admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-02 03:32:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-26 11:00:38 +00:00
parent e76a9ad782
commit ebb19b86af
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 556 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2024/36xxx/CVE-2024-36907.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

26
2025/2xxx/CVE-2025-2784.json
View File

@ -77,6 +77,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.72.0-8.el9_4.5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -134,6 +155,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8139",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8139"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-2784",
"refsource": "MISC",

26
2025/32xxx/CVE-2025-32049.json
View File

@ -56,6 +56,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.72.0-8.el9_4.5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 10",
"version": {
@ -121,6 +142,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8139",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8139"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-32049",
"refsource": "MISC",

26
2025/32xxx/CVE-2025-32914.json
View File

@ -77,6 +77,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.72.0-8.el9_4.5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -134,6 +155,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8139",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8139"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-32914",
"refsource": "MISC",

95
2025/35xxx/CVE-2025-35003.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-35003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\n\nNuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\n\nThis issue affects Apache NuttX: from 7.25 before 12.9.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache NuttX RTOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.25",
"version_value": "12.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/nuttx/pull/16179",
"refsource": "MISC",
"name": "https://github.com/apache/nuttx/pull/16179"
},
{
"url": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Chongqing Lei <leicq@seu.edu.cn>"
},
{
"lang": "en",
"value": "Zhen Ling <zhenling@seu.edu.cn>"
},
{
"lang": "en",
"value": "Chongqing Lei <leicq@seu.edu.cn>"
},
{
"lang": "en",
"value": "Tomek CEDRO <tomek@cedro.info>"
}
]
}

107
2025/37xxx/CVE-2025-37753.json
View File

@ -5,117 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2025-37753",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpumf: Fix double free on error in cpumf_pmu_event_init()\n\nIn PMU event initialization functions\n - cpumsf_pmu_event_init()\n - cpumf_pmu_event_init()\n - cfdiag_event_init()\nthe partially created event had to be removed when an error was detected.\nThe event::event_init() member function had to release all resources\nit allocated in case of error. event::destroy() had to be called\non freeing an event after it was successfully created and\nevent::event_init() returned success.\n\nWith\n\ncommit c70ca298036c (\"perf/core: Simplify the perf_event_alloc() error path\")\n\nthis is not necessary anymore. The performance subsystem common\ncode now always calls event::destroy() to clean up the allocated\nresources created during event initialization.\n\nRemove the event::destroy() invocation in PMU event initialization\nor that function is called twice for each event that runs into an\nerror condition in event creation.\n\nThis is the kernel log entry which shows up without the fix:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 43388 at lib/refcount.c:87\trefcount_dec_not_one+0x74/0x90\nCPU: 0 UID: 0 PID: 43388 Comm: perf Not tainted 6.15.0-20250407.rc1.git0.300.fc41.s390x+git #1 NONE\nHardware name: IBM 3931 A01 704 (LPAR)\nKrnl PSW : 0704c00180000000 00000209cb2c1b88 (refcount_dec_not_one+0x78/0x90)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 0000020900000027 0000020900000023 0000000000000026 0000018900000000\n 00000004a2200a00 0000000000000000 0000000000000057 ffffffffffffffea\n 00000002b386c600 00000002b3f5b3e0 00000209cc51f140 00000209cc7fc550\n 0000000001449d38 ffffffffffffffff 00000209cb2c1b84 00000189d67dfb80\nKrnl Code: 00000209cb2c1b78: c02000506727\tlarl\t%r2,00000209cbcce9c6\n 00000209cb2c1b7e: c0e5ffbd4431\tbrasl\t%r14,00000209caa6a3e0\n #00000209cb2c1b84: af000000\t\tmc\t0,0\n >00000209cb2c1b88: a7480001\t\tlhi\t%r4,1\n 00000209cb2c1b8c: ebeff0a00004\tlmg\t%r14,%r15,160(%r15)\n 00000209cb2c1b92: ec243fbf0055\trisbg\t%r2,%r4,63,191,0\n 00000209cb2c1b98: 07fe\t\tbcr\t15,%r14\n 00000209cb2c1b9a: 47000700\t\tbc\t0,1792\nCall Trace:\n [<00000209cb2c1b88>] refcount_dec_not_one+0x78/0x90\n [<00000209cb2c1dc4>] refcount_dec_and_mutex_lock+0x24/0x90\n [<00000209caa3c29e>] hw_perf_event_destroy+0x2e/0x80\n [<00000209cacaf8b4>] __free_event+0x74/0x270\n [<00000209cacb47c4>] perf_event_alloc.part.0+0x4a4/0x730\n [<00000209cacbf3e8>] __do_sys_perf_event_open+0x248/0xc20\n [<00000209cacc14a4>] __s390x_sys_perf_event_open+0x44/0x50\n [<00000209cb8114de>] __do_syscall+0x12e/0x260\n [<00000209cb81ce34>] system_call+0x74/0x98\nLast Breaking-Event-Address:\n [<00000209caa6a4d2>] __warn_printk+0xf2/0x100\n---[ end trace 0000000000000000 ]---"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7ef5aa081f989ecfecc1df02068a80aebbd3ec31",
"version_value": "bdbecb2bf531fadbbc9347a79009f7a58ea7eb03"
},
{
"version_affected": "<",
"version_name": "315a50c6b1c6ce191f19f3372935d8e2ed9b53a6",
"version_value": "3a3faf873db5dcd5d2622d8e2accb90af0a86c2d"
},
{
"version_affected": "<",
"version_name": "1209b0b29fd472e7dbd2b06544b019dd9f9b7e51",
"version_value": "ddf60c1491102dab04491481bc3376d3e9cd139d"
},
{
"version_affected": "<",
"version_name": "c70ca298036c58a88686ff388d3d367e9d21acf0",
"version_value": "aa1ac98268cd1f380c713f07e39b1fa1d5c7650c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.15-rc1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.15-rc1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bdbecb2bf531fadbbc9347a79009f7a58ea7eb03",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bdbecb2bf531fadbbc9347a79009f7a58ea7eb03"
},
{
"url": "https://git.kernel.org/stable/c/3a3faf873db5dcd5d2622d8e2accb90af0a86c2d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a3faf873db5dcd5d2622d8e2accb90af0a86c2d"
},
{
"url": "https://git.kernel.org/stable/c/ddf60c1491102dab04491481bc3376d3e9cd139d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddf60c1491102dab04491481bc3376d3e9cd139d"
},
{
"url": "https://git.kernel.org/stable/c/aa1ac98268cd1f380c713f07e39b1fa1d5c7650c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa1ac98268cd1f380c713f07e39b1fa1d5c7650c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

