admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-04T19:00:20.656745+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-04 19:03:50 +00:00
parent 3f44f985a3
commit 18673625e6
113 changed files with 6018 additions and 563 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2022/CVE-2022-483xx/CVE-2022-48366.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-12T05:15:12.137",
"lastModified": "2024-11-21T07:33:15.753",
"lastModified": "2025-03-04T17:15:10.980",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-362"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48367.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48367",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-12T05:15:12.343",
"lastModified": "2024-11-21T07:33:15.907",
"lastModified": "2025-03-04T17:15:11.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

41
CVE-2022/CVE-2022-491xx/CVE-2022-49114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49114",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:48.773",
"lastModified": "2025-02-26T07:00:48.773",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:21.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Se corrige el use-after-free en fc_exch_abts_resp() fc_exch_release(ep) reducir\u00e1 el recuento de referencias de ep. Cuando el recuento de referencias llega a cero, se libera. Pero ep todav\u00eda se usa en el siguiente c\u00f3digo, lo que provocar\u00e1 un use-after-free. Regrese despu\u00e9s de la llamada fc_exch_release() para evitar el use-after-free."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898",

41
CVE-2022/CVE-2022-491xx/CVE-2022-49182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49182",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:55.333",
"lastModified": "2025-02-26T07:00:55.333",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:22.983",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: agregar bloqueo de lista de VLAN para proteger la lista de VLAN Al agregar una VLAN base de puerto, la VLAN de VF debe eliminarse de HW y modificar el estado de VLAN en la lista de VLAN de VF como falso. Si la tarea de periodicidad est\u00e1 liberando el mismo nodo, puede causar un error de \"use-after-free\". Este parche agrega un bloqueo de lista de VLAN para proteger la lista de VLAN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97",

41
CVE-2022/CVE-2022-491xx/CVE-2022-49196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49196",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:56.677",
"lastModified": "2025-02-26T07:00:56.677",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:23.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/pseries: Se corrige el uso despu\u00e9s de liberar en remove_phb_dynamic() En remove_phb_dynamic() usamos &phb->io_resource, despu\u00e9s de haber llamado a device_unregister(&host_bridge->dev). Pero la anulaci\u00f3n del registro puede haber liberado a phb, porque pcibios_free_controller_deferred() es la funci\u00f3n de liberaci\u00f3n para host_bridge. Si no hay referencias pendientes cuando llamamos a device_unregister(), phb se liberar\u00e1 de nosotros. Esto ha pasado desapercibido, pero con slub_debug y page_poison habilitados puede provocar un bloqueo: PID: 7574 TAREA: c0000000d492cb80 CPU: 13 COMANDO: \"drmgr\" #0 [c0000000e4f075a0] crash_kexec at c00000000027d7dc #1 [c0000000e4f075d0] oops_end at c000000000029608 #2 [c0000000e4f07650] __bad_page_fault at c0000000000904b4 #3 [c0000000e4f076c0] do_bad_slb_fault at c00000000009a5a8 #4 [c0000000e4f076f0] data_access_slb_common_virt en c000000000008b30 Marco de excepci\u00f3n de acceso a datos SLB [380]: R0: c000000000167250 R1: c0000000e4f07a00 R2: c000000002a46100 R3: c000000002b39ce8 R4: 00000000000000c0 R5: 00000000000000a9 R6: 3894674d000000c0 R7: 0000000000000000 R8: 000000000000000ff R9: 0000000000000100 R10: 6b6b6b6b6b6b6b6b R11: 0000000000008000 R12: c00000000023da80 R13: c0000009ffd38b00 R14: 0000000000000000 R15: 000000011c87f0f0 R16: 0000000000000006 R17: 0000000000000003 R18: 0000000000000002 R19: 0000000000000004 R20: 0000000000000005 R21: 000000011c87ede8 R22: 000000011c87c5a8 R23: 000000011c87d3a0 R24: 0000000000000000 R25: 0000000000000001 R26: c0000000e4f07cc8 R27: c00000004d1cc400 R28: c0080000031d00e8 R29: c00000004d23d800 R30: c00000004d1d2400 R31: c00000004d1d2540 PIP: c000000000167258 MSR: 8000000000009033 OR3: c000000000e9f474 CTR: 0000000000000000 LR: c000000000167250 XER: 0000000020040003 CCR: 0000000024088420 MQ: 0000000000000000 DAR: 6b6b6b6b6b6b6ba3 DSISR: c0000000e4f07920 Resultado de llamada al sistema: fffffffffffffff2 [NIP: release_resource+56] [LR: release_resource+48] #5 [c0000000e4f07a00] release_resource en c000000000167258 (no confiable) #6 [c0000000e4f07a30] remove_phb_dynamic en c000000000105648 #7 [c0000000e4f07ab0] dlpar_remove_slot en c0080000031a09e8 [rpadlpar_io] #8 [c0000000e4f07b50] remove_slot_store en c0080000031a0b9c [rpadlpar_io] #9 [c0000000e4f07be0] kobj_attr_store en c000000000817d8c #10 [c0000000e4f07c00] sysfs_kf_write en c00000000063e504 #11 [c0000000e4f07c20] kernfs_fop_write_iter en c00000000063d868 #12 [c0000000e4f07c70] new_sync_write en c00000000054339c #13 [c0000000e4f07d10] vfs_write en c000000000546624 #14 [c0000000e4f07d60] ksys_write en c0000000005469f4 #15 [c0000000e4f07db0] system_call_exception at c000000000030840 #16 [c0000000e4f07e10] system_call_vectored_common at c00000000000c168 Para evitarlo, podemos tomar una referencia a host_bridge->dev hasta que terminemos de usar phb. Luego, cuando eliminemos la referencia, se liberar\u00e1 phb."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/33d39efb61a84e055ca2386157d39ebbdf6b7d31",

