Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2025-0869, CVE-2025-0870
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Jan 30, 2025
1 parent 1535c43 commit 366f52b
Show file tree
Hide file tree
Showing 4 changed files with 328 additions and 83 deletions.
152 changes: 152 additions & 0 deletions cves/2025/0xxx/CVE-2025-0869.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-0869",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2025-01-30T08:28:00.992Z",
"datePublished": "2025-01-30T13:00:12.408Z",
"dateUpdated": "2025-01-30T13:00:12.408Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-01-30T13:00:12.408Z"
},
"title": "Cianet ONU GW24AC Login cross site scripting",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-79",
"lang": "en",
"description": "Cross Site Scripting"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-94",
"lang": "en",
"description": "Code Injection"
}
]
}
],
"affected": [
{
"vendor": "Cianet",
"product": "ONU GW24AC",
"versions": [
{
"version": "20250127",
"status": "affected"
}
],
"modules": [
"Login"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation of the argument browserLang leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Cianet ONU GW24AC bis 20250127 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Komponente Login. Durch die Manipulation des Arguments browserLang mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 6.9,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
}
],
"timeline": [
{
"time": "2025-01-30T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-01-30T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-01-30T09:34:00.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "c4ng4c3ir0 (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.294055",
"name": "VDB-294055 | Cianet ONU GW24AC Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.294055",
"name": "VDB-294055 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.489867",
"name": "Submit #489867 | Cianet ONU GW24AC Cross-Site Request Forgery",
"tags": [
"third-party-advisory"
]
}
]
}
}
}
147 changes: 147 additions & 0 deletions cves/2025/0xxx/CVE-2025-0870.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-0870",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2025-01-30T08:43:54.297Z",
"datePublished": "2025-01-30T13:00:20.408Z",
"dateUpdated": "2025-01-30T13:00:20.408Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-01-30T13:00:20.408Z"
},
"title": "Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-122",
"lang": "en",
"description": "Heap-based Buffer Overflow"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-119",
"lang": "en",
"description": "Memory Corruption"
}
]
}
],
"affected": [
{
"vendor": "Axiomatic",
"product": "Bento4",
"versions": [
{
"version": "1.6.0-641",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Axiomatic Bento4 bis 1.6.0-641 ausgemacht. Es geht hierbei um die Funktion AP4_DataBuffer::GetData in der Bibliothek Ap4DataBuffer.h. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 6.3,
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 5.6,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"
}
}
],
"timeline": [
{
"time": "2025-01-30T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-01-30T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-01-30T09:49:19.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"references": [
{
"url": "https://vuldb.com/?id.294056",
"name": "VDB-294056 | Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.294056",
"name": "VDB-294056 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/980",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/user-attachments/files/16929290/Bug2.zip",
"tags": [
"exploit"
]
}
]
}
}
}
18 changes: 9 additions & 9 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
{
"fetchTime": "2025-01-30T12:38:01.101Z",
"fetchTime": "2025-01-30T13:03:06.450Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-13380",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13380",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13380.json",
"dateUpdated": "2025-01-30T12:22:27.235Z"
"cveId": "CVE-2025-0869",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-0869",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/0xxx/CVE-2025-0869.json",
"dateUpdated": "2025-01-30T13:00:12.408Z"
},
{
"cveId": "CVE-2024-13466",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13466",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13466.json",
"dateUpdated": "2025-01-30T12:22:27.806Z"
"cveId": "CVE-2025-0870",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-0870",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/0xxx/CVE-2025-0870.json",
"dateUpdated": "2025-01-30T13:00:20.408Z"
}
],
"updated": [],
Expand Down
Loading

0 comments on commit 366f52b

Please sign in to comment.