diff --git a/cves/2023/0xxx/CVE-2023-0457.json b/cves/2023/0xxx/CVE-2023-0457.json index faf07e61d0f0..a1b0882aa62e 100644 --- a/cves/2023/0xxx/CVE-2023-0457.json +++ b/cves/2023/0xxx/CVE-2023-0457.json @@ -8,7 +8,7 @@ "assignerShortName": "Mitsubishi", "dateReserved": "2023-01-24T08:55:21.468Z", "datePublished": "2023-03-03T04:18:15.787Z", - "dateUpdated": "2024-08-02T05:10:56.351Z" + "dateUpdated": "2025-03-05T20:02:32.364Z" }, "containers": { "cna": { @@ -1347,6 +1347,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T20:02:13.840915Z", + "id": "CVE-2023-0457", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T20:02:32.364Z" + } } ] } diff --git a/cves/2023/0xxx/CVE-2023-0577.json b/cves/2023/0xxx/CVE-2023-0577.json index 6c7b597c5e5b..244fcf6cbea4 100644 --- a/cves/2023/0xxx/CVE-2023-0577.json +++ b/cves/2023/0xxx/CVE-2023-0577.json @@ -8,7 +8,7 @@ "assignerShortName": "TR-CERT", "dateReserved": "2023-01-30T10:04:43.493Z", "datePublished": "2023-03-03T06:55:44.146Z", - "dateUpdated": "2024-08-02T05:17:50.008Z" + "dateUpdated": "2025-03-05T20:00:51.334Z" }, "containers": { "cna": { @@ -139,6 +139,38 @@ "url": "https://www.usom.gov.tr/bildirim/tr-23-0125" } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T20:00:33.400673Z", + "id": "CVE-2023-0577", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T20:00:51.334Z" + } } ] } diff --git a/cves/2023/0xxx/CVE-2023-0578.json b/cves/2023/0xxx/CVE-2023-0578.json index 04d9ca65ccfb..d14594357674 100644 --- a/cves/2023/0xxx/CVE-2023-0578.json +++ b/cves/2023/0xxx/CVE-2023-0578.json @@ -8,7 +8,7 @@ "assignerShortName": "TR-CERT", "dateReserved": "2023-01-30T10:09:34.950Z", "datePublished": "2023-03-03T06:57:04.626Z", - "dateUpdated": "2024-08-02T05:17:49.843Z" + "dateUpdated": "2025-03-05T20:00:12.680Z" }, "containers": { "cna": { @@ -139,6 +139,38 @@ "url": "https://www.usom.gov.tr/bildirim/tr-23-0125" } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T20:00:07.436329Z", + "id": "CVE-2023-0578", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T20:00:12.680Z" + } } ] } diff --git a/cves/2023/0xxx/CVE-2023-0957.json b/cves/2023/0xxx/CVE-2023-0957.json index f982f0079967..6fc78c0360af 100644 --- a/cves/2023/0xxx/CVE-2023-0957.json +++ b/cves/2023/0xxx/CVE-2023-0957.json @@ -8,7 +8,7 @@ "assignerShortName": "snyk", "dateReserved": "2023-02-22T16:03:07.508Z", "datePublished": "2023-03-03T07:00:41.041Z", - "dateUpdated": "2024-08-02T05:32:46.090Z" + "dateUpdated": "2025-03-05T19:56:51.958Z" }, "containers": { "cna": { @@ -148,6 +148,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T19:56:47.706471Z", + "id": "CVE-2023-0957", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T19:56:51.958Z" + } } ] } diff --git a/cves/2023/20xxx/CVE-2023-20645.json b/cves/2023/20xxx/CVE-2023-20645.json index 817a9ffe560d..bc50c0f1d797 100644 --- a/cves/2023/20xxx/CVE-2023-20645.json +++ b/cves/2023/20xxx/CVE-2023-20645.json @@ -6,16 +6,16 @@ "cveId": "CVE-2023-20645", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", - "dateUpdated": "2024-08-02T09:14:39.738Z", - "dateReserved": "2022-10-28T00:00:00", - "datePublished": "2023-03-07T00:00:00" + "dateUpdated": "2025-03-05T20:09:31.659Z", + "dateReserved": "2022-10-28T00:00:00.000Z", + "datePublished": "2023-03-07T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", - "dateUpdated": "2023-05-09T00:00:00" + "dateUpdated": "2023-05-09T00:00:00.000Z" }, "descriptions": [ { @@ -68,6 +68,66 @@ ] } ] + }, + { + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-20", + "lang": "en", + "description": "CWE-20 Improper Input Validation" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + } + }, + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T20:09:21.381808Z", + "id": "CVE-2023-20645", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T20:09:31.659Z" + } } ] } diff --git a/cves/2023/22xxx/CVE-2023-22381.json b/cves/2023/22xxx/CVE-2023-22381.json index bbfbb73b6a6e..344a4266eb7b 100644 --- a/cves/2023/22xxx/CVE-2023-22381.json +++ b/cves/2023/22xxx/CVE-2023-22381.json @@ -8,7 +8,7 @@ "assignerShortName": "GitHub_P", "dateReserved": "2022-12-20T16:09:19.318Z", "datePublished": "2023-03-02T20:54:34.191Z", - "dateUpdated": "2024-08-02T10:07:06.540Z" + "dateUpdated": "2025-03-05T20:05:02.297Z" }, "containers": { "cna": { @@ -212,6 +212,38 @@ ] } ] + }, + { + "metrics": [ + { + "other": { + "type": "ssvc", + "content": { + "timestamp": "2025-03-05T20:04:54.716662Z", + "id": "CVE-2023-22381", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "partial" + } + ], + "role": "CISA Coordinator", + "version": "2.0.3" + } + } + } + ], + "title": "CISA ADP Vulnrichment", + "providerMetadata": { + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP", + "dateUpdated": "2025-03-05T20:05:02.297Z" + } } ] } diff --git a/cves/2024/51xxx/CVE-2024-51144.json b/cves/2024/51xxx/CVE-2024-51144.json new file mode 100644 index 000000000000..4d483c24dd33 --- /dev/null +++ b/cves/2024/51xxx/CVE-2024-51144.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-51144", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-03-05T20:08:43.837Z", + "dateReserved": "2024-10-28T00:00:00.000Z", + "datePublished": "2025-03-05T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-03-05T20:08:43.837Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ampache/ampache" + }, + { + "url": "https://nitipoom-jar.github.io/CVE-2024-51144/" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2025/1xxx/CVE-2025-1125.json b/cves/2025/1xxx/CVE-2025-1125.json index b2d199fa1686..a4db0994e19e 100644 --- a/cves/2025/1xxx/CVE-2025-1125.json +++ b/cves/2025/1xxx/CVE-2025-1125.json @@ -8,7 +8,7 @@ "assignerShortName": "redhat", "dateReserved": "2025-02-07T20:34:30.777Z", "datePublished": "2025-03-03T14:16:13.252Z", - "dateUpdated": "2025-03-03T15:11:48.262Z" + "dateUpdated": "2025-03-05T20:12:58.286Z" }, "containers": { "cna": { @@ -117,6 +117,9 @@ "issue-tracking", "x_refsource_REDHAT" ] + }, + { + "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "datePublic": "2025-02-18T18:00:00.000Z", @@ -154,7 +157,7 @@ "providerMetadata": { "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", - "dateUpdated": "2025-03-03T15:01:56.036Z" + "dateUpdated": "2025-03-05T20:12:58.286Z" } }, "adp": [ diff --git a/cves/2025/25xxx/CVE-2025-25362.json b/cves/2025/25xxx/CVE-2025-25362.json new file mode 100644 index 000000000000..ed176e0eacfd --- /dev/null +++ b/cves/2025/25xxx/CVE-2025-25362.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2025-25362", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-03-05T20:12:58.165Z", + "dateReserved": "2025-02-07T00:00:00.000Z", + "datePublished": "2025-03-05T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-03-05T20:12:58.165Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/explosion/spacy-llm/issues/492" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file