41
CVE-2022/CVE-2022-492xx/CVE-2022-49275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49275",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:04.370",
"lastModified": "2025-02-26T07:01:04.370",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:23.383",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el n\u00facleo de Linux, se ha resuelto la siguiente vulnerabilidad: can: m_can: m_can_tx_handler(): se corrige el use after free skb can_put_echo_skb() clonar\u00e1 skb y luego lo liberar\u00e1. Mueva can_put_echo_skb() para la versi\u00f3n 3.0.x de m_can directamente antes del inicio de la transmisi\u00f3n en el hardware, de manera similar a la rama 3.1.x."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/08d90846e438ac22dc56fc49ec0b0d195831c5ed",

56
CVE-2023/CVE-2023-36xx/CVE-2023-3694.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-3694",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-17T00:15:09.623",
"lastModified": "2024-11-21T08:17:51.537",
"lastModified": "2025-03-04T17:15:11.407",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234245 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
@ -89,6 +133,10 @@
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
@ -137,6 +185,10 @@
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.183316",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/safetom6/House-Rental-and-Property-Listing-System/blob/main/House%20Rental%20and%20Property%20Listing%20System%20index.php%20has%20Sqlinjection.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",

72
CVE-2023/CVE-2023-478xx/CVE-2023-47802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47802",
"sourceIdentifier": "security@synology.com",
"published": "2024-06-28T06:15:03.220",
"lastModified": "2024-11-21T08:30:50.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:43:40.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,78 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "11106950-DFD0-441A-8DE3-DA19C15281B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "F4DBB838-E652-4C96-AC50-AF07510EF8E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-478xx/CVE-2023-47803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47803",
"sourceIdentifier": "security@synology.com",
"published": "2024-06-28T06:15:04.833",
"lastModified": "2024-11-21T08:30:50.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:43:40.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,78 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "11106950-DFD0-441A-8DE3-DA19C15281B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "F4DBB838-E652-4C96-AC50-AF07510EF8E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-495xx/CVE-2023-49572.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49572",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T13:15:08.030",
"lastModified": "2024-11-21T08:33:34.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8981E803-BBFF-4DDB-AF9F-21B098B589B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-495xx/CVE-2023-49573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49573",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T13:15:08.630",
"lastModified": "2024-11-21T08:33:34.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8981E803-BBFF-4DDB-AF9F-21B098B589B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-495xx/CVE-2023-49574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49574",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T13:15:09.023",
"lastModified": "2024-11-21T08:33:35.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8981E803-BBFF-4DDB-AF9F-21B098B589B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-495xx/CVE-2023-49575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49575",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T13:15:09.360",
"lastModified": "2024-11-21T08:33:35.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8981E803-BBFF-4DDB-AF9F-21B098B589B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-71xx/CVE-2023-7100.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-7100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-25T03:15:08.840",
"lastModified": "2024-11-21T08:45:16.293",
"lastModified": "2025-03-04T17:15:11.650",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952."
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
@ -89,6 +133,10 @@
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
@ -122,6 +170,10 @@
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248952",
"source": "cna@vuldb.com",
@ -137,6 +189,10 @@
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.256861",
"source": "cna@vuldb.com"
},
{
"url": "https://medium.com/@2839549219ljk/restaurant-table-booking-system-sql-injection-vulnerability-30708cfabe03",
"source": "af854a3a-2127-422b-91ae-364da2661108",

127
CVE-2024/CVE-2024-104xx/CVE-2024-10494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10494",
"sourceIdentifier": "security@ni.com",
"published": "2024-12-10T16:15:21.930",
"lastModified": "2024-12-10T16:15:21.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T18:19:12.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -93,12 +113,113 @@
"value": "CWE-1285"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021",
"matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

127
CVE-2024/CVE-2024-104xx/CVE-2024-10495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10495",
"sourceIdentifier": "security@ni.com",
"published": "2024-12-10T16:15:22.080",
"lastModified": "2024-12-10T16:15:22.080",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T18:19:12.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -93,12 +113,113 @@
"value": "CWE-1285"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021",
"matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

127
CVE-2024/CVE-2024-104xx/CVE-2024-10496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10496",
"sourceIdentifier": "security@ni.com",
"published": "2024-12-10T16:15:22.203",
"lastModified": "2024-12-10T16:15:22.203",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T18:19:12.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -93,12 +113,113 @@
"value": "CWE-1285"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021",
"matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-109xx/CVE-2024-10930.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-10930",
"sourceIdentifier": "productsecurity@carrier.com",
"published": "2025-03-04T18:15:23.610",
"lastModified": "2025-03-04T18:15:23.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productsecurity@carrier.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "productsecurity@carrier.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01",
"source": "productsecurity@carrier.com"
},
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"source": "productsecurity@carrier.com"
}
]
}

