admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-11T18:00:20.437316+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-11 18:03:52 +00:00
parent ecd3a3e120
commit 0df46888b2
103 changed files with 4515 additions and 765 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2016/CVE-2016-150xx/CVE-2016-15005.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-15005",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.003",
"lastModified": "2024-11-21T02:45:28.647",
"lastModified": "2025-04-11T17:15:33.507",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

22
CVE-2019/CVE-2019-250xx/CVE-2019-25072.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-25072",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.323",
"lastModified": "2024-11-21T04:39:53.307",
"lastModified": "2025-04-11T17:15:33.823",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36559.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36559",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.500",
"lastModified": "2024-11-21T05:29:50.100",
"lastModified": "2025-04-11T17:15:34.003",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36560.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36560",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.573",
"lastModified": "2024-11-21T05:29:50.267",
"lastModified": "2025-04-11T17:15:34.210",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36561.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36561",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.623",
"lastModified": "2024-11-21T05:29:50.427",
"lastModified": "2025-04-11T17:15:34.397",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36562.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36562",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-28T03:15:09.490",
"lastModified": "2024-11-21T05:29:50.567",
"lastModified": "2025-04-11T17:15:34.600",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36563.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36563",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-28T03:15:09.560",
"lastModified": "2024-11-21T05:29:50.707",
"lastModified": "2025-04-11T17:15:34.783",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36564.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36564",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.673",
"lastModified": "2024-11-21T05:29:50.827",
"lastModified": "2025-04-11T17:15:34.950",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36566.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36566",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.723",
"lastModified": "2024-11-21T05:29:51.137",
"lastModified": "2025-04-11T17:15:35.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},

22
CVE-2020/CVE-2020-365xx/CVE-2020-36567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36567",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T21:15:10.903",
"lastModified": "2024-11-21T05:29:51.270",
"lastModified": "2025-04-11T17:15:35.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2021/CVE-2021-42xx/CVE-2021-4235.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4235",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.960",
"lastModified": "2024-11-21T06:37:12.307",
"lastModified": "2025-04-11T17:15:35.497",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

22
CVE-2021/CVE-2021-42xx/CVE-2021-4236.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4236",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:12.013",
"lastModified": "2024-11-21T06:37:12.453",
"lastModified": "2025-04-11T17:15:35.677",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

22
CVE-2021/CVE-2021-42xx/CVE-2021-4238.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4238",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:12.073",
"lastModified": "2024-11-21T06:37:12.600",
"lastModified": "2025-04-11T17:15:35.883",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},

22
CVE-2022/CVE-2022-25xx/CVE-2022-2582.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2582",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:12.390",
"lastModified": "2024-11-21T07:01:17.393",
"lastModified": "2025-04-11T17:15:36.213",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

22
CVE-2022/CVE-2022-25xx/CVE-2022-2583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2583",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:12.500",
"lastModified": "2024-11-21T07:01:17.520",
"lastModified": "2025-04-11T17:15:36.390",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},

22
CVE-2022/CVE-2022-25xx/CVE-2022-2584.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2584",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:12.653",
"lastModified": "2024-11-21T07:01:17.623",
"lastModified": "2025-04-11T17:15:36.570",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

