From f8bbdaf08da06fe65065371142ef67d5ca7fa989 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Mar 2025 17:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11218.json | 32 +++++- 2024/12xxx/CVE-2024-12858.json | 122 ++++++++++++++++++++++- 2024/9xxx/CVE-2024-9042.json | 108 +++++++++++++++++++- 2025/0xxx/CVE-2025-0624.json | 26 +++++ 2025/1xxx/CVE-2025-1427.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1428.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1429.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1430.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1431.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1432.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1433.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1649.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1650.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1651.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1652.json | 175 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1767.json | 89 ++++++++++++++++- 2025/24xxx/CVE-2025-24974.json | 58 ++++++++++- 2025/27xxx/CVE-2025-27103.json | 67 ++++++++++++- 2025/27xxx/CVE-2025-27107.json | 80 ++++++++++++++- 2025/27xxx/CVE-2025-27138.json | 58 ++++++++++- 2025/28xxx/CVE-2025-28010.json | 56 +++++++++-- 2025/28xxx/CVE-2025-28011.json | 56 +++++++++-- 2025/28xxx/CVE-2025-28015.json | 56 +++++++++-- 2025/2xxx/CVE-2025-2079.json | 92 ++++++++++++++++- 2025/2xxx/CVE-2025-2080.json | 92 ++++++++++++++++- 2025/2xxx/CVE-2025-2081.json | 92 ++++++++++++++++- 2025/2xxx/CVE-2025-2263.json | 90 ++++++++++++++++- 2025/2xxx/CVE-2025-2264.json | 90 ++++++++++++++++- 2025/2xxx/CVE-2025-2265.json | 90 ++++++++++++++++- 2025/2xxx/CVE-2025-2284.json | 90 ++++++++++++++++- 2025/2xxx/CVE-2025-2285.json | 18 ++++ 2025/2xxx/CVE-2025-2286.json | 18 ++++ 2025/2xxx/CVE-2025-2287.json | 18 ++++ 2025/2xxx/CVE-2025-2288.json | 18 ++++ 2025/2xxx/CVE-2025-2289.json | 18 ++++ 2025/2xxx/CVE-2025-2290.json | 18 ++++ 2025/2xxx/CVE-2025-2291.json | 18 ++++ 37 files changed, 3371 insertions(+), 124 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2285.json create mode 100644 2025/2xxx/CVE-2025-2286.json create mode 100644 2025/2xxx/CVE-2025-2287.json create mode 100644 2025/2xxx/CVE-2025-2288.json create mode 100644 2025/2xxx/CVE-2025-2289.json create mode 100644 2025/2xxx/CVE-2025-2290.json create mode 100644 2025/2xxx/CVE-2025-2291.json diff --git a/2024/11xxx/CVE-2024-11218.json b/2024/11xxx/CVE-2024-11218.json index 8961d268d59..8d4f56ddba4 100644 --- a/2024/11xxx/CVE-2024-11218.json +++ b/2024/11xxx/CVE-2024-11218.json @@ -280,6 +280,27 @@ ] } }, + { + "product_name": "Red Hat OpenShift Container Platform 4.12", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "412.86.202503052321-0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift Container Platform 4.14", "version": { @@ -310,7 +331,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-33.rhaos4.15.el8", + "version": "3:4.4.1-33.rhaos4.15.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -359,7 +380,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:4.9.4-13.rhaos4.16.el8", + "version": "4:4.9.4-15.rhaos4.16.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -422,7 +443,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.33.12-1.rhaos4.17.el9", + "version": "2:1.33.12-1.rhaos4.17.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -571,6 +592,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:1914" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2441", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2441" + }, { "url": "https://access.redhat.com/errata/RHSA-2025:2454", "refsource": "MISC", diff --git a/2024/12xxx/CVE-2024-12858.json b/2024/12xxx/CVE-2024-12858.json index b6010dd18ac..6f7f3a54237 100644 --- a/2024/12xxx/CVE-2024-12858.json +++ b/2024/12xxx/CVE-2024-12858.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper \nvalidation of the length of user-supplied data prior to copying it to a \nfixed-length heap-based buffer. If a target visits a malicious page or \nopens a malicious file an attacker can leverage this vulnerability to \nexecute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "CNCSoft-G2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01" + }, + { + "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf", + "refsource": "MISC", + "name": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf" + }, + { + "url": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC", + "refsource": "MISC", + "name": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-191-01", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "
