admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-09T22:00:20.581060+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-09 22:03:57 +00:00
parent 6ca762c881
commit d8991c148e
433 changed files with 6327 additions and 1852 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2017/CVE-2017-201xx/CVE-2017-20197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20197",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-09T11:15:40.433",
"lastModified": "2025-04-09T11:15:40.433",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

12
CVE-2022/CVE-2022-220xx/CVE-2022-22079.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-22079",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.053",
"lastModified": "2024-11-21T06:46:05.893",
"lastModified": "2025-04-09T20:15:17.693",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-220xx/CVE-2022-22088.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-22088",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.143",
"lastModified": "2024-11-21T06:46:08.933",
"lastModified": "2025-04-09T20:15:18.523",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25715.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25715",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.290",
"lastModified": "2024-11-21T06:52:47.767",
"lastModified": "2025-04-09T20:15:18.887",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-704"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25716",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.367",
"lastModified": "2024-11-21T06:52:47.973",
"lastModified": "2025-04-09T20:15:19.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25717.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25717",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.443",
"lastModified": "2024-11-21T06:52:48.150",
"lastModified": "2025-04-09T20:15:19.290",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-415"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25721.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25721",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.527",
"lastModified": "2024-11-21T06:52:49.237",
"lastModified": "2025-04-09T21:15:41.060",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25722.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25722",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.597",
"lastModified": "2024-11-21T06:52:49.407",
"lastModified": "2025-04-09T21:15:41.440",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25725.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25725",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.667",
"lastModified": "2024-11-21T06:52:50.043",
"lastModified": "2025-04-09T21:15:41.667",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-763"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-763"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-257xx/CVE-2022-25746.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25746",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.730",
"lastModified": "2024-11-21T06:52:54.150",
"lastModified": "2025-04-09T20:15:19.507",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33218.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33218",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.807",
"lastModified": "2024-11-21T07:07:45.090",
"lastModified": "2025-04-09T20:15:19.797",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33219",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.877",
"lastModified": "2024-11-21T07:07:45.253",
"lastModified": "2025-04-09T20:15:20.273",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-190"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33252.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33252",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:11.947",
"lastModified": "2024-11-21T07:07:54.060",
"lastModified": "2025-04-09T20:15:20.450",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33253.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33253",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:12.023",
"lastModified": "2024-11-21T07:07:54.360",
"lastModified": "2025-04-09T20:15:20.767",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33266.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33266",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:12.230",
"lastModified": "2024-11-21T07:07:57.137",
"lastModified": "2025-04-09T20:15:21.087",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-190"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33274.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33274",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:12.293",
"lastModified": "2024-11-21T07:07:59.323",
"lastModified": "2025-04-09T20:15:21.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-129"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-332xx/CVE-2022-33276.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33276",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:12.360",
"lastModified": "2024-11-21T07:07:59.943",
"lastModified": "2025-04-09T20:15:21.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-33xx/CVE-2022-3343.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3343",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:26.593",
"lastModified": "2024-11-21T07:19:20.230",
"lastModified": "2025-04-09T20:15:21.827",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},

22
CVE-2022/CVE-2022-34xx/CVE-2022-3416.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3416",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:26.677",
"lastModified": "2024-11-21T07:19:28.253",
"lastModified": "2025-04-09T20:15:22.013",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},

22
CVE-2022/CVE-2022-34xx/CVE-2022-3417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3417",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:26.760",
"lastModified": "2024-11-21T07:19:28.367",
"lastModified": "2025-04-09T20:15:22.223",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

12
CVE-2022/CVE-2022-405xx/CVE-2022-40520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40520",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-01-09T08:15:13.230",
"lastModified": "2024-11-21T07:21:34.190",
"lastModified": "2025-04-09T20:15:22.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-40xx/CVE-2022-4043.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4043",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:27.143",
"lastModified": "2024-11-21T07:34:30.020",
"lastModified": "2025-04-09T20:15:23.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},

32
CVE-2022/CVE-2022-429xx/CVE-2022-42979.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42979",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T04:15:07.977",
"lastModified": "2024-11-21T07:25:43.917",
"lastModified": "2025-04-09T21:15:41.887",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-43xx/CVE-2022-4301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4301",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:27.497",
"lastModified": "2024-11-21T07:34:58.317",
"lastModified": "2025-04-09T20:15:23.860",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