32
CVE-2022/CVE-2022-390xx/CVE-2022-39012.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39012",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-12-28T18:15:08.950",
"lastModified": "2024-11-21T07:17:22.383",
"lastModified": "2025-04-11T17:15:36.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-415xx/CVE-2022-41579.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41579",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-12-28T18:15:09.027",
"lastModified": "2024-11-21T07:23:25.773",
"lastModified": "2025-04-11T17:15:37.113",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-287"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-445xx/CVE-2022-44564.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44564",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-12-28T18:15:09.090",
"lastModified": "2024-11-21T07:28:08.303",
"lastModified": "2025-04-11T17:15:37.290",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-458xx/CVE-2022-45874.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45874",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-12-28T18:15:09.157",
"lastModified": "2024-11-21T07:29:52.830",
"lastModified": "2025-04-11T16:15:17.270",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46583",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.197",
"lastModified": "2024-11-21T07:30:46.083",
"lastModified": "2025-04-11T17:15:37.463",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46584.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46584",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.260",
"lastModified": "2024-11-21T07:30:46.220",
"lastModified": "2025-04-11T16:15:18.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46596.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46596",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.757",
"lastModified": "2024-11-21T07:30:47.693",
"lastModified": "2025-04-11T17:15:37.663",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46597.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46597",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.800",
"lastModified": "2024-11-21T07:30:47.853",
"lastModified": "2025-04-11T17:15:37.867",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46598.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46598",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.850",
"lastModified": "2024-11-21T07:30:48.007",
"lastModified": "2025-04-11T17:15:38.053",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-465xx/CVE-2022-46599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46599",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-30T21:15:10.897",
"lastModified": "2024-11-21T07:30:48.160",
"lastModified": "2025-04-11T17:15:38.243",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-467xx/CVE-2022-46740.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46740",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-12-28T18:15:09.223",
"lastModified": "2024-11-21T07:30:59.613",
"lastModified": "2025-04-11T16:15:18.210",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-467xx/CVE-2022-46764.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46764",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-27T01:15:11.047",
"lastModified": "2024-11-21T07:31:01.283",
"lastModified": "2025-04-11T17:15:38.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-479xx/CVE-2022-47968.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47968",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-27T18:15:11.037",
"lastModified": "2024-11-21T07:32:39.003",
"lastModified": "2025-04-11T17:15:38.647",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

74
CVE-2023/CVE-2023-378xx/CVE-2023-37898.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37898",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-21T20:15:11.583",
"lastModified": "2024-11-21T08:12:25.323",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:19:44.633",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,24 +69,66 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"versionEndExcluding": "2.12.9",
"matchCriteriaId": "70E827D0-C286-4DA5-893E-C7FC1C03FECD"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-386xx/CVE-2023-38614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38614",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:44.233",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T17:15:38.850",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120949",

39
CVE-2023/CVE-2023-410xx/CVE-2023-41076.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41076",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:44.570",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:18.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120950",

39
CVE-2023/CVE-2023-428xx/CVE-2023-42875.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42875",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:44.777",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T17:15:39.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120330",

39
CVE-2023/CVE-2023-429xx/CVE-2023-42969.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42969",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:44.947",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:18.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120328",

39
CVE-2023/CVE-2023-429xx/CVE-2023-42970.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42970",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:45.057",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T17:15:39.203",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120330",

39
CVE-2023/CVE-2023-429xx/CVE-2023-42973.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42973",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:45.140",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:18.637",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120949",

39
CVE-2023/CVE-2023-429xx/CVE-2023-42981.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42981",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-11T15:15:45.320",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:18.770",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/120950",

16
CVE-2024/CVE-2024-272xx/CVE-2024-27294.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T23:15:08.250",
"lastModified": "2025-03-04T14:12:57.807",
"lastModified": "2025-04-11T16:58:53.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-732"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
@ -80,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:danielparks:dp-golang:*:*:*:*:*:go:*:*",
"criteria": "cpe:2.3:a:danielparks:dp-golang:*:*:*:*:*:puppet:*:*",
"versionEndExcluding": "1.2.7",
"matchCriteriaId": "995B84AC-2333-4F45-90E0-DD357CBD715C"
"matchCriteriaId": "A9C1DDA8-090C-4DFE-852B-C9CF62A0E1F4"
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35345",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.317",
"lastModified": "2024-11-21T09:20:10.490",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:15:02.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298533/vuln1-cross-site-scripting-xss",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298533/vuln1-cross-site-scripting-xss",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35350",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.300",
"lastModified": "2024-11-21T09:20:10.960",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:33.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298666/vuln6-blind-sql-injection-time-based",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298666/vuln6-blind-sql-injection-time-based",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