6
CVE-2024/CVE-2024-112xx/CVE-2024-11218.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11218",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-22T05:15:08.903",
"lastModified": "2025-02-27T05:15:13.060",
"lastModified": "2025-03-04T18:15:23.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -116,6 +116,10 @@
"url": "https://access.redhat.com/errata/RHSA-2025:1713",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1908",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11218",
"source": "secalert@redhat.com"

20
CVE-2024/CVE-2024-301xx/CVE-2024-30154.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30154",
"sourceIdentifier": "psirt@hcl.com",
"published": "2025-03-03T19:15:33.737",
"lastModified": "2025-03-03T19:15:33.737",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:12.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
},
{
"lang": "es",
"value": "HCL SX es vulnerable a una vulnerabilidad de Cross Site Request Forgery que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web conf\u00eda."
}
],
"metrics": {
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119437",

262
CVE-2024/CVE-2024-34xx/CVE-2024-3493.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3493",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-04-15T22:15:09.073",
"lastModified": "2024-11-21T09:29:43.297",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:11:31.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,250 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "9232043F-8A87-446C-8B7E-F8E400AA6F68"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*",
"matchCriteriaId": "91162BBB-AD61-4191-B00A-FDE767268F13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1541AE-A429-455E-94C4-3420183CE7CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEDADD8-01DE-4AE5-A0D7-532347FA7DB2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "DF838222-B4B6-4A66-B3CE-55E643368754"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380_process:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77BCC249-D601-4A82-9247-C0981BF990FC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}
]
}

31
CVE-2024/CVE-2024-351xx/CVE-2024-35111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35111",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-25T14:15:28.747",
"lastModified": "2025-01-25T14:15:28.747",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T16:58:06.783",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86853A4E-905D-46A9-BF43-6D6117AA2442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C510A28-7CFF-414B-A740-13A71CB97271"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174806",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-351xx/CVE-2024-35112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35112",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-25T14:15:28.910",
"lastModified": "2025-01-25T14:15:28.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T16:58:06.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,12 +69,47 @@
"value": "CWE-80"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86853A4E-905D-46A9-BF43-6D6117AA2442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C510A28-7CFF-414B-A740-13A71CB97271"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174794",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-351xx/CVE-2024-35113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35113",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-25T14:15:29.077",
"lastModified": "2025-01-25T14:15:29.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T16:58:06.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,47 @@
"value": "CWE-548"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86853A4E-905D-46A9-BF43-6D6117AA2442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C510A28-7CFF-414B-A740-13A71CB97271"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174796",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2024/CVE-2024-351xx/CVE-2024-35114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35114",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-25T14:15:29.233",
"lastModified": "2025-01-25T14:15:29.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T16:58:06.783",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,47 @@
"value": "CWE-204"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86853A4E-905D-46A9-BF43-6D6117AA2442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C510A28-7CFF-414B-A740-13A71CB97271"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174842",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-36xx/CVE-2024-3696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3696",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-12T16:15:40.943",
"lastModified": "2024-11-21T09:30:11.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:47:57.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,38 +96,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:house_rental_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43C975E7-ADB4-4AAF-8883-8998E01355B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260483",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260483",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314199",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%201.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260483",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260483",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314199",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

87
CVE-2024/CVE-2024-36xx/CVE-2024-3697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3697",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-12T17:17:22.983",
"lastModified": "2024-11-21T09:30:11.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:47:57.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,38 +96,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:house_rental_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43C975E7-ADB4-4AAF-8883-8998E01355B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%203.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260484",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260484",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314203",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%203.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260484",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260484",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314203",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

87
CVE-2024/CVE-2024-36xx/CVE-2024-3698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3698",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-12T17:17:23.337",
"lastModified": "2024-11-21T09:30:12.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:47:57.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,38 +96,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:house_rental_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43C975E7-ADB4-4AAF-8883-8998E01355B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%204.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260485",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260485",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314204",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%204.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260485",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260485",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314204",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2024/CVE-2024-393xx/CVE-2024-39349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39349",
"sourceIdentifier": "security@synology.com",
"published": "2024-06-28T06:15:05.500",
"lastModified": "2024-11-21T09:27:31.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:43:40.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,78 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "11106950-DFD0-441A-8DE3-DA19C15281B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "F4DBB838-E652-4C96-AC50-AF07510EF8E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-393xx/CVE-2024-39351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39351",
"sourceIdentifier": "security@synology.com",
"published": "2024-06-28T06:15:05.887",
"lastModified": "2024-11-21T09:27:31.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:43:40.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,78 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "11106950-DFD0-441A-8DE3-DA19C15281B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "F4DBB838-E652-4C96-AC50-AF07510EF8E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-393xx/CVE-2024-39352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39352",
"sourceIdentifier": "security@synology.com",
"published": "2024-06-28T06:15:06.223",
"lastModified": "2024-11-21T09:27:31.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:43:40.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,78 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "11106950-DFD0-441A-8DE3-DA19C15281B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7-0298",
"matchCriteriaId": "F4DBB838-E652-4C96-AC50-AF07510EF8E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-411xx/CVE-2024-41147.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41147",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-03-04T18:15:24.020",
"lastModified": "2025-03-04T18:15:24.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063",
"source": "talos-cna@cisco.com"
}
]
}

