admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-10T18:00:23.762324+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-10 18:04:00 +00:00
parent d810cf7b50
commit 6373b0765d
188 changed files with 8940 additions and 485 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-139xx/CVE-2019-13939.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2019-13939", "id": "CVE-2019-13939",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2020-01-16T16:15:16.277", "published": "2020-01-16T16:15:16.277",
"lastModified": "2025-03-11T10:15:11.460", "lastModified": "2025-06-10T16:15:33.853",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value." "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value."
}, },
{ {
"lang": "es", "lang": "es",
@ -131,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

56
CVE-2023/CVE-2023-205xx/CVE-2023-20599.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20599",
"sourceIdentifier": "psirt@amd.com",
"published": "2025-06-10T17:17:51.013",
"lastModified": "2025-06-10T17:17:51.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP\u2019s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1262"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7039.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2023/CVE-2023-291xx/CVE-2023-29184.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-29184",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:17:51.383",
"lastModified": "2025-06-10T17:17:51.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 3.2,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-008",
"source": "psirt@fortinet.com"
}
]
}

57
CVE-2023/CVE-2023-303xx/CVE-2023-30305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30305", "id": "CVE-2023-30305",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T19:15:09.080", "published": "2024-05-28T19:15:09.080",
"lastModified": "2024-11-21T07:59:59.433", "lastModified": "2025-06-10T17:09:48.863",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,14 +39,63 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linksys:e5600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7925D070-66A7-48D8-ACFD-4325BEE272C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:linksys:e5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6638-5946-4B18-B071-32E262754420"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/", "url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/", "url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
]
} }
] ]
} }

32
CVE-2023/CVE-2023-362xx/CVE-2023-36235.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36235", "id": "CVE-2023-36235",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:07.947", "published": "2024-01-17T03:15:07.947",
"lastModified": "2024-11-21T08:09:26.153", "lastModified": "2025-06-10T17:17:51.890",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-639" "value": "CWE-639"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2023/CVE-2023-374xx/CVE-2023-37476.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-37476", "id": "CVE-2023-37476",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-17T22:15:09.450", "published": "2023-07-17T22:15:09.450",
"lastModified": "2024-11-21T08:11:47.503", "lastModified": "2025-06-10T16:15:34.153",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": " OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources." "value": "OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources."
} }
], ],
"metrics": { "metrics": {
@ -58,7 +58,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -93,6 +93,10 @@
"Patch" "Patch"
] ]
}, },
{
"url": "https://github.com/OpenRefine/OpenRefine/releases/tag/3.7.4",
"source": "security-advisories@github.com"
},
{ {
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq", "url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq",
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
@ -100,6 +104,10 @@
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
{
"url": "https://www.sonarsource.com/blog/openrefine-zip-slip",
"source": "security-advisories@github.com"
},
{ {
"url": "https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e", "url": "https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",

32
CVE-2023/CVE-2023-470xx/CVE-2023-47020.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47020", "id": "CVE-2023-47020",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T16:15:46.377", "published": "2024-02-08T16:15:46.377",
"lastModified": "2024-11-21T08:29:37.683", "lastModified": "2025-06-10T16:15:34.370",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
} }
], ],
"configurations": [ "configurations": [

56
CVE-2023/CVE-2023-487xx/CVE-2023-48786.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-48786",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:18:40.720",
"lastModified": "2025-06-10T17:18:40.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-342",
"source": "psirt@fortinet.com"
}
]
}

32
CVE-2023/CVE-2023-523xx/CVE-2023-52327.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52327", "id": "CVE-2023-52327",
"sourceIdentifier": "security@trendmicro.com", "sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.467", "published": "2024-01-23T21:15:09.467",
"lastModified": "2024-11-21T08:39:34.450", "lastModified": "2025-06-10T16:15:34.613",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2024/CVE-2024-265xx/CVE-2024-26503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26503", "id": "CVE-2024-26503",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T22:15:22.550", "published": "2024-03-14T22:15:22.550",
"lastModified": "2024-11-21T09:02:31.040", "lastModified": "2025-06-10T16:05:55.953",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeclass:openeclass:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.15",
"matchCriteriaId": "45900311-03AD-4215-809B-0565B400E43A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html", "url": "https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html", "url": "https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

62
CVE-2024/CVE-2024-265xx/CVE-2024-26529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26529", "id": "CVE-2024-26529",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T08:15:43.410", "published": "2024-03-13T08:15:43.410",
"lastModified": "2024-11-21T09:02:32.617", "lastModified": "2025-06-10T16:31:53.810",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,22 +39,72 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.3",
"matchCriteriaId": "4278199A-1B0D-4D5A-A3B3-0A90B1807021"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/mz-automation/libiec61850/issues/492", "url": "https://github.com/mz-automation/libiec61850/issues/492",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/mz-automation/libiec61850/issues/495", "url": "https://github.com/mz-automation/libiec61850/issues/495",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/mz-automation/libiec61850/issues/492", "url": "https://github.com/mz-automation/libiec61850/issues/492",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/mz-automation/libiec61850/issues/495", "url": "https://github.com/mz-automation/libiec61850/issues/495",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