31
CVE-2024/CVE-2024-353xx/CVE-2024-35351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.393",
"lastModified": "2024-11-21T09:20:11.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:40.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298534/vuln2-execution-after-redirect-ear-stored-cross-site-scripting-xss",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298534/vuln2-execution-after-redirect-ear-stored-cross-site-scripting-xss",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35354",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.413",
"lastModified": "2024-11-21T09:20:11.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:58.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298670/vuln9-error-based-sql-injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298670/vuln9-error-based-sql-injection",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35355",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.503",
"lastModified": "2024-11-21T09:20:12.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:54.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298724/vuln10-blind-sql-injection-time-based",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298724/vuln10-blind-sql-injection-time-based",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35356",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.593",
"lastModified": "2024-11-21T09:20:12.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:48.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298676/vuln11-error-based-sql-injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298676/vuln11-error-based-sql-injection",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35357",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.690",
"lastModified": "2024-11-21T09:20:12.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:44.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298672/vuln12-error-based-sql-injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298672/vuln12-error-based-sql-injection",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-353xx/CVE-2024-35358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35358",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.777",
"lastModified": "2024-11-21T09:20:12.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:14:28.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dino_physics_school_assistant_project:dino_physics_school_assistant:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E35E-296D-4E67-8F82-F1E1260B3BCF"
}
]
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298731/vuln14-blind-sql-injection-time-based",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298731/vuln14-blind-sql-injection-time-based",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-355xx/CVE-2024-35581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35581",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:35.960",
"lastModified": "2024-11-21T09:20:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:10:28.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,30 +51,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35581.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35581.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
}
]
}

53
CVE-2024/CVE-2024-355xx/CVE-2024-35582.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35582",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:36.037",
"lastModified": "2024-11-21T09:20:29.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:10:24.160",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,30 +51,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35582.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35582.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
}
]
}

53
CVE-2024/CVE-2024-355xx/CVE-2024-35583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35583",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:36.100",
"lastModified": "2024-11-21T09:20:30.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:10:09.270",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,30 +51,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35583.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/r04i7/CVE/blob/main/CVE-2024-35583.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "https://owasp.org/www-community/attacks/xss/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting/stored",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
]
}
]
}

36
CVE-2024/CVE-2024-550xx/CVE-2024-55070.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-55070",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T20:15:27.247",
"lastModified": "2025-03-28T18:11:40.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:04:33.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n a nivel de objeto roto en el componente /households/permissions de hay-kot mealie v2.2.0 permite a los administradores de grupo editar sus propios permisos."
}
],
"metrics": {
@ -47,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mealie:mealie:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D856FDBD-0CA1-4C24-885E-995AD779AC6B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mealie-recipes/mealie/issues/4593",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2024/CVE-2024-550xx/CVE-2024-55073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-55073",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T19:15:48.437",
"lastModified": "2025-03-28T18:11:40.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:59:53.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n a nivel de objeto roto en el componente /api/users/{user-id} de hay-kot mealie v2.2.0 permite a los usuarios editar su propio perfil para obtener m\u00e1s permisos o cambiar su propietario."
}
],
"metrics": {
@ -47,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mealie:mealie:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D856FDBD-0CA1-4C24-885E-995AD779AC6B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mealie-recipes/mealie/issues/4593",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

9
CVE-2024/CVE-2024-79xx/CVE-2024-7991.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7991",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:05.560",
"lastModified": "2025-02-10T21:15:21.143",
"lastModified": "2025-04-11T17:15:39.500",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -165,11 +165,8 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021",
"source": "psirt@autodesk.com"
}
]
}

11
CVE-2024/CVE-2024-79xx/CVE-2024-7992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7992",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:05.760",
"lastModified": "2024-11-01T16:26:35.113",
"vulnStatus": "Analyzed",
"lastModified": "2025-04-11T17:15:39.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -165,11 +165,8 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021",
"source": "psirt@autodesk.com"
}
]
}

