admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-22T17:00:26.262198+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-22 17:03:52 +00:00
parent e2891b6092
commit 7124d4d6a1
171 changed files with 8478 additions and 300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
CVE-2018/CVE-2018-146xx/CVE-2018-14628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-14628",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-01-17T18:15:10.810",
"lastModified": "2024-11-21T03:49:27.463",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T16:10:38.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -62,7 +62,15 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"matchCriteriaId": "FE6906E8-E743-4350-845A-CEBC5C9B3488"
"versionEndExcluding": "4.18.9",
"matchCriteriaId": "4D5D18F8-E566-46F4-A9AB-79126F369E86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.0",
"versionEndExcluding": "4.19.3",
"matchCriteriaId": "DF28158F-BE64-4887-83CD-93AC6C5CD5D2"
}
]
}
@ -87,7 +95,10 @@
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/4",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445",
@ -111,15 +122,26 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445",
@ -143,15 +165,26 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0008/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-324xx/CVE-2022-32427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-32427",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-08-25T02:15:19.660",
"lastModified": "2024-11-21T07:06:21.367",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T16:10:51.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,8 +61,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:printerlogic:windows_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.0.0688",
"matchCriteriaId": "A39FAAB6-59AA-4860-8842-8FCC3ACEC294"
"versionEndExcluding": "25.0.0.688",
"matchCriteriaId": "CB337606-0C59-40B1-961D-12D7FC52DE09"
}
]
}

80
CVE-2023/CVE-2023-220xx/CVE-2023-22084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22084",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-10-17T22:15:13.793",
"lastModified": "2024-11-21T07:44:14.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T16:10:07.627",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -120,12 +120,81 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.32",
"matchCriteriaId": "3DD69211-93D8-414C-AC73-BCA5D102D7A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "10.5.23",
"matchCriteriaId": "CFC3AC1F-1DAE-4FEA-956B-A76C818F961F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.6.0",
"versionEndExcluding": "10.6.16",
"matchCriteriaId": "1D39D37C-9FC4-43D0-8756-3EE0B732251D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.10.0",
"versionEndExcluding": "10.10.7",
"matchCriteriaId": "1EA20D33-316A-448B-A31A-B9EC1206A15A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.11.0",
"versionEndExcluding": "10.11.6",
"matchCriteriaId": "5B681657-2F69-4B9C-A575-E73E3BE6171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.4",
"matchCriteriaId": "D92B8F3E-2A3F-40A5-AD00-6653A5BB02D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "11.1.3",
"matchCriteriaId": "9579B159-E636-4192-B57F-A7CD7EA42F31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "11.2.2",
"matchCriteriaId": "005A9911-318E-4259-BE2A-F04523CB53C4"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/",
@ -165,7 +234,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/",

32
CVE-2023/CVE-2023-315xx/CVE-2023-31597.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31597",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-18T18:15:10.017",
"lastModified": "2024-11-21T08:02:03.987",
"lastModified": "2025-01-22T15:15:08.770",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-863"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

36
CVE-2023/CVE-2023-317xx/CVE-2023-31729.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31729",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-18T02:15:12.380",
"lastModified": "2024-11-21T08:02:13.323",
"lastModified": "2025-01-22T15:15:09.043",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
@ -112,6 +142,10 @@
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

32
CVE-2023/CVE-2023-318xx/CVE-2023-31871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-18T17:15:08.957",
"lastModified": "2024-11-21T08:02:21.240",
"lastModified": "2025-01-22T15:15:09.237",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33204.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-18T08:15:08.773",
"lastModified": "2024-11-21T08:05:07.467",
"lastModified": "2025-01-22T15:15:09.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-190"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