\n

Delta also recommends the following general security practices:

\n\n

If you have any product-related support concerns, please find a contact from Delta's portal page to reach them for any information or materials you may require.\n\n
\n

Delta has published Delta-PCSA-2025-00002 in both English and Chinese on their security website to provide more details about these issues.\n\n
" + } + ], + "value": "Delta also recommends the following general security practices:\n\n\n\n * Don't click on untrusted Internet links or open unsolicited attachments in emails.\n\n * Avoid exposing control systems and equipment to the Internet.\n\n * Place systems and devices behind a firewall and isolate them from the business network.\n\n * When remote access is required, use a secure access method, such as a virtual private network (VPN).\n\n\n\n\nIf you have any product-related support concerns, please find a contact from Delta's portal page https://www.deltaww.com/en-US/Customer-Service to reach them for any information or materials you may require.\n\n\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "
Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 or later.

\nDelta has published Delta-PCSA-2025-00002 in both English and Chinese on their security website to provide more details about these issues.\n\n
\n\n
" + } + ], + "value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later.\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues." + } + ], + "credits": [ + { + "lang": "en", + "value": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9042.json b/2024/9xxx/CVE-2024-9042.json index 4821e7e5698..fefc4e57947 100644 --- a/2024/9xxx/CVE-2024-9042.json +++ b/2024/9xxx/CVE-2024-9042.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@kubernetes.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kubernetes", + "product": { + "product_data": [ + { + "product_name": "Kubelet", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<=v1.29.12" + }, + { + "version_affected": "<=", + "version_name": "v1.30", + "version_value": "v1.30.8" + }, + { + "version_affected": "<=", + "version_name": "v1.31", + "version_value": "v1.31.4" + }, + { + "version_affected": "<=", + "version_name": "v1.32", + "version_value": "v1.32.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/129654", + "refsource": "MISC", + "name": "https://github.com/kubernetes/kubernetes/issues/129654" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg", + "refsource": "MISC", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Peled, Tomer" + }, + { + "lang": "en", + "value": "Aravindh Puthiyaprambil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0624.json b/2025/0xxx/CVE-2025-0624.json index 56e7d79440f..dc0a7acf6cb 100644 --- a/2025/0xxx/CVE-2025-0624.json +++ b/2025/0xxx/CVE-2025-0624.json @@ -203,6 +203,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1:2.06-27.el9_0.22", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "version": { @@ -309,6 +330,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:2784" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2799", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2799" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-0624", "refsource": "MISC", diff --git a/2025/1xxx/CVE-2025-1427.json b/2025/1xxx/CVE-2025-1427.json index 57267697895..5461375daae 100644 --- a/2025/1xxx/CVE-2025-1427.json +++ b/2025/1xxx/CVE-2025-1427.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable", + "cweId": "CWE-457" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1428.json b/2025/1xxx/CVE-2025-1428.json index 047e53a8faa..41473282154 100644 --- a/2025/1xxx/CVE-2025-1428.json +++ b/2025/1xxx/CVE-2025-1428.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-Bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1429.json b/2025/1xxx/CVE-2025-1429.json index b9f2f42b434..79a5ff34fb4 100644 --- a/2025/1xxx/CVE-2025-1429.json +++ b/2025/1xxx/CVE-2025-1429.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-Based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1430.json b/2025/1xxx/CVE-2025-1430.json index a99e476d3d2..7b6f37096d3 100644 --- a/2025/1xxx/CVE-2025-1430.json +++ b/2025/1xxx/CVE-2025-1430.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1431.json b/2025/1xxx/CVE-2025-1431.json index d5ef7825fe9..f067f8d6623 100644 --- a/2025/1xxx/CVE-2025-1431.json +++ b/2025/1xxx/CVE-2025-1431.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-Bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1432.json b/2025/1xxx/CVE-2025-1432.json index 80edf1891a4..db366d35d2f 100644 --- a/2025/1xxx/CVE-2025-1432.json +++ b/2025/1xxx/CVE-2025-1432.