admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-05T17:00:20.315796+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-05 17:03:50 +00:00
parent d98aa77963
commit 4a84132ab1
103 changed files with 5428 additions and 555 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-77xx/CVE-2020-7709.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-7709",
"sourceIdentifier": "report@snyk.io",
"published": "2020-10-05T08:15:17.873",
"lastModified": "2024-11-21T05:37:39.330",
"lastModified": "2025-03-05T16:25:09.277",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -105,9 +105,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smallpdf:json-pointer:*:*:*:*:*:node.js:*:*",
"criteria": "cpe:2.3:a:manuelstofer:json-pointer:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "0.6.1",
"matchCriteriaId": "932B7E85-3F8D-4572-AAC6-AECFCB914C8A"
"matchCriteriaId": "DC87709D-5381-4E55-891C-CE3F2FE6919E"
}
]
}

6
CVE-2021/CVE-2021-238xx/CVE-2021-23807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-23807",
"sourceIdentifier": "report@snyk.io",
"published": "2021-11-03T18:15:08.230",
"lastModified": "2024-11-21T05:51:53.750",
"lastModified": "2025-03-05T16:24:40.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -105,9 +105,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jsonpointer_project:jsonpointer:*:*:*:*:*:node.js:*:*",
"criteria": "cpe:2.3:a:janl:jsonpointer:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.0.0",
"matchCriteriaId": "9BFA123B-3852-4DD3-B0CE-FB58D0523294"
"matchCriteriaId": "320DE2B5-606F-4DC3-B80D-A5A681A1F768"
}
]
}

22
CVE-2021/CVE-2021-363xx/CVE-2021-36396.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36396",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-03-06T21:15:10.577",
"lastModified": "2024-11-21T06:13:40.670",
"lastModified": "2025-03-05T16:15:35.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

32
CVE-2022/CVE-2022-463xx/CVE-2022-46394.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46394",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-08T19:15:10.613",
"lastModified": "2024-11-21T07:30:30.737",
"lastModified": "2025-03-05T16:15:36.350",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

201
CVE-2022/CVE-2022-487xx/CVE-2022-48701.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T16:15:08.547",
"lastModified": "2024-11-21T07:33:49.133",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,71 +15,234 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige un error fuera de los l\u00edmites en __snd_usb_parse_audio_interface() Puede haber un dispositivo de audio USB defectuoso con una ID de USB de (0x04fa, 0x4201) y el Si el n\u00famero de interfaces es inferior a 4, se produce un error de lectura fuera de l\u00edmites al analizar el descriptor de interfaz para este dispositivo. Solucione este problema verificando la cantidad de interfaces."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.328",
"matchCriteriaId": "82C9EA22-96BE-488C-A979-0A1FBD90A0AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.293",
"matchCriteriaId": "5D9B742D-912D-4E0C-A42F-367086FDEA88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.258",
"matchCriteriaId": "253D30F5-3734-4663-883A-288786D3B66E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.213",
"matchCriteriaId": "4C373116-9E23-44BA-A6B7-87C8BF5C3B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.143",
"matchCriteriaId": "E77EECF5-C31E-4342-8014-AA844BB83A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.68",
"matchCriteriaId": "C440CED2-FE3C-495D-839C-857FFC6F523A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.19.9",
"matchCriteriaId": "B4895A99-6E1B-4C76-A510-FDED00AD7D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

201
CVE-2022/CVE-2022-487xx/CVE-2022-48702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48702",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T16:15:08.593",
"lastModified": "2024-11-21T07:33:49.250",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,71 +15,234 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ALSA: emu10k1: corrige el acceso fuera de los l\u00edmites en snd_emu10k1_pcm_channel_alloc() El asignador de voz a veces comienza a asignar desde cerca del final de la matriz y luego regresa, sin embargo, snd_emu10k1_pcm_channel_alloc() accede al nuevo asign\u00f3 voces como si nunca hubiera terminado. Esto da como resultado un acceso fuera de los l\u00edmites si la primera voz tiene un \u00edndice lo suficientemente alto como para que primera_voz + recuento_de_voces_solicitadas > NUM_G (64). Cuantas m\u00e1s voces se soliciten, m\u00e1s probabilidades habr\u00e1 de que esto ocurra. Esto se descubri\u00f3 inicialmente usando PipeWire, sin embargo, se puede reproducir llamando a aplay varias veces con 16 canales: aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero UBSAN: array-index-out -of-bounds en sound/pci/emu10k1/emupcm.c:127:40 el \u00edndice 65 est\u00e1 fuera de rango para el tipo 'snd_emu10k1_voice [64]' CPU: 1 PID: 31977 Comm: aplay Contaminado: GW IOE 6.0.0-rc2 -emu10k1+ #7 Nombre del hardware: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 22/07/2010 Seguimiento de llamadas: dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x3f __ubsan_handle_out_of_bounds.cold + 0x44/0x49 snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1] snd_pcm_hw_params+0x29f/0x600 [snd_pcm] snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm] ? exit_to_user_mode_prepare+0x35/0x170? do_syscall_64+0x69/0x90? syscall_exit_to_user_mode+0x26/0x50? do_syscall_64+0x69/0x90? exit_to_user_mode_prepare+0x35/0x170 snd_pcm_ioctl+0x27/0x40 [snd_pcm] __x64_sys_ioctl+0x95/0xd0 do_syscall_64+0x5c/0x90 ? do_syscall_64+0x69/0x90? do_syscall_64+0x69/0x90 entrada_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.328",
"matchCriteriaId": "82C9EA22-96BE-488C-A979-0A1FBD90A0AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.293",
"matchCriteriaId": "5D9B742D-912D-4E0C-A42F-367086FDEA88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.258",
"matchCriteriaId": "253D30F5-3734-4663-883A-288786D3B66E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.213",
"matchCriteriaId": "4C373116-9E23-44BA-A6B7-87C8BF5C3B85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.143",
"matchCriteriaId": "E77EECF5-C31E-4342-8014-AA844BB83A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.68",
"matchCriteriaId": "C440CED2-FE3C-495D-839C-857FFC6F523A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.19.9",
"matchCriteriaId": "CDB5FDE9-1E3B-4462-8595-E937AA442258"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

