admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-28 06:00:31 +00:00
parent 79571fb7c6
commit e9a5259130
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 406 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
2022/4xxx/CVE-2022-4064.json
View File

@ -1,20 +1,51 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4064",
"TITLE": "Dalli Meta Protocol request_formatter.rb self.meta_set injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.3 is able to address this issue. The patch is identified as 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Dalli bis 3.2.2 ausgemacht. Hiervon betroffen ist die Funktion self.meta_set der Datei lib/dalli/protocol/meta/request_formatter.rb der Komponente Meta Protocol Handler. Durch Beeinflussen des Arguments cas/ttl mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 48d594dae55934476fec61789e7a7c3700e0f50d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization",
"cweId": "CWE-707"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,7 +53,16 @@
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.2.1"
},
{
"version_affected": "=",
"version_value": "3.2.2"
}
]
}
@ -33,35 +73,18 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.214026",
"refsource": "MISC",
"name": "https://vuldb.com/?id.214026"
},
{
"url": "https://vuldb.com/?ctiid.214026",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.214026"
},
{
"url": "https://github.com/petergoldstein/dalli/issues/932",
"refsource": "MISC",
@ -78,9 +101,41 @@
"name": "https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d"
},
{
"url": "https://vuldb.com/?id.214026",
"url": "https://github.com/petergoldstein/dalli/releases/tag/v3.2.3",
"refsource": "MISC",
"name": "https://vuldb.com/?id.214026"
"name": "https://github.com/petergoldstein/dalli/releases/tag/v3.2.3"
},
{
"url": "https://github.com/advisories/GHSA-3xg8-cc8f-9wv2",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-3xg8-cc8f-9wv2"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"
}
]
}

72
2025/1xxx/CVE-2025-1762.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Event Tickets with Ticket Scanner",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/d5cefdee-2ba0-465d-b176-0dff39fc322c/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/d5cefdee-2ba0-465d-b176-0dff39fc322c/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krugov Artyom"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

68
2025/2xxx/CVE-2025-2027.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@asus.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances.\nRefer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ASUS",
"product": {
"product_data": [
{
"product_name": "ASCI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 1.1.32.0"
},
{
"version_affected": "=",
"version_value": "before 3.1.43.0"
},
{
"version_affected": "=",
"version_value": "before 3.2.44.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.asus.com/content/asus-product-security-advisory/",
"refsource": "MISC",
"name": "https://www.asus.com/content/asus-product-security-advisory/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

76
2025/2xxx/CVE-2025-2804.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2804",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tagDiv",
"product": {
"product_data": [
{
"product_name": "tagDiv Composer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41ef545a-7de1-406c-8686-57216e697a1b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41ef545a-7de1-406c-8686-57216e697a1b?source=cve"
},
{
"url": "https://tagdiv.com/td_deploy/Newspaper/changed_files_12.6.9_12.7.html",
"refsource": "MISC",
"name": "https://tagdiv.com/td_deploy/Newspaper/changed_files_12.6.9_12.7.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Truoc Phan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

77
2025/31xxx/CVE-2025-31335.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-31335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://shibboleth.net/community/advisories/secadv_20250313.txt",
"refsource": "MISC",
"name": "https://shibboleth.net/community/advisories/secadv_20250313.txt"
},
{
"url": "https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee",
"refsource": "MISC",
"name": "https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee"
},
{
"url": "https://shibboleth.atlassian.net/browse/CPPOST-126",
"refsource": "MISC",
"name": "https://shibboleth.atlassian.net/browse/CPPOST-126"
},
{
"url": "https://lists.debian.org/debian-security-announce/2025/msg00041.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-security-announce/2025/msg00041.html"
}
]
}
}

18
2025/31xxx/CVE-2025-31336.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/31xxx/CVE-2025-31337.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}