diff --git a/advisories/unreviewed/2023/02/GHSA-2h2r-cg5q-pf39/GHSA-2h2r-cg5q-pf39.json b/advisories/unreviewed/2023/02/GHSA-2h2r-cg5q-pf39/GHSA-2h2r-cg5q-pf39.json index 4dc6e710a48..1c237603e6e 100644 --- a/advisories/unreviewed/2023/02/GHSA-2h2r-cg5q-pf39/GHSA-2h2r-cg5q-pf39.json +++ b/advisories/unreviewed/2023/02/GHSA-2h2r-cg5q-pf39/GHSA-2h2r-cg5q-pf39.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-6596-r6fv-6hq9/GHSA-6596-r6fv-6hq9.json b/advisories/unreviewed/2023/02/GHSA-6596-r6fv-6hq9/GHSA-6596-r6fv-6hq9.json index 88704ae1b81..66d84dbe825 100644 --- a/advisories/unreviewed/2023/02/GHSA-6596-r6fv-6hq9/GHSA-6596-r6fv-6hq9.json +++ b/advisories/unreviewed/2023/02/GHSA-6596-r6fv-6hq9/GHSA-6596-r6fv-6hq9.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-20" + "CWE-20", + "CWE-436" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/02/GHSA-66mp-9rfw-xg5x/GHSA-66mp-9rfw-xg5x.json b/advisories/unreviewed/2023/02/GHSA-66mp-9rfw-xg5x/GHSA-66mp-9rfw-xg5x.json index 9bdd5b3bdd0..8541e04f5ff 100644 --- a/advisories/unreviewed/2023/02/GHSA-66mp-9rfw-xg5x/GHSA-66mp-9rfw-xg5x.json +++ b/advisories/unreviewed/2023/02/GHSA-66mp-9rfw-xg5x/GHSA-66mp-9rfw-xg5x.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-863" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-7jvg-h36r-gm38/GHSA-7jvg-h36r-gm38.json b/advisories/unreviewed/2023/02/GHSA-7jvg-h36r-gm38/GHSA-7jvg-h36r-gm38.json index 3a497f1397a..b8e87534ac3 100644 --- a/advisories/unreviewed/2023/02/GHSA-7jvg-h36r-gm38/GHSA-7jvg-h36r-gm38.json +++ b/advisories/unreviewed/2023/02/GHSA-7jvg-h36r-gm38/GHSA-7jvg-h36r-gm38.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-269", "CWE-863" ], "severity": "CRITICAL", diff --git a/advisories/unreviewed/2023/02/GHSA-9283-fvg2-gf6j/GHSA-9283-fvg2-gf6j.json b/advisories/unreviewed/2023/02/GHSA-9283-fvg2-gf6j/GHSA-9283-fvg2-gf6j.json index e8be4bed9ff..6765b38edaa 100644 --- a/advisories/unreviewed/2023/02/GHSA-9283-fvg2-gf6j/GHSA-9283-fvg2-gf6j.json +++ b/advisories/unreviewed/2023/02/GHSA-9283-fvg2-gf6j/GHSA-9283-fvg2-gf6j.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-959q-h8qc-6qr3/GHSA-959q-h8qc-6qr3.json b/advisories/unreviewed/2023/02/GHSA-959q-h8qc-6qr3/GHSA-959q-h8qc-6qr3.json index fef27c5c66f..485106fa966 100644 --- a/advisories/unreviewed/2023/02/GHSA-959q-h8qc-6qr3/GHSA-959q-h8qc-6qr3.json +++ b/advisories/unreviewed/2023/02/GHSA-959q-h8qc-6qr3/GHSA-959q-h8qc-6qr3.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-20" + "CWE-20", + "CWE-436" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/02/GHSA-9cf9-qjr8-c7jw/GHSA-9cf9-qjr8-c7jw.json b/advisories/unreviewed/2023/02/GHSA-9cf9-qjr8-c7jw/GHSA-9cf9-qjr8-c7jw.json index 63c83a28332..b21d76ed459 100644 --- a/advisories/unreviewed/2023/02/GHSA-9cf9-qjr8-c7jw/GHSA-9cf9-qjr8-c7jw.json +++ b/advisories/unreviewed/2023/02/GHSA-9cf9-qjr8-c7jw/GHSA-9cf9-qjr8-c7jw.json @@ -57,7 +57,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-787" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-9hmh-gm6c-7vpr/GHSA-9hmh-gm6c-7vpr.json b/advisories/unreviewed/2023/02/GHSA-9hmh-gm6c-7vpr/GHSA-9hmh-gm6c-7vpr.json index bde44f7f372..51e82b47860 100644 --- a/advisories/unreviewed/2023/02/GHSA-9hmh-gm6c-7vpr/GHSA-9hmh-gm6c-7vpr.json +++ b/advisories/unreviewed/2023/02/GHSA-9hmh-gm6c-7vpr/GHSA-9hmh-gm6c-7vpr.