36
CVE-2024/CVE-2024-265xx/CVE-2024-26540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26540", "id": "CVE-2024-26540",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-15T01:15:58.833", "published": "2024-03-15T01:15:58.833",
"lastModified": "2024-11-21T09:02:32.843", "lastModified": "2025-06-10T16:04:16.680",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,42 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.3",
"matchCriteriaId": "BEF7F27C-B00C-41BE-9793-6F3EDA175ED7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/GreycLab/CImg/issues/403", "url": "https://github.com/GreycLab/CImg/issues/403",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
}, },
{ {
"url": "https://github.com/GreycLab/CImg/issues/403", "url": "https://github.com/GreycLab/CImg/issues/403",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
} }
] ]
} }

44
CVE-2024/CVE-2024-274xx/CVE-2024-27453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27453", "id": "CVE-2024-27453",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T18:15:09.250", "published": "2024-05-03T18:15:09.250",
"lastModified": "2024-11-21T09:04:38.020", "lastModified": "2025-06-10T17:58:18.297",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,54 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:extremenetworks:extremexos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.7",
"matchCriteriaId": "37518AD5-2C1D-4987-A763-C7FC979DE85E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266", "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.exsiliumsecurity.com/CVE-2024-27453.html", "url": "https://www.exsiliumsecurity.com/CVE-2024-27453.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266", "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.exsiliumsecurity.com/CVE-2024-27453.html", "url": "https://www.exsiliumsecurity.com/CVE-2024-27453.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

32
CVE-2024/CVE-2024-283xx/CVE-2024-28390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28390", "id": "CVE-2024-28390",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T04:15:09.640", "published": "2024-03-14T04:15:09.640",
"lastModified": "2024-11-21T09:06:15.217", "lastModified": "2025-06-10T16:45:39.930",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedplugins:image_toolbox\\:_webp_compress\\,_regenerate_\\&_more_prestashop_module:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "2.2.01",
"matchCriteriaId": "5B7B02CA-66F0-49F9-B130-570D1F929804"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html", "url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html", "url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

34
CVE-2024/CVE-2024-283xx/CVE-2024-28391.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28391", "id": "CVE-2024-28391",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T04:15:09.697", "published": "2024-03-14T04:15:09.697",
"lastModified": "2024-11-21T09:06:15.450", "lastModified": "2025-06-10T16:25:58.220",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fmemodules:b2b_quick_order_form:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "8845FB21-8CFF-4662-885D-5756F9368B88"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html", "url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html", "url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

43
CVE-2024/CVE-2024-288xx/CVE-2024-28882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28882", "id": "CVE-2024-28882",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T22:15:02.410", "published": "2024-07-08T22:15:02.410",
"lastModified": "2024-11-21T09:07:06.380", "lastModified": "2025-06-10T16:26:09.473",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,53 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.11",
"matchCriteriaId": "0D6C4FD9-4627-4A45-89FC-2DB53985C516"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Mailing List"
]
}, },
{ {
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
} }
] ]
} }

42
CVE-2024/CVE-2024-315xx/CVE-2024-31580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31580", "id": "CVE-2024-31580",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-17T19:15:07.783", "published": "2024-04-17T19:15:07.783",
"lastModified": "2025-03-29T00:15:21.733", "lastModified": "2025-06-10T17:38:16.883",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,52 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "CA1ACB1F-9056-4D41-A8C8-33921420D4C2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d", "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81", "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d", "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81", "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-321xx/CVE-2024-32119.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32119",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:19:14.323",
"lastModified": "2025-06-10T17:19:14.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-375",
"source": "psirt@fortinet.com"
}
]
}

6
CVE-2024/CVE-2024-343xx/CVE-2024-34347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34347", "id": "CVE-2024-34347",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-08T15:15:11.310", "published": "2024-05-08T15:15:11.310",
"lastModified": "2024-11-21T09:18:28.767", "lastModified": "2025-06-10T16:15:34.867",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -60,6 +60,10 @@
"url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr",
"source": "security-advisories@github.com" "source": "security-advisories@github.com"
}, },
{
"url": "https://www.sonarsource.com/blog/scripting-outside-the-box-api-client-security-risks-part-2",
"source": "security-advisories@github.com"
},
{ {
"url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108"