22
CVE-2022/CVE-2022-43xx/CVE-2022-4310.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4310",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:27.573",
"lastModified": "2024-11-21T07:34:59.600",
"lastModified": "2025-04-09T20:15:24.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

22
CVE-2022/CVE-2022-43xx/CVE-2022-4392.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4392",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:27.953",
"lastModified": "2024-11-21T07:35:11.077",
"lastModified": "2025-04-09T20:15:24.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

32
CVE-2022/CVE-2022-441xx/CVE-2022-44149.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44149",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T17:15:09.363",
"lastModified": "2024-11-21T07:27:39.617",
"lastModified": "2025-04-09T21:15:42.097",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-448xx/CVE-2022-44870.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44870",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T03:15:08.143",
"lastModified": "2024-11-21T07:28:30.813",
"lastModified": "2025-04-09T21:15:42.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-449xx/CVE-2022-44939.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44939",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T22:15:09.483",
"lastModified": "2024-11-21T07:28:33.073",
"lastModified": "2025-04-09T21:15:42.533",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-427"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-44xx/CVE-2022-4497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4497",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-09T23:15:28.537",
"lastModified": "2024-11-21T07:35:22.937",
"lastModified": "2025-04-09T20:15:24.373",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

32
CVE-2022/CVE-2022-457xx/CVE-2022-45787.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45787",
"sourceIdentifier": "security@apache.org",
"published": "2023-01-06T10:15:10.383",
"lastModified": "2024-11-21T07:29:42.970",
"lastModified": "2025-04-09T20:15:22.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -59,6 +79,16 @@
"value": "CWE-312"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-459xx/CVE-2022-45911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45911",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T23:15:09.673",
"lastModified": "2024-11-21T07:29:56.003",
"lastModified": "2025-04-09T21:15:42.780",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-459xx/CVE-2022-45913.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45913",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-06T23:15:09.743",
"lastModified": "2024-11-21T07:29:56.383",
"lastModified": "2025-04-09T21:15:43.030",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-467xx/CVE-2022-46761.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46761",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-01-06T20:15:09.707",
"lastModified": "2024-11-21T07:31:00.893",
"lastModified": "2025-04-09T21:15:43.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-467xx/CVE-2022-46762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46762",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-01-06T20:15:09.773",
"lastModified": "2024-11-21T07:31:01.003",
"lastModified": "2025-04-09T21:15:43.477",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"configurations": [

24
CVE-2022/CVE-2022-467xx/CVE-2022-46769.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46769",
"sourceIdentifier": "security@apache.org",
"published": "2023-01-09T11:15:10.700",
"lastModified": "2024-11-21T07:31:01.557",
"lastModified": "2025-04-09T20:15:22.957",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,13 +36,33 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

32
CVE-2022/CVE-2022-470xx/CVE-2022-47095.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47095",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-05T15:15:10.927",
"lastModified": "2024-11-21T07:31:30.073",
"lastModified": "2025-04-09T21:15:43.647",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-471xx/CVE-2022-47153.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47153",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-29T14:15:08.167",
"lastModified": "2025-03-21T12:09:23.140",
"lastModified": "2025-04-09T20:40:28.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-475xx/CVE-2022-47523.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-05T08:15:08.877",
"lastModified": "2024-11-21T07:32:08.650",
"lastModified": "2025-04-09T21:15:43.870",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-476xx/CVE-2022-47656.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47656",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-05T16:15:10.020",
"lastModified": "2024-11-21T07:32:19.077",
"lastModified": "2025-04-09T21:15:44.070",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-479xx/CVE-2022-47974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47974",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-01-06T20:15:09.830",
"lastModified": "2024-11-21T07:32:39.230",
"lastModified": "2025-04-09T20:15:23.150",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-479xx/CVE-2022-47975.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47975",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-01-06T20:15:09.880",
"lastModified": "2024-11-21T07:32:39.400",
"lastModified": "2025-04-09T20:15:23.343",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-415"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-479xx/CVE-2022-47976.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47976",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-01-06T20:15:09.937",
"lastModified": "2024-11-21T07:32:39.573",
"lastModified": "2025-04-09T20:15:23.523",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-338xx/CVE-2023-33844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33844",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-04-09T14:15:27.527",
"lastModified": "2025-04-09T14:15:27.527",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