89
CVE-2022/CVE-2022-487xx/CVE-2022-48703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48703",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T16:15:08.650",
"lastModified": "2024-11-21T07:33:49.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,98 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/int340x_thermal: maneja data_vault cuando el valor es ZERO_SIZE_PTR. En algunos casos, el GDDV devuelve un paquete con un buffer que tiene longitud cero. Provoca que kmemdup() devuelva ZERO_SIZE_PTR (0x10). Luego, data_vault_read() tuvo un problema de desreferencia de punto NULL al acceder al valor 0x10 en data_vault. [71.024560] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000010 Este parche usa ZERO_OR_NULL_PTR() para verificar ZERO_SIZE_PTR o el valor NULL en data_vault."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.9",
"matchCriteriaId": "A99BA199-0BFA-4BF0-A0C7-3EBC72400E1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

32
CVE-2023/CVE-2023-228xx/CVE-2023-22890.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-08T21:15:10.703",
"lastModified": "2024-11-21T07:45:35.493",
"lastModified": "2025-03-05T15:15:11.563",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24775.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24775",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-07T18:15:09.117",
"lastModified": "2024-11-21T07:48:23.700",
"lastModified": "2025-03-05T15:15:12.233",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-251xx/CVE-2023-25143.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25143",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-03-10T21:15:14.883",
"lastModified": "2024-11-21T07:49:11.480",
"lastModified": "2025-03-05T15:15:12.443",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-427"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25223.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25223",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-07T17:15:12.703",
"lastModified": "2024-11-21T07:49:20.550",
"lastModified": "2025-03-05T16:15:36.693",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

56
CVE-2023/CVE-2023-386xx/CVE-2023-38693.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-38693",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-05T16:15:37.007",
"lastModified": "2025-03-05T16:15:37.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://github.com/lucee/Lucee/security/advisories/GHSA-vwjx-mmwm-pwrf",
"source": "security-advisories@github.com"
}
]
}

54
CVE-2023/CVE-2023-67xx/CVE-2023-6731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6731",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:08.150",
"lastModified": "2024-11-21T08:44:26.570",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:generatepress:wp_show_posts:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.6",
"matchCriteriaId": "297C6782-FB3D-4DF1-9C61-1278874C510C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071911%40wp-show-posts%2Ftrunk&old=3041416%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071911%40wp-show-posts%2Ftrunk&old=3041416%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-127xx/CVE-2024-12799.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-12799",
"sourceIdentifier": "security@opentext.com",
"published": "2025-03-05T15:15:13.127",
"lastModified": "2025-03-05T15:15:13.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:H/U:Red",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "PRESENT",
"Automatable": "YES",
"Recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "HIGH",
"providerUrgency": "RED"
}
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000037455",
"source": "security@opentext.com"
}
]
}

84
CVE-2024/CVE-2024-15xx/CVE-2024-1572.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1572",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:11.780",
"lastModified": "2024-11-21T08:50:51.713",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpulike:wp_ulike:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.0",
"matchCriteriaId": "FB35FA70-ED4C-4F42-AE7E-77F3321A6E46"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ulike/tags/4.6.9/includes/functions/templates.php#L70",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3052611/wp-ulike/trunk/includes/classes/class-wp-ulike-cta-template.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ulike/tags/4.6.9/includes/functions/templates.php#L70",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3052611/wp-ulike/trunk/includes/classes/class-wp-ulike-cta-template.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-17xx/CVE-2024-1759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1759",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:12.983",
"lastModified": "2024-11-21T08:51:15.043",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpulike:wp_ulike:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.0",
"matchCriteriaId": "FB35FA70-ED4C-4F42-AE7E-77F3321A6E46"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3052611/wp-ulike/trunk/admin/classes/class-wp-ulike-widget.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3052611/wp-ulike/trunk/admin/classes/class-wp-ulike-widget.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-17xx/CVE-2024-1797.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1797",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:13.150",
"lastModified": "2024-11-21T08:51:20.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpulike:wp_ulike:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.0",
"matchCriteriaId": "FB35FA70-ED4C-4F42-AE7E-77F3321A6E46"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052611%40wp-ulike&new=3052611%40wp-ulike&sfp_email=&sfph_mail=#file43",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d225dee1-305c-4378-bc07-192347a0c838?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052611%40wp-ulike&new=3052611%40wp-ulike&sfp_email=&sfph_mail=#file43",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d225dee1-305c-4378-bc07-192347a0c838?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-230xx/CVE-2024-23081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23081",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T23:15:07.757",
"lastModified": "2024-11-21T08:56:54.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -22,31 +22,101 @@
"value": "Se descubri\u00f3 que ThreeTen Backport v1.6.8 conten\u00eda una excepci\u00f3n NullPointerException a trav\u00e9s del componente org.treeten.bp.LocalDate::compareTo(ChronoLocalDate)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:threeten:threeten_backport:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8D09D261-8F05-4520-BD47-7470DD0B01AF"
}
]
}
]
}
],
"references": [
{
"url": "http://threeten.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ThreeTen/threetenbp",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://threeten.com",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ThreeTen/threetenbp",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}

77
CVE-2024/CVE-2024-25xx/CVE-2024-2561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2561",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T11:15:06.540",
"lastModified": "2024-11-21T09:10:00.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:74cms:74cms:3.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA0651-E3D9-4A47-B719-189F26AC633F"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.257060",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257060",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.257060",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257060",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-25xx/CVE-2024-2562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2562",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T12:15:07.343",
"lastModified": "2024-11-21T09:10:01.040",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pandax:pandax:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-03-10",
"matchCriteriaId": "09811585-2FBA-46CC-95B6-684FDADF7CA3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PandaXGO/PandaX/issues/4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.257061",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257061",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://github.com/PandaXGO/PandaX/issues/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.257061",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257061",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}
]
}

78
CVE-2024/CVE-2024-25xx/CVE-2024-2563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2563",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T12:15:07.617",
"lastModified": "2024-11-21T09:10:01.167",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pandax:pandax:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-03-10",
"matchCriteriaId": "09811585-2FBA-46CC-95B6-684FDADF7CA3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PandaXGO/PandaX/pull/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.257062",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257062",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://github.com/PandaXGO/PandaX/pull/3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.257062",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257062",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-25xx/CVE-2024-2565.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2565",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T15:15:07.187",
"lastModified": "2024-11-21T09:10:01.430",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pandax:pandax:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-03-10",
"matchCriteriaId": "09811585-2FBA-46CC-95B6-684FDADF7CA3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PandaXGO/PandaX/issues/5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.257064",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257064",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://github.com/PandaXGO/PandaX/issues/5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.257064",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257064",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-25xx/CVE-2024-2566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2566",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T15:15:07.420",
"lastModified": "2024-11-21T09:10:01.570",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kelixin_communication_command_and_dispatch_project:kelixin_communication_command_and_dispatch:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-03-13",
"matchCriteriaId": "F3092E4E-FA61-4B39-8905-983882970FF9"
}
]
}
]
}
],
"references": [
{
"url": "https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-get_extension_yl.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.257065",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257065",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-get_extension_yl.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.257065",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257065",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

