }, @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/blob/7.0.1-0/MagickCore/layer.c#L1618", + "url": "https://github.com/ImageMagick/ImageMagick/blob/7.0.1-0/MagickCore/layer.c#L1618" } ] } diff --git a/2019/1xxx/CVE-2019-1815.json b/2019/1xxx/CVE-2019-1815.json index c51c0e0841d..f701ed2791d 100644 --- a/2019/1xxx/CVE-2019-1815.json +++ b/2019/1xxx/CVE-2019-1815.json @@ -1,17 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1815", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-1815", + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was discovered in the local status page functionality of Cisco Meraki\u2019s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Meraki MX Firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.meraki.com/General_Administration/Privacy_and_Security/Cisco_Meraki_MX67_and_MX68_Sensitive_Information_Disclosure_Vulnerability", + "refsource": "MISC", + "name": "https://documentation.meraki.com/General_Administration/Privacy_and_Security/Cisco_Meraki_MX67_and_MX68_Sensitive_Information_Disclosure_Vulnerability" + } + ] + }, + "source": { + "advisory": "Cisco Meraki MX67 and MX68 Sensitive Information Disclosure Vulnerability", + "discovery": "EXTERNAL" + }, + "exploit": [ + { + "lang": "en", + "value": "As of this publication date, Cisco Meraki is NOT aware of any active exploitation of this vulnerability, nor the public availability of any tool to exploit this vulnerability, nor details on how to exploit this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2020/16xxx/CVE-2020-16291.json b/2020/16xxx/CVE-2020-16291.json index 577485501a1..74b1198df39 100644 --- a/2020/16xxx/CVE-2020-16291.json +++ b/2020/16xxx/CVE-2020-16291.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." + "value": "A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." } ] }, @@ -81,6 +81,16 @@ "refsource": "UBUNTU", "name": "USN-4469-1", "url": "https://usn.ubuntu.com/4469-1/" + }, + { + "refsource": "MISC", + "name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevdj9.c?h=ghostpdl-9.18#n824", + "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevdj9.c?h=ghostpdl-9.18#n824" + }, + { + "refsource": "MISC", + "name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4f73e8b4d578e69a17f452fa60d2130c5faaefd6", + "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4f73e8b4d578e69a17f452fa60d2130c5faaefd6" } ] } diff --git a/2020/16xxx/CVE-2020-16297.json b/2020/16xxx/CVE-2020-16297.json index 2c0c6846e84..fb02d6e5254 100644 --- a/2020/16xxx/CVE-2020-16297.json +++ b/2020/16xxx/CVE-2020-16297.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." + "value": "A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." } ] }, @@ -81,6 +81,16 @@ "refsource": "UBUNTU", "name": "USN-4469-1", "url": "https://usn.ubuntu.com/4469-1/" + }, + { + "refsource": "MISC", + "name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39", + "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39" + }, + { + "refsource": "MISC", + "name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevbjca.c?h=ghostpdl-9.18#n659", + "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevbjca.c?h=ghostpdl-9.18#n659" } ] } diff --git a/2020/16xxx/CVE-2020-16304.json b/2020/16xxx/CVE-2020-16304.json index 1f954174454..d87785274da 100644 --- a/2020/16xxx/CVE-2020-16304.json +++ b/2020/16xxx/CVE-2020-16304.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51." + "value": "A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51." } ] }, @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4469-1", "url": "https://usn.ubuntu.com/4469-1/" + }, + { + "refsource": "MISC", + "name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/base/gxicolor.c?h=ghostscript-9.18#n825", + "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/base/gxicolor.c?h=ghostscript-9.18#n825" } ] } diff --git a/2020/3xxx/CVE-2020-3122.json b/2020/3xxx/CVE-2020-3122.json index 443bf1980a9..a95ff70e5d0 100644 --- a/2020/3xxx/CVE-2020-3122.json +++ b/2020/3xxx/CVE-2020-3122.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IronPort Security Management Appliance", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Cisco Secure Email and Web Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0(Ritz)-128" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383", + "refsource": "MISC", + "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383" + } + ] + }, + "source": { + "advisory": "", + "discovery": "EXTERNAL", + "defects": [ + "CSCvr92383" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13918.json b/2024/13xxx/CVE-2024-13918.json new file mode 100644 index 00000000000..8777c455913 --- /dev/null +++ b/2024/13xxx/CVE-2024-13918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13919.json