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1433.json b/2025/1xxx/CVE-2025-1433.json index 4fcdab98520..e0076dc9866 100644 --- a/2025/1xxx/CVE-2025-1433.json +++ b/2025/1xxx/CVE-2025-1433.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-Bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1649.json b/2025/1xxx/CVE-2025-1649.json index c1697c4c8ee..c2ea84e4493 100644 --- a/2025/1xxx/CVE-2025-1649.json +++ b/2025/1xxx/CVE-2025-1649.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable", + "cweId": "CWE-457" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1650.json b/2025/1xxx/CVE-2025-1650.json index 1db51298e0b..bc1941fbbfc 100644 --- a/2025/1xxx/CVE-2025-1650.json +++ b/2025/1xxx/CVE-2025-1650.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable", + "cweId": "CWE-457" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1651.json b/2025/1xxx/CVE-2025-1651.json index 149b0437402..bc0feaad725 100644 --- a/2025/1xxx/CVE-2025-1651.json +++ b/2025/1xxx/CVE-2025-1651.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1652.json b/2025/1xxx/CVE-2025-1652.json index 19c1d1110ae..ec71819f288 100644 --- a/2025/1xxx/CVE-2025-1652.json +++ b/2025/1xxx/CVE-2025-1652.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-Bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "AutoCAD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + }, + { + "product_name": "AutoCAD MAP 3D", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2025", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1767.json b/2025/1xxx/CVE-2025-1767.json index 0075dd51ebd..e2b4dd8ae71 100644 --- a/2025/1xxx/CVE-2025-1767.json +++ b/2025/1xxx/CVE-2025-1767.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@kubernetes.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kubernetes", + "product": { + "product_data": [ + { + "product_name": "Kubelet", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all_versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubernetes/kubernetes/pull/130786", + "refsource": "MISC", + "name": "https://github.com/kubernetes/kubernetes/pull/130786" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s", + "refsource": "MISC", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Christophe Hauquiert" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24974.json b/2025/24xxx/CVE-2025-24974.json index fa89740ae54..5e083c71b53 100644 --- a/2025/24xxx/CVE-2025-24974.json +++ b/2025/24xxx/CVE-2025-24974.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dataease", + "product": { + "product_data": [ + { + "product_name": "dataease", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.10.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5", + "refsource": "MISC", + "name": "https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5" + } + ] + }, + "source": { + "advisory": "GHSA-wmfp-mjf3-57f5", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27103.json b/2025/27xxx/CVE-2025-27103.json index fa977b20790..5d84a4e9262 100644 --- a/2025/27xxx/CVE-2025-27103.json +++ b/2025/27xxx/CVE-2025-27103.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dataease", + "product": { + "product_data": [ + { + "product_name": "dataease", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.10.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dataease/dataease/security/advisories/GHSA-v4gg-8rp3-ccjx", + "refsource": "MISC", + "name": "https://github.com/dataease/dataease/security/advisories/GHSA-v4gg-8rp3-ccjx" + } + ] + }, + "source": { + "advisory": "GHSA-v4gg-8rp3-ccjx", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27107.json b/2025/27xxx/CVE-2025-27107.json index afa72a59a89..b42980c3cc4 100644 --- a/2025/27xxx/CVE-2025-27107.json +++ b/2025/27xxx/CVE-2025-27107.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods.\nThis vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CyclopsMC", + "product": { + "product_data": [ + { + "product_name": "IntegratedScripting", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.21.1-1.0.17" + }, + { + "version_affected": "=", + "version_value": "< 1.21.4-1.0.9-254" + }, + { + "version_affected": "=", + "version_value": "< 1.20.1-1.0.13" + }, + { + "version_affected": "=", + "version_value": "< 1.19.2-1.