114
CVE-2024/CVE-2024-270xx/CVE-2024-27026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27026",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:48.940",
"lastModified": "2024-11-21T09:03:41.530",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vmxnet3: corrige la falta de espacio reservado. Use rbi->len en lugar de rcd->len para paquetes que no son de datos. Problema encontrado: XDP_WARN: xdp_update_frame_from_buff(line:278): ERROR del controlador: falta el cuarto de cola reservado ADVERTENCIA: CPU: 0 PID: 0 en net/core/xdp.c:586 xdp_warn+0xf/0x20 CPU: 0 PID: 0 Comm: swapper /0 Contaminado: GWO 6.5.1 #1 RIP: 0010:xdp_warn+0xf/0x20 ... ? xdp_warn+0xf/0x20 xdp_do_redirect+0x15f/0x1c0 vmxnet3_run_xdp+0x17a/0x400 [vmxnet3] vmxnet3_process_xdp+0xe4/0x760 [vmxnet3] ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3] vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3] vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3] __napi_poll+0x20/0x180 net_rx_action+0x177/ 0x390"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "5B28A88F-F85F-4008-8F7C-44FC9152916E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7c8505ecc2d15473d679b8e06335434b84fffe86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aba8659caf88017507419feea06069f529329ea6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e127ce7699c1e05279ee5ee61f00893e7bfa9671",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c8505ecc2d15473d679b8e06335434b84fffe86",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aba8659caf88017507419feea06069f529329ea6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e127ce7699c1e05279ee5ee61f00893e7bfa9671",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

131
CVE-2024/CVE-2024-270xx/CVE-2024-27061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:50.593",
"lastModified": "2024-11-21T09:03:46.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,144 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: sun8i-ce: se corrige el use after free en unprepare. Se debe llamar a sun8i_ce_cipher_unprepare antes de crypto_finalize_skcipher_request, porque las devoluciones de llamada del cliente pueden liberar inmediatamente memoria, que ya no es necesaria. Pero ser\u00e1 utilizado por los que no est\u00e9n preparados despu\u00e9s de ser gratuito. Antes de eliminar las devoluciones de llamada de preparaci\u00f3n/despreparaci\u00f3n, el motor criptogr\u00e1fico lo manejaba en crypto_finalize_request. Por lo general, esto resulta en un problema de desreferencia del puntero durante una autoprueba en criptograf\u00eda. No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000030 Informaci\u00f3n de cancelaci\u00f3n de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: falla de traducci\u00f3n de nivel 0 Informaci\u00f3n de cancelaci\u00f3n de datos: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 usuario pgtable: p\u00e1ginas de 4k, VA de 48 bits, pgdp=000000004716d000 [0000000000000030] pgd=0000000000000000, p4d=000000000000000000 Error interno: Ups: 0000000096000004 [# 1] SMP Este problema tambi\u00e9n lo detecta KASAN. ==================================================== ================ ERROR: KASAN: slab-use-after-free en sun8i_ce_cipher_do_one+0x6e8/0xf80 [sun8i_ce] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff00000dcdc040 por tarea 1c15000.crypto-/ 373 Nombre del hardware: Pine64 PinePhone (1.2) (DT) Rastreo de llamadas: dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 print_report+0xf8/0x5d8 kasan_report+0x90/0xd0 __asan_load8+0x9c/0xc0 _cipher_do_one+0x6e8/0xf80 [sun8i_ce] crypto_pump_work+0x354/0x620 [crypto_engine] kthread_worker_fn+0x244/0x498 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Asignado por tarea 379: kasan_save_stack+0x3c/0x68 c/0x40 kasan_save_alloc_info+0x24/0x38 __kasan_kmalloc+0xd4/ 0xd8 __kmalloc+0x74/0x1d0 alg_test_skcipher+0x90/0x1f0 alg_test+0x24c/0x830 cryptomgr_test+0x38/0x60 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Liberado por la tarea 379: 3c/0x68 kasan_set_track+0x2c/0x40 kasan_save_free_info+0x38/ 0x60 __kasan_slab_free+0x100/0x170 slab_free_freelist_hook+0xd4/0x1e8 __kmem_cache_free+0x15c/0x290 kfree+0x74/0x100 kfree_SENSITIVE+0x80/0xb0 alg_test_skcipher+0x12c/0x1f0 24c/0x830 cryptomgr_test+0x38/0x60 kthread+0x168/0x178 ret_from_fork+0x10/ 0x20 La direcci\u00f3n con errores pertenece al objeto en ffff00000dcdc000 que pertenece al cach\u00e9 kmalloc-256 de tama\u00f1o 256. La direcci\u00f3n con errores se encuentra a 64 bytes dentro de la regi\u00f3n liberada de 256 bytes [ffff00000dcdc000, ffff00000dcdc100)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.24",
"matchCriteriaId": "0A32A237-A8EE-4654-9BB7-94C95ED898F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.12",
"matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/183420038444547c149a0fc5f58e792c2752860c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/51a7d338c212e0640b1aca52ba6590d5bea49879",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc60b25540c82fc4baa95d1458ae96ead21859e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/183420038444547c149a0fc5f58e792c2752860c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/51a7d338c212e0640b1aca52ba6590d5bea49879",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc60b25540c82fc4baa95d1458ae96ead21859e0",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

80
CVE-2024/CVE-2024-270xx/CVE-2024-27079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27079",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:51.443",
"lastModified": "2024-11-21T09:03:49.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/vt-d: corrige el dominio NULL al lanzar el dispositivo. En el kernel kdump, IOMMU opera en modo deferred_attach. En este modo, es posible que info->dominio a\u00fan no est\u00e9 asignado cuando se llama a la funci\u00f3n release_device. Conduce al siguiente bloqueo en el kernel bloqueado: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 +0x39/ 0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 vice+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Uso el mecanismo release_domain para solucionarlo. La entrada de contexto del modo escalable que no forma parte del dominio de lanzamiento debe borrarse en release_device()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "8EE257FD-236E-4180-A5F9-5DAA3C10F6F8"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