25
CVE-2023/CVE-2023-369xx/CVE-2023-36998.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-36998",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:09.647",
"lastModified": "2025-01-22T15:15:09.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core."
}
],
"metrics": {},
"references": [
{
"url": "http://nextepc.com",
"source": "cve@mitre.org"
},
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37002.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37002",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:09.757",
"lastModified": "2025-01-22T15:15:09.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37003.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37003",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:09.867",
"lastModified": "2025-01-22T15:15:09.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37004.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37004",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:09.970",
"lastModified": "2025-01-22T15:15:09.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37005.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37005",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.067",
"lastModified": "2025-01-22T15:15:10.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37006.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37006",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.170",
"lastModified": "2025-01-22T15:15:10.170",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37007.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37007",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.270",
"lastModified": "2025-01-22T15:15:10.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37008.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37008",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.373",
"lastModified": "2025-01-22T15:15:10.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37009.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37009",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.473",
"lastModified": "2025-01-22T15:15:10.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37010.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37010",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.580",
"lastModified": "2025-01-22T15:15:10.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37011.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37011",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.683",
"lastModified": "2025-01-22T15:15:10.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37012.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37012",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.783",
"lastModified": "2025-01-22T15:15:10.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37013.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37013",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.883",
"lastModified": "2025-01-22T15:15:10.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37014.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37014",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.987",
"lastModified": "2025-01-22T15:15:10.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37015.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37015",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.100",
"lastModified": "2025-01-22T15:15:11.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37016.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37016",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.207",
"lastModified": "2025-01-22T15:15:11.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37017.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37017",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.310",
"lastModified": "2025-01-22T15:15:11.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37018.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37018",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.410",
"lastModified": "2025-01-22T15:15:11.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37019.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37019",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.510",
"lastModified": "2025-01-22T15:15:11.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37020.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37020",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.613",
"lastModified": "2025-01-22T15:15:11.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37021.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37021",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.710",
"lastModified": "2025-01-22T15:15:11.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37022.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37022",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.817",
"lastModified": "2025-01-22T15:15:11.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-370xx/CVE-2023-37023.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-37023",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.913",
"lastModified": "2025-01-22T15:15:11.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

41
CVE-2023/CVE-2023-370xx/CVE-2023-37035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37035",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T23:15:10.823",
"lastModified": "2025-01-21T23:15:10.823",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:12.017",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cellularsecurity.org/ransacked",

25
CVE-2023/CVE-2023-377xx/CVE-2023-37777.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-37777",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T16:15:28.187",
"lastModified": "2025-01-22T16:15:28.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338",
"source": "cve@mitre.org"
},
{
"url": "https://synnefoims.com/",
"source": "cve@mitre.org"
}
]
}

52
CVE-2023/CVE-2023-515xx/CVE-2023-51529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:08.570",
"lastModified": "2024-11-21T08:38:19.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:21:12.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.3.4",
"matchCriteriaId": "A4AD1E21-DDE5-47A2-AF90-20E840E7F7C2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-109xx/CVE-2024-10929.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-10929",
"sourceIdentifier": "arm-security@arm.com",
"published": "2025-01-22T16:15:28.790",
"lastModified": "2025-01-22T16:15:28.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history."
}
],
"metrics": {},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE",
"source": "arm-security@arm.com"
}
]
}

64
CVE-2024/CVE-2024-13xx/CVE-2024-1390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1390",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:49.500",
"lastModified": "2024-11-21T08:50:28.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:49:11.553",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,30 +39,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.11.2",
"matchCriteriaId": "AF386728-7F5D-424F-B3D8-0027914BC828"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-14xx/CVE-2024-1408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1408",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:49.943",
"lastModified": "2024-11-21T08:50:31.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:44:00.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.15.0",
"matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-15xx/CVE-2024-1519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1519",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:52.287",
"lastModified": "2024-11-21T08:50:44.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:38:11.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.15.0",
"matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-15xx/CVE-2024-1570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1570",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:52.670",
"lastModified": "2024-11-21T08:50:51.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:31:46.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.15.0",
"matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-233xx/CVE-2024-23310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23310",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-20T16:15:09.097",
"lastModified": "2024-11-21T08:57:28.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:18:16.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,24 +49,82 @@
"value": "CWE-825"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-233xx/CVE-2024-23313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23313",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-20T16:15:09.477",
"lastModified": "2024-11-21T08:57:29.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T15:30:48.677",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-244xx/CVE-2024-24429.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-24429",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T16:15:28.907",
"lastModified": "2025-01-22T16:15:28.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-244xx/CVE-2024-24430.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-24430",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:12.680",
"lastModified": "2025-01-22T15:15:12.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-244xx/CVE-2024-24432.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-24432",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:12.793",
"lastModified": "2025-01-22T15:15:12.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

