From 3bec0a5caa30614499e361b9c37681db92abe9e5 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Tue, 11 Feb 2025 20:14:04 +0000 Subject: [PATCH] 26 changes (15 new | 11 updated): - 15 new CVEs: CVE-2023-31360, CVE-2023-31361, CVE-2024-21966, CVE-2025-0901, CVE-2025-0902, CVE-2025-0903, CVE-2025-0904, CVE-2025-0905, CVE-2025-0906, CVE-2025-0907, CVE-2025-0908, CVE-2025-0909, CVE-2025-0910, CVE-2025-0911, CVE-2025-1044 - 11 updated CVEs: CVE-2021-46879, CVE-2022-43309, CVE-2022-47465, CVE-2023-1014, CVE-2023-1699, CVE-2023-22613, CVE-2023-22614, CVE-2023-22615, CVE-2023-22808, CVE-2023-28731, CVE-2023-28732 --- cves/2021/46xxx/CVE-2021-46879.json | 68 ++++++++++++++++++-- cves/2022/43xxx/CVE-2022-43309.json | 68 ++++++++++++++++++-- cves/2022/47xxx/CVE-2022-47465.json | 62 +++++++++++++++++- cves/2023/1xxx/CVE-2023-1014.json | 34 +++++++++- cves/2023/1xxx/CVE-2023-1699.json | 34 +++++++++- cves/2023/22xxx/CVE-2023-22613.json | 68 ++++++++++++++++++-- cves/2023/22xxx/CVE-2023-22614.json | 68 ++++++++++++++++++-- cves/2023/22xxx/CVE-2023-22615.json | 68 ++++++++++++++++++-- cves/2023/22xxx/CVE-2023-22808.json | 68 ++++++++++++++++++-- cves/2023/28xxx/CVE-2023-28731.json | 34 +++++++++- cves/2023/28xxx/CVE-2023-28732.json | 34 +++++++++- cves/2023/31xxx/CVE-2023-31360.json | 97 +++++++++++++++++++++++++++++ cves/2023/31xxx/CVE-2023-31361.json | 85 +++++++++++++++++++++++++ cves/2024/21xxx/CVE-2024-21966.json | 97 +++++++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0901.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0902.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0903.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0904.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0905.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0906.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0907.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0908.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0909.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0910.json | 80 ++++++++++++++++++++++++ cves/2025/0xxx/CVE-2025-0911.json | 80 ++++++++++++++++++++++++ cves/2025/1xxx/CVE-2025-1044.json | 87 ++++++++++++++++++++++++++ 26 files changed, 1823 insertions(+), 29 deletions(-) create mode 100644 cves/2023/31xxx/CVE-2023-31360.json create mode 100644 cves/2023/31xxx/CVE-2023-31361.json create mode 100644 cves/2024/21xxx/CVE-2024-21966.json create mode 100644 cves/2025/0xxx/CVE-2025-0901.json create mode 100644 cves/2025/0xxx/CVE-2025-0902.json create mode 100644 cves/2025/0xxx/CVE-2025-0903.json create mode 100644 cves/2025/0xxx/CVE-2025-0904.json create mode 100644 cves/2025/0xxx/CVE-2025-0905.json create mode 100644 cves/2025/0xxx/CVE-2025-0906.json create mode 100644 cves/2025/0xxx/CVE-2025-0907.json create mode 100644 cves/2025/0xxx/CVE-2025-0908.json create mode 100644 cves/2025/0xxx/CVE-2025-0909.json create mode 100644 cves/2025/0xxx/CVE-2025-0910.json create mode 100644 cves/2025/0xxx/CVE-2025-0911.json create mode 100644 cves/2025/1xxx/CVE-2025-1044.json diff --git a/cves/2021/46xxx/CVE-2021-46879.json b/cves/2021/46xxx/CVE-2021-46879.json index 0f2a530a9f1b..cc600066eec4 100644 --- a/cves/2021/46xxx/CVE-2021-46879.json +++ b/cves/2021/46xxx/CVE-2021-46879.json @@ -6,16 +6,16 @@ "cveId": "CVE-2021-46879", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-04T05:17:42.859Z", - "dateReserved": "2023-03-29T00:00:00", - "datePublished": "2023-04-11T00:00:00" + "dateUpdated": "2025-02-11T19:56:04.174Z", + "dateReserved": "2023-03-29T00:00:00.000Z", + "datePublished": "2023-04-11T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-11T00:00:00" + "dateUpdated": "2023-04-11T00:00:00.000Z" }, "descriptions": [ { @@ -77,6 +77,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-787", + "lang": "en", + "description": "CWE-787 Out-of-bounds Write" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.8, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T19:55:04.765658Z", + "id": "CVE-2021-46879", + "options": [ + { + "Exploitation": "poc" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T19:56:04.174Z" + } } ] } diff --git a/cves/2022/43xxx/CVE-2022-43309.json b/cves/2022/43xxx/CVE-2022-43309.json index 5fd0db0f2be7..401ed6daa75a 100644 --- a/cves/2022/43xxx/CVE-2022-43309.json +++ b/cves/2022/43xxx/CVE-2022-43309.json @@ -6,16 +6,16 @@ "cveId": "CVE-2022-43309", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-03T13:26:02.863Z", - "dateReserved": "2022-10-17T00:00:00", - "datePublished": "2023-04-07T00:00:00" + "dateUpdated": "2025-02-11T20:11:55.159Z", + "dateReserved": "2022-10-17T00:00:00.000Z", + "datePublished": "2023-04-07T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-07T00:00:00" + "dateUpdated": "2023-04-07T00:00:00.000Z" }, "descriptions": [ { @@ -86,6 +86,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-732", + "lang": "en", + "description": "CWE-732 Incorrect Permission Assignment for Critical Resource" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:07:47.456527Z", + "id": "CVE-2022-43309", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:11:55.159Z" + } } ] } diff --git a/cves/2022/47xxx/CVE-2022-47465.json b/cves/2022/47xxx/CVE-2022-47465.json index 7b76f790807c..5f056ac837af 100644 --- a/cves/2022/47xxx/CVE-2022-47465.json +++ b/cves/2022/47xxx/CVE-2022-47465.json @@ -8,7 +8,7 @@ "assignerShortName": "Unisoc", "dateReserved": "2022-12-15T08:22:03.067Z", "datePublished": "2023-04-11T11:09:51.189Z", - "dateUpdated": "2024-08-03T14:55:08.092Z" + "dateUpdated": "2025-02-11T20:07:28.052Z" }, "containers": { "cna": { @@ -58,6 +58,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-476", + "lang": "en", + "description": "CWE-476 NULL Pointer Dereference" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-10T16:09:33.169878Z", + "id": "CVE-2022-47465", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:07:28.052Z" + } } ] } diff --git a/cves/2023/1xxx/CVE-2023-1014.json b/cves/2023/1xxx/CVE-2023-1014.json index 6ba0e7b1bde2..02fc90fba1fd 100644 --- a/cves/2023/1xxx/CVE-2023-1014.json +++ b/cves/2023/1xxx/CVE-2023-1014.json @@ -8,7 +8,7 @@ "assignerShortName": "TR-CERT", "dateReserved": "2023-02-24T14:12:38.300Z", "datePublished": "2023-03-30T08:17:03.971Z", - "dateUpdated": "2024-08-02T05:32:46.255Z" + "dateUpdated": "2025-02-11T20:13:42.972Z" }, "containers": { "cna": { @@ -139,6 +139,38 @@ "url": "https://www.usom.gov.tr/bildirim/tr-23-0183" } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:13:19.184226Z", + "id": "CVE-2023-1014", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:13:42.972Z" + } } ] } diff --git a/cves/2023/1xxx/CVE-2023-1699.json b/cves/2023/1xxx/CVE-2023-1699.json index 933801b5cab1..ff3e4faf7741 100644 --- a/cves/2023/1xxx/CVE-2023-1699.json +++ b/cves/2023/1xxx/CVE-2023-1699.json @@ -8,7 +8,7 @@ "assignerShortName": "rapid7", "dateReserved": "2023-03-29T14:17:15.354Z", "datePublished": "2023-03-30T09:26:13.515Z", - "dateUpdated": "2024-08-02T05:57:25.055Z" + "dateUpdated": "2025-02-11T20:12:14.684Z" }, "containers": { "cna": { @@ -120,6 +120,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:12:05.970309Z", + "id": "CVE-2023-1699", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:12:14.684Z" + } } ] } diff --git a/cves/2023/22xxx/CVE-2023-22613.json b/cves/2023/22xxx/CVE-2023-22613.json index 1df033bfec42..973f3d6faa5a 100644 --- a/cves/2023/22xxx/CVE-2023-22613.json +++ b/cves/2023/22xxx/CVE-2023-22613.json @@ -6,16 +6,16 @@ "cveId": "CVE-2023-22613", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-02T10:13:49.462Z", - "dateReserved": "2023-01-04T00:00:00", - "datePublished": "2023-04-11T00:00:00" + "dateUpdated": "2025-02-11T20:07:03.031Z", + "dateReserved": "2023-01-04T00:00:00.000Z", + "datePublished": "2023-04-11T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-11T00:00:00" + "dateUpdated": "2023-04-11T00:00:00.000Z" }, "descriptions": [ { @@ -86,6 +86,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-787", + "lang": "en", + "description": "CWE-787 Out-of-bounds Write" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:04:19.758898Z", + "id": "CVE-2023-22613", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:07:03.031Z" + } } ] } diff --git a/cves/2023/22xxx/CVE-2023-22614.json b/cves/2023/22xxx/CVE-2023-22614.json index ac6d8838140d..6c277242bc7e 100644 --- a/cves/2023/22xxx/CVE-2023-22614.json +++ b/cves/2023/22xxx/CVE-2023-22614.json @@ -6,16 +6,16 @@ "cveId": "CVE-2023-22614", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-02T10:13:49.446Z", - "dateReserved": "2023-01-04T00:00:00", - "datePublished": "2023-04-11T00:00:00" + "dateUpdated": "2025-02-11T20:09:44.234Z", + "dateReserved": "2023-01-04T00:00:00.000Z", + "datePublished": "2023-04-11T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-11T00:00:00" + "dateUpdated": "2023-04-11T00:00:00.000Z" }, "descriptions": [ { @@ -86,6 +86,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-787", + "lang": "en", + "description": "CWE-787 Out-of-bounds