4
CVE-2024/CVE-2024-85xx/CVE-2024-8588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8588",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:05.950",
"lastModified": "2025-02-03T17:15:23.190",
"lastModified": "2025-04-11T17:15:39.973",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8589.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8589",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:06.133",
"lastModified": "2025-02-03T17:15:23.330",
"lastModified": "2025-04-11T17:15:40.120",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8590.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8590",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:06.340",
"lastModified": "2025-02-03T17:15:23.450",
"lastModified": "2025-04-11T17:15:40.270",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8591.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8591",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:06.537",
"lastModified": "2025-02-03T17:15:23.577",
"lastModified": "2025-04-11T17:15:40.407",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8593.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8593",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:06.907",
"lastModified": "2025-02-10T21:15:21.427",
"lastModified": "2025-04-11T17:15:40.663",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8594",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:07.103",
"lastModified": "2025-02-03T17:15:23.930",
"lastModified": "2025-04-11T17:15:40.810",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8595.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8595",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:07.300",
"lastModified": "2025-02-03T17:15:24.053",
"lastModified": "2025-04-11T17:15:40.953",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8596.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8596",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:07.510",
"lastModified": "2025-02-10T21:15:21.560",
"lastModified": "2025-04-11T17:15:41.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8597.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8597",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:07.703",
"lastModified": "2025-02-03T17:15:24.297",
"lastModified": "2025-04-11T17:15:41.223",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8598.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8598",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:07.917",
"lastModified": "2025-02-03T17:15:24.413",
"lastModified": "2025-04-11T17:15:41.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-85xx/CVE-2024-8599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8599",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:08.130",
"lastModified": "2025-02-03T17:15:24.537",
"lastModified": "2025-04-11T17:15:41.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

6
CVE-2024/CVE-2024-86xx/CVE-2024-8600.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-8600",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:08.330",
"lastModified": "2025-04-04T13:15:44.070",
"lastModified": "2025-04-11T17:15:41.637",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk affected applications can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

70
CVE-2024/CVE-2024-86xx/CVE-2024-8645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8645",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-10T10:15:14.113",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:19:58.673",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,16 +69,58 @@
"value": "CWE-824"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.16",
"matchCriteriaId": "755E1C62-68C3-4DCC-8AFE-FEFE537E3D0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.6",
"matchCriteriaId": "7E1A7838-EEAA-4AF5-9E14-65CBC0D7309B"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19559",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-10.html",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-98xx/CVE-2024-9826.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9826",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:08.900",
"lastModified": "2025-02-03T17:15:24.760",
"lastModified": "2025-04-11T17:15:41.913",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

4
CVE-2024/CVE-2024-98xx/CVE-2024-9827.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9827",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-10-29T22:15:09.100",
"lastModified": "2025-02-03T18:15:41.250",
"lastModified": "2025-04-11T17:15:42.070",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -163,7 +163,7 @@
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019",
"source": "psirt@autodesk.com"
}
]

91
CVE-2025/CVE-2025-02xx/CVE-2025-0255.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0255",
"sourceIdentifier": "psirt@hcl.com",
"published": "2025-03-24T17:15:20.110",
"lastModified": "2025-03-27T16:45:46.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:40:04.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,12 +69,77 @@
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0.0",
"versionEndExcluding": "8.0.1.5",
"matchCriteriaId": "42A4C3FF-3686-420F-894E-4D51AACEA84B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05BD431A-117C-43D1-B1E9-8F13FB0E0F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0.0",
"versionEndExcluding": "7.0.5.26",
"matchCriteriaId": "D5ED2A18-EF03-4472-98EA-E9B37F489B93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0.0",
"versionEndExcluding": "7.1.2.22",
"matchCriteriaId": "38CF144B-AD62-4D88-BEF5-65CB622A041F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0.0",
"versionEndExcluding": "7.2.3.15",
"matchCriteriaId": "B8BBA9A0-5AAA-49CD-B8B5-A4188B4697E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0.0",
"versionEndExcluding": "7.3.2.10",
"matchCriteriaId": "366685B4-952E-4A6D-9822-9DB6010175A3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119060",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2025/CVE-2025-02xx/CVE-2025-0256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0256",
"sourceIdentifier": "psirt@hcl.com",
"published": "2025-03-24T16:15:33.120",
"lastModified": "2025-03-27T16:45:46.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:38:18.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,77 @@
"value": "CWE-306"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0.0",
"versionEndExcluding": "8.0.1.5",
"matchCriteriaId": "42A4C3FF-3686-420F-894E-4D51AACEA84B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05BD431A-117C-43D1-B1E9-8F13FB0E0F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0.0",
"versionEndExcluding": "7.0.5.26",
"matchCriteriaId": "D5ED2A18-EF03-4472-98EA-E9B37F489B93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0.0",
"versionEndExcluding": "7.1.2.22",
"matchCriteriaId": "38CF144B-AD62-4D88-BEF5-65CB622A041F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0.0",
"versionEndExcluding": "7.2.3.15",
"matchCriteriaId": "B8BBA9A0-5AAA-49CD-B8B5-A4188B4697E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0.0",
"versionEndExcluding": "7.3.2.10",
"matchCriteriaId": "366685B4-952E-4A6D-9822-9DB6010175A3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