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CyclopsMC/IntegratedScripting/security/advisories/GHSA-2v5x-4823-hq77", + "refsource": "MISC", + "name": "https://github.com/CyclopsMC/IntegratedScripting/security/advisories/GHSA-2v5x-4823-hq77" + }, + { + "url": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46", + "refsource": "MISC", + "name": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46" + }, + { + "url": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/translation/ValueTranslators.java", + "refsource": "MISC", + "name": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/translation/ValueTranslators.java" + } + ] + }, + "source": { + "advisory": "GHSA-2v5x-4823-hq77", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27138.json b/2025/27xxx/CVE-2025-27138.json index 8320c2bb4fb..27c85c39d93 100644 --- a/2025/27xxx/CVE-2025-27138.json +++ b/2025/27xxx/CVE-2025-27138.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27138", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dataease", + "product": { + "product_data": [ + { + "product_name": "dataease", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.10.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dataease/dataease/security/advisories/GHSA-533g-whf8-q637", + "refsource": "MISC", + "name": "https://github.com/dataease/dataease/security/advisories/GHSA-533g-whf8-q637" + } + ] + }, + "source": { + "advisory": "GHSA-533g-whf8-q637", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/28xxx/CVE-2025-28010.json b/2025/28xxx/CVE-2025-28010.json index ab17b48d5c1..6e5e7a3181f 100644 --- a/2025/28xxx/CVE-2025-28010.json +++ b/2025/28xxx/CVE-2025-28010.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28010", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28010", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rtnthakur/CVE/blob/main/MODX/README.md", + "refsource": "MISC", + "name": "https://github.com/rtnthakur/CVE/blob/main/MODX/README.md" } ] } diff --git a/2025/28xxx/CVE-2025-28011.json b/2025/28xxx/CVE-2025-28011.json index 4d302156dea..5b00bf74c6d 100644 --- a/2025/28xxx/CVE-2025-28011.json +++ b/2025/28xxx/CVE-2025-28011.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28011", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28011", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/Change-password-sql-injection.pdf", + "refsource": "MISC", + "name": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/Change-password-sql-injection.pdf" } ] } diff --git a/2025/28xxx/CVE-2025-28015.json b/2025/28xxx/CVE-2025-28015.json index 6f92e7bd6c9..98a0fbfdc86 100644 --- a/2025/28xxx/CVE-2025-28015.json +++ b/2025/28xxx/CVE-2025-28015.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28015", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28015", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/HTML%20Injection%20-%20edit-profile.md", + "refsource": "MISC", + "name": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/HTML%20Injection%20-%20edit-profile.md" } ] } diff --git a/2025/2xxx/CVE-2025-2079.json b/2025/2xxx/CVE-2025-2079.json index e89e7ab5e99..c53bb257702 100644 --- a/2025/2xxx/CVE-2025-2079.json +++ b/2025/2xxx/CVE-2025-2079.json @@ -1,18 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-547 Use of Hard-Coded, Security-Relevant Constants", + "cweId": "CWE-547" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Optigo Networks", + "product": { + "product_data": [ + { + "product_name": "Visual BACnet Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + }, + { + "product_name": "Optigo Visual Networks Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Optigo Networks recommends users to upgrade to the following:

\n\n
" + } + ], + "value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Team82" + } + ] } \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2080.json b/2025/2xxx/CVE-2025-2080.json index ddc0bcf8ab1..07fec24bbb5 100644 --- a/2025/2xxx/CVE-2025-2080.json +++ b/2025/2xxx/CVE-2025-2080.json @@ -1,18 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Optigo Networks", + "product": { + "product_data": [ + { + "product_name": "Visual BACnet Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + }, + { + "product_name": "Optigo Visual Networks Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Optigo Networks recommends users to upgrade to the following:

\n\n
" + } + ], + "value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Team82" + } + ] } \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2081.json b/2025/2xxx/CVE-2025-2081.json index 19151e96a9c..85a32a9f680 100644 --- a/2025/2xxx/CVE-2025-2081.json +++ b/2025/2xxx/CVE-2025-2081.json @@ -1,18 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2081", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-547 Use of Hard-Coded, Security-Relevant Constants", + "cweId": "CWE-547" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Optigo Networks", + "product": { + "product_data": [ + { + "product_name": "Visual BACnet Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + }, + { + "product_name": "Optigo Visual Networks Capture Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2rc11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Optigo Networks recommends users to upgrade to the following:

