admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-15 18:00:59 +00:00
parent f84bcf7975
commit f4643b3d3d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 541 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/13xxx/CVE-2024-13408.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13409.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13410.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13411.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13412.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13413.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

104
2024/52xxx/CVE-2024-52005.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called \"sideband channel\". These messages will be prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
"cweId": "CWE-150"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "git",
"product": {
"product_data": [
{
"product_name": "git",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.48.0, <= 2.48.1"
},
{
"version_affected": "=",
"version_value": ">= 2.47.0, <= 2.47.1"
},
{
"version_affected": "=",
"version_value": ">= 2.46.0, <= 2.46.3"
},
{
"version_affected": "=",
"version_value": ">= 2.45.0, <= 2.45.3"
},
{
"version_affected": "=",
"version_value": ">= 2.44.0, <= 2.44.3"
},
{
"version_affected": "=",
"version_value": ">= 2.43.0, <= 2.43.6"
},
{
"version_affected": "=",
"version_value": ">= 2.42.0, <= 2.42.4"
},
{
"version_affected": "=",
"version_value": ">= 2.41.0, <= 2.41.3"
},
{
"version_affected": "=",
"version_value": "<= 2.40.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329",
"refsource": "MISC",
"name": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329"
},
{
"url": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net",
"refsource": "MISC",
"name": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net"
}
]
},
"source": {
"advisory": "GHSA-7jjc-gg6m-3329",
"discovery": "UNKNOWN"
}
}

105
2025/0xxx/CVE-2025-0480.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in wuzhicms 4.1.0 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft die Funktion test der Datei coreframe/app/search/admin/config.php. Durch Manipulieren des Arguments sphinxhost/sphinxport mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wuzhicms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.291915",
"refsource": "MISC",
"name": "https://vuldb.com/?id.291915"
},
{
"url": "https://vuldb.com/?ctiid.291915",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.291915"
},
{
"url": "https://vuldb.com/?submit.474965",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.474965"
},
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/212",
"refsource": "MISC",
"name": "https://github.com/wuzhicms/wuzhicms/issues/212"
},
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/212#issue-2769226216",
"refsource": "MISC",
"name": "https://github.com/wuzhicms/wuzhicms/issues/212#issue-2769226216"
}
]
},
"credits": [
{
"lang": "en",
"value": "LVZC (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

18
2025/0xxx/CVE-2025-0499.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0501.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

95
2025/0xxx/CVE-2025-0502.json Normal file
View File

@ -0,0 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-0502",
"ASSIGNER": "security@craftersoftware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')",
"cweId": "CWE-402"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CrafterCMS",
"product": {
"product_data": [
{
"product_name": "CrafterCMS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.0",
"version_value": "4.0.8"
},
{
"version_affected": "<",
"version_name": "4.1.0",
"version_value": "4.1.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://craftercms.com/docs/4.2/security/advisory.html#cv-2025011501",
"refsource": "MISC",
"name": "https://craftercms.com/docs/4.2/security/advisory.html#cv-2025011501"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Block external access to the two APIs:<br><ul><li><tt>/api/1/site/content_store/tree.json</tt></li><li><tt>/api/1/site/content_store/item.json</tt></li></ul>Another approach is to block all APIs that start with <tt>/api/1/site</tt>; this can be done by changing <tt>server-config.properties</tt>&nbsp;to have the property:<br><br><tt># restrict site API access<br>crafter.core.rest.content.store.url.allowedPatterns=^/?site(/.*)?$</tt>"
}
],
"value": "Block external access to the two APIs:\n * /api/1/site/content_store/tree.json\n * /api/1/site/content_store/item.json\n\n\nAnother approach is to block all APIs that start with /api/1/site; this can be done by changing server-config.properties\u00a0to have the property:\n\n# restrict site API access\ncrafter.core.rest.content.store.url.allowedPatterns=^/?site(/.*)?$"
}
],
"credits": [
{
"lang": "en",
"value": "Carlos Ortiz, https://github.com/cortiz"
}
]
}

2
2025/22xxx/CVE-2025-22621.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the \u201cadmin\u201c Splunk roles."
"value": "In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the \"admin\" Splunk roles."
}
]
},

86
2025/23xxx/CVE-2025-23040.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "desktop",
"product": {
"product_data": [
{
"product_name": "desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.4.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/desktop/desktop/security/advisories/GHSA-36mm-rh9q-cpqq",
"refsource": "MISC",
"name": "https://github.com/desktop/desktop/security/advisories/GHSA-36mm-rh9q-cpqq"
},
{
"url": "https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps",
"refsource": "MISC",
"name": "https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps"
},
{
"url": "https://git-scm.com/docs/git-credential",
"refsource": "MISC",
"name": "https://git-scm.com/docs/git-credential"
}
]
},
"source": {
"advisory": "GHSA-36mm-rh9q-cpqq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}