55
CVE-2024/CVE-2024-319xx/CVE-2024-31903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31903",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-22T16:15:29.030",
"lastModified": "2025-01-22T16:15:29.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-05T16:02:20.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,6 +19,26 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -51,10 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.0.0.0",
"versionEndIncluding": "6.1.2.5",
"matchCriteriaId": "61E77E5A-B2DD-4ABA-BD86-7D097EB0AC8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.2.0.0",
"versionEndIncluding": "6.2.0.2",
"matchCriteriaId": "AC25541C-DC23-4384-8DA8-30A7528FD1AB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7172233",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-319xx/CVE-2024-31913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31913",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-06T16:15:28.163",
"lastModified": "2025-01-06T16:15:28.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-05T16:02:20.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,10 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.0.0.0",
"versionEndIncluding": "6.1.2.5",
"matchCriteriaId": "61E77E5A-B2DD-4ABA-BD86-7D097EB0AC8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.2.0.0",
"versionEndIncluding": "6.2.0.2",
"matchCriteriaId": "AC25541C-DC23-4384-8DA8-30A7528FD1AB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176081",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-325xx/CVE-2024-32567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32567",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-18T10:15:10.910",
"lastModified": "2024-11-21T09:15:11.840",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:designinvento:directorypress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.6.8",
"matchCriteriaId": "60543EFB-43BF-401C-BCBA-0463ED7FF4B2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-329xx/CVE-2024-32977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32977",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-14T16:17:12.590",
"lastModified": "2024-11-21T09:16:09.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
@ -51,22 +71,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.1",
"matchCriteriaId": "17A95EDB-8459-432C-A6FF-E84427A4EB28"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-339xx/CVE-2024-33914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33914",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-03T09:15:08.257",
"lastModified": "2024-11-21T09:17:43.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-05T15:11:27.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exclusiveaddons:exclusive_addons_for_elementor:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.6.9.2",
"matchCriteriaId": "032D8A14-6E57-42EB-BBBD-4ACB008E6AEB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-37xx/CVE-2024-3719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3719",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-13T11:15:46.447",
"lastModified": "2024-11-21T09:30:14.340",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,38 +96,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:house_rental_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43C975E7-ADB4-4AAF-8883-8998E01355B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%205.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260571",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260571",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314205",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%205.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.260571",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.260571",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.314205",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
CVE-2024/CVE-2024-393xx/CVE-2024-39312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39312",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-08T17:15:11.547",
"lastModified": "2024-11-21T09:27:26.250",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -51,14 +71,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.19.5",
"matchCriteriaId": "61B1DDAB-A102-4C7D-B680-1544D88151E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "85DA9E3B-CA36-4070-941B-D6811931D262"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

125
CVE-2024/CVE-2024-393xx/CVE-2024-39319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39319",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-26T16:15:07.947",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
@ -51,50 +73,127 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020.10.15",
"matchCriteriaId": "05061318-1635-43D5-A3AC-D50C5DBF09B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2021.04.1",
"versionEndExcluding": "2021.10.8",
"matchCriteriaId": "E56BF038-B298-4A8C-9A06-188F422058A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.04.1",
"versionEndExcluding": "2022.10.8",
"matchCriteriaId": "85A13E16-25D0-4845-88B6-4C19AF1AC33D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.04.1",
"versionEndExcluding": "2023.10.9",
"matchCriteriaId": "F2D983DE-A57B-46AD-911E-44253A9A0373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:2024.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9707F760-DC26-4879-8BB0-EA49A1E415B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-399xx/CVE-2024-39903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39903",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-12T15:15:11.177",
"lastModified": "2024-11-21T09:28:32.080",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -51,22 +71,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widgetti:solara:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.1",
"matchCriteriaId": "9075B59E-6E80-483D-9A8A-FE45449937CD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-455xx/CVE-2024-45597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45597",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T22:15:01.967",
"lastModified": "2024-09-11T16:26:11.920",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -51,14 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluto-lang:pluto:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.0",
"versionEndExcluding": "0.9.5",
"matchCriteriaId": "5C70FB7A-8911-49F4-8EC2-B9D290D70933"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PlutoLang/Pluto/pull/945",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PlutoLang/Pluto/security/advisories/GHSA-w8xp-pmx2-37w7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-478xx/CVE-2024-47821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-25T23:15:02.530",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A06D79-6D64-41FB-9040-17E9630DF4E9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-478xx/CVE-2024-47836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47836",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T20:15:06.350",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:25.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,12 +69,43 @@
"value": "CWE-502"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.12",
"matchCriteriaId": "E1C43E68-074E-42B1-B940-6D1304AB175C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2024/CVE-2024-506xx/CVE-2024-50684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50684",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-26T21:15:17.267",
"lastModified": "2025-02-26T21:15:17.267",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:14.537",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "La aplicaci\u00f3n para Android SunGrow iSolarCloud V2.1.6.20241017 y versiones anteriores utilizan una clave AES insegura para cifrar los datos del cliente (entrop\u00eda insuficiente). Esto puede permitir a los atacantes descifrar las comunicaciones interceptadas entre la aplicaci\u00f3n m\u00f3vil y iSolarCloud."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://en.sungrowpower.com/security-notice-detail-2/6126",

87
CVE-2024/CVE-2024-51xx/CVE-2024-5103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-19T21:15:06.893",
"lastModified": "2024-11-21T09:46:58.490",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:57.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,38 +140,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B428FEE-6202-4945-8D0F-4E4734D573EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265093",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265093",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338506",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265093",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265093",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338506",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

87
CVE-2024/CVE-2024-51xx/CVE-2024-5104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-19T22:15:24.520",
"lastModified": "2024-11-21T09:46:58.640",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:57.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,38 +140,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B428FEE-6202-4945-8D0F-4E4734D573EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265094",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265094",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338507",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265094",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265094",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338507",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

87
CVE-2024/CVE-2024-51xx/CVE-2024-5105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5105",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-19T23:15:07.320",
"lastModified": "2024-11-21T09:46:58.763",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:57.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,38 +140,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B428FEE-6202-4945-8D0F-4E4734D573EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265095",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265095",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338508",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265095",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265095",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338508",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

87
CVE-2024/CVE-2024-51xx/CVE-2024-5106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5106",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-19T23:15:07.600",
"lastModified": "2024-11-21T09:46:58.907",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-05T14:53:57.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,38 +140,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B428FEE-6202-4945-8D0F-4E4734D573EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265096",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265096",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338509",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.265096",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.265096",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.338509",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

8
CVE-2024/CVE-2024-536xx/CVE-2024-53676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53676",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-27T01:15:05.250",
"lastModified": "2024-12-11T16:49:45.783",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-05T15:15:14.717",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -106,6 +106,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/pwnfuzz/POCs/tree/main/CVE-2024-53676",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