172
CVE-2023/CVE-2023-401xx/CVE-2023-40159.json
View File

@ -2,177 +2,15 @@
"id": "CVE-2023-40159",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:02.787",
"lastModified": "2024-11-21T08:18:53.850",
"vulnStatus": "Modified",
"lastModified": "2025-04-09T21:15:45.100",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information."
},
{
"lang": "es",
"value": "Un usuario validado que no est\u00e9 autorizado expl\u00edcitamente para tener acceso a cierta informaci\u00f3n confidencial podr\u00eda acceder a Philips Vue PACS en la misma red para exponer esa informaci\u00f3n."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.2.8.410",
"matchCriteriaId": "E3D16037-0684-4486-80A7-8EE98DD4E851"
}
]
}
]
}
],
"references": [
{
"url": "http://www.philips.com/productsecurity",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.philips.com/productsecurity",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
"metrics": {},
"references": []
}

172
CVE-2023/CVE-2023-402xx/CVE-2023-40223.json
View File

@ -2,177 +2,15 @@
"id": "CVE-2023-40223",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.173",
"lastModified": "2024-11-21T08:19:02.073",
"vulnStatus": "Modified",
"lastModified": "2025-04-09T21:16:06.380",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor."
},
{
"lang": "es",
"value": "Philips Vue PACS no asigna, modifica, rastrea ni verifica adecuadamente los privilegios de los actores, lo que crea una esfera de control no deseada para ese actor."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.2.8.410",
"matchCriteriaId": "E3D16037-0684-4486-80A7-8EE98DD4E851"
}
]
}
]
}
],
"references": [
{
"url": "http://www.philips.com/productsecurity",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.philips.com/productsecurity",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
"metrics": {},
"references": []
}

162
CVE-2023/CVE-2023-405xx/CVE-2023-40539.json
View File

@ -2,167 +2,15 @@
"id": "CVE-2023-40539",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.553",
"lastModified": "2024-11-21T08:19:40.533",
"vulnStatus": "Modified",
"lastModified": "2025-04-09T21:16:15.920",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts."
},
{
"lang": "es",
"value": "Philips Vue PACS no requiere que los usuarios tengan contrase\u00f1as seguras, lo que podr\u00eda facilitar que los atacantes comprometan las cuentas de los usuarios."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.2.8.410",
"matchCriteriaId": "E3D16037-0684-4486-80A7-8EE98DD4E851"
}
]
}
]
}
],
"references": [
{
"url": "http://www.philips.com/productsecurity",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.philips.com/productsecurity",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
"metrics": {},
"references": []
}

34
CVE-2023/CVE-2023-407xx/CVE-2023-40704.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-40704",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.897",
"lastModified": "2024-11-21T08:19:59.750",
"lastModified": "2025-04-09T21:16:24.990",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips Vue PACS uses default credentials for potentially critical functionality."
"value": "The product does not require unique and complex passwords to be created \nduring installation. Using Philips's default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity."
},
{
"lang": "es",
@ -22,17 +22,17 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
@ -66,20 +66,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",

32
CVE-2023/CVE-2023-455xx/CVE-2023-45594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45594",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.493",
"lastModified": "2025-03-03T22:32:43.430",
"lastModified": "2025-04-09T20:49:05.457",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-552"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-54xx/CVE-2023-5457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5457",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.793",
"lastModified": "2025-03-03T22:10:10.990",
"lastModified": "2025-04-09T20:34:52.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-1269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [

8
CVE-2024/CVE-2024-125xx/CVE-2024-12556.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12556",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-04-08T20:15:19.420",
"lastModified": "2025-04-08T20:15:19.420",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal."
},
{
"lang": "es",
"value": "La contaminaci\u00f3n de prototipos en Kibana puede provocar la inyecci\u00f3n de c\u00f3digo a trav\u00e9s de la carga de archivos sin restricciones combinada con el path traversal."
}
],
"metrics": {