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-787" + ], "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-cjq2-j283-vj49/GHSA-cjq2-j283-vj49.json b/advisories/unreviewed/2023/02/GHSA-cjq2-j283-vj49/GHSA-cjq2-j283-vj49.json index a724d1d2e15..8409f0d4e1d 100644 --- a/advisories/unreviewed/2023/02/GHSA-cjq2-j283-vj49/GHSA-cjq2-j283-vj49.json +++ b/advisories/unreviewed/2023/02/GHSA-cjq2-j283-vj49/GHSA-cjq2-j283-vj49.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-269" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-fr43-5hh3-gm58/GHSA-fr43-5hh3-gm58.json b/advisories/unreviewed/2023/02/GHSA-fr43-5hh3-gm58/GHSA-fr43-5hh3-gm58.json index e678dbb3ab4..2c1d32e64ed 100644 --- a/advisories/unreviewed/2023/02/GHSA-fr43-5hh3-gm58/GHSA-fr43-5hh3-gm58.json +++ b/advisories/unreviewed/2023/02/GHSA-fr43-5hh3-gm58/GHSA-fr43-5hh3-gm58.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-319" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-g4xv-f6gh-pr93/GHSA-g4xv-f6gh-pr93.json b/advisories/unreviewed/2023/02/GHSA-g4xv-f6gh-pr93/GHSA-g4xv-f6gh-pr93.json index f1faad2c6d5..45353c82ef8 100644 --- a/advisories/unreviewed/2023/02/GHSA-g4xv-f6gh-pr93/GHSA-g4xv-f6gh-pr93.json +++ b/advisories/unreviewed/2023/02/GHSA-g4xv-f6gh-pr93/GHSA-g4xv-f6gh-pr93.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-922" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-gq3p-4jhj-hrgf/GHSA-gq3p-4jhj-hrgf.json b/advisories/unreviewed/2023/02/GHSA-gq3p-4jhj-hrgf/GHSA-gq3p-4jhj-hrgf.json index e0eb4b95d08..4335ea355f0 100644 --- a/advisories/unreviewed/2023/02/GHSA-gq3p-4jhj-hrgf/GHSA-gq3p-4jhj-hrgf.json +++ b/advisories/unreviewed/2023/02/GHSA-gq3p-4jhj-hrgf/GHSA-gq3p-4jhj-hrgf.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-hc7h-hw2m-29p4/GHSA-hc7h-hw2m-29p4.json b/advisories/unreviewed/2023/02/GHSA-hc7h-hw2m-29p4/GHSA-hc7h-hw2m-29p4.json index fb1994e8180..75f33879dcd 100644 --- a/advisories/unreviewed/2023/02/GHSA-hc7h-hw2m-29p4/GHSA-hc7h-hw2m-29p4.json +++ b/advisories/unreviewed/2023/02/GHSA-hc7h-hw2m-29p4/GHSA-hc7h-hw2m-29p4.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-j2pw-6x67-wwjx/GHSA-j2pw-6x67-wwjx.json b/advisories/unreviewed/2023/02/GHSA-j2pw-6x67-wwjx/GHSA-j2pw-6x67-wwjx.json index c3d508de45e..f33ea761532 100644 --- a/advisories/unreviewed/2023/02/GHSA-j2pw-6x67-wwjx/GHSA-j2pw-6x67-wwjx.json +++ b/advisories/unreviewed/2023/02/GHSA-j2pw-6x67-wwjx/GHSA-j2pw-6x67-wwjx.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-jv4h-v7cw-4f5c/GHSA-jv4h-v7cw-4f5c.json b/advisories/unreviewed/2023/02/GHSA-jv4h-v7cw-4f5c/GHSA-jv4h-v7cw-4f5c.json index f1c9962c997..a49949590bb 100644 --- a/advisories/unreviewed/2023/02/GHSA-jv4h-v7cw-4f5c/GHSA-jv4h-v7cw-4f5c.json +++ b/advisories/unreviewed/2023/02/GHSA-jv4h-v7cw-4f5c/GHSA-jv4h-v7cw-4f5c.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-p3rj-h8c5-jhpv/GHSA-p3rj-h8c5-jhpv.json b/advisories/unreviewed/2023/02/GHSA-p3rj-h8c5-jhpv/GHSA-p3rj-h8c5-jhpv.json index e59d1f81f04..42da9de500c 100644 --- a/advisories/unreviewed/2023/02/GHSA-p3rj-h8c5-jhpv/GHSA-p3rj-h8c5-jhpv.json +++ b/advisories/unreviewed/2023/02/GHSA-p3rj-h8c5-jhpv/GHSA-p3rj-h8c5-jhpv.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-287" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-pmjr-wmch-77wm/GHSA-pmjr-wmch-77wm.json b/advisories/unreviewed/2023/02/GHSA-pmjr-wmch-77wm/GHSA-pmjr-wmch-77wm.json index cd3788deed7..12fe7f7ff19 100644 --- a/advisories/unreviewed/2023/02/GHSA-pmjr-wmch-77wm/GHSA-pmjr-wmch-77wm.json +++ b/advisories/unreviewed/2023/02/GHSA-pmjr-wmch-77wm/GHSA-pmjr-wmch-77wm.