b/2024/13xxx/CVE-2024-13919.json new file mode 100644 index 00000000000..b1617fcc678 --- /dev/null +++ b/2024/13xxx/CVE-2024-13919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8676.json b/2024/8xxx/CVE-2024-8676.json index 8471fc1d4c6..6835d68c5a0 100644 --- a/2024/8xxx/CVE-2024-8676.json +++ b/2024/8xxx/CVE-2024-8676.json @@ -77,6 +77,27 @@ ] } }, + { + "product_name": "Red Hat OpenShift Container Platform 4.18", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.31.5-5.rhaos4.18.git6dfa0a6.el8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -159,6 +180,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:0648" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:1908", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:1908" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-8676", "refsource": "MISC", diff --git a/2025/1xxx/CVE-2025-1946.json b/2025/1xxx/CVE-2025-1946.json index 31385cbf3c0..f23a7a2e037 100644 --- a/2025/1xxx/CVE-2025-1946.json +++ b/2025/1xxx/CVE-2025-1946.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in hzmanyun Education and Training System 2.1 ausgemacht. Davon betroffen ist die Funktion exportPDF der Datei /user/exportPDF. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hzmanyun", + "product": { + "product_data": [ + { + "product_name": "Education and Training System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298520", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298520" + }, + { + "url": "https://vuldb.com/?ctiid.298520", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298520" + }, + { + "url": "https://vuldb.com/?submit.506657", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.506657" + }, + { + "url": "https://github.com/heiheixz/report/blob/main/nxb_1.md", + "refsource": "MISC", + "name": "https://github.com/heiheixz/report/blob/main/nxb_1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heihei_XZ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1947.json b/2025/1xxx/CVE-2025-1947.json index 15353bf439f..375f9de2f21 100644 --- a/2025/1xxx/CVE-2025-1947.json +++ b/2025/1xxx/CVE-2025-1947.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in hzmanyun Education and Training System 2.1.3 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion scorm der Datei UploadImageController.java. Durch die Manipulation des Arguments param mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hzmanyun", + "product": { + "product_data": [ + { + "product_name": "Education and Training System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298521", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298521" + }, + { + "url": "https://vuldb.com/?ctiid.298521", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298521" + }, + { + "url": "https://vuldb.com/?submit.506659", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.506659" + }, + { + "url": "https://github.com/heiheixz/report/blob/main/nxb_2.md", + "refsource": "MISC", + "name": "https://github.com/heiheixz/report/blob/main/nxb_2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heihei_XZ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1969.json b/2025/1xxx/CVE-2025-1969.json new file mode 100644 index 00000000000..37caeb09a85 --- /dev/null +++ b/2025/1xxx/CVE-2025-1969.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-1969", + "ASSIGNER": "aws-security@amazon.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM.\n\nUpgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346 Origin Validation Error", + "cweId": "CWE-346" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AWS", + "product": { + "product_data": [ + { + "product_name": "Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86", + "refsource": "MISC", + "name": "https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86" + }, + { + "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-004/", + "refsource": "MISC", + "name": "https://aws.amazon.com/security/security-bulletins/AWS-2025-004/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26202.json b/2025/26xxx/CVE-2025-26202.json index fa25d8205a4..3e7917e8799 100644 --- a/2025/26xxx/CVE-2025-26202.json +++ b/2025/26xxx/CVE-2025-26202.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-26202", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-26202", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the \"Click here to display\" option on the Status page" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dzs.com", + "refsource": "MISC", + "name": "http://dzs.com" + }, + { + "url": "http://znid-gpon-2428b1-0st.com", + "refsource": "MISC", + "name": "http://znid-gpon-2428b1-0st.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/A17-ba/CVE-2025-26202-Details", + "url": "https://github.com/A17-ba/CVE-2025-26202-Details" } ] }