admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-15 08:00:57 +00:00
parent ccacb5ba88
commit f4b0548518
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 579 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2024/11xxx/CVE-2024-11870.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vcita",
"product": {
"product_data": [
{
"product_name": "Event Registration Calendar By vcita",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L22",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L50",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L50"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L91",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L91"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L129",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L129"
}
]
},
"credits": [
{
"lang": "en",
"value": "muhammad yudha"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

84
2024/7xxx/CVE-2024-7322.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7322",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@silabs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change\u00a0in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error",
"cweId": "CWE-346"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "silabs.com",
"product": {
"product_data": [
{
"product_name": "EmberZNet",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "7.4.4"
},
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "8.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.silabs.com/068Vm00000I7ri2",
"refsource": "MISC",
"name": "https://community.silabs.com/068Vm00000I7ri2"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

139
2025/0xxx/CVE-2025-0354.json
View File

@ -1,17 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NEC Corporation",
"product": {
"product_data": [
{
"product_name": "WG2600HS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.7.2 and earlier"
}
]
}
},
{
"product_name": "WG2600HP4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.4.2 and earlier"
}
]
}
},
{
"product_name": "WG2600HM4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.4.2 and earlier"
}
]
}
},
{
"product_name": "WG2600HS2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.3.2 and earlier"
}
]
}
},
{
"product_name": "WX3000HP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.2.4.2 and earlier"
}
]
}
},
{
"product_name": "WX4200D5",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.2.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html",
"refsource": "MISC",
"name": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Takayuki Sasaki of Yokohama National University."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

172
2025/0xxx/CVE-2025-0355.json
View File

@ -1,17 +1,181 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NEC Corporation",
"product": {
"product_data": [
{
"product_name": "WG2600HS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.7.2 and earlier"
}
]
}
},
{
"product_name": "WF1200CR",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.6.0 and earlier"
}
]
}
},
{
"product_name": "WG1200CR",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.5.0 and earlier"
}
]
}
},
{
"product_name": "GB1200PE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.3.0 and earlier"
}
]
}
},
{
"product_name": "WG2600HP4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.4.2 and earlier"
}
]
}
},
{
"product_name": "WG2600HM4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.4.2 and earlier"
}
]
}
},
{
"product_name": "WG2600HS2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.3.2 and earlier"
}
]
}
},
{
"product_name": "WX3000HP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.2.4.2 and earlier"
}
]
}
},
{
"product_name": "WX4200D5",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.2.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html",
"refsource": "MISC",
"name": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Takayuki Sasaki of Yokohama National University."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

95
2025/0xxx/CVE-2025-0356.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NEC Corporation",
"product": {
"product_data": [
{
"product_name": "WX1500HP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.4.2 and earlier"
}
]
}
},
{
"product_name": "WX3600HP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver.1.5.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html",
"refsource": "MISC",
"name": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Kakeru Kajihara."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2025/23xxx/CVE-2025-23384.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}