93
CVE-2025/CVE-2025-02xx/CVE-2025-0273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0273",
"sourceIdentifier": "psirt@hcl.com",
"published": "2025-03-27T05:15:38.237",
"lastModified": "2025-03-27T16:45:27.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:19:26.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,79 @@
"value": "CWE-532"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0.0",
"versionEndExcluding": "8.0.1.5",
"matchCriteriaId": "42A4C3FF-3686-420F-894E-4D51AACEA84B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.0.1",
"matchCriteriaId": "335E9410-E48A-408A-99AB-17C352FECE14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0.0",
"versionEndIncluding": "7.0.5.26",
"matchCriteriaId": "3EA22CDE-24F0-4272-B8FD-F52E6BB813A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0.0",
"versionEndExcluding": "7.1.2.22",
"matchCriteriaId": "38CF144B-AD62-4D88-BEF5-65CB622A041F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0.0",
"versionEndExcluding": "7.2.3.15",
"matchCriteriaId": "B8BBA9A0-5AAA-49CD-B8B5-A4188B4697E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0.0",
"versionEndIncluding": "7.3.2.9",
"matchCriteriaId": "4A3836CE-993D-4B8A-B546-D9AD5FD14293"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120138",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2025/CVE-2025-13xx/CVE-2025-1386.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-1386",
"sourceIdentifier": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"published": "2025-04-11T05:15:29.583",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:19.490",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/ClickHouse/ch-go/security/advisories/GHSA-m454-3xv7-qj85",

104
CVE-2025/CVE-2025-219xx/CVE-2025-21953.json
View File

@ -2,24 +2,118 @@
"id": "CVE-2025-21953",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-01T16:15:26.513",
"lastModified": "2025-04-01T20:26:01.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:06:38.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] <TASK>\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: cleanup struct mana despu\u00e9s de debugfs_remove(). Cuando se activa la hibernaci\u00f3n en una m\u00e1quina virtual MANA, como parte de hibernate_snapshot(), se invocan mana_gd_suspend() y mana_gd_resume(). Si durante este mana_gd_resume() se produce un fallo en la creaci\u00f3n de HWC, el puntero mana_port_debugfs no se reinicializa y termina apuntando a una dentry anterior y limpiada. M\u00e1s adelante en la ruta de hibernaci\u00f3n, como parte de power_down(), se activa mana_gd_shutdown(). Esta llamada, sin tener conocimiento de los fallos en la reanudaci\u00f3n, intenta limpiar el valor mana_port_debugfs ya limpiado y se encuentra con el siguiente error: [ 191.359296] mana 7870:00:00.0: Se llam\u00f3 al apagado [ 191.359918] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000098 [ 191.360584] #PF: acceso de escritura del supervisor en modo kernel [ 191.361125] #PF: error_code(0x0002) - p\u00e1gina no presente [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash No contaminado 6.14.0-rc5+ #2 [ 191.363292] Nombre del hardware: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 21/11/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098 [ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] ? __die+0x24/0x70 [ 191.374468] ? page_fault_oops+0x290/0x5b0 [ 191.374875] ? do_user_addr_fault+0x448/0x800 [ 191.375357] ? exc_page_fault+0x7a/0x160 [ 191.375971] ? asm_exc_page_fault+0x27/0x30 [ 191.376416] ? down_write+0x19/0x50 [ 191.376832] ? down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] ? __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] ? __flush_work+0x1e2/0x3b0 [ 191.379362] ? __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] ? __pfx_lru_add+0x10/0x10 [ 191.387515] ? queued_spin_unlock+0x9/0x10 [ 191.387937] ? do_anonymous_page+0x33c/0xa00 [ 191.388374] ? __handle_mm_fault+0xcf3/0x1210 [ 191.388805] ? __count_memcg_events+0xbe/0x180 [ 191.389235] ? handle_mm_fault+0xae/0x300 [ 19 ---truncado---"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.8",
"matchCriteriaId": "0A20D4D7-B329-4C68-B662-76062EA7DCF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*",
"matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*",
"matchCriteriaId": "1759FFB7-531C-41B1-9AE1-FD3D80E0D920"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e64bb2ae7d9f2b3a8259d4d6b86ed1984d5460a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1466112fb6e819261272ad75e7db750a43b78bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