12
CVE-2024/CVE-2024-311xx/CVE-2024-31108.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31108",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-31T19:15:48.603",
"lastModified": "2025-03-21T18:57:25.717",
"lastModified": "2025-04-09T20:39:24.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

21
CVE-2024/CVE-2024-552xx/CVE-2024-55210.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-55210",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-09T20:15:24.633",
"lastModified": "2025-04-09T20:15:24.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/c4cnm/CVE-2024-55210/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-553xx/CVE-2024-55354.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-55354",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-08T22:15:14.887",
"lastModified": "2025-04-08T22:15:14.887",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected."
},
{
"lang": "es",
"value": "En Lucee anterior a 5.4.7.3 LTS y 6 anterior a 6.1.1.118, cuando un atacante puede colocar archivos en el servidor, es vulnerable a una falla del mecanismo de protecci\u00f3n que puede permitir que un atacante ejecute c\u00f3digo que se esperar\u00eda que estuviera bloqueado y acceda a recursos que se esperar\u00eda que estuvieran protegidos."
}
],
"metrics": {

33
CVE-2024/CVE-2024-68xx/CVE-2024-6857.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-6857",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-09T06:15:39.347",
"lastModified": "2025-04-09T06:15:39.347",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:15:24.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento WP MultiTasking para WordPress hasta la versi\u00f3n 0.1.12 no tiene verificaci\u00f3n CSRF al actualizar las configuraciones de script de encabezado, pie de p\u00e1gina y cuerpo, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados realicen dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/97636602-2dd0-465b-b6dc-acb42147edb3/",

33
CVE-2024/CVE-2024-68xx/CVE-2024-6860.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-6860",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-09T06:15:41.177",
"lastModified": "2025-04-09T06:15:41.177",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:15:24.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento WP MultiTasking de WordPress hasta la versi\u00f3n 0.1.12 no tiene verificaci\u00f3n CSRF al actualizar la configuraci\u00f3n del sufijo de enlace permanente, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados realicen dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/1d09d3dd-aa49-4ff1-80e7-6d176e378916/",

4
CVE-2024/CVE-2024-82xx/CVE-2024-8243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8243",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-09T06:15:41.360",
"lastModified": "2025-04-09T19:15:47.270",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

82
CVE-2025/CVE-2025-17xx/CVE-2025-1768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1768",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-07T11:15:15.653",
"lastModified": "2025-03-07T11:15:15.653",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:52:13.823",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,54 +51,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "12.4.06",
"matchCriteriaId": "5E271EC4-FE17-488D-A60A-6A2AF364C7AA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Assistant.php?rev=3207037#L55",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Audits.php?rev=3207037#L86",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/BulkSeo.php?rev=3207037#L148",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/FocusPages.php?rev=3207037#L107",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Onboarding.php?rev=3207037#L62",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Post.php?rev=3207037#L480",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/models/Snippet.php?rev=3207037#L118",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/models/Snippet.php?rev=3207037#L96",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3248412/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3250395/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/squirrly-seo/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a23ee5c-275f-4d51-8199-1cc2b0086f73?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2025/CVE-2025-19xx/CVE-2025-1968.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1968",
"sourceIdentifier": "security@progress.com",
"published": "2025-04-09T14:15:27.950",
"lastModified": "2025-04-09T14:15:27.950",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-209xx/CVE-2025-20952.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-20952",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2025-04-09T08:15:16.153",
"lastModified": "2025-04-09T08:15:16.153",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en Mdecservice anterior a SMR Apr-2025 Release 1 permite a atacantes locales acceder a archivos arbitrarios con privilegios del sistema."
}
],
"metrics": {

8
CVE-2025/CVE-2025-211xx/CVE-2025-21174.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21174",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:44.667",
"lastModified": "2025-04-08T18:15:44.667",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "El consumo descontrolado de recursos en el Servicio de administraci\u00f3n de almacenamiento basado en est\u00e1ndares de Windows permite que un atacante no autorizado deniegue el servicio a trav\u00e9s de una red."
}
],
"metrics": {