66
CVE-2025/CVE-2025-16xx/CVE-2025-1639.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2025-1639",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-04T04:15:11.697",
"lastModified": "2025-03-04T04:15:11.697",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:39:15.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site."
},
{
"lang": "es",
"value": "El complemento Animation Addons for Elementor Pro para WordPress es vulnerable a la instalaci\u00f3n de complementos arbitrarios no autorizados debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n install_elementor_plugin_handler() en todas las versiones hasta la 1.6 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen y activen complementos arbitrarios que pueden aprovecharse para infectar a\u00fan m\u00e1s a una v\u00edctima cuando Elementor no est\u00e1 activado en un sitio vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -45,16 +69,50 @@
"value": "CWE-862"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crowdytheme:arolax:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7",
"matchCriteriaId": "8D74F35E-060C-4BC1-AB28-040E0D5F4E86"
}
]
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/arolax-creative-digital-agency-theme/53547630",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb310bdb-fc74-47b2-9371-3d10abd287fb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2025/CVE-2025-16xx/CVE-2025-1695.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1695",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2025-03-04T01:15:10.063",
"lastModified": "2025-03-04T01:15:10.063",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:18:38.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS). \u00a0There is no control plane exposure; this is a data plane issue only. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "En NGINX Unit anterior a la versi\u00f3n 1.34.2 con el m\u00f3dulo de lenguaje Java en uso, las solicitudes no reveladas pueden generar un bucle infinito y provocar un aumento en la utilizaci\u00f3n de los recursos de la CPU. Esta vulnerabilidad permite que un atacante remoto provoque una degradaci\u00f3n que puede provocar una denegaci\u00f3n de servicio (DoS) limitada. No hay exposici\u00f3n del plano de control; se trata \u00fanicamente de un problema del plano de datos. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
}
],
"metrics": {
@ -91,10 +95,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.1",
"versionEndExcluding": "1.34.2",
"matchCriteriaId": "C948A6A6-5CA3-47D1-8A7F-7245C1160D14"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000149959",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2025/CVE-2025-17xx/CVE-2025-1714.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-1714",
"sourceIdentifier": "security@puppet.com",
"published": "2025-03-05T15:15:15.413",
"lastModified": "2025-03-05T15:15:15.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@puppet.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@puppet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://perforce1.lightning.force.com/lightning/r/a91PA000001ScY1YAK/view",
"source": "security@puppet.com"
}
]
}

84
CVE-2025/CVE-2025-18xx/CVE-2025-1894.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1894",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T02:15:35.380",
"lastModified": "2025-03-04T02:15:35.380",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:18:38.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Restaurant Table Booking System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /search-result.php. La manipulaci\u00f3n del argumento searchdata provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -76,6 +80,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -118,28 +142,72 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:restaurant_table_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02963BE3-61BC-41D5-82BA-71B773AA8FA0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Maochuyue/cve/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.298412",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.298412",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.506592",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2025/CVE-2025-18xx/CVE-2025-1895.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1895",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-04T02:15:36.163",
"lastModified": "2025-03-04T02:15:36.163",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:18:38.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda TX3 16.03.13.11_multi. Afecta a una parte desconocida del archivo /goform/setMacFilterCfg. La manipulaci\u00f3n del argumento deviceList provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -120,26 +144,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:tx3_firmware:16.03.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0C30310A-46F8-4A10-8718-B36DE179BA4A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:tx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E287DCCF-7DF1-4FBE-8A50-A95E272A5B40"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_1.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.298413",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.298413",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?submit.506601",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

33
CVE-2025/CVE-2025-19xx/CVE-2025-1914.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1914",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:10.233",
"lastModified": "2025-03-05T04:15:10.233",
"lastModified": "2025-03-05T15:15:15.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en la versi\u00f3n 8 de Google Chrome anterior a la 134.0.6998.35 permit\u00eda a un atacante remoto realizar un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1915.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1915",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.147",
"lastModified": "2025-03-05T04:15:11.147",
"lastModified": "2025-03-05T15:15:15.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "La limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido en DevTools en Google Chrome en Windows antes de la versi\u00f3n 134.0.6998.35 permiti\u00f3 que un atacante que convenciera a un usuario para que instalara una extensi\u00f3n maliciosa eludiera las restricciones de acceso a archivos a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1916.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1916",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.267",
"lastModified": "2025-03-05T04:15:11.267",
"lastModified": "2025-03-05T15:15:15.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "El use-after-free en los perfiles de Google Chrome anteriores a la versi\u00f3n 134.0.6998.35 permit\u00eda que un atacante que convenciera a un usuario para que instalara una extensi\u00f3n maliciosa pudiera explotar la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1917.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1917",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.393",
"lastModified": "2025-03-05T04:15:11.393",
"lastModified": "2025-03-05T15:15:16.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inadecuada en la interfaz de usuario del navegador de Google Chrome en Android anterior a la versi\u00f3n 134.0.6998.35 permiti\u00f3 que un atacante remoto suplantara la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1918.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1918",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.520",
"lastModified": "2025-03-05T04:15:11.520",
"lastModified": "2025-03-05T15:15:16.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en PDFium en Google Chrome anterior a la versi\u00f3n 134.0.6998.35 permit\u00eda a un atacante remoto realizar un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de un archivo PDF manipulado por un usuario. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1919.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1919",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.647",
"lastModified": "2025-03-05T04:15:11.647",
"lastModified": "2025-03-05T15:15:16.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en Media en Google Chrome anterior a la versi\u00f3n 134.0.6998.35 permit\u00eda a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1921.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1921",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.763",
"lastModified": "2025-03-05T04:15:11.763",
"lastModified": "2025-03-05T15:15:16.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inadecuada en Media Stream en Google Chrome anterior a la versi\u00f3n 134.0.6998.35 permit\u00eda a un atacante remoto obtener informaci\u00f3n sobre un perif\u00e9rico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1922.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1922",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:11.887",
"lastModified": "2025-03-05T04:15:11.887",
"lastModified": "2025-03-05T15:15:16.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inadecuada en Selection en Google Chrome en Android anterior a la versi\u00f3n 134.0.6998.35 permiti\u00f3 que un atacante remoto convenciera a un usuario para que realizara gestos espec\u00edficos de la interfaz de usuario para realizar una suplantaci\u00f3n de la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