146
CVE-2025/CVE-2025-219xx/CVE-2025-21957.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21957",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-01T16:15:26.910",
"lastModified": "2025-04-10T13:15:47.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:06:24.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,163 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla1280: Se corrige el error del kernel cuando el nivel de depuraci\u00f3n &gt; 2. Eventualmente, se producir\u00e1 una desreferencia nula o una excepci\u00f3n de error cuando el controlador qla1280.c se compila con DEBUG_QLA1280 habilitado y ql_debug_level &gt; 2. Creo que del c\u00f3digo se desprende claramente que la intenci\u00f3n aqu\u00ed es sg_dma_len(s), no la longitud de sg_next(s) al imprimir la informaci\u00f3n de depuraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.292",
"matchCriteriaId": "1457A2FB-DEAE-4A0A-8052-10B714496431"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.236",
"matchCriteriaId": "1DF46FB0-9163-4ABE-8CCA-32A497D4715B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.180",
"matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.132",
"matchCriteriaId": "91D1C2F6-55A1-4CF4-AC66-ADF758259C59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.84",
"matchCriteriaId": "994E0F00-FAC4-40E4-9068-C7D4D8242EC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.20",
"matchCriteriaId": "60E9C5DF-D778-4572-848A-5D6CFFE022CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.8",
"matchCriteriaId": "0A20D4D7-B329-4C68-B662-76062EA7DCF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11a8dac1177a596648a020a7f3708257a2f95fee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5233e3235dec3065ccc632729675575dbe3c6b8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7ac2473e727d67a38266b2b7e55c752402ab588c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af71ba921d08c241a817010f96458dc5e5e26762",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/afa27b7c17a48e01546ccaad0ab017ad0496a522",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea371d1cdefb0951c7127a33bcd7eb931cf44571",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

32
CVE-2025/CVE-2025-256xx/CVE-2025-25686.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25686",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T16:15:29.987",
"lastModified": "2025-03-28T16:15:28.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:34:10.580",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php."
},
{
"lang": "es",
"value": "semcms &lt;=5.0 es vulnerable a la inyecci\u00f3n SQL en SEMCMS_Fuction.php."
}
],
"metrics": {
@ -47,10 +51,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sem-cms:semcms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0",
"matchCriteriaId": "3C6E8F5C-29BA-4B22-8F8E-5F4A630C1E1E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/J1095/fkapfxx",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2025/CVE-2025-262xx/CVE-2025-26265.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-26265",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T16:15:30.117",
"lastModified": "2025-03-28T15:15:47.830",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:24:17.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response."
},
{
"lang": "es",
"value": "Una falla de segmentaci\u00f3n en openairinterface5g v2.1.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una respuesta de modificaci\u00f3n de contexto de UE manipulada."
}
],
"metrics": {
@ -47,18 +51,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openairinterface:openairinterface5g:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13FB8E46-4BCF-48C9-A16D-862AE0F60263"
}
]
}
]
}
],
"references": [
{
"url": "https://anonymous.4open.science/r/Mobicom-ARCANE-36B7/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://gitlab.eurecom.fr/oai/openairinterface5g",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sigmobile.org/mobicom/2025/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