32
CVE-2024/CVE-2024-344xx/CVE-2024-34462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34462", "id": "CVE-2024-34462",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-04T19:15:46.510", "published": "2024-05-04T19:15:46.510",
"lastModified": "2024-11-21T09:18:44.267", "lastModified": "2025-06-10T17:48:47.850",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.0",
"matchCriteriaId": "E309C481-3EA0-4400-9452-A37A193CC54A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920", "url": "https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920", "url": "https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-345xx/CVE-2024-34508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34508", "id": "CVE-2024-34508",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T20:15:07.310", "published": "2024-05-05T20:15:07.310",
"lastModified": "2025-03-26T20:15:20.337", "lastModified": "2025-06-10T17:44:33.870",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,30 +51,85 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.9",
"matchCriteriaId": "469288BA-64CF-4825-A5A9-843595A8E58E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Mailing List"
]
}, },
{ {
"url": "https://support.dcmtk.org/redmine/issues/1114", "url": "https://support.dcmtk.org/redmine/issues/1114",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}, },
{ {
"url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
]
}, },
{ {
"url": "https://support.dcmtk.org/redmine/issues/1114", "url": "https://support.dcmtk.org/redmine/issues/1114",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

45
CVE-2024/CVE-2024-348xx/CVE-2024-34852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34852", "id": "CVE-2024-34852",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:10.303", "published": "2024-05-28T17:15:10.303",
"lastModified": "2024-11-21T09:19:29.667", "lastModified": "2025-06-10T17:21:00.860",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:f-logic:datacube3_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F73E586-1AD1-4280-B63B-CFB91BD33BF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:f-logic:datacube3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1221C-A9CB-4625-AABD-2E4890FA6E93"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md", "url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md", "url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

45
CVE-2024/CVE-2024-348xx/CVE-2024-34854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34854", "id": "CVE-2024-34854",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:10.373", "published": "2024-05-28T17:15:10.373",
"lastModified": "2024-11-21T09:19:29.877", "lastModified": "2025-06-10T17:19:30.180",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,51 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:f-logic:datacube3_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F73E586-1AD1-4280-B63B-CFB91BD33BF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:f-logic:datacube3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1221C-A9CB-4625-AABD-2E4890FA6E93"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md", "url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md", "url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

44
CVE-2024/CVE-2024-353xx/CVE-2024-35373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35373", "id": "CVE-2024-35373",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T21:15:59.720", "published": "2024-05-24T21:15:59.720",
"lastModified": "2024-11-21T09:20:13.487", "lastModified": "2025-06-10T17:25:52.343",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,54 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mocodo:mocodo_online:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.2.6",
"matchCriteriaId": "875ACC37-0FF7-442C-BC35-6C2561969747"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/", "url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45", "url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/", "url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45", "url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
} }
] ]
} }

44
CVE-2024/CVE-2024-353xx/CVE-2024-35374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35374", "id": "CVE-2024-35374",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T21:15:59.793", "published": "2024-05-24T21:15:59.793",
"lastModified": "2024-11-21T09:20:13.697", "lastModified": "2025-06-10T17:24:11.870",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,54 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mocodo:mocodo_online:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.2.6",
"matchCriteriaId": "875ACC37-0FF7-442C-BC35-6C2561969747"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/", "url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158", "url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/", "url": "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158", "url": "https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
} }
] ]
} }

43
CVE-2024/CVE-2024-356xx/CVE-2024-35618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35618", "id": "CVE-2024-35618",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T15:15:24.670", "published": "2024-05-24T15:15:24.670",
"lastModified": "2024-11-21T09:20:31.393", "lastModified": "2025-06-10T17:30:59.167",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,22 +51,53 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingcap:tidb:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E29ADD0B-CC40-4DA9-B9B8-3C12A76346FC"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c", "url": "https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/pingcap/tidb/issues/52768", "url": "https://github.com/pingcap/tidb/issues/52768",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Product"
]
}, },
{ {
"url": "https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c", "url": "https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/pingcap/tidb/issues/52768", "url": "https://github.com/pingcap/tidb/issues/52768",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Product"
]
} }
] ]
} }

40
CVE-2024/CVE-2024-40xx/CVE-2024-4090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4090", "id": "CVE-2024-4090",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-01T06:15:02.587", "published": "2024-08-01T06:15:02.587",
"lastModified": "2024-08-01T14:35:12.593", "lastModified": "2025-06-10T16:12:04.837",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.2",
"matchCriteriaId": "7BE4A844-55AD-4E70-B83C-47BCA63E68F6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/", "url": "https://wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

100
CVE-2024/CVE-2024-417xx/CVE-2024-41797.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41797",
"sourceIdentifier": "productcert@siemens.com",
"published": "2025-06-10T16:15:34.990",
"lastModified": "2025-06-10T16:15:34.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with \"guest\" role to invoke an internal \"do system\" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-633269.html",
"source": "productcert@siemens.com"
}
]
}