41
CVE-2024/CVE-2024-417xx/CVE-2024-41757.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41757",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-24T16:15:36.297",
"lastModified": "2025-01-24T16:15:36.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T16:58:06.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,47 @@
"value": "CWE-311"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:concert_software:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1062C8DC-6D32-4761-ABFA-BAA9F25F2A3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:concert_software:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5CCBC4-696B-4CC4-8274-BF36022D7AF2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173596",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-454xx/CVE-2024-45417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45417",
"sourceIdentifier": "security@zoom.us",
"published": "2025-02-25T20:15:35.007",
"lastModified": "2025-02-25T20:15:35.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,61 @@
"value": "CWE-708"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-454xx/CVE-2024-45418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45418",
"sourceIdentifier": "security@zoom.us",
"published": "2025-02-25T20:15:35.223",
"lastModified": "2025-02-25T20:15:35.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,61 @@
"value": "CWE-61"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "6.1.5",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-507xx/CVE-2024-50704.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50704",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T16:15:35.480",
"lastModified": "2025-03-04T16:15:35.480",
"lastModified": "2025-03-04T17:15:12.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://uniguest.com/cve-bulletins/",

39
CVE-2024/CVE-2024-507xx/CVE-2024-50705.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50705",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T15:15:19.027",
"lastModified": "2025-03-04T16:15:35.597",
"lastModified": "2025-03-04T17:15:12.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://uniguest.com/cve-bulletins/",

39
CVE-2024/CVE-2024-507xx/CVE-2024-50707.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50707",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T16:15:35.733",
"lastModified": "2025-03-04T16:15:35.733",
"lastModified": "2025-03-04T17:15:12.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://uniguest.com/cve-bulletins/",

49
CVE-2024/CVE-2024-510xx/CVE-2024-51091.json
View File

@ -2,20 +2,63 @@
"id": "CVE-2024-51091",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T18:15:29.523",
"lastModified": "2025-03-03T18:15:29.523",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:12.870",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package"
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting en seajs v.2.2.3 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del paquete seajs"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/jackfromeast/176413c3bd73f825f7aeeb05e80e02a6",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/jackfromeast/176413c3bd73f825f7aeeb05e80e02a6",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2024/CVE-2024-533xx/CVE-2024-53387.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-53387",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T17:15:13.050",
"lastModified": "2025-03-03T17:15:13.050",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:13.043",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element."
},
{
"lang": "es",
"value": "Una vulnerabilidad de DOM Clobbering en umeditor v1.2.3 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante el suministro de un elemento HTML manipulado espec\u00edficamente para ello."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/jackfromeast/d52c506113f33b8871d0e647411df894",

41
CVE-2024/CVE-2024-533xx/CVE-2024-53388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53388",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T17:15:13.167",
"lastModified": "2025-03-03T17:15:13.167",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:13.217",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/jackfromeast/a61a5429a97985e7ff4c1d39e339d5d8",

31
CVE-2024/CVE-2024-53xx/CVE-2024-5314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5314",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T10:15:10.760",
"lastModified": "2024-11-21T09:47:24.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22DC97F0-80D1-42CA-916C-0B87C3A4349A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2024/CVE-2024-53xx/CVE-2024-5315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5315",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-24T10:15:11.197",
"lastModified": "2024-11-21T09:47:24.927",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22DC97F0-80D1-42CA-916C-0B87C3A4349A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-540xx/CVE-2024-54094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54094",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-12-10T14:30:47.507",
"lastModified": "2024-12-10T14:30:47.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:19:12.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -93,12 +93,68 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*",
"versionEndExcluding": "224.0",
"matchCriteriaId": "D3887095-4E46-43B0-8A1E-4938EB474419"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0119E8F-1FAF-4A3B-B6E9-20F78360FC82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0001:*:*:*:*:*:*",
"matchCriteriaId": "829C4AEB-7C8D-408B-A79C-8684753F45E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0002:*:*:*:*:*:*",
"matchCriteriaId": "1E8FB23E-280D-46FD-BD44-5D4552639E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0003:*:*:*:*:*:*",
"matchCriteriaId": "CA2417A0-DD31-46FC-8D5A-9128B86C9352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0004:*:*:*:*:*:*",
"matchCriteriaId": "3CA9C494-767C-4CFA-AB07-106298B7B2C4"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-540xx/CVE-2024-54095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54095",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-12-10T14:30:47.660",
"lastModified": "2024-12-10T14:30:47.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T18:19:12.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -95,10 +95,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*",
"versionEndExcluding": "224.0",
"matchCriteriaId": "D3887095-4E46-43B0-8A1E-4938EB474419"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0119E8F-1FAF-4A3B-B6E9-20F78360FC82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0001:*:*:*:*:*:*",
"matchCriteriaId": "829C4AEB-7C8D-408B-A79C-8684753F45E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0002:*:*:*:*:*:*",
"matchCriteriaId": "1E8FB23E-280D-46FD-BD44-5D4552639E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0003:*:*:*:*:*:*",
"matchCriteriaId": "CA2417A0-DD31-46FC-8D5A-9128B86C9352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0004:*:*:*:*:*:*",
"matchCriteriaId": "3CA9C494-767C-4CFA-AB07-106298B7B2C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0005:*:*:*:*:*:*",
"matchCriteriaId": "C3738D73-82A5-41E4-8083-34611A6301BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0006:*:*:*:*:*:*",
"matchCriteriaId": "5634352F-0DD1-4731-9E43-61D0A9A40D1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0007:*:*:*:*:*:*",
"matchCriteriaId": "32E3D549-54F0-4909-830D-BDE8CDAD5AF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0008:*:*:*:*:*:*",
"matchCriteriaId": "1137D7B3-17AD-4997-AC19-4308AA5C9438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0009:*:*:*:*:*:*",
"matchCriteriaId": "E5488DEB-3165-4F88-8C63-7B9BC212DEFF"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-550xx/CVE-2024-55064.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55064",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T22:15:36.700",
"lastModified": "2025-03-03T22:15:36.700",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:13.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter to /proxy/ntp/change; the (7) newVcenterAddress parameter to /process_new_vcenter."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de cross-site scripting (XSS) en EasyVirt DC NetScope &lt;= 8.6.4 permiten a atacantes remotos inyectar c\u00f3digo JavaScript o HTML arbitrario a trav\u00e9s del par\u00e1metro (1) smtp_server, (2) smtp_account, (3) smtp_password o (4) email_recipients en /smtp/update; el par\u00e1metro (5) ntp o (6) dns en /proxy/ntp/change; el par\u00e1metro (7) newVcenterAddress en /process_new_vcenter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55064.md",