Write" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:08:55.369912Z", + "id": "CVE-2023-22614", + "options": [ + { + "Exploitation": "poc" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:09:44.234Z" + } } ] } diff --git a/cves/2023/22xxx/CVE-2023-22615.json b/cves/2023/22xxx/CVE-2023-22615.json index 246d083a0b28..33992097ee27 100644 --- a/cves/2023/22xxx/CVE-2023-22615.json +++ b/cves/2023/22xxx/CVE-2023-22615.json @@ -6,16 +6,16 @@ "cveId": "CVE-2023-22615", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-02T10:13:49.464Z", - "dateReserved": "2023-01-04T00:00:00", - "datePublished": "2023-04-11T00:00:00" + "dateUpdated": "2025-02-11T20:11:22.692Z", + "dateReserved": "2023-01-04T00:00:00.000Z", + "datePublished": "2023-04-11T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-11T00:00:00" + "dateUpdated": "2023-04-11T00:00:00.000Z" }, "descriptions": [ { @@ -77,6 +77,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-787", + "lang": "en", + "description": "CWE-787 Out-of-bounds Write" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.4, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:10:35.453781Z", + "id": "CVE-2023-22615", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:11:22.692Z" + } } ] } diff --git a/cves/2023/22xxx/CVE-2023-22808.json b/cves/2023/22xxx/CVE-2023-22808.json index 927e1b046379..1377dbb1384c 100644 --- a/cves/2023/22xxx/CVE-2023-22808.json +++ b/cves/2023/22xxx/CVE-2023-22808.json @@ -6,16 +6,16 @@ "cveId": "CVE-2023-22808", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-02T10:20:31.082Z", - "dateReserved": "2023-01-06T00:00:00", - "datePublished": "2023-04-11T00:00:00" + "dateUpdated": "2025-02-11T20:12:38.614Z", + "dateReserved": "2023-01-06T00:00:00.000Z", + "datePublished": "2023-04-11T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2023-04-11T00:00:00" + "dateUpdated": "2023-04-11T00:00:00.000Z" }, "descriptions": [ { @@ -68,6 +68,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-125", + "lang": "en", + "description": "CWE-125 Out-of-bounds Read" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.3, + "attackVector": "LOCAL", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:11:51.407102Z", + "id": "CVE-2023-22808", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:12:38.614Z" + } } ] } diff --git a/cves/2023/28xxx/CVE-2023-28731.json b/cves/2023/28xxx/CVE-2023-28731.json index 2adf5b1cd3b7..a362cfefd1a4 100644 --- a/cves/2023/28xxx/CVE-2023-28731.json +++ b/cves/2023/28xxx/CVE-2023-28731.json @@ -8,7 +8,7 @@ "assignerShortName": "NCSC.ch", "dateReserved": "2023-03-22T09:53:07.889Z", "datePublished": "2023-03-30T11:25:36.854Z", - "dateUpdated": "2024-08-02T13:43:23.737Z" + "dateUpdated": "2025-02-11T20:11:00.208Z" }, "containers": { "cna": { @@ -209,6 +209,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:10:51.852642Z", + "id": "CVE-2023-28731", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:11:00.208Z" + } } ] } diff --git a/cves/2023/28xxx/CVE-2023-28732.json b/cves/2023/28xxx/CVE-2023-28732.json index 04c9025915e5..521e38bbcec0 100644 --- a/cves/2023/28xxx/CVE-2023-28732.json +++ b/cves/2023/28xxx/CVE-2023-28732.json @@ -8,7 +8,7 @@ "assignerShortName": "NCSC.ch", "dateReserved": "2023-03-22T09:53:07.889Z", "datePublished": "2023-03-30T11:26:27.209Z", - "dateUpdated": "2024-08-02T13:43:23.841Z" + "dateUpdated": "2025-02-11T20:10:17.247Z" }, "containers": { "cna": { @@ -215,6 +215,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-02-11T20:08:02.489166Z", + "id": "CVE-2023-28732", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-02-11T20:10:17.247Z" + } } ] } diff --git a/cves/2023/31xxx/CVE-2023-31360.json b/cves/2023/31xxx/CVE-2023-31360.json new file mode 100644 index 000000000000..8e549bad54d1 --- /dev/null +++ b/cves/2023/31xxx/CVE-2023-31360.json @@ -0,0 +1,97 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-31360", + "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "state": "PUBLISHED", + "assignerShortName": "AMD", + "dateReserved": "2023-04-27T15:25:41.428Z", + "datePublished": "2025-02-11T20:01:48.822Z", + "dateUpdated": "2025-02-11T20:01:48.822Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unknown", + "product": "AIM-T(AMD Integrated Management Technology) software", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "4.0.0.722" + } + ] + } + ], + "datePublic": "2025-02-11T17:00:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + } + ], + "value": "Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-276", + "description": "CWE-276 