46
CVE-2024/CVE-2024-42xx/CVE-2024-4217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4217", "id": "CVE-2024-4217",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.097", "published": "2024-07-13T06:15:03.097",
"lastModified": "2024-11-21T09:42:24.493", "lastModified": "2025-06-10T16:00:06.517",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,14 +39,52 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "7.1.5",
"matchCriteriaId": "3F1B7BBC-4B80-4B84-ACBB-ED00473C995B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/", "url": "https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/", "url": "https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-437xx/CVE-2024-43706.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43706",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-06-10T17:19:24.820",
"lastModified": "2025-06-10T17:19:24.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-21/379064",
"source": "bressers@elastic.co"
}
]
}

56
CVE-2024/CVE-2024-453xx/CVE-2024-45329.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45329",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:19:25.083",
"lastModified": "2025-06-10T17:19:25.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50562.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50562",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:19:25.360",
"lastModified": "2025-06-10T17:19:25.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-339",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50568.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50568",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:19:25.660",
"lastModified": "2025-06-10T17:19:25.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-300"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-058",
"source": "psirt@fortinet.com"
}
]
}

26
CVE-2024/CVE-2024-51xx/CVE-2024-5198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5198", "id": "CVE-2024-5198",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2025-01-15T13:15:15.090", "published": "2025-01-15T13:15:15.090",
"lastModified": "2025-01-15T15:15:13.607", "lastModified": "2025-06-10T16:12:09.340",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,10 +51,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:ovpn-dco-win:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "264682CB-480A-4292-A9AA-055F693D5513"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5198", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5198",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-540xx/CVE-2024-54019.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-54019",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:19:40.090",
"lastModified": "2025-06-10T17:19:40.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-297"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-365",
"source": "psirt@fortinet.com"
}
]
}

33
CVE-2024/CVE-2024-55xx/CVE-2024-5594.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5594", "id": "CVE-2024-5594",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2025-01-06T14:15:08.807", "published": "2025-01-06T14:15:08.807",
"lastModified": "2025-04-02T21:15:31.310", "lastModified": "2025-06-10T16:26:11.807",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.11",
"matchCriteriaId": "0D6C4FD9-4627-4A45-89FC-2DB53985C516"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5594", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5594",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Release Notes"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-561xx/CVE-2024-56181.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56181", "id": "CVE-2024-56181",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2025-03-11T10:15:15.597", "published": "2025-03-11T10:15:15.597",
"lastModified": "2025-03-11T10:15:15.597", "lastModified": "2025-06-10T16:15:35.567",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller." "value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller."
}, },
{ {
"lang": "es", "lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -86,7 +86,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

8
CVE-2024/CVE-2024-561xx/CVE-2024-56182.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56182", "id": "CVE-2024-56182",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2025-03-11T10:15:15.823", "published": "2025-03-11T10:15:15.823",
"lastModified": "2025-03-11T10:15:15.823", "lastModified": "2025-06-10T16:15:35.710",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller." "value": "A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC\u00a0IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller."
}, },
{ {
"lang": "es", "lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -86,7 +86,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

25
CVE-2024/CVE-2024-571xx/CVE-2024-57186.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57186",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-10T17:19:40.367",
"lastModified": "2025-06-10T17:19:40.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3",
"source": "cve@mitre.org"
},
{
"url": "https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-571xx/CVE-2024-57189.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57189",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-10T17:20:09.367",
"lastModified": "2025-06-10T17:20:09.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3",
"source": "cve@mitre.org"
},
{
"url": "https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-571xx/CVE-2024-57190.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57190",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-10T17:20:38.540",
"lastModified": "2025-06-10T17:20:38.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a \"User\" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/erxes/erxes/commit/4ed2ca797241d2ba0c9083feeadd9755c1310ce8",
"source": "cve@mitre.org"
},
{
"url": "https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/",
"source": "cve@mitre.org"
}
]
}

40
CVE-2024/CVE-2024-62xx/CVE-2024-6272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6272", "id": "CVE-2024-6272",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:03.637", "published": "2024-07-31T06:15:03.637",
"lastModified": "2024-08-01T15:35:19.753", "lastModified": "2025-06-10T16:03:21.030",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:spidercontacts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.7",
"matchCriteriaId": "7F07D1E0-93FE-4AF0-A718-D46665FE99A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e/", "url": "https://wpscan.com/vulnerability/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

40
CVE-2024/CVE-2024-64xx/CVE-2024-6412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6412", "id": "CVE-2024-6412",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:04.083", "published": "2024-07-31T06:15:04.083",
"lastModified": "2024-08-01T18:35:24.697", "lastModified": "2025-06-10T16:11:43.323",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibericode:html_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.34",
"matchCriteriaId": "7035651A-D81E-4060-822A-8FA84F1F4420"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/", "url": "https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-65xx/CVE-2024-6536.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6536", "id": "CVE-2024-6536",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:04.013", "published": "2024-07-30T06:15:04.013",
"lastModified": "2024-11-21T09:49:50.537", "lastModified": "2025-06-10T16:01:07.250",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,14 +39,52 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dylanjkotze:zephyr_project_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.99",
"matchCriteriaId": "0BF1CB7C-B902-40A1-A11C-83A98410ED86"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/", "url": "https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Issue Tracking"
]
}, },
{ {
"url": "https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/", "url": "https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