33
CVE-2024/CVE-2024-555xx/CVE-2024-55532.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-55532",
"sourceIdentifier": "security@apache.org",
"published": "2025-03-03T16:15:38.777",
"lastModified": "2025-03-03T18:15:29.797",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:13.553",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0.\nUsers are recommended to upgrade to version 2.6.0, which fixes this issue."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos de f\u00f3rmula en la funci\u00f3n Exportar CSV de Apache Ranger en la versi\u00f3n de Apache Ranger anterior a la 2.6.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.6.0, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

31
CVE-2024/CVE-2024-55xx/CVE-2024-5520.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5520",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-30T12:15:10.807",
"lastModified": "2024-11-21T09:47:51.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alkacon:opencms:16.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07F4D050-DDCA-47F4-8E29-C3A1F135CD87"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2024/CVE-2024-55xx/CVE-2024-5521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5521",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-30T12:15:11.090",
"lastModified": "2024-11-21T09:47:51.653",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:00:22.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alkacon:opencms:16.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07F4D050-DDCA-47F4-8E29-C3A1F135CD87"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-566xx/CVE-2024-56623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56623",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:21.823",
"lastModified": "2025-01-08T21:41:01.397",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-04T18:15:24.360",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

45
CVE-2024/CVE-2024-572xx/CVE-2024-57240.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-57240",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T17:15:13.320",
"lastModified": "2025-03-03T17:15:13.320",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:13.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente Rendering Engine en Apryse WebViewer v11.1 y versiones anteriores permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PDF manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/devom3/43c328e23ec854090ed555a13541ca94",

41
CVE-2024/CVE-2024-580xx/CVE-2024-58034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-58034",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-27T20:16:02.160",
"lastModified": "2025-02-27T20:16:02.160",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:24.617",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memoria: tegra20-emc: se corrige un error de referencia de nodo OF en tegra_emc_find_node_by_ram_code() Como of_find_node_by_name() libera la referencia del nodo de dispositivo de argumento, tegra_emc_find_node_by_ram_code() libera algunos nodos de dispositivo mientras a\u00fan est\u00e1n en uso, lo que da como resultado posibles UAF. Seg\u00fan los enlaces y los archivos DTS en el \u00e1rbol, el nodo \"emc-tables\" siempre es el nodo secundario del dispositivo con la propiedad \"nvidia,use-ram-code\", y el nodo \"lpddr2\" es un nodo secundario del nodo \"emc-tables\". Por lo tanto, utilice la macro for_each_child_of_node() y of_get_child_by_name() en lugar de of_find_node_by_name() para simplificar el c\u00f3digo. Este error fue encontrado por una herramienta de verificaci\u00f3n experimental que estoy desarrollando. [krzysztof: se aplic\u00f3 la versi\u00f3n 1, se ajust\u00f3 el mensaje de confirmaci\u00f3n para incorporar partes de la versi\u00f3n 2]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2",

247
CVE-2024/CVE-2024-75xx/CVE-2024-7507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7507",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-08-14T20:15:12.900",
"lastModified": "2024-08-15T13:01:10.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:11:31.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
@ -71,12 +93,231 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "AABBF4EF-9F0E-432D-A535-F74402CFD05D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "E5B18F7F-80AB-4146-9D65-B1DB4C2FAA8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "31.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "CC2E9A2F-AFC7-442D-88FC-C3217ABB560E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "31.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "560A9F50-DBCF-48CF-856B-BE061C490697"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5DA9B-E1CA-45FF-8A9B-60B1E506F981"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594CDF6-0582-4D5C-B6AA-C8A2E752E29F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "32.013",
"versionEndExcluding": "34.014",
"matchCriteriaId": "3631A2E0-00BA-4DF2-94C2-6906B9A3E941"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE90277-EB8A-4ECE-A573-C1814F35CB47"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B82D842C-0930-41AA-83CD-5F235771AE4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "32.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "8C025589-66EE-40EF-8CE6-9A7B76D74BF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201685.html",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
]
}
]
}

