From 7d8d339e269df0018132f617838e6e07bfa9acf6 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Wed, 12 Feb 2025 22:17:22 +0000 Subject: [PATCH] 8 changes (8 new | 0 updated): - 8 new CVEs: CVE-2022-31631, CVE-2024-41168, CVE-2024-57601, CVE-2024-57602, CVE-2024-57603, CVE-2024-57604, CVE-2024-57605, CVE-2025-1229 - 0 updated CVEs: --- cves/2022/31xxx/CVE-2022-31631.json | 114 +++++++++++++++++++++ cves/2024/41xxx/CVE-2024-41168.json | 105 ++++++++++++++++++++ cves/2024/57xxx/CVE-2024-57601.json | 56 +++++++++++ cves/2024/57xxx/CVE-2024-57602.json | 56 +++++++++++ cves/2024/57xxx/CVE-2024-57603.json | 59 +++++++++++ cves/2024/57xxx/CVE-2024-57604.json | 59 +++++++++++ cves/2024/57xxx/CVE-2024-57605.json | 56 +++++++++++ cves/2025/1xxx/CVE-2025-1229.json | 149 ++++++++++++++++++++++++++++ 8 files changed, 654 insertions(+) create mode 100644 cves/2022/31xxx/CVE-2022-31631.json create mode 100644 cves/2024/41xxx/CVE-2024-41168.json create mode 100644 cves/2024/57xxx/CVE-2024-57601.json create mode 100644 cves/2024/57xxx/CVE-2024-57602.json create mode 100644 cves/2024/57xxx/CVE-2024-57603.json create mode 100644 cves/2024/57xxx/CVE-2024-57604.json create mode 100644 cves/2024/57xxx/CVE-2024-57605.json create mode 100644 cves/2025/1xxx/CVE-2025-1229.json diff --git a/cves/2022/31xxx/CVE-2022-31631.json b/cves/2022/31xxx/CVE-2022-31631.json new file mode 100644 index 000000000000..914aa956a0ef --- /dev/null +++ b/cves/2022/31xxx/CVE-2022-31631.json @@ -0,0 +1,114 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2022-31631", + "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", + "state": "PUBLISHED", + "assignerShortName": "php", + "dateReserved": "2022-05-25T21:03:32.861Z", + "datePublished": "2025-02-12T22:10:45.418Z", + "dateUpdated": "2025-02-12T22:10:45.418Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "packageName": "pdo_sqlite", + "product": "PHP", + "vendor": "PHP Group", + "versions": [ + { + "lessThan": "8.0.27", + "status": "affected", + "version": "8.0.x", + "versionType": "semver" + }, + { + "lessThan": "8.1.15", + "status": "affected", + "version": "8.1.x", + "versionType": "semver" + }, + { + "lessThan": "8.2.2", + "status": "affected", + "version": "8.2.x", + "versionType": "semver" + } + ] + } + ], + "datePublic": "2022-12-19T13:27:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.  

" + } + ], + "value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-74", + "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", + "shortName": "php", + "dateUpdated": "2025-02-12T22:10:45.418Z" + }, + "references": [ + { + "url": "https://bugs.php.net/bug.php?id=81740" + } + ], + "source": { + "advisory": "https://bugs.php.net/bug.php?id=81740", + "discovery": "INTERNAL" + }, + "title": "PDO::quote() may return unquoted string", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/41xxx/CVE-2024-41168.json b/cves/2024/41xxx/CVE-2024-41168.json new file mode 100644 index 000000000000..7e41d1d46c14 --- /dev/null +++ b/cves/2024/41xxx/CVE-2024-41168.json @@ -0,0 +1,105 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-41168", + "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", + "state": "PUBLISHED", + "assignerShortName": "intel", + "dateReserved": "2024-07-17T03:00:05.155Z", + "datePublished": "2025-02-12T21:58:41.096Z", + "dateUpdated": "2025-02-12T21:58:41.096Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", + "shortName": "intel", + "dateUpdated": "2025-02-12T21:58:41.096Z" + }, + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "Denial of Service" + }, + { + "lang": "en", + "description": "Use After Free", + "cweId": "CWE-416", + "type": "CWE" + } + ] + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software for Windows", + "versions": [ + { + "version": "before version 23.80", + "status": "affected" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ], + "references": [ + { + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html", + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "version": "3.1", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "cvssV4_0": { + "version": "4.0", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "LOW" + } + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/57xxx/CVE-2024-57601.json b/cves/2024/57xxx/CVE-2024-57601.json new file mode 100644 index 000000000000..de175bbebc37 --- /dev/null +++ b/cves/2024/57xxx/CVE-2024-57601.