82
CVE-2024/CVE-2024-273xx/CVE-2024-27305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27305",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:58.630",
"lastModified": "2024-11-21T09:04:17.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:02:31.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -49,32 +69,78 @@
"value": "CWE-345"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aio-libs:aiosmtpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.5",
"matchCriteriaId": "4C74E682-012F-4D4E-B76F-C45329900908"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.postfix.org/smtp-smuggling.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.postfix.org/smtp-smuggling.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}

72
CVE-2024/CVE-2024-282xx/CVE-2024-28236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:59.027",
"lastModified": "2024-11-21T09:06:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:05:22.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -53,24 +73,64 @@
"value": "CWE-532"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:go-vela:worker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.23.2",
"matchCriteriaId": "00862902-9C2F-41A0-B71B-831E777AB83C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-319xx/CVE-2024-31903.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-31903",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-22T16:15:29.030",
"lastModified": "2025-01-22T16:15:29.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7172233",
"source": "psirt@us.ibm.com"
}
]
}

119
CVE-2024/CVE-2024-33xx/CVE-2024-3382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3382",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:56.793",
"lastModified": "2024-11-21T09:29:30.253",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:44:24.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,107 @@
"value": "CWE-770"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.7",
"matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.4",
"matchCriteriaId": "60048B56-C9E4-4492-9F4F-485AC3690FA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "11.1.2",
"matchCriteriaId": "21CFD38A-7AED-4CEE-BDA9-77D815689C58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C702B085-D739-4E06-805F-D01144279071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29237799-7DF5-478C-AE36-EC8E8416EAB7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB69E29-2974-4963-96D6-E0C08D7777F4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7914EA-FEA6-4911-9A47-4F516BEE6663"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37BC54A5-071C-4F62-87EB-2314CA019B08"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3382",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3382",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-342xx/CVE-2024-34235.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-34235",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:12.900",
"lastModified": "2025-01-22T15:15:12.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-420xx/CVE-2024-42012.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42012",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T16:15:29.183",
"lastModified": "2025-01-22T16:15:29.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user."
}
],
"metrics": {},
"references": [
{
"url": "https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/",
"source": "cve@mitre.org"
},
{
"url": "https://www.graudata.com/en/products/protection-against-ransomware/blocky-for-veeam/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-420xx/CVE-2024-42013.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42013",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T16:15:29.303",
"lastModified": "2025-01-22T16:15:29.303",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program."
}
],
"metrics": {},
"references": [
{
"url": "https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/",
"source": "cve@mitre.org"
},
{
"url": "https://www.graudata.com/en/products/protection-against-ransomware/blocky-for-veeam/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-424xx/CVE-2024-42471.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-42471",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-02T18:15:35.540",
"lastModified": "2024-09-16T16:18:09.597",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-22T16:15:29.417",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue."
"value": "actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue."
},
{
"lang": "es",

146
CVE-2024/CVE-2024-47xx/CVE-2024-4777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4777",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-05-14T18:15:16.413",
"lastModified": "2024-11-21T09:43:35.560",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T16:45:18.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,55 +15,171 @@
"value": "Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 126, Firefox ESR &lt; 115.11 y Thunderbird &lt; 115.11."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.11.0",
"matchCriteriaId": "DCAE3CC2-8B68-45CA-BADF-3DF1AF50ECD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "126.0",
"matchCriteriaId": "2695925F-3984-4304-A630-5FF27054F360"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.11.0",
"matchCriteriaId": "0C7339B9-8741-4320-BF1C-3BC9F1D051FF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

41
CVE-2024/CVE-2024-497xx/CVE-2024-49735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49735",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.393",
"lastModified": "2025-01-21T23:15:14.393",
"vulnStatus": "Received",
"lastModified": "2025-01-22T16:15:29.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49736",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.490",
"lastModified": "2025-01-21T23:15:14.490",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49737",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.593",
"lastModified": "2025-01-21T23:15:14.593",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49738",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.687",
"lastModified": "2025-01-21T23:15:14.687",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49742",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.783",
"lastModified": "2025-01-21T23:15:14.783",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49744",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.880",
"lastModified": "2025-01-21T23:15:14.880",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49745",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:14.993",
"lastModified": "2025-01-21T23:15:14.993",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49747",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:15.100",
"lastModified": "2025-01-21T23:15:15.100",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49748",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:15.197",
"lastModified": "2025-01-21T23:15:15.197",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:13.980",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