247
CVE-2024/CVE-2024-75xx/CVE-2024-7515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7515",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-08-14T20:15:13.150",
"lastModified": "2024-08-15T13:01:10.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-04T17:11:31.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
@ -71,12 +93,231 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "AABBF4EF-9F0E-432D-A535-F74402CFD05D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "E5B18F7F-80AB-4146-9D65-B1DB4C2FAA8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "31.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "CC2E9A2F-AFC7-442D-88FC-C3217ABB560E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "31.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "560A9F50-DBCF-48CF-856B-BE061C490697"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5DA9B-E1CA-45FF-8A9B-60B1E506F981"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594CDF6-0582-4D5C-B6AA-C8A2E752E29F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "32.013",
"versionEndExcluding": "34.014",
"matchCriteriaId": "3631A2E0-00BA-4DF2-94C2-6906B9A3E941"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE90277-EB8A-4ECE-A573-C1814F35CB47"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B82D842C-0930-41AA-83CD-5F235771AE4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "32.011",
"versionEndExcluding": "34.014",
"matchCriteriaId": "8C025589-66EE-40EF-8CE6-9A7B76D74BF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*",
"matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2025/CVE-2025-10xx/CVE-2025-1067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1067",
"sourceIdentifier": "psirt@esri.com",
"published": "2025-02-25T17:15:13.717",
"lastModified": "2025-02-26T00:15:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7D2CA319-F8C4-4611-A4CF-536085420591"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "22FCC3F7-3ED4-4CFC-9668-48FA4BB37AE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2C69472E-B8D9-4EE2-A548-9CD61A1A22B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1D4A9671-48FC-4ACD-8AB4-3AAF9264EF93"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-pro-and-arcgis-allsource-patches-address-high-severity-vulnerabilities",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2025/CVE-2025-10xx/CVE-2025-1068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1068",
"sourceIdentifier": "psirt@esri.com",
"published": "2025-02-25T17:15:13.890",
"lastModified": "2025-02-26T00:15:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7D2CA319-F8C4-4611-A4CF-536085420591"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "22FCC3F7-3ED4-4CFC-9668-48FA4BB37AE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2C69472E-B8D9-4EE2-A548-9CD61A1A22B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1D4A9671-48FC-4ACD-8AB4-3AAF9264EF93"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-pro-and-arcgis-allsource-patches-address-high-severity-vulnerabilities",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2025/CVE-2025-18xx/CVE-2025-1876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1876",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-03T17:15:14.517",
"lastModified": "2025-03-03T17:15:14.517",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:14.313",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en D-Link DAP-1562 1.10. Este problema afecta a la funci\u00f3n http_request_parse del componente HTTP Header Handler. La manipulaci\u00f3n del argumento Authorization provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante."
}
],
"metrics": {
@ -66,7 +70,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -114,7 +118,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -147,6 +151,10 @@
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-http_request_parse-Vulnerability-1a4b2f2a636180a2a67de271ad5fe6d7",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

38
CVE-2025/CVE-2025-18xx/CVE-2025-1891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1891",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T00:15:31.377",
"lastModified": "2025-03-04T00:15:31.377",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:14.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -76,6 +76,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -118,6 +138,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
@ -136,6 +166,10 @@
{
"url": "https://vuldb.com/?submit.505741",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/caigo8/CVE-md/blob/main/shishuocms/CSRF%E6%B7%BB%E5%8A%A0%E7%AE%A1%E7%90%86%E5%91%98.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2025/CVE-2025-18xx/CVE-2025-1892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1892",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T01:15:11.147",
"lastModified": "2025-03-04T01:15:11.147",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:15.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.505754",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/caigo8/CVE-md/blob/main/shishuocms/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

6
CVE-2025/CVE-2025-18xx/CVE-2025-1893.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-1893",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T01:15:11.327",
"lastModified": "2025-03-04T13:15:10.063",
"lastModified": "2025-03-04T17:15:15.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -144,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.505952",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3707#issue-2833194192",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2025/CVE-2025-19xx/CVE-2025-1900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1900",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T04:15:11.853",
"lastModified": "2025-03-04T04:15:11.853",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.023",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.506609",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/chenzi-dynasty/CVE/issues/2",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2025/CVE-2025-19xx/CVE-2025-1901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1901",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T04:15:12.030",
"lastModified": "2025-03-04T04:15:12.030",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.506612",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/chenzi-dynasty/CVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

39
CVE-2025/CVE-2025-19xx/CVE-2025-1932.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-1932",
"sourceIdentifier": "security@mozilla.org",
"published": "2025-03-04T14:15:38.053",
"lastModified": "2025-03-04T14:15:38.053",
"lastModified": "2025-03-04T17:15:16.327",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944313",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20644.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20644",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.173",
"lastModified": "2025-03-03T03:15:09.173",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747."
},
{
"lang": "es",
"value": "En el m\u00f3dem, existe una posible corrupci\u00f3n de memoria debido a una gesti\u00f3n incorrecta de errores. Esto podr\u00eda provocar una denegaci\u00f3n de servicio remota, si un UE se ha conectado a una estaci\u00f3n base no autorizada controlada por el atacante, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: MOLY01525673; ID de problema: MSV-2747."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20645.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20645",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.293",
"lastModified": "2025-03-03T03:15:09.293",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.650",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599."
},
{
"lang": "es",
"value": "En KeyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios si un actor malintencionado ya obtuvo el privilegio de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09475476; ID de problema: MSV-2599."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20646.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20646",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.403",
"lastModified": "2025-03-03T03:15:09.403",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803."
},
{
"lang": "es",
"value": "En el punto de acceso WLAN, existe la posibilidad de una escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: WCNCR00389074; ID de problema: MSV-1803."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20648.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20648",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.620",
"lastModified": "2025-03-03T03:15:09.620",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:16.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584."
},
{
"lang": "es",
"value": "En la APU, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09456673; ID de problema: MSV-2584."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20649.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20649",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.730",
"lastModified": "2025-03-03T03:15:09.730",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:17.130",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184."
},
{
"lang": "es",
"value": "En Bluetooth Stack SW, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n remota (proximal/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: WCNCR00396437; ID de problema: MSV-2184."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20650.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20650",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:09.840",
"lastModified": "2025-03-03T03:15:09.840",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:17.287",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061."
},
{
"lang": "es",
"value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios, si un atacante tiene acceso f\u00edsico al dispositivo, sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09291294; ID de problema: MSV-2061."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