\n\n
" + } + ], + "value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Team82" + } + ] } \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2263.json b/2025/2xxx/CVE-2025-2263.json index 1b36eb27530..14cbe84416d 100644 --- a/2025/2xxx/CVE-2025-2263.json +++ b/2025/2xxx/CVE-2025-2263.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During login to the web server in \"Sante PACS Server.exe\", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Santesoft", + "product": { + "product_data": [ + { + "product_name": "Sante PACS Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "4.1.0" + }, + { + "status": "unaffected", + "version": "4.2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2025-08", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2025-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2264.json b/2025/2xxx/CVE-2025-2264.json index b6d854edc69..5ef84d4a37e 100644 --- a/2025/2xxx/CVE-2025-2264.json +++ b/2025/2xxx/CVE-2025-2264.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Path Traversal Information Disclosure vulnerability exists in \"Sante PACS Server.exe\". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Santesoft", + "product": { + "product_data": [ + { + "product_name": "Sante PACS Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "4.1.0" + }, + { + "status": "unaffected", + "version": "4.2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2025-08", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2025-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2265.json b/2025/2xxx/CVE-2025-2265.json index 196a63978f8..e1e688243fb 100644 --- a/2025/2xxx/CVE-2025-2265.json +++ b/2025/2xxx/CVE-2025-2265.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-916 Use of Password Hash With Insufficient Computational Effort", + "cweId": "CWE-916" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Santesoft", + "product": { + "product_data": [ + { + "product_name": "Sante PACS Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "4.1.0" + }, + { + "status": "unaffected", + "version": "4.2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2025-08", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2025-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2284.json b/2025/2xxx/CVE-2025-2284.json index a3eda487a88..ad639890029 100644 --- a/2025/2xxx/CVE-2025-2284.json +++ b/2025/2xxx/CVE-2025-2284.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in the \"GetWebLoginCredentials\" function in \"Sante PACS Server.exe\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824 Access of Uninitialized Pointer", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Santesoft", + "product": { + "product_data": [ + { + "product_name": "Sante PACS Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "4.1.0" + }, + { + "status": "unaffected", + "version": "4.2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2025-08", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2025-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2285.json b/2025/2xxx/CVE-2025-2285.json new file mode 100644 index 00000000000..831f4476d6b --- /dev/null +++ b/2025/2xxx/CVE-2025-2285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2286.json b/2025/2xxx/CVE-2025-2286.json new file mode 100644 index 00000000000..9cac9166f1f --- /dev/null +++ b/2025/2xxx/CVE-2025-2286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2287.json b/2025/2xxx/CVE-2025-2287.json new file mode 100644 index 00000000000..5094c693e0e --- /dev/null +++ b/2025/2xxx/CVE-2025-2287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2288.json b/2025/2xxx/CVE-2025-2288.json new file mode 100644 index 00000000000..a147412b77a --- /dev/null +++ b/2025/2xxx/CVE-2025-2288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2289.json b/2025/2xxx/CVE-2025-2289.json new file mode 100644 index 00000000000..5c686456718 --- /dev/null +++ b/2025/2xxx/CVE-2025-2289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2290.json b/2025/2xxx/CVE-2025-2290.json new file mode 100644 index 00000000000..3b406fc470c --- /dev/null +++ b/2025/2xxx/CVE-2025-2290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2291.json b/2025/2xxx/CVE-2025-2291.json new file mode 100644 index 00000000000..0620303b49b --- /dev/null +++ b/2025/2xxx/CVE-2025-2291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file