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-787" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-rhm4-pxh6-wp23/GHSA-rhm4-pxh6-wp23.json b/advisories/unreviewed/2023/02/GHSA-rhm4-pxh6-wp23/GHSA-rhm4-pxh6-wp23.json index a755b9b6287..99f42b6ed34 100644 --- a/advisories/unreviewed/2023/02/GHSA-rhm4-pxh6-wp23/GHSA-rhm4-pxh6-wp23.json +++ b/advisories/unreviewed/2023/02/GHSA-rhm4-pxh6-wp23/GHSA-rhm4-pxh6-wp23.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-269" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-vjc5-4hxh-h2rw/GHSA-vjc5-4hxh-h2rw.json b/advisories/unreviewed/2023/02/GHSA-vjc5-4hxh-h2rw/GHSA-vjc5-4hxh-h2rw.json index b5bc7c13042..f3caa902e6a 100644 --- a/advisories/unreviewed/2023/02/GHSA-vjc5-4hxh-h2rw/GHSA-vjc5-4hxh-h2rw.json +++ b/advisories/unreviewed/2023/02/GHSA-vjc5-4hxh-h2rw/GHSA-vjc5-4hxh-h2rw.json @@ -57,7 +57,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-vm26-wxgq-mf6w/GHSA-vm26-wxgq-mf6w.json b/advisories/unreviewed/2023/02/GHSA-vm26-wxgq-mf6w/GHSA-vm26-wxgq-mf6w.json index cb4d50239c6..8d1b6d48939 100644 --- a/advisories/unreviewed/2023/02/GHSA-vm26-wxgq-mf6w/GHSA-vm26-wxgq-mf6w.json +++ b/advisories/unreviewed/2023/02/GHSA-vm26-wxgq-mf6w/GHSA-vm26-wxgq-mf6w.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-wc59-h2vv-mqjr/GHSA-wc59-h2vv-mqjr.json b/advisories/unreviewed/2023/02/GHSA-wc59-h2vv-mqjr/GHSA-wc59-h2vv-mqjr.json index 9756270ca2f..85cfab503ae 100644 --- a/advisories/unreviewed/2023/02/GHSA-wc59-h2vv-mqjr/GHSA-wc59-h2vv-mqjr.json +++ b/advisories/unreviewed/2023/02/GHSA-wc59-h2vv-mqjr/GHSA-wc59-h2vv-mqjr.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/02/GHSA-x89g-cff5-cpj3/GHSA-x89g-cff5-cpj3.json b/advisories/unreviewed/2023/02/GHSA-x89g-cff5-cpj3/GHSA-x89g-cff5-cpj3.json index 148f0be700d..af880d115d2 100644 --- a/advisories/unreviewed/2023/02/GHSA-x89g-cff5-cpj3/GHSA-x89g-cff5-cpj3.json +++ b/advisories/unreviewed/2023/02/GHSA-x89g-cff5-cpj3/GHSA-x89g-cff5-cpj3.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-269", "CWE-863" ], "severity": "CRITICAL", diff --git a/advisories/unreviewed/2023/05/GHSA-gjqr-5qrf-53qf/GHSA-gjqr-5qrf-53qf.json b/advisories/unreviewed/2023/05/GHSA-gjqr-5qrf-53qf/GHSA-gjqr-5qrf-53qf.json index ae44bc0184e..73eb3434313 100644 --- a/advisories/unreviewed/2023/05/GHSA-gjqr-5qrf-53qf/GHSA-gjqr-5qrf-53qf.json +++ b/advisories/unreviewed/2023/05/GHSA-gjqr-5qrf-53qf/GHSA-gjqr-5qrf-53qf.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-451" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/05/GHSA-m3cx-vc9q-88c3/GHSA-m3cx-vc9q-88c3.json b/advisories/unreviewed/2023/05/GHSA-m3cx-vc9q-88c3/GHSA-m3cx-vc9q-88c3.json index 92ce4f802bc..160eab1708b 100644 --- a/advisories/unreviewed/2023/05/GHSA-m3cx-vc9q-88c3/GHSA-m3cx-vc9q-88c3.json +++ b/advisories/unreviewed/2023/05/GHSA-m3cx-vc9q-88c3/GHSA-m3cx-vc9q-88c3.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-451" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/07/GHSA-6pv2-vj8w-6fqg/GHSA-6pv2-vj8w-6fqg.json b/advisories/unreviewed/2023/07/GHSA-6pv2-vj8w-6fqg/GHSA-6pv2-vj8w-6fqg.json index ce53f6e195b..9c7a2a421db 100644 --- a/advisories/unreviewed/2023/07/GHSA-6pv2-vj8w-6fqg/GHSA-6pv2-vj8w-6fqg.json +++ b/advisories/unreviewed/2023/07/GHSA-6pv2-vj8w-6fqg/GHSA-6pv2-vj8w-6fqg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6pv2-vj8w-6fqg", - "modified": "2024-04-04T05:33:21Z", + "modified": "2025-03-11T18:31:58Z", "published": "2023-07-06T19:24:10Z", "aliases": [ "CVE-2023-23510" @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-863" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/07/GHSA-9f7j-84q4-6vj2/GHSA-9f7j-84q4-6vj2.json