92
CVE-2025/CVE-2025-266xx/CVE-2025-26619.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-26619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-27T14:15:52.987",
"lastModified": "2025-03-27T16:45:12.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:12:33.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. The issue is patched in `vega` `5.31.0` and `vega-functions` `5.16.0`. Some workarounds are available. Run `vega` without `vega.expressionInterpreter`. This mode is not the default as it is slower. Alternatively, using the interpreter described in CSP safe mode (Content Security Policy) prevents arbitrary Javascript from running, so users of this mode are not affected by this vulnerability."
},
{
"lang": "es",
"value": "Vega es una gram\u00e1tica de visualizaci\u00f3n, un formato declarativo para crear, guardar y compartir dise\u00f1os de visualizaci\u00f3n interactivos. En `vega` 5.30.0 y anteriores, y en `vega-functions` 5.15.0 y anteriores, era posible llamar a funciones JavaScript desde el lenguaje de expresiones Vega que no estaban dise\u00f1adas para ser compatibles. El problema se ha corregido en `vega` 5.31.0` y `vega-functions` 5.16.0`. Hay algunos workarounds disponibles. Ejecute `vega` sin `vega.expressionInterpreter`. Este modo no es el predeterminado, ya que es m\u00e1s lento. Como workaround, el uso del int\u00e9rprete descrito en el modo seguro de CSP (Pol\u00edtica de Seguridad de Contenido) impide la ejecuci\u00f3n de JavaScript arbitrario, por lo que los usuarios de este modo no se ven afectados por esta vulnerabilidad."
}
],
"metrics": {
@ -55,6 +59,28 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
@ -69,26 +95,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vega-functions_project:vega-functions:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "6A90CEF0-69AB-4870-9D3E-93589F109544"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vega_project:vega:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.31.0",
"matchCriteriaId": "C2FFD080-3BC9-4781-9E9C-420811FCB8F0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vega/vega-lite/issues/9469",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vega/vega/issues/3984",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

81
CVE-2025/CVE-2025-28xx/CVE-2025-2831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2831",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T03:15:14.080",
"lastModified": "2025-03-27T16:45:27.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:00:07.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -122,28 +142,75 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mingyuefusu:library_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47EDDB1-A219-461E-8139-8705A76316A7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.301468",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.301468",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.521458",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

51
CVE-2025/CVE-2025-28xx/CVE-2025-2832.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2832",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T04:15:21.717",
"lastModified": "2025-03-27T16:45:27.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:25:55.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -124,26 +124,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mingyuefusu:library_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47EDDB1-A219-461E-8139-8705A76316A7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.301469",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.301469",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.521460",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

104
CVE-2025/CVE-2025-28xx/CVE-2025-2849.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2849",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T14:15:55.303",
"lastModified": "2025-03-27T16:45:12.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T16:09:36.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en UPX hasta la versi\u00f3n 5.0.0. La funci\u00f3n PackLinuxElf64::un_DT_INIT del archivo src/p_lx_elf.cpp est\u00e1 afectada. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. Es posible lanzar el ataque contra el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se identifica como e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. Se recomienda aplicar un parche para solucionar este problema."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
@ -76,6 +80,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -118,40 +142,98 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:upx:upx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0.0",
"matchCriteriaId": "1A5B348B-829A-4FF8-8B1F-31633D50D8BE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/upx/upx/issues/898",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/upx/upx/issues/898#issuecomment-2734082143",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/user-attachments/files/19307868/input.zip",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.301494",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.301494",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.522371",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/upx/upx/issues/898#issuecomment-2734082143",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

36
CVE-2025/CVE-2025-290xx/CVE-2025-29072.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-29072",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T16:15:30.903",
"lastModified": "2025-03-28T16:15:29.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:20:02.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the \"cairo-lang-starknet-classes\" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en Nethermind Juno anterior a la versi\u00f3n 12.05, dentro de la l\u00f3gica de descompresi\u00f3n de bytecode de Sierra, dentro de la librer\u00eda \"cairo-lang-starknet-classes\", podr\u00eda permitir a atacantes remotos activar un bucle infinito (y un alto consumo de CPU) al enviar una transacci\u00f3n maliciosa Declare v2/v3. Esto genera una condici\u00f3n de denegaci\u00f3n de servicio para las implementaciones de nodo completo de Starknet afectadas."
}
],
"metrics": {
@ -47,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nethermind:juno:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"matchCriteriaId": "B33BA6CB-43ED-4F9A-8F60-867887233554"
}
]
}
]
}
],
"references": [
{
"url": "https://community.starknet.io/t/starknet-security-update-potential-full-node-vulnerability-recap/115314",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/NethermindEth/juno/commit/51074875941aa111c5dd2b41f2ec890a4a15b587",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