27
CVE-2024/CVE-2024-84xx/CVE-2024-8474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8474", "id": "CVE-2024-8474",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2025-01-06T15:15:14.983", "published": "2025-01-06T15:15:14.983",
"lastModified": "2025-01-06T17:15:44.747", "lastModified": "2025-06-10T16:31:24.740",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,10 +51,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:connect:*:*:*:*:*:android:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "3C5CCC69-B938-4CCE-98B3-0B8064C987F1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://openvpn.net/connect-docs/android-release-notes.html", "url": "https://openvpn.net/connect-docs/android-release-notes.html",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Release Notes"
]
} }
] ]
} }

56
CVE-2025/CVE-2025-222xx/CVE-2025-22251.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22251",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:08.117",
"lastModified": "2025-06-10T17:21:08.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-923"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-287",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22254.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22254",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:08.420",
"lastModified": "2025-06-10T17:21:08.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to\u00a0Node.js websocket module."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-006",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22256.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22256",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:08.703",
"lastModified": "2025-06-10T17:21:08.703",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-280"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-008",
"source": "psirt@fortinet.com"
}
]
}

4
CVE-2025/CVE-2025-233xx/CVE-2025-23363.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-23363", "id": "CVE-2025-23363",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2025-02-11T11:15:16.250", "published": "2025-02-11T11:15:16.250",
"lastModified": "2025-03-20T17:15:38.153", "lastModified": "2025-06-10T16:15:35.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions), Teamcenter V2312 (All versions), Teamcenter V2406 (All versions), Teamcenter V2412 (All versions). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link." "value": "A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link."
}, },
{ {
"lang": "es", "lang": "es",

56
CVE-2025/CVE-2025-240xx/CVE-2025-24065.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-24065",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:08.970",
"lastModified": "2025-06-10T17:21:08.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24065",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-240xx/CVE-2025-24068.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-24068",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:11.880",
"lastModified": "2025-06-10T17:21:11.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24068",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-240xx/CVE-2025-24069.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-24069",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:14.257",
"lastModified": "2025-06-10T17:21:14.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24069",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-244xx/CVE-2025-24471.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-24471",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:16.277",
"lastModified": "2025-06-10T17:21:16.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-544",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2025/CVE-2025-252xx/CVE-2025-25250.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-25250",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:16.550",
"lastModified": "2025-06-10T17:21:16.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-257",
"source": "psirt@fortinet.com"
}
]
}

16
CVE-2025/CVE-2025-264xx/CVE-2025-26468.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-26468", "id": "CVE-2025-26468",
"sourceIdentifier": "ics-cert@hq.dhs.gov", "sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-09T23:15:21.753", "published": "2025-06-09T23:15:21.753",
"lastModified": "2025-06-09T23:15:21.753", "lastModified": "2025-06-10T16:15:36.120",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "CyberData\u00a0\n011209 \n\n\nIntercom exposes features that could allow an unauthenticated to gain \naccess and cause a denial-of-service condition or system disruption." "value": "CyberData\u00a0\n011209 \n\n\nIntercom exposes features that could allow an unauthenticated to gain \naccess and cause a denial-of-service condition or system disruption."
},
{
"lang": "es",
"value": "CyberData 011209 Intercom expone caracter\u00edsticas que podr\u00edan permitir que una persona no autenticada obtenga acceso y provoque una condici\u00f3n de denegaci\u00f3n de servicio o una interrupci\u00f3n del sistema."
} }
], ],
"metrics": { "metrics": {
@ -89,6 +93,16 @@
"value": "CWE-306" "value": "CWE-306"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
} }
], ],
"references": [ "references": [

56
CVE-2025/CVE-2025-272xx/CVE-2025-27206.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-27206",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-06-10T16:15:36.273",
"lastModified": "2025-06-10T16:15:36.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2025/CVE-2025-272xx/CVE-2025-27207.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-27207",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-06-10T16:15:36.433",
"lastModified": "2025-06-10T16:15:36.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html",
"source": "psirt@adobe.com"
}
]
}