b/advisories/unreviewed/2023/07/GHSA-9f7j-84q4-6vj2/GHSA-9f7j-84q4-6vj2.json index f375fc6be13..1294a0f87e4 100644 --- a/advisories/unreviewed/2023/07/GHSA-9f7j-84q4-6vj2/GHSA-9f7j-84q4-6vj2.json +++ b/advisories/unreviewed/2023/07/GHSA-9f7j-84q4-6vj2/GHSA-9f7j-84q4-6vj2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9f7j-84q4-6vj2", - "modified": "2024-04-04T05:33:15Z", + "modified": "2025-03-11T18:31:57Z", "published": "2023-07-06T19:24:10Z", "aliases": [ "CVE-2023-23505" diff --git a/advisories/unreviewed/2024/02/GHSA-4w44-487m-rjmx/GHSA-4w44-487m-rjmx.json b/advisories/unreviewed/2024/02/GHSA-4w44-487m-rjmx/GHSA-4w44-487m-rjmx.json index 695da52531d..e8730d562b3 100644 --- a/advisories/unreviewed/2024/02/GHSA-4w44-487m-rjmx/GHSA-4w44-487m-rjmx.json +++ b/advisories/unreviewed/2024/02/GHSA-4w44-487m-rjmx/GHSA-4w44-487m-rjmx.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-352" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/02/GHSA-v49v-4cf4-4q55/GHSA-v49v-4cf4-4q55.json b/advisories/unreviewed/2024/02/GHSA-v49v-4cf4-4q55/GHSA-v49v-4cf4-4q55.json index adfc877066c..3bf64277c1a 100644 --- a/advisories/unreviewed/2024/02/GHSA-v49v-4cf4-4q55/GHSA-v49v-4cf4-4q55.json +++ b/advisories/unreviewed/2024/02/GHSA-v49v-4cf4-4q55/GHSA-v49v-4cf4-4q55.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-362p-vjvc-766v/GHSA-362p-vjvc-766v.json b/advisories/unreviewed/2024/03/GHSA-362p-vjvc-766v/GHSA-362p-vjvc-766v.json index 6a17f8472f0..d23e913ebab 100644 --- a/advisories/unreviewed/2024/03/GHSA-362p-vjvc-766v/GHSA-362p-vjvc-766v.json +++ b/advisories/unreviewed/2024/03/GHSA-362p-vjvc-766v/GHSA-362p-vjvc-766v.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-362p-vjvc-766v", - "modified": "2024-03-07T15:30:38Z", + "modified": "2025-03-11T18:32:02Z", "published": "2024-03-07T15:30:38Z", "aliases": [ "CVE-2023-42661" ], - "details": "JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.\n", + "details": "JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/unreviewed/2024/03/GHSA-3ccw-6p8h-92ch/GHSA-3ccw-6p8h-92ch.json b/advisories/unreviewed/2024/03/GHSA-3ccw-6p8h-92ch/GHSA-3ccw-6p8h-92ch.json index a79091ea886..f7d6d65feab 100644 --- a/advisories/unreviewed/2024/03/GHSA-3ccw-6p8h-92ch/GHSA-3ccw-6p8h-92ch.json +++ b/advisories/unreviewed/2024/03/GHSA-3ccw-6p8h-92ch/GHSA-3ccw-6p8h-92ch.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-3ccw-6p8h-92ch", - "modified": "2024-03-07T15:30:38Z", + "modified": "2025-03-11T18:32:02Z", "published": "2024-03-07T15:30:38Z", "aliases": [ "CVE-2023-42509" ], - "details": "JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.\n\n", + "details": "JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/unreviewed/2024/03/GHSA-4967-792x-v69h/GHSA-4967-792x-v69h.json b/advisories/unreviewed/2024/03/GHSA-4967-792x-v69h/GHSA-4967-792x-v69h.json index 8c98a56900e..1d56d261f20 100644 --- a/advisories/unreviewed/2024/03/GHSA-4967-792x-v69h/GHSA-4967-792x-v69h.json +++ b/advisories/unreviewed/2024/03/GHSA-4967-792x-v69h/GHSA-4967-792x-v69h.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-65j2-v64r-f5cv/GHSA-65j2-v64r-f5cv.json b/advisories/unreviewed/2024/03/GHSA-65j2-v64r-f5cv/GHSA-65j2-v64r-f5cv.json index d75cf329a5a..ca90802d894 100644 --- a/advisories/unreviewed/2024/03/GHSA-65j2-v64r-f5cv/GHSA-65j2-v64r-f5cv.json +++ b/advisories/unreviewed/2024/03/GHSA-65j2-v64r-f5cv/GHSA-65j2-v64r-f5cv.