8
CVE-2025/CVE-2025-211xx/CVE-2025-21191.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21191",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:44.857",
"lastModified": "2025-04-08T18:15:44.857",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n de tiempo de uso y tiempo de verificaci\u00f3n (toctou) en la Autoridad de seguridad local (LSA) de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-211xx/CVE-2025-21197.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21197",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.020",
"lastModified": "2025-04-08T18:15:45.020",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en Windows NTFS permite que un atacante autorizado divulgue informaci\u00f3n de la ruta de un archivo en una carpeta donde el atacante no tiene permiso para enumerar el contenido."
}
],
"metrics": {

8
CVE-2025/CVE-2025-212xx/CVE-2025-21203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21203",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.190",
"lastModified": "2025-04-08T18:15:45.190",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network."
},
{
"lang": "es",
"value": "La sobrelectura de b\u00fafer en el Servicio de enrutamiento y acceso remoto de Windows (RRAS) permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red."
}
],
"metrics": {

8
CVE-2025/CVE-2025-212xx/CVE-2025-21204.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21204",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.343",
"lastModified": "2025-04-08T18:15:45.343",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La resoluci\u00f3n incorrecta de un enlace antes del acceso al archivo ('seguimiento de enlace') en Windows Update Stack permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-212xx/CVE-2025-21205.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21205",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.513",
"lastModified": "2025-04-08T18:15:45.513",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en el Servicio de telefon\u00eda de Windows permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"metrics": {

8
CVE-2025/CVE-2025-212xx/CVE-2025-21221.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21221",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.673",
"lastModified": "2025-04-08T18:15:45.673",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en el Servicio de telefon\u00eda de Windows permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"metrics": {

8
CVE-2025/CVE-2025-212xx/CVE-2025-21222.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21222",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:45.850",
"lastModified": "2025-04-08T18:15:45.850",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en el Servicio de telefon\u00eda de Windows permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"metrics": {

100
CVE-2025/CVE-2025-215xx/CVE-2025-21591.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21591",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:25.363",
"lastModified": "2025-04-09T20:15:25.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\n\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue affects Junos OS:\n\n\n\n * from 23.1R1 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R2.\n\n\nThis issue isn't applicable to any versions of Junos OS before 23.1R1. \n\n\n\nThis issue doesn't affect vSRX Series which doesn't support DHCP Snooping. \n\nThis issue doesn't affect Junos OS Evolved.\n\nThere are no indicators of compromise for this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Green",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "YES",
"Recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "GREEN"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-805"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA96448",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21594.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21594",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:25.620",
"lastModified": "2025-04-09T20:15:25.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host> show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 External_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/ \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Range \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Ports_Total \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/- \u00a0 \u00a0 \u00a0 >>>>>>>>port still usedThis issue affects Junos OS on MX Series:\u00a0\n\n * from 21.2 before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S6,\u00a0\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA96449",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21595.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21595",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:25.853",
"lastModified": "2025-04-09T20:15:25.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host> show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003<<<<<<< Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n * All versions before 21.2R3-S7,\n * 21.4 versions before 21.4R3-S4,\n * 22.2 versions before 22.2R3-S1,\u00a0\n * 22.3 versions before 22.3R3-S1,\u00a0\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n * All versions before 21.2R3-S7-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n * 22.4-EVO versions before 22.4R3-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA96450",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21597.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21597",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:26.100",
"lastModified": "2025-04-09T20:15:26.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\n\nThis issue affects:\nJunos OS:\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 21.2R3-S6-EVO,\n * 21.3-EVO versions before 21.3R3-S5-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.1-EVO versions before 22.1R3-S3-EVO,\n * 22.2-EVO versions before :22.2R3-S1-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://kb.juniper.net/JSA96451",
"source": "sirt@juniper.net"
}
]
}

88
CVE-2025/CVE-2025-216xx/CVE-2025-21601.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2025-21601",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:26.350",
"lastModified": "2025-04-09T20:15:26.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u00a0Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u00a0unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \n\nContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\n\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R1-S1, 24.2R2.\n\n\nAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\ne.g.\n\u00a0\u00a0show system processes extensive | match httpd\u00a0 PID nobody \u00a0 \u00a0 \u00a0 52 \u00a0 0 \u00a0 20M\u00a0 \u00a0 191M select \u00a0 2 \u00a0 0:01 \u00a0 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "AMBER"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA96452",
"source": "sirt@juniper.net"
}
]
}

