diff --git a/2019/16xxx/CVE-2019-16151.json b/2019/16xxx/CVE-2019-16151.json new file mode 100644 index 00000000000..a3042705304 --- /dev/null +++ b/2019/16xxx/CVE-2019-16151.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-16151", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted \"Host\" header or to execute JavaScript code in the victim's browser context.\r\nThis happens when the FortiGate has web filtering and category override enabled/configured." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.1" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/advisory/FG-IR-19-301", + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-301" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 6.4.2 or above.\n\r\nPlease upgrade to FortiOS version 6.2.10 or above." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:X/RC:X" + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53350.json b/2024/53xxx/CVE-2024-53350.json index 607fde9431d..30ab872a9de 100644 --- a/2024/53xxx/CVE-2024-53350.json +++ b/2024/53xxx/CVE-2024-53350.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53350", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53350", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubeslice/kubeslice", + "refsource": "MISC", + "name": "https://github.com/kubeslice/kubeslice" + }, + { + "url": "https://kubeslice.io/documentation/open-source/1.3.0", + "refsource": "MISC", + "name": "https://kubeslice.io/documentation/open-source/1.3.0" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/HouqiyuA/1cb964206e0d6bebd1c57a124c55fa03", + "url": "https://gist.github.com/HouqiyuA/1cb964206e0d6bebd1c57a124c55fa03" } ] } diff --git a/2024/53xxx/CVE-2024-53351.json b/2024/53xxx/CVE-2024-53351.json index fc34ea724ce..cf2fec066e1 100644 --- a/2024/53xxx/CVE-2024-53351.json +++ b/2024/53xxx/CVE-2024-53351.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53351", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53351", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pipe-cd/pipecd", + "refsource": "MISC", + "name": "https://github.com/pipe-cd/pipecd" + }, + { + "url": "https://pipecd.dev/", + "refsource": "MISC", + "name": "https://pipecd.dev/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/HouqiyuA/948a808b8bd48b17b37a4d5e0b6fb005", + "url": "https://gist.github.com/HouqiyuA/948a808b8bd48b17b37a4d5e0b6fb005" } ] } diff --git a/2025/29xxx/CVE-2025-29223.json b/2025/29xxx/CVE-2025-29223.json index fa455a0d795..1c8e18cda57 100644 --- a/2025/29xxx/CVE-2025-29223.json +++ b/2025/29xxx/CVE-2025-29223.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_traceRoute/CI_traceRoute.md", + "refsource": "MISC", + "name": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_traceRoute/CI_traceRoute.md" } ] } diff --git a/2025/29xxx/CVE-2025-29226.json b/2025/29xxx/CVE-2025-29226.json index 54916cbe29d..5266067e337 100644 --- a/2025/29xxx/CVE-2025-29226.json +++ b/2025/29xxx/CVE-2025-29226.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29226", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29226", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Linksys E5600 V1.1.0.26, the \\usr\\share\\lua\\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt[\"count\"] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md", + "refsource": "MISC", + "name": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md" } ] } diff --git a/2025/29xxx/CVE-2025-29227.json b/2025/29xxx/CVE-2025-29227.json index d70aa75dd87..19753f52162 100644 --- a/2025/29xxx/CVE-2025-29227.json +++ b/2025/29xxx/CVE-2025-29227.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29227", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29227", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Linksys E5600 V1.1.0.26, the \\usr\\share\\lua\\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt[\"pkgsize\"] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_pkgsize/CI_pingTest_pkgsize.md", + "refsource": "MISC", + "name": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_pkgsize/CI_pingTest_pkgsize.md" } ] } diff --git a/2025/29xxx/CVE-2025-29230.json b/2025/29xxx/CVE-2025-29230.json index 9dc4ac110a4..8966d52880b 100644 --- a/2025/29xxx/CVE-2025-29230.json +++ b/2025/29xxx/CVE-2025-29230.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29230", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29230", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt[\"email\"]` parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_emailReg_email/CI_emailReg_email.md", + "refsource": "MISC", + "name": "https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_emailReg_email/CI_emailReg_email.md" } ] } diff --git a/2025/2xxx/CVE-2025-2598.json b/2025/2xxx/CVE-2025-2598.json index 557de271875..e9bcc112d06 100644 --- a/2025/2xxx/CVE-2025-2598.json +++ b/2025/2xxx/CVE-2025-2598.json @@ -59,6 +59,11 @@ "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-005/", "refsource": "MISC", "name": "https://aws.amazon.com/security/security-bulletins/AWS-2025-005/" + }, + { + "url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp", + "refsource": "MISC", + "name": "https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp" } ] }, diff --git a/2025/2xxx/CVE-2025-2612.json b/2025/2xxx/CVE-2025-2612.json new file mode 100644 index 00000000000..0a6933003cf --- /dev/null +++ b/2025/2xxx/CVE-2025-2612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2613.json b/2025/2xxx/CVE-2025-2613.json new file mode 100644 index 00000000000..05fea4bcf3e --- /dev/null +++ b/2025/2xxx/CVE-2025-2613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30349.json b/2025/30xxx/CVE-2025-30349.json index 4493b459819..c3a31466296 100644 --- a/2025/30xxx/CVE-2025-30349.json +++ b/2025/30xxx/CVE-2025-30349.json @@ -1,17 +1,116 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30349", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30349", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/horde/webmail/releases/tag/v5.2.22", + "refsource": "MISC", + "name": "https://github.com/horde/webmail/releases/tag/v5.2.22" + }, + { + "url": "https://www.horde.org/apps/imp", + "refsource": "MISC", + "name": "https://www.horde.org/apps/imp" + }, + { + "refsource": "MISC", + "name": "https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html", + "url": "https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html", + "url": "https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html" + }, + { + "refsource": "MISC", + "name": "https://www.horde.org/download/horde", + "url": "https://www.horde.org/download/horde" + }, + { + "refsource": "MISC", + "name": "https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L61-L62", + "url": "https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L61-L62" + }, + { + "refsource": "MISC", + "name": "https://www.horde.org/apps/horde", + "url": "https://www.horde.org/apps/horde" + }, + { + "refsource": "MISC", + "name": "https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L23-L25", + "url": "https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L23-L25" + }, + { + "refsource": "MISC", + "name": "https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html", + "url": "https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/horde/imp/releases/tag/v6.2.27", + "url": "https://github.com/horde/imp/releases/tag/v6.2.27" + }, + { + "refsource": "MISC", + "name": "https://github.com/horde/base/releases/tag/v5.2.23", + "url": "https://github.com/horde/base/releases/tag/v5.2.23" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html", + "url": "https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html" } ] }