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-f662-26vh-3x9f/GHSA-f662-26vh-3x9f.json b/advisories/unreviewed/2024/03/GHSA-f662-26vh-3x9f/GHSA-f662-26vh-3x9f.json index 7f524a1be2e..ad32805af2e 100644 --- a/advisories/unreviewed/2024/03/GHSA-f662-26vh-3x9f/GHSA-f662-26vh-3x9f.json +++ b/advisories/unreviewed/2024/03/GHSA-f662-26vh-3x9f/GHSA-f662-26vh-3x9f.json @@ -49,7 +49,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-434" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-hh53-w78f-76fc/GHSA-hh53-w78f-76fc.json b/advisories/unreviewed/2024/03/GHSA-hh53-w78f-76fc/GHSA-hh53-w78f-76fc.json index 8f2f37272ad..a7f23649a1a 100644 --- a/advisories/unreviewed/2024/03/GHSA-hh53-w78f-76fc/GHSA-hh53-w78f-76fc.json +++ b/advisories/unreviewed/2024/03/GHSA-hh53-w78f-76fc/GHSA-hh53-w78f-76fc.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-352" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-jf3p-h292-vfq5/GHSA-jf3p-h292-vfq5.json b/advisories/unreviewed/2024/03/GHSA-jf3p-h292-vfq5/GHSA-jf3p-h292-vfq5.json index ffe87c2cc62..e3da17fe2e0 100644 --- a/advisories/unreviewed/2024/03/GHSA-jf3p-h292-vfq5/GHSA-jf3p-h292-vfq5.json +++ b/advisories/unreviewed/2024/03/GHSA-jf3p-h292-vfq5/GHSA-jf3p-h292-vfq5.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2024/03/GHSA-mgc7-74jm-wfhg/GHSA-mgc7-74jm-wfhg.json b/advisories/unreviewed/2024/03/GHSA-mgc7-74jm-wfhg/GHSA-mgc7-74jm-wfhg.json index ece52fdac0e..1ba82b7cd99 100644 --- a/advisories/unreviewed/2024/03/GHSA-mgc7-74jm-wfhg/GHSA-mgc7-74jm-wfhg.json +++ b/advisories/unreviewed/2024/03/GHSA-mgc7-74jm-wfhg/GHSA-mgc7-74jm-wfhg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mgc7-74jm-wfhg", - "modified": "2024-03-06T06:30:41Z", + "modified": "2025-03-11T18:32:01Z", "published": "2024-03-06T06:30:41Z", "aliases": [ "CVE-2024-1989" @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-r537-7qm5-gx44/GHSA-r537-7qm5-gx44.json b/advisories/unreviewed/2024/03/GHSA-r537-7qm5-gx44/GHSA-r537-7qm5-gx44.json index 99e7eedab28..6b3905e0d22 100644 --- a/advisories/unreviewed/2024/03/GHSA-r537-7qm5-gx44/GHSA-r537-7qm5-gx44.json +++ b/advisories/unreviewed/2024/03/GHSA-r537-7qm5-gx44/GHSA-r537-7qm5-gx44.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-v7h7-mr96-qc8c/GHSA-v7h7-mr96-qc8c.json b/advisories/unreviewed/2024/03/GHSA-v7h7-mr96-qc8c/GHSA-v7h7-mr96-qc8c.json index b160d350c29..af720692ccf 100644 --- a/advisories/unreviewed/2024/03/GHSA-v7h7-mr96-qc8c/GHSA-v7h7-mr96-qc8c.json +++ b/advisories/unreviewed/2024/03/GHSA-v7h7-mr96-qc8c/GHSA-v7h7-mr96-qc8c.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v7h7-mr96-qc8c", - "modified": "2024-03-01T12:30:53Z", + "modified": "2025-03-11T18:32:01Z", "published": "2024-03-01T12:30:53Z", "aliases": [ "CVE-2024-1120" @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-vf92-j6mr-cjmj/GHSA-vf92-j6mr-cjmj.json b/advisories/unreviewed/2024/03/GHSA-vf92-j6mr-cjmj/GHSA-vf92-j6mr-cjmj.json index fe695058723..fa123a0c095 100644 --- a/advisories/unreviewed/2024/03/GHSA-vf92-j6mr-cjmj/GHSA-vf92-j6mr-cjmj.json +++ b/advisories/unreviewed/2024/03/GHSA-vf92-j6mr-cjmj/GHSA-vf92-j6mr-cjmj.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-vf92-j6mr-cjmj", - "modified": "2024-03-07T09:30:33Z", + "modified": "2025-03-11T18:32:02Z", "published": "2024-03-07T09:30:33Z", "aliases": [ "CVE-2023-42662" ], - "details": "JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.