29
CVE-2025/CVE-2025-275xx/CVE-2025-27531.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-27531", "id": "CVE-2025-27531",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2025-06-06T15:15:23.883", "published": "2025-06-06T15:15:23.883",
"lastModified": "2025-06-09T12:15:47.880", "lastModified": "2025-06-10T16:15:36.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,11 +15,34 @@
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde la versi\u00f3n 1.13.0 hasta la 2.1.0, este problema permit\u00eda a un atacante autenticado leer archivos arbitrarios mediante la escritura duplicada del par\u00e1metro. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.0, que soluciona el problema." "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde la versi\u00f3n 1.13.0 hasta la 2.1.0, este problema permit\u00eda a un atacante autenticado leer archivos arbitrarios mediante la escritura duplicada del par\u00e1metro. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.0, que soluciona el problema."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

43
CVE-2025/CVE-2025-278xx/CVE-2025-27817.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-27817", "id": "CVE-2025-27817",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2025-06-10T08:15:22.367", "published": "2025-06-10T08:15:22.367",
"lastModified": "2025-06-10T08:15:22.367", "lastModified": "2025-06-10T16:15:36.750",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. \n\nSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly." "value": "A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. \n\nSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de lectura de archivos arbitrarios y SSRF en el cliente Apache Kafka. Los clientes Apache Kafka aceptan datos de configuraci\u00f3n para establecer la conexi\u00f3n SASL/OAUTHBEARER con los br\u00f3keres, incluyendo \"sasl.oauthbearer.token.endpoint.url\" y \"sasl.oauthbearer.jwks.endpoint.url\". Apache Kafka permite a los clientes leer un archivo arbitrario y devolver el contenido en el registro de errores, o enviar solicitudes a una ubicaci\u00f3n no deseada. En aplicaciones donde las configuraciones de los clientes Apache Kafka pueden ser especificadas por un tercero no confiable, los atacantes pueden usar las configuraciones \"sasl.oauthbearer.token.endpoint.url\" y \"sasl.oauthbearer.jwks.endpoint.url\" para leer contenido arbitrario del disco y las variables de entorno, o realizar solicitudes a una ubicaci\u00f3n no deseada. En particular, esta falla puede utilizarse en Apache Kafka Connect para escalar desde el acceso a la API REST al acceso al sistema de archivos, entorno o URL, lo cual puede ser indeseable en ciertos entornos, incluidos los productos SaaS. A partir de Apache Kafka 3.9.1/4.0.0, hemos a\u00f1adido una propiedad del sistema (\"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\") para establecer las URL permitidas en la configuraci\u00f3n SASL JAAS. En la versi\u00f3n 3.9.1, acepta todas las URL de forma predeterminada para garantizar la compatibilidad con versiones anteriores. Sin embargo, a partir de la versi\u00f3n 4.0.0, el valor predeterminado es una lista vac\u00eda y los usuarios deben configurar las URL permitidas expl\u00edcitamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://kafka.apache.org/cve-list", "url": "https://kafka.apache.org/cve-list",

33
CVE-2025/CVE-2025-278xx/CVE-2025-27818.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-27818", "id": "CVE-2025-27818",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2025-06-10T08:15:22.533", "published": "2025-06-10T08:15:22.533",
"lastModified": "2025-06-10T08:15:22.533", "lastModified": "2025-06-10T16:15:36.917",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A possible security vulnerability has been identified in Apache Kafka.\nThis requires access to a alterConfig to the\u00a0cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0).\nWhen configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator\u00a0can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to \"com.sun.security.auth.module.LdapLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" are disabled in Apache Kafka Connect 3.9.1/4.0.0. \n\nWe advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot." "value": "A possible security vulnerability has been identified in Apache Kafka.\nThis requires access to a alterConfig to the\u00a0cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0).\nWhen configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator\u00a0can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to \"com.sun.security.auth.module.LdapLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" are disabled in Apache Kafka Connect 3.9.1/4.0.0. \n\nWe advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de seguridad en Apache Kafka. Esta vulnerabilidad requiere acceso a un `alterConfig` del recurso del cl\u00faster o del trabajador de Kafka Connect, y la capacidad de crear o modificar conectores en \u00e9l con una configuraci\u00f3n SASL JAAS de cliente de Kafka arbitraria y un protocolo de seguridad basado en SASL. Esto es posible en cl\u00fasteres de Kafka desde Apache Kafka 2.0.0 (Kafka Connect 2.3.0). Al configurar el br\u00f3ker mediante el archivo de configuraci\u00f3n o el comando `AlterConfig`, o el conector mediante la API REST de Kafka Connect, un operador autenticado puede establecer la propiedad `sasl.jaas.config` para cualquiera de los clientes de Kafka del conector como \"com.sun.security.auth.module.LdapLoginModule\", lo cual se puede hacer mediante las propiedades `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config` o `admin.override.sasl.jaas.config`. Esto permitir\u00e1 que el servidor se conecte al servidor LDAP del atacante y deserialice la respuesta LDAP, que el atacante puede usar para ejecutar cadenas de gadgets de deserializaci\u00f3n de Java en el servidor de Kafka Connect. El atacante puede provocar la deserializaci\u00f3n sin restricciones de datos no confiables (o) una vulnerabilidad de RCE cuando hay gadgets en la ruta de clases. Desde Apache Kafka 3.0.0, los usuarios pueden especificar estas propiedades en las configuraciones del conector para cl\u00fasteres de Kafka Connect que se ejecutan con configuraciones predeterminadas. Antes de Apache Kafka 3.0.0, los usuarios no pod\u00edan especificar estas propiedades a menos que el cl\u00faster de Kafka Connect se hubiera reconfigurado con una pol\u00edtica de anulaci\u00f3n del cliente del conector que lo permitiera. Desde Apache Kafka 3.9.1/4.0.0, hemos a\u00f1adido una propiedad del sistema (\"-Dorg.apache.kafka.disallowed.login.modules\") para deshabilitar el uso problem\u00e1tico de los m\u00f3dulos de inicio de sesi\u00f3n en la configuraci\u00f3n SASL JAAS. Adem\u00e1s, \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" est\u00e1n deshabilitados de forma predeterminada en Apache Kafka Connect 3.9.1/4.0.0. Recomendamos a los usuarios de Kafka que validen las configuraciones de los conectores y solo permitan configuraciones LDAP confiables. Asimismo, examinen las dependencias de los conectores para detectar versiones vulnerables y actualicen sus conectores, ya sea actualizando esa dependencia espec\u00edfica o elimin\u00e1ndolos como opciones de soluci\u00f3n. Finalmente, adem\u00e1s de aprovechar la propiedad del sistema \"org.apache.kafka.disallowed.login.modules\", los usuarios de Kafka Connect pueden implementar su propia pol\u00edtica de anulaci\u00f3n de la configuraci\u00f3n del cliente del conector, que permite controlar qu\u00e9 propiedades del cliente de Kafka se pueden anular directamente en la configuraci\u00f3n del conector y cu\u00e1les no."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