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-57601", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-12T21:57:53.342Z", + "dateReserved": "2025-01-09T00:00:00.000Z", + "datePublished": "2025-02-12T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-12T21:57:53.342Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://hkohi.ca/vulnerability/13" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/57xxx/CVE-2024-57602.json b/cves/2024/57xxx/CVE-2024-57602.json new file mode 100644 index 000000000000..e96b408a0daf --- /dev/null +++ b/cves/2024/57xxx/CVE-2024-57602.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-57602", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-12T22:07:09.113Z", + "dateReserved": "2025-01-09T00:00:00.000Z", + "datePublished": "2025-02-12T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-12T22:07:09.113Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://hkohi.ca/vulnerability/12" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/57xxx/CVE-2024-57603.json b/cves/2024/57xxx/CVE-2024-57603.json new file mode 100644 index 000000000000..7005354ffa4c --- /dev/null +++ b/cves/2024/57xxx/CVE-2024-57603.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-57603", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-12T22:05:09.437Z", + "dateReserved": "2025-01-09T00:00:00.000Z", + "datePublished": "2025-02-12T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-12T22:05:09.437Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mayswind/ezbookkeeping/issues/33" + }, + { + "url": "https://hkohi.ca/vulnerability/1" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/57xxx/CVE-2024-57604.json b/cves/2024/57xxx/CVE-2024-57604.json new file mode 100644 index 000000000000..24e686354056 --- /dev/null +++ b/cves/2024/57xxx/CVE-2024-57604.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-57604", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-12T22:00:12.171Z", + "dateReserved": "2025-01-09T00:00:00.000Z", + "datePublished": "2025-02-12T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-12T22:00:12.171Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mayswind/ezbookkeeping/issues/33" + }, + { + "url": "https://hkohi.ca/vulnerability/2" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/57xxx/CVE-2024-57605.json b/cves/2024/57xxx/CVE-2024-57605.json new file mode 100644 index 000000000000..7f37b21beba2 --- /dev/null +++ b/cves/2024/57xxx/CVE-2024-57605.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-57605", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-12T22:02:54.007Z", + "dateReserved": "2025-01-09T00:00:00.000Z", + "datePublished": "2025-02-12T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-12T22:02:54.007Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://hkohi.ca/vulnerability/3" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2025/1xxx/CVE-2025-1229.json b/cves/2025/1xxx/CVE-2025-1229.json new file mode 100644 index 000000000000..5f96360e24e9 --- /dev/null +++ b/cves/2025/1xxx/CVE-2025-1229.json @@ -0,0 +1,149 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-1229", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2025-02-11T10:01:43.632Z", + "datePublished": "2025-02-12T22:00:16.776Z", + "dateUpdated": "2025-02-12T22:00:16.776Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2025-02-12T22:00:16.776Z" + }, + "title": "olajowon Loggrove page os command injection", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-78", + "lang": "en", + "description": "OS Command Injection" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-77", + "lang": "en", + "description": "Command Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "olajowon", + "product": "Loggrove", + "versions": [ + { + "version": "e428fac38cc480f011afcb1d8ce6c2bad378ddd6", + "status": "affected" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "de", + "value": "In olajowon Loggrove bis e428fac38cc480f011afcb1d8ce6c2bad378ddd6 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /read/?page=1&logfile=eee&match=. Dank Manipulation des Arguments path mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 5.3, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + } + } + ], + "timeline": [ + { + "time": "2025-02-11T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2025-02-11T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2025-02-11T11:06:50.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "VulDB Gitee Analyzer", + "type": "tool" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.295219", + "name": "VDB-295219 | olajowon Loggrove page os command injection", + "tags": [ + "vdb-entry", + "technical-description" + ] + }, + { + "url": "https://vuldb.com/?ctiid.295219", + "name": "VDB-295219 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://gitee.com/olajowon/loggrove/issues/IBJT1K", + "tags": [ + "exploit", + "issue-tracking" + ] + } + ] + } + } +} \ No newline at end of file