\n", + "details": "JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/unreviewed/2024/03/GHSA-vrx4-h7cg-6q4x/GHSA-vrx4-h7cg-6q4x.json b/advisories/unreviewed/2024/03/GHSA-vrx4-h7cg-6q4x/GHSA-vrx4-h7cg-6q4x.json index 8130674ab27..f05a7ce5af5 100644 --- a/advisories/unreviewed/2024/03/GHSA-vrx4-h7cg-6q4x/GHSA-vrx4-h7cg-6q4x.json +++ b/advisories/unreviewed/2024/03/GHSA-vrx4-h7cg-6q4x/GHSA-vrx4-h7cg-6q4x.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-502" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/03/GHSA-w8vp-36xf-wv6v/GHSA-w8vp-36xf-wv6v.json b/advisories/unreviewed/2024/03/GHSA-w8vp-36xf-wv6v/GHSA-w8vp-36xf-wv6v.json index da62481774d..0cfa075f631 100644 --- a/advisories/unreviewed/2024/03/GHSA-w8vp-36xf-wv6v/GHSA-w8vp-36xf-wv6v.json +++ b/advisories/unreviewed/2024/03/GHSA-w8vp-36xf-wv6v/GHSA-w8vp-36xf-wv6v.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/05/GHSA-26m6-xq66-wqvc/GHSA-26m6-xq66-wqvc.json b/advisories/unreviewed/2024/05/GHSA-26m6-xq66-wqvc/GHSA-26m6-xq66-wqvc.json index 0d90d320525..6ee31049773 100644 --- a/advisories/unreviewed/2024/05/GHSA-26m6-xq66-wqvc/GHSA-26m6-xq66-wqvc.json +++ b/advisories/unreviewed/2024/05/GHSA-26m6-xq66-wqvc/GHSA-26m6-xq66-wqvc.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/06/GHSA-9rq6-59m3-gmgx/GHSA-9rq6-59m3-gmgx.json b/advisories/unreviewed/2024/06/GHSA-9rq6-59m3-gmgx/GHSA-9rq6-59m3-gmgx.json index 4083d7f4562..adce495e3a4 100644 --- a/advisories/unreviewed/2024/06/GHSA-9rq6-59m3-gmgx/GHSA-9rq6-59m3-gmgx.json +++ b/advisories/unreviewed/2024/06/GHSA-9rq6-59m3-gmgx/GHSA-9rq6-59m3-gmgx.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-863" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/08/GHSA-x4hc-h4h9-p283/GHSA-x4hc-h4h9-p283.json b/advisories/unreviewed/2024/08/GHSA-x4hc-h4h9-p283/GHSA-x4hc-h4h9-p283.json index 408b9a3bb27..22d5865df3e 100644 --- a/advisories/unreviewed/2024/08/GHSA-x4hc-h4h9-p283/GHSA-x4hc-h4h9-p283.json +++ b/advisories/unreviewed/2024/08/GHSA-x4hc-h4h9-p283/GHSA-x4hc-h4h9-p283.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-x4hc-h4h9-p283", - "modified": "2024-08-06T06:30:37Z", + "modified": "2025-03-11T18:32:08Z", "published": "2024-08-06T06:30:37Z", "aliases": [ "CVE-2024-5708" diff --git a/advisories/unreviewed/2025/01/GHSA-px55-4c85-rghr/GHSA-px55-4c85-rghr.json b/advisories/unreviewed/2025/01/GHSA-px55-4c85-rghr/GHSA-px55-4c85-rghr.json index 269d6548f1b..d41616e1b67 100644 --- a/advisories/unreviewed/2025/01/GHSA-px55-4c85-rghr/GHSA-px55-4c85-rghr.json +++ b/advisories/unreviewed/2025/01/GHSA-px55-4c85-rghr/GHSA-px55-4c85-rghr.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-256" + "CWE-256", + "CWE-522" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2025/02/GHSA-5jg7-jg3h-568w/GHSA-5jg7-jg3h-568w.json b/advisories/unreviewed/2025/02/GHSA-5jg7-jg3h-568w/GHSA-5jg7-jg3h-568w.json index 5fb3453c013..7251adc24ba 100644 --- a/advisories/unreviewed/2025/02/GHSA-5jg7-jg3h-568w/GHSA-5jg7-jg3h-568w.json +++ b/advisories/unreviewed/2025/02/GHSA-5jg7-jg3h-568w/GHSA-5jg7-jg3h-568w.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5jg7-jg3h-568w", - "modified": "2025-02-27T09:31:45Z", + "modified": "2025-03-11T18:32:09Z", "published": "2025-02-27T09:31:45Z", "aliases": [ "CVE-2024-13907" diff --git a/advisories/unreviewed/2025/02/GHSA-gp6c-2rqq-qqr8/GHSA-gp6c-2rqq-qqr8.json b/advisories/unreviewed/2025/02/GHSA-gp6c-2rqq-qqr8/GHSA-gp6c-2rqq-qqr8.json index 2ed706b0567..8bb5ed22de1 100644 --- a/advisories/unreviewed/2025/02/GHSA-gp6c-2rqq-qqr8/GHSA-gp6c-2rqq-qqr8.json +++ b/advisories/unreviewed/2025/02/GHSA-gp6c-2rqq-qqr8/GHSA-gp6c-2rqq-qqr8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gp6c-2rqq-qqr8", - "modified": "2025-02-27T12:30:55Z", + "modified": "2025-03-11T18:32:11Z", "published": "2025-02-27T12:30:55Z", "aliases": [ "CVE-2025-1450" diff --git a/advisories/unreviewed/2025/02/GHSA-jrmw-x68c-2f58/GHSA-jrmw-x68c-2f58.json b/advisories/unreviewed/2025/02/GHSA-jrmw-x68c-2f58/GHSA-jrmw-x68c-2f58.json index e986187a40f..9d039e57445 100644 --- a/advisories/unreviewed/2025/02/GHSA-jrmw-x68c-2f58/GHSA-jrmw-x68c-2f58.json +++ b/advisories/unreviewed/2025/02/GHSA-jrmw-x68c-2f58/GHSA-jrmw-x68c-2f58.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-288" + "CWE-288", + "CWE-306" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2025/02/GHSA-rch8-9g8m-vjvx/GHSA-rch8-9g8m-vjvx.json b/advisories/unreviewed/2025/02/GHSA-rch8-9g8m-vjvx/GHSA-rch8-9g8m-vjvx.json index 6ac13be4a58..8000189396c 100644 --- a/advisories/unreviewed/2025/02/GHSA-rch8-9g8m-vjvx/GHSA-rch8-9g8m-vjvx.json +++ b/advisories/unreviewed/2025/02/GHSA-rch8-9g8m-vjvx/GHSA-rch8-9g8m-vjvx.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rch8-9g8m-vjvx", - "modified": "2025-02-27T09:31:45Z", + "modified": "2025-03-11T18:32:10Z", "published": "2025-02-27T09:31:45Z", "aliases": [ "CVE-2025-1282" diff --git a/advisories/unreviewed/2025/03/GHSA-2544-g9mc-6gfc/GHSA-2544-g9mc-6gfc.json b/advisories/unreviewed/2025/03/GHSA-2544-g9mc-6gfc/GHSA-2544-g9mc-6gfc.json new file mode 100644 index 00000000000..a304b21e9b6 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2544-g9mc-6gfc/GHSA-2544-g9mc-6gfc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2544-g9mc-6gfc", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27174" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27174" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-29jr-vwj5-q6gc/GHSA-29jr-vwj5-q6gc.json b/advisories/unreviewed/2025/03/GHSA-29jr-vwj5-q6gc/GHSA-29jr-vwj5-q6gc.json new file mode 100644 index 00000000000..c7e90a5c1ce --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-29jr-vwj5-q6gc/GHSA-29jr-vwj5-q6gc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-29jr-vwj5-q6gc", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24083" + ], + "details": "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24083" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24083" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-822" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2j99-5q75-3f57/GHSA-2j99-5q75-3f57.json b/advisories/unreviewed/2025/03/GHSA-2j99-5q75-3f57/GHSA-2j99-5q75-3f57.json new file mode 100644 index 00000000000..164c9a70a70 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2j99-5q75-3f57/GHSA-2j99-5q75-3f57.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2j99-5q75-3f57", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-24201" + ], + "details": "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24201" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/122281" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/122283" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/122284" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2q4f-gjpq-vfmh/GHSA-2q4f-gjpq-vfmh.json b/advisories/unreviewed/2025/03/GHSA-2q4f-gjpq-vfmh/GHSA-2q4f-gjpq-vfmh.json new file mode 100644 index 00000000000..616f14f7978 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2q4f-gjpq-vfmh/GHSA-2q4f-gjpq-vfmh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2q4f-gjpq-vfmh", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24984" + ], + "details": "Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24984" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-532" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2q6p-3x6p-8mcf/GHSA-2q6p-3x6p-8mcf.json b/advisories/unreviewed/2025/03/GHSA-2q6p-3x6p-8mcf/GHSA-2q6p-3x6p-8mcf.json new file mode 100644 index 00000000000..a17e1307487 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2q6p-3x6p-8mcf/GHSA-2q6p-3x6p-8mcf.