41
CVE-2024/CVE-2024-497xx/CVE-2024-49749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49749",
"sourceIdentifier": "security@android.com",
"published": "2025-01-21T23:15:15.283",
"lastModified": "2025-01-21T23:15:15.283",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:14.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2025-01-01",

33
CVE-2024/CVE-2024-519xx/CVE-2024-51941.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-51941",
"sourceIdentifier": "security@apache.org",
"published": "2025-01-21T22:15:12.447",
"lastModified": "2025-01-21T23:15:15.380",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo remoto en la funci\u00f3n Ambari Metrics y AMS Alerts, que permite a los usuarios autenticados inyectar y ejecutar c\u00f3digo arbitrario. La vulnerabilidad se produce al procesar definiciones de alertas, donde se puede inyectar informaci\u00f3n maliciosa en la ruta de ejecuci\u00f3n de la alerta script. Un atacante con acceso autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor. El problema se ha solucionado en las \u00faltimas versiones de Ambari."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

25
CVE-2024/CVE-2024-554xx/CVE-2024-55488.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-55488",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T16:15:29.770",
"lastModified": "2025-01-22T16:15:29.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "http://umbraco.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.nccgroup.com/us/research-blog/technical-advisory-cross-site-scripting-in-umbraco-rich-text-display/",
"source": "cve@mitre.org"
}
]
}

75
CVE-2024/CVE-2024-575xx/CVE-2024-57575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57575",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T21:15:16.537",
"lastModified": "2025-01-16T21:15:16.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:53:51.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,78 @@
"value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro ssid en la funci\u00f3n form_fast_setting_wifi_set."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qijiale/Tenda/blob/main/1/Readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-575xx/CVE-2024-57583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57583",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T21:15:17.800",
"lastModified": "2025-01-16T21:15:17.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T16:53:20.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,78 @@
"value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro usbName en la funci\u00f3n formSetSambaConf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qijiale/Tenda/tree/main/10",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-577xx/CVE-2024-57726.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-57726",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-15T23:15:09.520",
"lastModified": "2025-01-16T21:22:00.710",
"lastModified": "2025-01-22T16:25:12.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -22,20 +22,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},

11
CVE-2024/CVE-2024-73xx/CVE-2024-7344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7344",
"sourceIdentifier": "cret@cert.org",
"published": "2025-01-14T14:15:34.930",
"lastModified": "2025-01-21T19:15:11.700",
"vulnStatus": "Modified",
"lastModified": "2025-01-22T15:41:04.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -172,7 +172,12 @@
},
{
"url": "https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-73xx/CVE-2024-7347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7347",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-08-14T15:15:31.870",
"lastModified": "2024-11-21T09:51:20.560",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T16:10:28.490",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -139,6 +139,11 @@
"versionEndExcluding": "1.26.2",
"matchCriteriaId": "F0EA24A0-D4CA-4394-9A01-D7B9A5DBAF0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_open_source:1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97A8277F-E124-4A18-A545-05DE412FF811"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
@ -176,7 +181,10 @@
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/14/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

33
CVE-2024/CVE-2024-90xx/CVE-2024-9020.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-9020",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-18T06:15:27.787",
"lastModified": "2025-01-18T06:15:27.787",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:14.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento List category posts de WordPress anterior a la versi\u00f3n 0.90.3 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de mostrarlos nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques Cross-Site Scripting Almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/6caa4e5d-8112-4d00-8e97-b41df611a071/",

78
CVE-2025/CVE-2025-02xx/CVE-2025-0203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0203",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-04T07:15:18.153",
"lastModified": "2025-01-04T07:15:18.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:47:10.633",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -122,28 +142,70 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:student_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1621856-3353-479E-B400-A461E52248D3"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/th4s1s/e8488d7e35d789581979f3b7e4c48b1f",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.290140",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.290140",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.473410",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2025/CVE-2025-02xx/CVE-2025-0204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0204",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-04T08:15:06.923",
"lastModified": "2025-01-04T08:15:06.923",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:42:44.060",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -122,28 +142,70 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/th4s1s/6f0b3fcf85455238b4316d0fda7d489e",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.290141",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.290141",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.474031",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2025/CVE-2025-02xx/CVE-2025-0205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0205",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-04T09:15:06.280",
"lastModified": "2025-01-04T09:15:06.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:33:38.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -122,28 +142,71 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/th4s1s/832bc65fadd7d49894f68a75f834c7f3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.290142",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.290142",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.474032",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2025/CVE-2025-02xx/CVE-2025-0206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0206",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-04T12:15:24.830",
"lastModified": "2025-01-04T12:15:24.830",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T15:24:50.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -122,28 +142,71 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/th4s1s/955b71b20235dddf30689d4b85b4d271",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.290143",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.290143",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.474033",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2025/CVE-2025-03xx/CVE-2025-0395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0395",
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"published": "2025-01-22T13:15:20.933",
"lastModified": "2025-01-22T13:15:20.933",
"vulnStatus": "Received",
"lastModified": "2025-01-22T16:15:29.893",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -28,6 +28,18 @@
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32582",
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"
},
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001",
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"
},
{
"url": "https://sourceware.org/pipermail/libc-announce/2025/000044.html",
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/01/22/4",
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"
}
]
}