33
CVE-2025/CVE-2025-19xx/CVE-2025-1923.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-1923",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-05T04:15:12.010",
"lastModified": "2025-03-05T04:15:12.010",
"lastModified": "2025-03-05T15:15:16.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)"
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inadecuada en los mensajes de permiso en Google Chrome anteriores a la versi\u00f3n 134.0.6998.35 permit\u00eda que un atacante que convenciera a un usuario para que instalara una extensi\u00f3n maliciosa suplantara la interfaz de usuario a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Gravedad de seguridad de Chromium: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2025/CVE-2025-19xx/CVE-2025-1963.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1963",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-05T00:15:37.723",
"lastModified": "2025-03-05T00:15:37.723",
"lastModified": "2025-03-05T16:15:37.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /reservation.php. The manipulation of the argument checkin leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en projectworlds Online Hotel Booking 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /reservation.php. La manipulaci\u00f3n del argumento checkin provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.511466",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/ubfbuz3/cve/issues/2",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

14
CVE-2025/CVE-2025-19xx/CVE-2025-1965.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1965",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-05T01:15:11.600",
"lastModified": "2025-03-05T01:15:11.600",
"lastModified": "2025-03-05T15:15:17.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument emailusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en ProjectWorlds Online Hotel Booking 1.0. Se trata de una funci\u00f3n desconocida del archivo /admin/login.php. La manipulaci\u00f3n del argumento emailusername provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.511473",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/ubfbuz3/cve/issues/4",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

14
CVE-2025/CVE-2025-19xx/CVE-2025-1966.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1966",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-05T02:15:36.157",
"lastModified": "2025-03-05T02:15:36.157",
"lastModified": "2025-03-05T15:15:17.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Pre-School Enrollment System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/index.php. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.512039",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/SECWG/cve/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

14
CVE-2025/CVE-2025-19xx/CVE-2025-1967.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1967",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-05T02:15:36.320",
"lastModified": "2025-03-05T02:15:36.320",
"lastModified": "2025-03-05T15:15:17.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en code-projects Blood Bank Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /user_dashboard/donor.php. La manipulaci\u00f3n del nombre del argumento provoca cross site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.512163",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/intercpt/XSS1/blob/main/XSS.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

112
CVE-2025/CVE-2025-210xx/CVE-2025-21095.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2025-21095",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-03-05T16:15:37.487",
"lastModified": "2025-03-05T16:15:37.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal may lead to arbitrary file download. The score without \nleast privilege principle violation is as calculated below. In \ncombination with other issues it may facilitate further compromise of \nthe device. Remediation in Version 6.8.0, release date: 01-Mar-25."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://support.ixiacom.com/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.keysight.com/us/en/contact.html",
"source": "ics-cert@hq.dhs.gov"
}
]
}

60
CVE-2025/CVE-2025-222xx/CVE-2025-22212.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-22212",
"sourceIdentifier": "security@joomla.org",
"published": "2025-03-05T16:15:37.643",
"lastModified": "2025-03-05T16:15:37.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the ConvertForms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22212",
"source": "security@joomla.org"
},
{
"url": "https://www.tassos.gr/",
"source": "security@joomla.org"
}
]
}

17
CVE-2025/CVE-2025-222xx/CVE-2025-22270.json
View File

@ -2,13 +2,24 @@
"id": "CVE-2025-22270",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-02-28T13:15:27.447",
"lastModified": "2025-02-28T13:15:27.447",
"vulnStatus": "Received",
"cveTags": [],
"lastModified": "2025-03-05T16:15:37.797",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cvd@cert.pl",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
},
{
"lang": "es",
"value": "Un atacante con acceso al panel de administraci\u00f3n, espec\u00edficamente a la pesta\u00f1a \"Administraci\u00f3n de roles\", puede inyectar c\u00f3digo agregando un nuevo rol en el campo \"nombre\". Sin embargo, cabe se\u00f1alar que el riesgo de explotar la vulnerabilidad se reduce debido al error adicional requerido que permite eludir la pol\u00edtica Content-Security-Policy, que mitiga la ejecuci\u00f3n de c\u00f3digo JS al tiempo que permite la inyecci\u00f3n de HTML. Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de contactar al proveedor, no recibimos ninguna respuesta."
}
],
"metrics": {

17
CVE-2025/CVE-2025-222xx/CVE-2025-22271.json
View File

@ -2,13 +2,24 @@
"id": "CVE-2025-22271",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-02-28T13:15:27.630",
"lastModified": "2025-02-28T13:15:27.630",
"vulnStatus": "Received",
"cveTags": [],
"lastModified": "2025-03-05T16:15:37.927",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cvd@cert.pl",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u00a0accountability\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n o su infraestructura permiten la suplantaci\u00f3n de direcciones IP al proporcionar su propio valor en el encabezado \"X-Forwarded-For\". Por lo tanto, el mecanismo de registro de acciones de la aplicaci\u00f3n pierde la responsabilidad. Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."
}
],
"metrics": {

17
CVE-2025/CVE-2025-222xx/CVE-2025-22272.json
View File

@ -2,13 +2,24 @@
"id": "CVE-2025-22272",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-02-28T13:15:27.770",
"lastModified": "2025-02-28T13:15:27.770",
"vulnStatus": "Received",
"cveTags": [],
"lastModified": "2025-03-05T16:15:38.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cvd@cert.pl",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
},
{
"lang": "es",
"value": "En el endpoint \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\", es posible inyectar c\u00f3digo en el par\u00e1metro \"modalDlgMsgInternal\" mediante POST, que luego se ejecuta en el navegador. El riesgo de explotar la vulnerabilidad se reduce debido a la omisi\u00f3n adicional requerida de la pol\u00edtica Content-Security-Policy. Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."
}
],
"metrics": {

17
CVE-2025/CVE-2025-222xx/CVE-2025-22273.json
View File

@ -2,13 +2,24 @@
"id": "CVE-2025-22273",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-02-28T13:15:27.927",
"lastModified": "2025-02-28T13:15:27.927",
"vulnStatus": "Received",
"cveTags": [],
"lastModified": "2025-03-05T16:15:38.140",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cvd@cert.pl",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n no limita la cantidad ni la frecuencia de las interacciones del usuario, como la cantidad de solicitudes entrantes. En el endpoint \"/EPMUI/VfManager.asmx/ChangePassword\" es posible realizar un ataque de fuerza bruta sobre la contrase\u00f1a actual en uso. Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."
}
],
"metrics": {