33
CVE-2025/CVE-2025-278xx/CVE-2025-27819.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2025-27819", "id": "CVE-2025-27819",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2025-06-10T08:15:22.687", "published": "2025-06-10T08:15:22.687",
"lastModified": "2025-06-10T08:15:22.687", "lastModified": "2025-06-10T16:15:37.083",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource.\n\n\nSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage in SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka 3.4.0, and \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" is disabled by default in in Apache Kafka 3.9.1/4.0.0" "value": "In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource.\n\n\nSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage in SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka 3.4.0, and \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" is disabled by default in in Apache Kafka 3.9.1/4.0.0"
},
{
"lang": "es",
"value": "En CVE-2023-25194, anunciamos un ataque de RCE/denegaci\u00f3n de servicio mediante la configuraci\u00f3n JndiLoginModule de SASL JAAS en la API de Kafka Connect. Sin embargo, no solo la API de Kafka Connect es vulnerable a este ataque, sino que los brokers de Apache Kafka tambi\u00e9n presentan esta vulnerabilidad. Para explotar esta vulnerabilidad, el atacante debe poder conectarse al cl\u00faster de Kafka y tener el permiso AlterConfigs en el recurso del cl\u00faster. A partir de Apache Kafka 3.4.0, hemos a\u00f1adido una propiedad del sistema (\"-Dorg.apache.kafka.disallowed.login.modules\") para deshabilitar el uso problem\u00e1tico de los m\u00f3dulos de inicio de sesi\u00f3n en la configuraci\u00f3n de SASL JAAS. Tambi\u00e9n, de forma predeterminada, \"com.sun.security.auth.module.JndiLoginModule\" est\u00e1 deshabilitado en Apache Kafka 3.4.0, y \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" est\u00e1 deshabilitado de forma predeterminada en Apache Kafka 3.9.1/4.0.0"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

56
CVE-2025/CVE-2025-298xx/CVE-2025-29828.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-29828",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:17.087",
"lastModified": "2025-06-10T17:21:17.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29828",
"source": "secure@microsoft.com"
}
]
}

84
CVE-2025/CVE-2025-302xx/CVE-2025-30220.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2025-30220",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-10T16:15:37.387",
"lastModified": "2025-06-10T16:15:37.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geonetwork/core-geonetwork/pull/8757",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geonetwork/core-geonetwork/pull/8803",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geonetwork/core-geonetwork/pull/8812",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2025/CVE-2025-302xx/CVE-2025-30280.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-30280", "id": "CVE-2025-30280",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2025-04-08T09:15:27.793", "published": "2025-04-08T09:15:27.793",
"lastModified": "2025-04-14T08:15:13.823", "lastModified": "2025-06-10T16:15:37.550",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application." "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application."
}, },
{ {
"lang": "es", "lang": "es",