60
CVE-2025/CVE-2025-06xx/CVE-2025-0604.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0604",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-22T15:15:14.827",
"lastModified": "2025-01-22T15:15:14.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2025-0604",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338993",
"source": "secalert@redhat.com"
}
]
}

56
CVE-2025/CVE-2025-06xx/CVE-2025-0638.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-0638",
"sourceIdentifier": "sep@nlnetlabs.nl",
"published": "2025-01-22T16:15:29.977",
"lastModified": "2025-01-22T16:15:29.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sep@nlnetlabs.nl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sep@nlnetlabs.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1286"
}
]
}
],
"references": [
{
"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt",
"source": "sep@nlnetlabs.nl"
}
]
}

148
CVE-2025/CVE-2025-213xx/CVE-2025-21329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21329",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-01-14T18:15:57.733",
"lastModified": "2025-01-14T18:15:57.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T15:02:32.270",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,154 @@
"value": "CWE-41"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20890",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20890",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7699",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7699",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.6775",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.6775",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.5371",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.5371",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4751",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.4751",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.2894",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7699",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6775",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.3091",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1369",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.2894",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

56
CVE-2025/CVE-2025-227xx/CVE-2025-22772.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:14.990",
"lastModified": "2025-01-22T15:15:14.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/mapbox-for-wp-advanced/vulnerability/wordpress-mapbox-for-wp-advanced-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

21
CVE-2025/CVE-2025-229xx/CVE-2025-22980.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-22980",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:15.130",
"lastModified": "2025-01-22T15:15:15.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/slims/slims9_bulian/issues/270",
"source": "cve@mitre.org"
}
]
}

33
CVE-2025/CVE-2025-231xx/CVE-2025-23195.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-23195",
"sourceIdentifier": "security@apache.org",
"published": "2025-01-21T22:15:12.863",
"lastModified": "2025-01-21T23:15:15.490",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:15.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie \nproject, allowing an attacker to inject malicious XML entities. This \nvulnerability occurs due to insecure parsing of XML input using the \n`DocumentBuilderFactory` class without disabling external entity \nresolution. An attacker can exploit this vulnerability to read arbitrary\n files on the server or perform server-side request forgery (SSRF) \nattacks. The issue has been fixed in both Ambari 2.7.9 and the trunk \nbranch."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de entidad externa XML (XXE) en el proyecto Ambari/Oozie, que permite a un atacante inyectar entidades XML maliciosas. Esta vulnerabilidad se produce debido a un an\u00e1lisis inseguro de la entrada XML mediante la clase `DocumentBuilderFactory` sin deshabilitar la resoluci\u00f3n de entidades externas. Un atacante puede aprovechar esta vulnerabilidad para leer archivos arbitrarios en el servidor o realizar ataques Server-Side Request Forgery (SSRF). El problema se ha solucionado tanto en Ambari 2.7.9 como en la rama troncal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

33
CVE-2025/CVE-2025-231xx/CVE-2025-23196.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-23196",
"sourceIdentifier": "security@apache.org",
"published": "2025-01-21T22:15:12.987",
"lastModified": "2025-01-21T23:15:15.593",
"vulnStatus": "Received",
"lastModified": "2025-01-22T15:15:15.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability exists in the Ambari Alert Definition \nfeature, allowing authenticated users to inject and execute arbitrary \nshell commands. The vulnerability arises when defining alert scripts, \nwhere the script filename field is executed using `sh -c`. An attacker \nwith authenticated access can exploit this vulnerability to inject \nmalicious commands, leading to remote code execution on the server. The \nissue has been fixed in the latest versions of Ambari."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la funci\u00f3n de definici\u00f3n de alertas de Ambari, que permite a los usuarios autenticados inyectar y ejecutar comandos de shell arbitrarios. La vulnerabilidad surge al definir la alerta scripts, donde el campo de nombre de archivo script se ejecuta utilizando `sh -c`. Un atacante con acceso autenticado puede aprovechar esta vulnerabilidad para inyectar comandos maliciosos, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo en el servidor. El problema se ha solucionado en las \u00faltimas versiones de Ambari."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