83
CVE-2025/CVE-2025-21xx/CVE-2025-2193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2193",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-11T13:15:43.997",
"lastModified": "2025-03-11T14:15:27.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:48:27.550",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
@ -118,28 +138,77 @@
"value": "CWE-22"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "254B64CD-32D5-4E91-8A4C-54C155EA7E0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.299218",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.299218",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.511724",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/IceFoxH/VULN/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
}
]
}

85
CVE-2025/CVE-2025-21xx/CVE-2025-2194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-11T14:15:27.753",
"lastModified": "2025-03-11T14:15:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:46:03.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,28 +142,77 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "254B64CD-32D5-4E91-8A4C-54C155EA7E0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.299219",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.299219",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.511732",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/IceFoxH/VULN/issues/3",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
}
]
}

85
CVE-2025/CVE-2025-21xx/CVE-2025-2195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-11T14:15:27.937",
"lastModified": "2025-03-11T14:15:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:45:17.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,28 +142,77 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "254B64CD-32D5-4E91-8A4C-54C155EA7E0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.299220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.299220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.511733",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/IceFoxH/VULN/issues/4",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
]
}
]
}

81
CVE-2025/CVE-2025-21xx/CVE-2025-2196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-11T14:15:28.123",
"lastModified": "2025-03-11T15:15:45.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:39:50.180",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,28 +142,75 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "254B64CD-32D5-4E91-8A4C-54C155EA7E0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.299221",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.299221",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.511735",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/IceFoxH/VULN/issues/5",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2025/CVE-2025-228xx/CVE-2025-22871.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-22871",
"sourceIdentifier": "security@golang.org",
"published": "2025-04-08T20:15:20.183",
"lastModified": "2025-04-08T21:15:48.173",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext."
},
{
"lang": "es",
"value": "El paquete net/http acepta incorrectamente un LF simple como terminador de l\u00ednea en l\u00edneas de datos fragmentados. Esto puede permitir el contrabando de solicitudes si se utiliza un servidor net/http junto con un servidor que acepta incorrectamente un LF simple como parte de una extensi\u00f3n fragmentada."
}
],
"metrics": {},

4
CVE-2025/CVE-2025-22xx/CVE-2025-2222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2222",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-04-09T11:15:42.063",
"lastModified": "2025-04-09T11:15:42.063",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-22xx/CVE-2025-2223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2223",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-04-09T11:15:42.320",
"lastModified": "2025-04-09T11:15:42.320",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-234xx/CVE-2025-23407.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-23407",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-09T09:15:15.963",
"lastModified": "2025-04-09T09:15:15.963",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en la interfaz web (p\u00e1gina de configuraci\u00f3n) en Wi-Fi AP UNIT 'AC-WPS-11ac series'. Si se explota, un atacante remoto que pueda iniciar sesi\u00f3n en el producto podr\u00eda modificar la configuraci\u00f3n sin los privilegios adecuados."
}
],
"metrics": {

8
CVE-2025/CVE-2025-240xx/CVE-2025-24058.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24058",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:46.037",
"lastModified": "2025-04-08T18:15:46.037",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-240xx/CVE-2025-24060.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24060",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:46.193",
"lastModified": "2025-04-08T18:15:46.193",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-240xx/CVE-2025-24062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24062",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:46.353",
"lastModified": "2025-04-08T18:15:46.353",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-240xx/CVE-2025-24073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24073",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:46.543",
"lastModified": "2025-04-08T18:15:46.543",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-240xx/CVE-2025-24074.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24074",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:46.740",
"lastModified": "2025-04-08T18:15:46.740",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-244xx/CVE-2025-24446.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24446",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-04-08T20:15:20.417",
"lastModified": "2025-04-08T20:15:20.417",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2023.12, 2021.18, 2025.0 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema, la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2025/CVE-2025-244xx/CVE-2025-24447.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24447",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-04-08T20:15:20.573",
"lastModified": "2025-04-08T20:15:20.573",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2023.12, 2021.18, 2025.0 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de deserializaci\u00f3n de datos no confiables que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema, la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