Incorrect Default Permissions", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "shortName": "AMD", + "dateUpdated": "2025-02-11T20:01:48.822Z" + }, + "references": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/31xxx/CVE-2023-31361.json b/cves/2023/31xxx/CVE-2023-31361.json new file mode 100644 index 000000000000..8def6c48cb3f --- /dev/null +++ b/cves/2023/31xxx/CVE-2023-31361.json @@ -0,0 +1,85 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-31361", + "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "state": "PUBLISHED", + "assignerShortName": "AMD", + "dateReserved": "2023-04-27T15:25:41.428Z", + "datePublished": "2025-02-11T20:07:05.296Z", + "dateUpdated": "2025-02-11T20:07:05.296Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unknown", + "product": "AIM-T (AMD Integrated Management Technology) software", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "4.0.0.722" + } + ] + } + ], + "datePublic": "2025-02-11T17:00:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution." + } + ], + "value": "A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "providerMetadata": { + "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "shortName": "AMD", + "dateUpdated": "2025-02-11T20:07:05.296Z" + }, + "references": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/21xxx/CVE-2024-21966.json b/cves/2024/21xxx/CVE-2024-21966.json new file mode 100644 index 000000000000..eb6a95eca0be --- /dev/null +++ b/cves/2024/21xxx/CVE-2024-21966.json @@ -0,0 +1,97 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-21966", + "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "state": "PUBLISHED", + "assignerShortName": "AMD", + "dateReserved": "2024-01-03T16:43:28.698Z", + "datePublished": "2025-02-11T19:56:25.414Z", + "dateUpdated": "2025-02-11T19:56:25.414Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unknown", + "product": "AMD Ryzen™ Master Utility", + "vendor": "AMD", + "versions": [ + { + "status": "affected", + "version": "2.14.0.3205" + } + ] + } + ], + "datePublic": "2025-02-11T17:00:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
" + } + ], + "value": "A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-269", + "description": "CWE-269 Improper Privilege Management", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "shortName": "AMD", + "dateUpdated": "2025-02-11T19:56:25.414Z" + }, + "references": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0901.json b/cves/2025/0xxx/CVE-2025-0901.json new file mode 100644 index 000000000000..7a9e1a09a290 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0901.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0901", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:14.345Z", + "datePublished": "2025-02-11T19:56:31.557Z", + "dateUpdated": "2025-02-11T19:56:31.557Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:56:31.557Z" + }, + "title": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25372." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-062/", + "name": "ZDI-25-062", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:14.461Z", + "datePublic": "2025-01-31T22:06:24.159Z", + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0902.json b/cves/2025/0xxx/CVE-2025-0902.json new file mode 100644 index 000000000000..bd3e8bcf6cd2 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0902.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0902", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:18.231Z", + "datePublished": "2025-02-11T19:56:41.379Z", + "dateUpdated": "2025-02-11T19:56:41.379Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:56:41.379Z" + }, + "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25405." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-072/", + "name": "ZDI-25-072", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:18.299Z", + "datePublic": "2025-01-31T22:08:51.210Z", + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0903.json b/cves/2025/0xxx/CVE-2025-0903.json new file mode 100644 index 000000000000..07ea5250a83d --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0903.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0903", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:21.877Z", + "datePublished": "2025-02-11T19:57:00.237Z", + "dateUpdated": "2025-02-11T19:57:00.237Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:57:00.237Z" + }, + "title": "PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25421." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-122", + "description": "CWE-122: Heap-based Buffer Overflow", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-070/", + "name": "ZDI-25-070", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:21.943Z", + "datePublic": "2025-01-31T22:08:29.392Z", + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0904.json b/cves/2025/0xxx/CVE-2025-0904.json new file mode 100644 index 000000000000..cea32c7d4680 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0904.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0904", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:25.048Z", + "datePublished": "2025-02-11T19:57:11.371Z", + "dateUpdated": "2025-02-11T19:57:11.371Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:57:11.371Z" + }, + "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25422." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-071/", + "name": "ZDI-25-071", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:25.107Z", + "datePublic": "2025-01-31T22:08:40.655Z", + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0905.json b/cves/2025/0xxx/CVE-2025-0905.json new file mode 100644 index 000000000000..5c0679564755 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0905.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0905", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:29.382Z", + "datePublished": "2025-02-11T19:57:31.522Z", + "dateUpdated": "2025-02-11T19:57:31.522Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:57:31.522Z" + }, + "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25433." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-067/", + "name": "ZDI-25-067", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:29.436Z", + "datePublic": "2025-01-31T22:07:55.139Z", + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0906.json b/cves/2025/0xxx/CVE-2025-0906.json new file mode 100644 index 000000000000..f0ff790cbe3b --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0906.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0906", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:34.983Z", + "datePublished": "2025-02-11T19:57:41.221Z", + "dateUpdated": "2025-02-11T19:57:41.221Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:57:41.221Z" + }, + "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25434." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-068/", + "name": "ZDI-25-068", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:35.038Z", + "datePublic": "2025-01-31T22:08:08.641Z", + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0907.json b/cves/2025/0xxx/CVE-2025-0907.json new file mode 100644 index 000000000000..33d6da55016a --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0907.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0907", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:40.756Z", + "datePublished": "2025-02-11T19:57:51.572Z", + "dateUpdated": "2025-02-11T19:57:51.572Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:57:51.572Z" + }, + "title": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25435." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.0.388", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-069/", + "name": "ZDI-25-069", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:40.807Z", + "datePublic": "2025-01-31T22:08:14.571Z", + "source": { + "lang": "en", + "value": "Mat Powell of Trend Micro Zero Day Initiative" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0908.json b/cves/2025/0xxx/CVE-2025-0908.json new file mode 100644 index 000000000000..9e253d4db9a3 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0908.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0908", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:45.543Z", + "datePublished": "2025-02-11T19:58:02.722Z", + "dateUpdated": "2025-02-11T19:58:02.722Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:58:02.722Z" + }, + "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25557." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.2.390", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-063/", + "name": "ZDI-25-063", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:45.597Z", + "datePublic": "2025-02-05T23:26:49.988Z", + "source": { + "lang": "en", + "value": "Anonymous" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0909.json b/cves/2025/0xxx/CVE-2025-0909.json new file mode 100644 index 000000000000..eaed04eaf90c --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0909.