admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-04 19:00:33 +00:00
parent 88e0fc51c0
commit fa6eda7101
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 783 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/13xxx/CVE-2024-13831.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

83
2024/48xxx/CVE-2024-48019.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris.\n\n\nApplication administrators can read arbitrary\nfiles from the server filesystem through path traversal.\n\n\nUsers are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Doris",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.8"
},
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Man Yue Mo of the GitHub Security Lab team"
}
]
}

60
2025/0xxx/CVE-2025-0444.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "133.0.6943.53",
"version_value": "133.0.6943.53"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/390889644",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/390889644"
}
]
}

60
2025/0xxx/CVE-2025-0445.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "133.0.6943.53",
"version_value": "133.0.6943.53"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/392521083",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/392521083"
}
]
}

59
2025/0xxx/CVE-2025-0451.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "133.0.6943.53",
"version_value": "133.0.6943.53"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/40061026",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/40061026"
}
]
}

18
2025/1xxx/CVE-2025-1039.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2025/23xxx/CVE-2025-23058.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE Aruba Networking ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "<=6.12.3",
"status": "affected",
"version": "6.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=6.11.9",
"status": "affected",
"version": "6.11.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "HPESBNW04784",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "ING Bank"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

100
2025/23xxx/CVE-2025-23059.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE Aruba Networking ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "<=6.12.3",
"status": "affected",
"version": "6.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=6.11.9",
"status": "affected",
"version": "6.11.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "HPESBNW04784",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Federal Aviation Administration (FAA)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

100
2025/23xxx/CVE-2025-23060.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE Aruba Networking ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "<=6.12.3",
"status": "affected",
"version": "6.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=6.11.9",
"status": "affected",
"version": "6.11.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "HPESBNW04784",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "HPE Aruba Networking QA Team"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

63
2025/24xxx/CVE-2025-24373.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to \"guest.\" and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpovernight",
"product": {
"product_data": [
{
"product_name": "woocommerce-pdf-invoices-packing-slips",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/security/advisories/GHSA-3j9m-cp35-94fr",
"refsource": "MISC",
"name": "https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/security/advisories/GHSA-3j9m-cp35-94fr"
},
{
"url": "https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/commit/6daeff87f8a7f941f0f7cf4637f41d22c4428c30",
"refsource": "MISC",
"name": "https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/commit/6daeff87f8a7f941f0f7cf4637f41d22c4428c30"
}
]
},
"source": {
"advisory": "GHSA-3j9m-cp35-94fr",
"discovery": "UNKNOWN"
}
}

63
2025/24xxx/CVE-2025-24971.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DumbWareio",
"product": {
"product_data": [
{
"product_name": "DumbDrop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4ff8469d"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-rx8m-jqm7-vcgp",
"refsource": "MISC",
"name": "https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-rx8m-jqm7-vcgp"
},
{
"url": "https://github.com/DumbWareio/DumbDrop/commit/4ff8469d69019d200046a67d326f51703bc4da63",
"refsource": "MISC",
"name": "https://github.com/DumbWareio/DumbDrop/commit/4ff8469d69019d200046a67d326f51703bc4da63"
}
]
},
"source": {
"advisory": "GHSA-rx8m-jqm7-vcgp",
"discovery": "UNKNOWN"
}
}

100
2025/25xxx/CVE-2025-25039.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE Aruba Networking ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "<=6.12.3",
"status": "affected",
"version": "6.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=6.11.9",
"status": "affected",
"version": "6.11.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "HPESBNW04784",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Daniel Jensen (@Dozernz)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}