33
CVE-2025/CVE-2025-206xx/CVE-2025-20652.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-20652",
"sourceIdentifier": "security@mediatek.com",
"published": "2025-03-03T03:15:10.060",
"lastModified": "2025-03-03T03:15:10.060",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:17.497",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052."
},
{
"lang": "es",
"value": "En V5 DA, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local, si un atacante tiene acceso f\u00edsico al dispositivo, sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09291215; ID de problema: MSV-2052."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

48
CVE-2025/CVE-2025-210xx/CVE-2025-21084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21084",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:13.537",
"lastModified": "2025-03-04T04:15:13.537",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:41:14.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2025/CVE-2025-218xx/CVE-2025-21811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21811",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-27T20:16:03.680",
"lastModified": "2025-02-27T20:16:03.680",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:24.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: protege el acceso a los b\u00faferes sin referencias activas nilfs_lookup_dirty_data_b\u00faferes(), que itera a trav\u00e9s de los b\u00faferes adjuntos a los folios/p\u00e1ginas de datos sucios, accede a los b\u00faferes adjuntos sin bloquear los folios/p\u00e1ginas. Para el cach\u00e9 de datos, nilfs_clear_folio_dirty() puede llamarse de forma asincr\u00f3nica cuando el sistema de archivos se degenera a solo lectura, por lo que nilfs_lookup_dirty_data_b\u00faferes() a\u00fan tiene el potencial de causar problemas de use after free cuando los b\u00faferes pierden la protecci\u00f3n de su estado sucio a mitad de camino debido a esta limpieza asincr\u00f3nica y son liberados involuntariamente por try_to_free_b\u00faferes(). Elimine este problema de ejecuci\u00f3n ajustando la secci\u00f3n de bloqueo en esta funci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/367a9bffabe08c04f6d725032cce3d891b2b9e1a",

41
CVE-2025/CVE-2025-218xx/CVE-2025-21812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21812",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-27T20:16:03.783",
"lastModified": "2025-02-27T20:16:03.783",
"vulnStatus": "Received",
"lastModified": "2025-03-04T18:15:25.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: rcu protect dev-&gt;ax25_ptr syzbot encontr\u00f3 un problema de lockdep [1]. Deber\u00edamos eliminar la dependencia RTNL de ax25 en ax25_setsockopt(). Esto tambi\u00e9n deber\u00eda solucionar una variedad de posibles UAF en ax25. [1] ADVERTENCIA: se detect\u00f3 una posible dependencia de bloqueo circular 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted ------------------------------------------------------ syz.5.1818/12806 is trying to acquire lock: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 but task is already holding lock: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -&gt; #1 (sk_lock-AF_AX25){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 lock_sock_nested+0x48/0x100 net/core/sock.c:3642 lock_sock include/net/sock.h:1618 [inline] ax25_kill_by_device net/ax25/af_ax25.c:101 [inline] ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146 notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026 dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563 dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820 sock_do_ioctl+0x240/0x460 net/socket.c:1234 sock_ioctl+0x626/0x8e0 net/socket.c:1339 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -&gt; #0 (rtnl_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 do_sock_setsockopt+0x3af/0x720 net/socket.c:2324 __sys_setsockopt net/socket.c:2349 [inline] __do_sys_setsockopt net/socket.c:2355 [inline] __se_sys_setsockopt net/socket.c:2352 [inline] __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_AX25); lock(rtnl_mutex); lock(sk_lock-AF_AX25); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz.5.1818/12806: #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 stack backtrace: CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/lockin ---truncated--- "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605",

48
CVE-2025/CVE-2025-228xx/CVE-2025-22837.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22837",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:14.387",
"lastModified": "2025-03-04T04:15:14.387",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-228xx/CVE-2025-22841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22841",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:14.530",
"lastModified": "2025-03-04T04:15:14.530",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-228xx/CVE-2025-22847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22847",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:14.663",
"lastModified": "2025-03-04T04:15:14.663",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-228xx/CVE-2025-22897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22897",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:14.807",
"lastModified": "2025-03-04T04:15:14.807",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-232xx/CVE-2025-23234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23234",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:14.953",
"lastModified": "2025-03-04T04:15:14.953",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-232xx/CVE-2025-23240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23240",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.097",
"lastModified": "2025-03-04T04:15:15.097",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-234xx/CVE-2025-23409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23409",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.240",
"lastModified": "2025-03-04T04:15:15.240",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-234xx/CVE-2025-23414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23414",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.377",
"lastModified": "2025-03-04T04:15:15.377",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2025/CVE-2025-234xx/CVE-2025-23418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23418",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.523",
"lastModified": "2025-03-04T04:15:15.523",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,12 +65,44 @@
"value": "CWE-125"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-234xx/CVE-2025-23420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23420",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.657",
"lastModified": "2025-03-04T04:15:15.657",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-243xx/CVE-2025-24301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24301",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.803",
"lastModified": "2025-03-04T04:15:15.803",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2025/CVE-2025-243xx/CVE-2025-24309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24309",
"sourceIdentifier": "scy@openharmony.io",
"published": "2025-03-04T04:15:15.940",
"lastModified": "2025-03-04T04:15:15.940",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:12:06.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -47,10 +67,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "6B5AAC0F-329C-4C58-AEFB-D46487A45037"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Vendor Advisory"
]
}
]
}

