From fda1e407351e9ef5e2f73854624ebcaedd8d0e3d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2025 01:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/34xxx/CVE-2024-34579.json | 99 +++++++++++++++++++++- 2025/21xxx/CVE-2025-21325.json | 148 ++++++++++++++++++++++++++++++++- 2025/24xxx/CVE-2025-24085.json | 18 ++++ 2025/24xxx/CVE-2025-24282.json | 18 ++++ 2025/24xxx/CVE-2025-24283.json | 18 ++++ 2025/24xxx/CVE-2025-24284.json | 18 ++++ 6 files changed, 311 insertions(+), 8 deletions(-) create mode 100644 2025/24xxx/CVE-2025-24085.json create mode 100644 2025/24xxx/CVE-2025-24282.json create mode 100644 2025/24xxx/CVE-2025-24283.json create mode 100644 2025/24xxx/CVE-2025-24284.json diff --git a/2024/34xxx/CVE-2024-34579.json b/2024/34xxx/CVE-2024-34579.json index ec31a989097..35ca798c038 100644 --- a/2024/34xxx/CVE-2024-34579.json +++ b/2024/34xxx/CVE-2024-34579.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fuji Electric Alpha5 SMART \n\nis vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-Based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fuji Electric", + "product": { + "product_data": [ + { + "product_name": "Alpha5 SMART", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-25-016-05", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Fuji Electric has indicated that the vulnerabilities will not be fixed in Alpha5 SMART. Fuji Electric recommends users upgrade their systems to Alpha7.

For assistance, reach out directly to Fuji Electric's support team.

" + } + ], + "value": "Fuji Electric has indicated that the vulnerabilities will not be fixed in Alpha5 SMART. Fuji Electric recommends users upgrade their systems to Alpha7 https://www.fujielectric.com/products/drives_inverters/servo/product_series/alpha7_overview.html .\n\nFor assistance, reach out directly to Fuji Electric's support team https://www.fujielectric.com/contact/ ." + } + ], + "credits": [ + { + "lang": "en", + "value": "An anonymous researcher working with Trend Micro's Zero Day Initiative reported this vulnerability to CISA" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/21xxx/CVE-2025-21325.json b/2025/21xxx/CVE-2025-21325.json index ba573009fc6..d124653f89b 100644 --- a/2025/21xxx/CVE-2025-21325.json +++ b/2025/21xxx/CVE-2025-21325.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5371" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.4751" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5371" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.4751" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.4751" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.2894" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.2894" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24085.json b/2025/24xxx/CVE-2025-24085.json new file mode 100644 index 00000000000..8a85823c183 --- /dev/null +++ b/2025/24xxx/CVE-2025-24085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24282.json b/2025/24xxx/CVE-2025-24282.json new file mode 100644 index 00000000000..4f849bca4f9 --- /dev/null +++ b/2025/24xxx/CVE-2025-24282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24283.json b/2025/24xxx/CVE-2025-24283.json new file mode 100644 index 00000000000..3bebf370c2b --- /dev/null +++ b/2025/24xxx/CVE-2025-24283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24284.json b/2025/24xxx/CVE-2025-24284.json new file mode 100644 index 00000000000..961719d6cae --- /dev/null +++ b/2025/24xxx/CVE-2025-24284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file