4
CVE-2025/CVE-2025-24xx/CVE-2025-2440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2440",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-04-09T11:15:42.507",
"lastModified": "2025-04-09T11:15:42.507",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-24xx/CVE-2025-2441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2441",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-04-09T11:15:42.730",
"lastModified": "2025-04-09T11:15:42.730",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-24xx/CVE-2025-2442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2442",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-04-09T11:15:42.947",
"lastModified": "2025-04-09T11:15:42.947",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-250xx/CVE-2025-25002.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25002",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:47.030",
"lastModified": "2025-04-08T18:15:47.030",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network."
},
{
"lang": "es",
"value": "La inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en un cl\u00faster local de Azure permite que un atacante autorizado divulgue informaci\u00f3n a trav\u00e9s de una red adyacente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-250xx/CVE-2025-25013.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25013",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-04-08T23:15:45.540",
"lastModified": "2025-04-08T23:15:45.540",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack."
},
{
"lang": "es",
"value": "La restricci\u00f3n incorrecta de las variables de entorno en Elastic Defend puede provocar la exposici\u00f3n de informaci\u00f3n confidencial, como claves API y tokens, a trav\u00e9s de la transmisi\u00f3n autom\u00e1tica de variables de entorno sin filtrar a la pila."
}
],
"metrics": {

4
CVE-2025/CVE-2025-250xx/CVE-2025-25023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25023",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-04-09T14:15:28.167",
"lastModified": "2025-04-09T14:15:28.167",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-250xx/CVE-2025-25053.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25053",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-09T09:15:16.213",
"lastModified": "2025-04-09T09:15:16.213",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la interfaz web (p\u00e1gina de configuraci\u00f3n) de Wi-Fi AP UNIT 'AC-WPS-11ac series'. Si se explota, un atacante remoto podr\u00eda ejecutar un comando arbitrario del sistema operativo al iniciar sesi\u00f3n en el producto."
}
],
"metrics": {

8
CVE-2025/CVE-2025-250xx/CVE-2025-25056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25056",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-09T09:15:16.423",
"lastModified": "2025-04-09T09:15:16.423",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery en Wi-Fi AP UNIT 'AC-WPS-11ac series'. Si un usuario accede a una p\u00e1gina maliciosa con la sesi\u00f3n iniciada, podr\u00edan producirse operaciones no deseadas."
}
],
"metrics": {

8
CVE-2025/CVE-2025-252xx/CVE-2025-25213.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25213",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-09T09:15:16.610",
"lastModified": "2025-04-09T09:15:16.610",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
},
{
"lang": "es",
"value": "Existe un problema de restricci\u00f3n incorrecta de las capas o marcos de la interfaz de usuario renderizados en Wi-Fi AP UNIT 'AC-WPS-11ac series'. Si un usuario visualiza y hace clic en el contenido de la p\u00e1gina maliciosa con la sesi\u00f3n iniciada, podr\u00edan producirse operaciones no deseadas."
}
],
"metrics": {

39
CVE-2025/CVE-2025-256xx/CVE-2025-25632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25632",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T21:15:19.890",
"lastModified": "2025-03-06T15:15:17.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-09T20:56:55.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A19EE-FB4E-4371-AC85-1401EB78B16D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73E7C1C-F121-486A-8B15-E97EA0C219A5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2025/CVE-2025-266xx/CVE-2025-26628.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-26628",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:47.180",
"lastModified": "2025-04-08T18:15:47.180",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "Las credenciales insuficientemente protegidas en el cl\u00faster local de Azure permiten que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"metrics": {

8
CVE-2025/CVE-2025-266xx/CVE-2025-26635.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-26635",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-04-08T18:15:47.337",
"lastModified": "2025-04-08T18:15:47.337",
"vulnStatus": "Received",
"lastModified": "2025-04-09T20:03:01.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n d\u00e9bil en Windows Hello permite que un atacante autorizado eluda una funci\u00f3n de seguridad en una red."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More