49
CVE-2025/CVE-2025-259xx/CVE-2025-25939.json
View File

@ -2,20 +2,63 @@
"id": "CVE-2025-25939",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T19:15:35.290",
"lastModified": "2025-03-03T19:15:35.290",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:17.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter."
},
{
"lang": "es",
"value": "Reprise License Manager 14.2 es vulnerable a cross-site scripting reflejado en /goform/activate_process a trav\u00e9s del par\u00e1metro akey."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SamR2406/CVE-IDs/blob/main/Reprise%20License%20Manager%2014.2%20-%20Reflected%20Cross-Site%20Scripting%20%28CVE-2025-25939%29",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/SamR2406/CVE-IDs/blob/main/Reprise%20License%20Manager%2014.2%20-%20Reflected%20Cross-Site%20Scripting%20%28CVE-2025-25939%29",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2025/CVE-2025-259xx/CVE-2025-25949.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25949",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T01:15:11.423",
"lastModified": "2025-03-03T01:15:11.423",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:17.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios mediante la inyecci\u00f3n de un payload manipulada en el par\u00e1metro de ID de usuario en /rest/staffResource/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636",

45
CVE-2025/CVE-2025-259xx/CVE-2025-25967.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25967",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T19:15:35.400",
"lastModified": "2025-03-03T19:15:35.400",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:18.070",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests."
},
{
"lang": "es",
"value": "La versi\u00f3n 10.1.1 de Acora CMS es vulnerable a Cross-Site Request Forgery (CSRF). Esta falla permite a los atacantes enga\u00f1ar a los usuarios autenticados para que realicen acciones no autorizadas, como la eliminaci\u00f3n de cuentas o la creaci\u00f3n de usuarios, mediante la incorporaci\u00f3n de solicitudes maliciosas en contenido externo. La falta de protecci\u00f3n CSRF permite la explotaci\u00f3n mediante solicitudes manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/padayali-JD/CVE-2025-25967",

21
CVE-2025/CVE-2025-260xx/CVE-2025-26091.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-26091",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T17:15:18.243",
"lastModified": "2025-03-04T17:15:18.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the \"My Passwords\" page."
}
],
"metrics": {},
"references": [
{
"url": "https://brunocaseiro.github.io/CVE-2025-26091/",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-261xx/CVE-2025-26182.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-26182",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T17:15:18.363",
"lastModified": "2025-03-04T17:15:18.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file"
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/GSBP0/007355c5f6bd213264ae1c35c347e5cc",
"source": "cve@mitre.org"
}
]
}

45
CVE-2025/CVE-2025-262xx/CVE-2025-26206.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26206",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T19:15:35.507",
"lastModified": "2025-03-03T19:15:35.507",
"vulnStatus": "Received",
"lastModified": "2025-03-04T17:15:18.487",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component"
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Request Forgery en sell done storefront v.1.0 permite que un atacante remoto escale privilegios a trav\u00e9s del componente index.html"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/selldone/storefront/blob/main/index.html",

80
CVE-2025/CVE-2025-265xx/CVE-2025-26594.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26594",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:38.227",
"lastModified": "2025-02-25T16:15:38.227",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26594",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345248",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2025/CVE-2025-265xx/CVE-2025-26595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26595",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:38.390",
"lastModified": "2025-02-25T16:15:38.390",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26595",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345257",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

90
CVE-2025/CVE-2025-265xx/CVE-2025-26596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26596",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:38.603",
"lastModified": "2025-02-25T16:15:38.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,23 +42,101 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26596",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345256",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

90
CVE-2025/CVE-2025-265xx/CVE-2025-26597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26597",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:38.797",
"lastModified": "2025-02-25T16:15:38.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,23 +42,101 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26597",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345255",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2025/CVE-2025-265xx/CVE-2025-26598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26598",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:38.977",
"lastModified": "2025-02-25T16:15:38.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26598",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2025/CVE-2025-265xx/CVE-2025-26599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26599",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:39.163",
"lastModified": "2025-02-25T16:15:39.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26599",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345253",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2025/CVE-2025-266xx/CVE-2025-26600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26600",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:39.350",
"lastModified": "2025-02-25T16:15:39.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26600",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2025/CVE-2025-266xx/CVE-2025-26601.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26601",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-25T16:15:39.537",
"lastModified": "2025-02-25T16:15:39.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-04T17:22:39.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +51,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-26601",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2025/CVE-2025-271xx/CVE-2025-27150.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-27150",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-04T17:15:18.663",
"lastModified": "2025-03-04T17:15:18.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-538"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/a6702622a8db969a17522b8fac0774afdb1c916f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-jc5r-684x-j46q",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=41870",
"source": "security-advisories@github.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More