56
CVE-2025/CVE-2025-234xx/CVE-2025-23449.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23449",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:15.650",
"lastModified": "2025-01-22T15:15:15.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/simple-shortcode-buttons/vulnerability/wordpress-simple-shortcode-buttons-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-234xx/CVE-2025-23462.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23462",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:15.800",
"lastModified": "2025-01-22T15:15:15.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/fwd-slider/vulnerability/wordpress-fwd-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-234xx/CVE-2025-23475.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23475",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:15.950",
"lastModified": "2025-01-22T15:15:15.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/history-timeline/vulnerability/wordpress-history-timeline-plugin-0-7-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-234xx/CVE-2025-23486.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23486",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.093",
"lastModified": "2025-01-22T15:15:16.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/database-sync/vulnerability/wordpress-database-sync-plugin-0-5-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-234xx/CVE-2025-23495.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23495",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.230",
"lastModified": "2025-01-22T15:15:16.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/woocommerce-order-searching/vulnerability/wordpress-woocommerce-order-search-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-234xx/CVE-2025-23498.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23498",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.370",
"lastModified": "2025-01-22T15:15:16.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/translation-pro/vulnerability/wordpress-translation-pro-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23500.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23500",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.500",
"lastModified": "2025-01-22T15:15:16.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/simple-content-construction-kit/vulnerability/wordpress-simple-custom-post-type-custom-field-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23503.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23503",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.633",
"lastModified": "2025-01-22T15:15:16.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/customizable-captcha-and-contact-us-form/vulnerability/wordpress-customizable-captcha-and-contact-us-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23506.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23506",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.777",
"lastModified": "2025-01-22T15:15:16.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP IMAP Auth allows Reflected XSS. This issue affects WP IMAP Auth: from n/a through 4.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-imap-authentication/vulnerability/wordpress-wp-imap-auth-plugin-4-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23507.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:16.910",
"lastModified": "2025-01-22T15:15:16.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/blrt-wp-embed/vulnerability/wordpress-blrt-wp-embed-plugin-1-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23509.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23509",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.043",
"lastModified": "2025-01-22T15:15:17.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/comments-with-hypercommentscom/vulnerability/wordpress-hypercomments-plugin-0-9-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23512.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23512",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.160",
"lastModified": "2025-01-22T15:15:17.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/team-118group-agent/vulnerability/wordpress-team-118group-agent-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23535.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23535",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.290",
"lastModified": "2025-01-22T15:15:17.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/drag-and-drop-custom-sidebar/vulnerability/wordpress-real-wordpress-sidebar-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23548.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23548",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.423",
"lastModified": "2025-01-22T15:15:17.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bilal TAS Responsivity allows Reflected XSS. This issue affects Responsivity: from n/a through 0.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/responsivity/vulnerability/wordpress-responsivity-plugin-0-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23562.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23562",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.557",
"lastModified": "2025-01-22T15:15:17.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/xlsx-viewer/vulnerability/wordpress-xlsxviewer-plugin-2-1-1-arbitrary-file-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23578.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23578",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.687",
"lastModified": "2025-01-22T15:15:17.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom CSS Addons allows Reflected XSS. This issue affects Custom CSS Addons: from n/a through 1.9.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/css-addons/vulnerability/wordpress-custom-css-addons-plugin-1-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23583.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23583",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.820",
"lastModified": "2025-01-22T15:15:17.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/explara-membership/vulnerability/wordpress-explara-membership-plugin-0-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-235xx/CVE-2025-23589.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23589",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-22T15:15:17.950",
"lastModified": "2025-01-22T15:15:17.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ContentOptin Lite allows Reflected XSS. This issue affects ContentOptin Lite: from n/a through 1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/contentoptin/vulnerability/wordpress-contentoptin-lite-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More