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0909", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:49.145Z", + "datePublished": "2025-02-11T19:58:09.870Z", + "dateUpdated": "2025-02-11T19:58:09.870Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:58:09.870Z" + }, + "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25678." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.3.391", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-064/", + "name": "ZDI-25-064", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:49.192Z", + "datePublic": "2025-01-31T22:06:53.954Z", + "source": { + "lang": "en", + "value": "Rocco Calvi (@TecR0c) with TecSecurity" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0910.json b/cves/2025/0xxx/CVE-2025-0910.json new file mode 100644 index 000000000000..bd0fa1c76017 --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0910.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0910", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:52.883Z", + "datePublished": "2025-02-11T19:58:17.542Z", + "dateUpdated": "2025-02-11T19:58:17.542Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:58:17.542Z" + }, + "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25748." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.3.391", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-787", + "description": "CWE-787: Out-of-bounds Write", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-065/", + "name": "ZDI-25-065", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:52.930Z", + "datePublic": "2025-01-31T22:07:09.210Z", + "source": { + "lang": "en", + "value": "Anonymous" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/0xxx/CVE-2025-0911.json b/cves/2025/0xxx/CVE-2025-0911.json new file mode 100644 index 000000000000..e33b69a1948e --- /dev/null +++ b/cves/2025/0xxx/CVE-2025-0911.json @@ -0,0 +1,80 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-0911", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-01-30T20:36:57.517Z", + "datePublished": "2025-02-11T19:58:33.626Z", + "dateUpdated": "2025-02-11T19:58:33.626Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:58:33.626Z" + }, + "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25957." + } + ], + "affected": [ + { + "vendor": "PDF-XChange", + "product": "PDF-XChange Editor", + "versions": [ + { + "version": "10.4.4.392", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-125", + "description": "CWE-125: Out-of-bounds Read", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-066/", + "name": "ZDI-25-066", + "tags": [ + "x_research-advisory" + ] + } + ], + "dateAssigned": "2025-01-30T20:36:57.570Z", + "datePublic": "2025-01-31T22:07:27.768Z", + "source": { + "lang": "en", + "value": "Anonymous" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/1xxx/CVE-2025-1044.json b/cves/2025/1xxx/CVE-2025-1044.json new file mode 100644 index 000000000000..df27cc3f7fa1 --- /dev/null +++ b/cves/2025/1xxx/CVE-2025-1044.json @@ -0,0 +1,87 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-1044", + "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "state": "PUBLISHED", + "assignerShortName": "zdi", + "dateReserved": "2025-02-04T21:00:30.180Z", + "datePublished": "2025-02-11T19:55:11.006Z", + "dateUpdated": "2025-02-11T19:55:11.006Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", + "shortName": "zdi", + "dateUpdated": "2025-02-11T19:55:11.006Z" + }, + "title": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336." + } + ], + "affected": [ + { + "vendor": "Logsign", + "product": "Unified SecOps Platform", + "versions": [ + { + "version": "6.4.27", + "status": "affected" + } + ], + "defaultStatus": "unknown" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-287", + "description": "CWE-287: Improper Authentication", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-085/", + "name": "ZDI-25-085", + "tags": [ + "x_research-advisory" + ] + }, + { + "url": "https://support.logsign.net/hc/en-us/articles/22076844908946-18-10-2024-Version-6-4-32-Release-Notes", + "name": "vendor-provided URL", + "tags": [ + "vendor-advisory" + ] + } + ], + "dateAssigned": "2025-02-04T21:00:30.231Z", + "datePublic": "2025-02-05T23:23:59.393Z", + "source": { + "lang": "en", + "value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro" + }, + "metrics": [ + { + "format": "CVSS", + "cvssV3_0": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + } + } + ] + } + } +} \ No newline at end of file