17
CVE-2025/CVE-2025-222xx/CVE-2025-22274.json
View File

@ -2,13 +2,24 @@
"id": "CVE-2025-22274",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-02-28T13:15:28.067",
"lastModified": "2025-02-28T13:15:28.067",
"vulnStatus": "Received",
"cveTags": [],
"lastModified": "2025-03-05T16:15:38.243",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cvd@cert.pl",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
},
{
"lang": "es",
"value": "Es posible inyectar c\u00f3digo HTML en el contenido de la p\u00e1gina mediante el campo \"contenido\" en la p\u00e1gina \"Definici\u00f3n de la aplicaci\u00f3n\". Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."
}
],
"metrics": {

45
CVE-2025/CVE-2025-231xx/CVE-2025-23117.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-23117",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-03-01T03:15:23.473",
"lastModified": "2025-03-01T03:15:23.473",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:38.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de actualizaci\u00f3n de firmware insuficiente podr\u00eda permitir que un actor malicioso autenticado con acceso a la red adyacente de UniFi Protect Cameras realice cambios no admitidos en el sistema de la c\u00e1mara."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f",

112
CVE-2025/CVE-2025-234xx/CVE-2025-23416.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2025-23416",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-03-05T16:15:38.530",
"lastModified": "2025-03-05T16:15:38.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal may lead to arbitrary file deletion. The score without \nleast privilege principle violation is as calculated below. In \ncombination with other issues it may facilitate further compromise of \nthe device. Remediation in Version 6.8.0, release date: 01-Mar-25."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://support.ixiacom.com/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.keysight.com/us/en/contact.html",
"source": "ics-cert@hq.dhs.gov"
}
]
}

112
CVE-2025/CVE-2025-244xx/CVE-2025-24494.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2025-24494",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-03-05T16:15:38.937",
"lastModified": "2025-03-05T16:15:38.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal may allow remote code execution using privileged account \n(requires device admin account, cannot be performed by a regular user). \nIn combination with the 'Upload' functionality this could be used to \nexecute an arbitrary script or possibly an uploaded binary. Remediation \nin Version 6.7.0, release date: 20-Oct-24."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://support.ixiacom.com/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.keysight.com/us/en/contact.html",
"source": "ics-cert@hq.dhs.gov"
}
]
}

112
CVE-2025/CVE-2025-245xx/CVE-2025-24521.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2025-24521",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-03-05T16:15:39.093",
"lastModified": "2025-03-05T16:15:39.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://support.ixiacom.com/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.keysight.com/us/en/contact.html",
"source": "ics-cert@hq.dhs.gov"
}
]
}

49
CVE-2025/CVE-2025-254xx/CVE-2025-25478.json
View File

@ -2,20 +2,63 @@
"id": "CVE-2025-25478",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T23:15:11.170",
"lastModified": "2025-02-28T23:15:11.170",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:39.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password."
},
{
"lang": "es",
"value": "La funci\u00f3n de carga de archivos de cuenta en Syspass 3.2.x no gestiona correctamente los caracteres especiales en los nombres de archivo. Esta mala gesti\u00f3n provoca la divulgaci\u00f3n del c\u00f3digo fuente de la aplicaci\u00f3n web, lo que deja expuesta informaci\u00f3n confidencial, como la contrase\u00f1a de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25478",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25478",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2025/CVE-2025-256xx/CVE-2025-25609.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25609",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T19:15:36.993",
"lastModified": "2025-02-28T19:15:36.993",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:39.460",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa"
},
{
"lang": "es",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contiene una vulnerabilidad de desbordamiento de b\u00fafer. La vulnerabilidad surge de la validaci\u00f3n de entrada incorrecta del par\u00e1metro static_ipv6 en la interfaz formIpv6Setup de /bin/boa"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md",

45
CVE-2025/CVE-2025-256xx/CVE-2025-25610.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25610",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T19:15:37.107",
"lastModified": "2025-02-28T19:15:37.107",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:39.623",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa."
},
{
"lang": "es",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contiene una vulnerabilidad de desbordamiento de b\u00fafer. La vulnerabilidad surge de la validaci\u00f3n de entrada incorrecta del par\u00e1metro static_gw en la interfaz formIpv6Setup de /bin/boa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_gw.md",

45
CVE-2025/CVE-2025-256xx/CVE-2025-25635.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25635",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T19:15:37.223",
"lastModified": "2025-02-28T19:15:37.223",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:39.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa."
},
{
"lang": "es",
"value": "TOTOlink A3002R V1.1.1-B20200824.0128 contiene una vulnerabilidad de desbordamiento de b\u00fafer. La vulnerabilidad surge de la validaci\u00f3n de entrada incorrecta del par\u00e1metro pppoe_dns1 en la interfaz formIpv6Setup de /bin/boa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-pppoe_dns1.md",

49
CVE-2025/CVE-2025-257xx/CVE-2025-25723.json
View File

@ -2,20 +2,63 @@
"id": "CVE-2025-25723",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T23:15:11.280",
"lastModified": "2025-02-28T23:15:11.280",
"vulnStatus": "Received",
"lastModified": "2025-03-05T16:15:39.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en GPAC versi\u00f3n 2.5 permite a un atacante local ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/issues/3089",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gpac/gpac/issues/3089",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2025/CVE-2025-257xx/CVE-2025-25784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25784",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-26T15:15:26.580",
"lastModified": "2025-02-26T15:15:26.580",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:17.730",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente \\c\\TemplateController.php de Jizhicms v2.5.4 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo Zip manipulado espec\u00edficamente para ello."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "http://jizhicms.com",
@ -28,6 +63,10 @@
{
"url": "https://www.jizhicms.cn/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Ka7arotto/JizhiCms/blob/main/jizhicms.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

41
CVE-2025/CVE-2025-257xx/CVE-2025-25785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25785",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-26T15:15:26.720",
"lastModified": "2025-02-26T15:15:26.720",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:17.930",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que JizhiCMS v2.5.4 conten\u00eda Server-Side Request Forgery (SSRF) a trav\u00e9s del componente \\c\\PluginsController.php. Esta vulnerabilidad permite a los atacantes realizar un escaneo de intranet a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "http://jizhicms.com",