56
CVE-2025/CVE-2025-303xx/CVE-2025-30317.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30317",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-06-10T17:21:19.150",
"lastModified": "2025-06-10T17:21:19.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-53.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2025/CVE-2025-303xx/CVE-2025-30321.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30321",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-06-10T17:21:21.627",
"lastModified": "2025-06-10T17:21:21.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-53.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2025/CVE-2025-311xx/CVE-2025-31104.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-31104",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-06-10T17:21:22.873",
"lastModified": "2025-06-10T17:21:22.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099",
"source": "psirt@fortinet.com"
}
]
}

12
CVE-2025/CVE-2025-324xx/CVE-2025-32454.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-32454", "id": "CVE-2025-32454",
"sourceIdentifier": "productcert@siemens.com", "sourceIdentifier": "productcert@siemens.com",
"published": "2025-05-13T10:15:24.953", "published": "2025-05-13T10:15:24.953",
"lastModified": "2025-05-13T19:35:18.080", "lastModified": "2025-06-10T16:15:37.833",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process." "value": "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004), Tecnomatix Plant Simulation V2404 (All versions < V2404.0013). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process."
}, },
{ {
"lang": "es", "lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -86,7 +86,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "productcert@siemens.com", "source": "productcert@siemens.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -96,6 +96,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-486186.html",
"source": "productcert@siemens.com"
},
{ {
"url": "https://cert-portal.siemens.com/productcert/html/ssa-542540.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-542540.html",
"source": "productcert@siemens.com" "source": "productcert@siemens.com"

60
CVE-2025/CVE-2025-327xx/CVE-2025-32710.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-32710",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:45.853",
"lastModified": "2025-06-10T17:21:45.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32710",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32712.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32712",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:47.883",
"lastModified": "2025-06-10T17:21:47.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32712",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32713.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32713",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:49.897",
"lastModified": "2025-06-10T17:21:49.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32713",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32714.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32714",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:51.843",
"lastModified": "2025-06-10T17:21:51.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32715.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32715",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:53.943",
"lastModified": "2025-06-10T17:21:53.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32715",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32716.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32716",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:56.087",
"lastModified": "2025-06-10T17:21:56.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32716",
"source": "secure@microsoft.com"
}
]
}

60
CVE-2025/CVE-2025-327xx/CVE-2025-32718.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-32718",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:21:58.097",
"lastModified": "2025-06-10T17:21:58.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32718",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32719.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32719",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:00.110",
"lastModified": "2025-06-10T17:22:00.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32719",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32720.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32720",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:02.053",
"lastModified": "2025-06-10T17:22:02.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32720",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32721.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32721",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:04.147",
"lastModified": "2025-06-10T17:22:04.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32721",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32722.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32722",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:06.363",
"lastModified": "2025-06-10T17:22:06.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32722",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32724.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32724",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:08.343",
"lastModified": "2025-06-10T17:22:08.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32724",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-327xx/CVE-2025-32725.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32725",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:10.373",
"lastModified": "2025-06-10T17:22:10.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32725",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33050.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33050",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:12.643",
"lastModified": "2025-06-10T17:22:12.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33050",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33052.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33052",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:16.713",
"lastModified": "2025-06-10T17:22:16.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33052",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33053.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33053",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:18.853",
"lastModified": "2025-06-10T17:22:18.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33055.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33055",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:21.100",
"lastModified": "2025-06-10T17:22:21.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33055",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33056.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33056",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:23.163",
"lastModified": "2025-06-10T17:22:23.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33056",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33057.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33057",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:25.360",
"lastModified": "2025-06-10T17:22:25.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33057",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33058.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33058",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:27.967",
"lastModified": "2025-06-10T17:22:27.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33058",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33059.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33059",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:30.727",
"lastModified": "2025-06-10T17:22:30.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33059",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33060.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33060",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:33.300",
"lastModified": "2025-06-10T17:22:33.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33060",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33061.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33061",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:35.353",
"lastModified": "2025-06-10T17:22:35.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33061",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33062.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33062",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:37.330",
"lastModified": "2025-06-10T17:22:37.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33062",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33063.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33063",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:39.490",
"lastModified": "2025-06-10T17:22:39.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33063",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33064.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33064",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:43.050",
"lastModified": "2025-06-10T17:22:43.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33065.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33065",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:45.323",
"lastModified": "2025-06-10T17:22:45.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33065",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33066.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33066",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:47.313",
"lastModified": "2025-06-10T17:22:47.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33066",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33067.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33067",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:49.647",
"lastModified": "2025-06-10T17:22:49.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33067",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33068.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33068",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:51.657",
"lastModified": "2025-06-10T17:22:51.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33068",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33069.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33069",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:53.657",
"lastModified": "2025-06-10T17:22:53.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-330xx/CVE-2025-33070.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-33070",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-10T17:22:55.743",
"lastModified": "2025-06-10T17:22:55.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070",
"source": "secure@microsoft.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More