From f50de77c1dbe98d23e967bdbc6ca195436bc116c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Mar 2025 22:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/27xxx/CVE-2025-27508.json | 81 ++++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2004.json | 18 ++++++++ 2025/2xxx/CVE-2025-2005.json | 18 ++++++++ 2025/2xxx/CVE-2025-2006.json | 18 ++++++++ 2025/2xxx/CVE-2025-2007.json | 18 ++++++++ 2025/2xxx/CVE-2025-2008.json | 18 ++++++++ 2025/2xxx/CVE-2025-2009.json | 18 ++++++++ 2025/2xxx/CVE-2025-2010.json | 18 ++++++++ 8 files changed, 203 insertions(+), 4 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2004.json create mode 100644 2025/2xxx/CVE-2025-2005.json create mode 100644 2025/2xxx/CVE-2025-2006.json create mode 100644 2025/2xxx/CVE-2025-2007.json create mode 100644 2025/2xxx/CVE-2025-2008.json create mode 100644 2025/2xxx/CVE-2025-2009.json create mode 100644 2025/2xxx/CVE-2025-2010.json diff --git a/2025/27xxx/CVE-2025-27508.json b/2025/27xxx/CVE-2025-27508.json index 3a0d86e4d62..e5c55e8cf58 100644 --- a/2025/27xxx/CVE-2025-27508.json +++ b/2025/27xxx/CVE-2025-27508.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NationalSecurityAgency", + "product": { + "product_data": [ + { + "product_name": "emissary", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 8.24.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-hw43-fcmm-3m5g", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-hw43-fcmm-3m5g" + }, + { + "url": "https://github.com/NationalSecurityAgency/emissary/commit/da3a81a8977577597ff2a944820a5ae4e9762368", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/emissary/commit/da3a81a8977577597ff2a944820a5ae4e9762368" + } + ] + }, + "source": { + "advisory": "GHSA-hw43-fcmm-3m5g", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2004.json b/2025/2xxx/CVE-2025-2004.json new file mode 100644 index 00000000000..476461ff433 --- /dev/null +++ b/2025/2xxx/CVE-2025-2004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2005.json b/2025/2xxx/CVE-2025-2005.json new file mode 100644 index 00000000000..8ba5a012a07 --- /dev/null +++ b/2025/2xxx/CVE-2025-2005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2006.json b/2025/2xxx/CVE-2025-2006.json new file mode 100644 index 00000000000..a97ef854f46 --- /dev/null +++ b/2025/2xxx/CVE-2025-2006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2007.json b/2025/2xxx/CVE-2025-2007.json new file mode 100644 index 00000000000..f21a088cb84 --- /dev/null +++ b/2025/2xxx/CVE-2025-2007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2008.json b/2025/2xxx/CVE-2025-2008.json new file mode 100644 index 00000000000..395876fcabc --- /dev/null +++ b/2025/2xxx/CVE-2025-2008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2009.json b/2025/2xxx/CVE-2025-2009.json new file mode 100644 index 00000000000..4e4e7c3cfd8 --- /dev/null +++ b/2025/2xxx/CVE-2025-2009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2010.json b/2025/2xxx/CVE-2025-2010.json new file mode 100644 index 00000000000..6475f134201 --- /dev/null +++ b/2025/2xxx/CVE-2025-2010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file