45
CVE-2025/CVE-2025-257xx/CVE-2025-25789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25789",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-26T15:15:26.853",
"lastModified": "2025-02-26T15:15:26.853",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:18.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que FoxCMS v1.2.5 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del m\u00e9todo index() en \\controller\\Sitemap.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "http://foxcms.com",
@ -28,6 +63,10 @@
{
"url": "https://www.foxcms.cn/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Ka7arotto/FoxCMS/blob/main/FoxCMS-rce3.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2025/CVE-2025-257xx/CVE-2025-25790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25790",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-26T15:15:26.980",
"lastModified": "2025-02-26T15:15:26.980",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:18.287",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente \\controller\\LocalTemplate.php de FoxCMS v1.2.5 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo Zip manipulado espec\u00edficamente para ello."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "http://foxcms.com",
@ -28,6 +63,10 @@
{
"url": "https://www.foxcms.cn/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Ka7arotto/FoxCMS/blob/main/FoxCMS-upload-rce.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2025/CVE-2025-259xx/CVE-2025-25951.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25951",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-03T01:15:11.660",
"lastModified": "2025-03-03T01:15:11.660",
"vulnStatus": "Received",
"lastModified": "2025-03-05T15:15:18.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el componente /rest/cb/executeBasicSearch de Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638",

47
CVE-2025/CVE-2025-262xx/CVE-2025-26202.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26202",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-04T19:15:38.640",
"lastModified": "2025-03-04T19:15:38.640",
"lastModified": "2025-03-05T16:15:40.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the \"Click here to display\" option on the Status page"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross site scripting (XSS) en el campo Frase de contrase\u00f1a WPA/WAPI de la configuraci\u00f3n de seguridad inal\u00e1mbrica (bandas de 2,4 GHz y 5 GHz) en la interfaz web del enrutador DZS. Un atacante autenticado puede inyectar c\u00f3digo JavaScript malicioso en el campo de frase de contrase\u00f1a, que se almacena y se ejecuta posteriormente cuando un administrador ve la frase de contrase\u00f1a a trav\u00e9s de la opci\u00f3n \"Haga clic aqu\u00ed para visualizar\" en la p\u00e1gina de estado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://dzs.com",
@ -24,6 +63,10 @@
{
"url": "https://github.com/A17-ba/CVE-2025-26202-Details",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/A17-ba/CVE-2025-26202-Details",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27411.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27411",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-05T16:15:40.310",
"lastModified": "2025-03-05T16:15:40.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/redaxo/redaxo/commit/3b2159bb45da0ab6cfaef5c8cf8b602ee5e2fb37",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-wppf-gqj5-fc4f",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2025/CVE-2025-274xx/CVE-2025-27412.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-27412",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-05T16:15:40.457",
"lastModified": "2025-03-05T16:15:40.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-8366-xmgf-334f",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2025/CVE-2025-274xx/CVE-2025-27497.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-27497",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-05T16:15:40.587",
"lastModified": "2025-03-05T16:15:40.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service (DoS) vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearch request is executed with alias dereferencing set to \"always\" on this alias entry, the server stops responding to all future requests. Fortunately, the server can be restarted without data corruption. This vulnerability is fixed in 4.9.3."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenIdentityPlatform/OpenDJ/commit/08aee4724608e4a32baa3c7d7499ec913a275aaf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenIdentityPlatform/OpenDJ/security/advisories/GHSA-93qr-h8pr-4593",
"source": "security-advisories@github.com"
}
]
}

43
CVE-2025/CVE-2025-276xx/CVE-2025-27637.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27637",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:34.977",
"lastModified": "2025-03-05T06:15:34.977",
"lastModified": "2025-03-05T16:15:40.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.1002 La aplicaci\u00f3n 20.0.2614 permite cross site scripting V-2024-016."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27653.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27653",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.203",
"lastModified": "2025-03-05T06:15:37.203",
"lastModified": "2025-03-05T16:15:40.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.862 La aplicaci\u00f3n 20.0.2014 permite cross site scripting (XSS) preautenticadas: registro de insignia V-2023-012."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27654.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27654",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.340",
"lastModified": "2025-03-05T06:15:37.340",
"lastModified": "2025-03-05T16:15:41.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.862 La aplicaci\u00f3n 20.0.2014 permite cross site scripting (XSS) V-2023-017."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27664.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27664",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:38.717",
"lastModified": "2025-03-05T06:15:38.717",
"lastModified": "2025-03-05T16:15:41.217",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient CSRF Protection OVE-20230524-0008."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite protecci\u00f3n CSRF insuficiente OVE-20230524-0008."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27673.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27673",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.167",
"lastModified": "2025-03-05T06:15:40.167",
"lastModified": "2025-03-05T16:15:41.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite la devoluci\u00f3n de cookies en el cuerpo de respuesta OVE-20230524-0017."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-539"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27674.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27674",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.293",
"lastModified": "2025-03-05T06:15:40.293",
"lastModified": "2025-03-05T16:15:41.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite la clave IdP codificada V-2023-006."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27675.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27675",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.420",
"lastModified": "2025-03-05T06:15:40.420",
"lastModified": "2025-03-05T16:15:41.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite la implementaci\u00f3n de OpenID vulnerable V-2023-004."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27676.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27676",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.553",
"lastModified": "2025-03-05T06:15:40.553",
"lastModified": "2025-03-05T16:15:41.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite cross site scripting en los informes V-2023-002."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27677.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27677",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.683",
"lastModified": "2025-03-05T06:15:40.683",
"lastModified": "2025-03-05T16:15:42.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite enlaces simb\u00f3licos para la interacci\u00f3n de archivos sin privilegios V-2022-002."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27678.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27678",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.817",
"lastModified": "2025-03-05T06:15:40.817",
"lastModified": "2025-03-05T16:15:42.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite la ejecuci\u00f3n remota de c\u00f3digo del cliente V-2023-001."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27679.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27679",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.933",
"lastModified": "2025-03-05T06:15:40.933",
"lastModified": "2025-03-05T15:15:18.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 22.0.843 La aplicaci\u00f3n 20.0.1923 permite cross site scripting en el registro de credenciales V-2023-005."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27680.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27680",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.047",
"lastModified": "2025-03-05T06:15:41.047",
"lastModified": "2025-03-05T15:15:18.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 1.0.750 La aplicaci\u00f3n 20.0.1442 permite una imagen de firmware insegura con verificaci\u00f3n insuficiente de la autenticidad de los datos V-2024-004."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

43
CVE-2025/CVE-2025-276xx/CVE-2025-27681.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27681",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.177",
"lastModified": "2025-03-05T06:15:41.177",
"lastModified": "2025-03-05T15:15:18.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004."
},
{
"lang": "es",
"value": "Vasion Print (anteriormente PrinterLogic) anterior a Virtual Appliance Host 1.0.735 La aplicaci\u00f3n 20.0.1330 gestiona incorrectamente la seguridad entre procesos del cliente V-2022-004."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm",

Some files were not shown because too many files have changed in this diff Show More