127
2025/37xxx/CVE-2025-37902.json
View File

@ -5,137 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2025-37902",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix copying after src array boundaries\n\nThe blammed commit copied to argv the size of the reallocated argv,\ninstead of the size of the old_argv, thus reading and copying from\npast the old_argv allocated memory.\n\nFollowing BUG_ON was hit:\n[ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040!\n[ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n...\n[ 3.056489][ T1] Call trace:\n[ 3.056591][ T1] __fortify_panic+0x10/0x18 (P)\n[ 3.056773][ T1] dm_split_args+0x20c/0x210\n[ 3.056942][ T1] dm_table_add_target+0x13c/0x360\n[ 3.057132][ T1] table_load+0x110/0x3ac\n[ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c\n[ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec\n[ 3.057634][ T1] invoke_syscall+0x58/0x10c\n[ 3.057804][ T1] el0_svc_common+0xa8/0xdc\n[ 3.057970][ T1] do_el0_svc+0x1c/0x28\n[ 3.058123][ T1] el0_svc+0x50/0xac\n[ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4\n[ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4\n[ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)\n[ 3.058897][ T1] ---[ end trace 0000000000000000 ]---\n[ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nFix it by copying the size of src, and not the size of dst, as it was."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4df67fb22782e54dcff0803f519d9b7d3a8b3367",
"version_value": "aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f"
},
{
"version_affected": "<",
"version_name": "2dd94484415dde4da0f5c40ff2809d9ef4a01935",
"version_value": "4c4f168b46229d527bda801ef15ad793b069f0ae"
},
{
"version_affected": "<",
"version_name": "64e95bb37916ab03dcb7a920276c5a52df8e568b",
"version_value": "ed3248a403740a623c73afd95f88cc37e0cd3ad2"
},
{
"version_affected": "<",
"version_name": "510aea4ef0f81e8d06506c85f919b7700ccc60d8",
"version_value": "db62809197658954a67b446c30677bc25baaf9f3"
},
{
"version_affected": "<",
"version_name": "0b7c1bf09dce084a3657909110d256f36d9a8a05",
"version_value": "a27cbadb995fa4cca90cefd74332c55c2c26616b"
},
{
"version_affected": "<",
"version_name": "5a2a6c428190f945c5cbf5791f72dbea83e97f66",
"version_value": "f1aff4bc199cb92c055668caed65505e3b4d2656"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.15-rc5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.15-rc5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc6",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f"
},
{
"url": "https://git.kernel.org/stable/c/4c4f168b46229d527bda801ef15ad793b069f0ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4c4f168b46229d527bda801ef15ad793b069f0ae"
},
{
"url": "https://git.kernel.org/stable/c/ed3248a403740a623c73afd95f88cc37e0cd3ad2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed3248a403740a623c73afd95f88cc37e0cd3ad2"
},
{
"url": "https://git.kernel.org/stable/c/db62809197658954a67b446c30677bc25baaf9f3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db62809197658954a67b446c30677bc25baaf9f3"
},
{
"url": "https://git.kernel.org/stable/c/a27cbadb995fa4cca90cefd74332c55c2c26616b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a27cbadb995fa4cca90cefd74332c55c2c26616b"
},
{
"url": "https://git.kernel.org/stable/c/f1aff4bc199cb92c055668caed65505e3b4d2656",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f1aff4bc199cb92c055668caed65505e3b4d2656"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
}
}