32
CVE-2025/CVE-2025-293xx/CVE-2025-29306.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-29306",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T19:15:49.290",
"lastModified": "2025-03-28T18:11:40.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-11T17:50:50.240",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component."
},
{
"lang": "es",
"value": "Un problema en FoxCMS v.1.2.5 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de la p\u00e1gina de visualizaci\u00f3n de casos en el componente index.html."
}
],
"metrics": {
@ -47,10 +51,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:foxcms:foxcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.00",
"matchCriteriaId": "1EB18EC9-B9F3-4B18-BF1C-D09B20463740"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/somatrasss/CVE-2025-29306",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

100
CVE-2025/CVE-2025-313xx/CVE-2025-31354.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31354",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-11T16:15:19.800",
"lastModified": "2025-04-11T16:15:19.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-319xx/CVE-2025-31935.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31935",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-11T16:15:20.047",
"lastModified": "2025-04-11T16:15:20.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subnet Solutions \n\nPowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08",
"source": "ics-cert@hq.dhs.gov"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32067.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32067",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.183",
"lastModified": "2025-04-11T17:15:43.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1122163",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T386963",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32068.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32068",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.317",
"lastModified": "2025-04-11T17:15:43.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I27b61af2cdfb862a42432e7a87b863033d540cfc",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T336113",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32069.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32069",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.460",
"lastModified": "2025-04-11T17:15:43.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/Ie969a8cfeab0d4457417773fa884e271968e5657",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T387691",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32070.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32070",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.587",
"lastModified": "2025-04-11T17:15:43.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/Ib59c59b2cd36928ab200149c851e2bfcf5cf920c",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T389590",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32071.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32071",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.710",
"lastModified": "2025-04-11T17:15:43.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS)\u00a0from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/Iac1f1c27054bfd1a4a4251281ab8c72f59204a90",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T389369",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32072.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32072",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.840",
"lastModified": "2025-04-11T17:15:43.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T386175",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32073.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32073",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:43.973",
"lastModified": "2025-04-11T17:15:43.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T386337",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32074.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32074",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.097",
"lastModified": "2025-04-11T17:15:44.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I86f47103ffb78c671890b44ccd59fcff6613975f",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T386908",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32075.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32075",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.227",
"lastModified": "2025-04-11T17:15:44.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T386887",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32076.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32076",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.363",
"lastModified": "2025-04-11T17:15:44.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualData/+/1121732",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T385935",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32077.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32077",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.513",
"lastModified": "2025-04-11T17:15:44.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/Ic5b5ce8f7791026eff1aafffb32a68f3aab119be",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T383472",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32078.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32078",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.683",
"lastModified": "2025-04-11T17:15:44.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d932d2d592000b51d0",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T384269",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

82
CVE-2025/CVE-2025-320xx/CVE-2025-32079.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32079",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.837",
"lastModified": "2025-04-11T17:15:44.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T384244",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

86
CVE-2025/CVE-2025-320xx/CVE-2025-32080.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-32080",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-04-11T17:15:44.973",
"lastModified": "2025-04-11T17:15:44.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/1123392",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ia5c3be79db37240acbaa630834e430ec3147e61c",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T366402",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

60
CVE-2025/CVE-2025-323xx/CVE-2025-32367.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-32367",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-11T17:15:45.113",
"lastModified": "2025-04-11T17:15:45.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"references": [
{
"url": "https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312ea",
"source": "cve@mitre.org"
},
{
"url": "https://ozforensics.com/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2025/CVE-2025-328xx/CVE-2025-32808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-32808",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-11T01:15:55.097",
"lastModified": "2025-04-11T15:39:52.920",
"lastModified": "2025-04-11T16:15:20.673",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -62,6 +62,10 @@
{
"url": "https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

Some files were not shown because too many files have changed in this diff Show More