18
2025/48xxx/CVE-2025-48796.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/48xxx/CVE-2025-48797.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/48xxx/CVE-2025-48798.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

69
2025/4xxx/CVE-2025-4053.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The data\u00a0stored in\u00a0Be-Tech Mifare Classic card\u00a0is stored in cleartext.\u00a0An attacker having access to a Be-Tech hotel guest\u00a0Mifare Classic card can create a master key card that unlocks all the locks in the building. \n\nThis issue affects all\u00a0Be-Tech Mifare Classic card systems.\u00a0To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Be-Tech",
"product": {
"product_data": [
{
"product_name": "Mifare Classic cards",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/05/CVE-2025-4053/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/05/CVE-2025-4053/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "S\u0142awomir Jasek, smartlockpicking.com"
}
]
}

26
2025/4xxx/CVE-2025-4948.json
View File

@ -56,6 +56,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.72.0-8.el9_4.5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 10",
"version": {
@ -121,6 +142,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8139",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8139"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-4948",
"refsource": "MISC",

132
2025/5xxx/CVE-2025-5181.json
View File

@ -1,17 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Summer Pearl Group Vacation Rental Management Platform bis 1.0.1 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /spgpm/updateListing. Durch die Manipulation des Arguments spgLsTitle mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.0.2 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Summer Pearl Group",
"product": {
"product_data": [
{
"product_name": "Vacation Rental Management Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_affected": "=",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310269",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310269"
},
{
"url": "https://vuldb.com/?ctiid.310269",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310269"
},
{
"url": "https://vuldb.com/?submit.581383",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.581383"
},
{
"url": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS",
"refsource": "MISC",
"name": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS"
},
{
"url": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS?tab=readme-ov-file#4%EF%B8%8F%E2%83%A3-inject-xss",
"refsource": "MISC",
"name": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS?tab=readme-ov-file#4%EF%B8%8F%E2%83%A3-inject-xss"
},
{
"url": "https://summerpearlgroup.gr/spgpm/releases",
"refsource": "MISC",
"name": "https://summerpearlgroup.gr/spgpm/releases"
},
{
"url": "https://www.youtube.com/watch?v=0wwuatTa6sU",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=0wwuatTa6sU"
}
]
},
"credits": [
{
"lang": "en",
"value": "alexperrakis (VulDB User)"
},
{
"lang": "en",
"value": "alexperrakis (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

112
2025/5xxx/CVE-2025-5182.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handler. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "In Summer Pearl Group Vacation Rental Management Platform bis 1.0.1 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Listing Handler. Durch Manipulation mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0.2 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass",
"cweId": "CWE-639"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Summer Pearl Group",
"product": {
"product_data": [
{
"product_name": "Vacation Rental Management Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_affected": "=",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310270",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310270"
},
{
"url": "https://vuldb.com/?ctiid.310270",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310270"
},
{
"url": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS",
"refsource": "MISC",
"name": "https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS"
},
{
"url": "https://summerpearlgroup.gr/spgpm/releases",
"refsource": "MISC",
"name": "https://summerpearlgroup.gr/spgpm/releases"
},
{
"url": "https://www.youtube.com/watch?v=0wwuatTa6sU",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=0wwuatTa6sU"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}