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2q6p-3x6p-8mcf", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-25749" + ], + "details": "An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25749" + }, + { + "type": "WEB", + "url": "https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2qxp-f77x-jpcf/GHSA-2qxp-f77x-jpcf.json b/advisories/unreviewed/2025/03/GHSA-2qxp-f77x-jpcf/GHSA-2qxp-f77x-jpcf.json new file mode 100644 index 00000000000..7cf4c7840d8 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2qxp-f77x-jpcf/GHSA-2qxp-f77x-jpcf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2qxp-f77x-jpcf", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24993" + ], + "details": "Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24993" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2vwh-mc47-47fv/GHSA-2vwh-mc47-47fv.json b/advisories/unreviewed/2025/03/GHSA-2vwh-mc47-47fv/GHSA-2vwh-mc47-47fv.json new file mode 100644 index 00000000000..e4b09ab6d18 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2vwh-mc47-47fv/GHSA-2vwh-mc47-47fv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2vwh-mc47-47fv", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24439" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24439" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-2w95-7g9v-5582/GHSA-2w95-7g9v-5582.json b/advisories/unreviewed/2025/03/GHSA-2w95-7g9v-5582/GHSA-2w95-7g9v-5582.json new file mode 100644 index 00000000000..7de2b9d0cea --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-2w95-7g9v-5582/GHSA-2w95-7g9v-5582.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2w95-7g9v-5582", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27178" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27178" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-33m7-2r3h-jgfx/GHSA-33m7-2r3h-jgfx.json b/advisories/unreviewed/2025/03/GHSA-33m7-2r3h-jgfx/GHSA-33m7-2r3h-jgfx.json new file mode 100644 index 00000000000..4603d374a04 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-33m7-2r3h-jgfx/GHSA-33m7-2r3h-jgfx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-33m7-2r3h-jgfx", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24992" + ], + "details": "Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24992" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-126" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-36rr-g4h2-6mjq/GHSA-36rr-g4h2-6mjq.json b/advisories/unreviewed/2025/03/GHSA-36rr-g4h2-6mjq/GHSA-36rr-g4h2-6mjq.json new file mode 100644 index 00000000000..f7470026464 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-36rr-g4h2-6mjq/GHSA-36rr-g4h2-6mjq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-36rr-g4h2-6mjq", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24081" + ], + "details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24081" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24081" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-39qh-frrw-r3g6/GHSA-39qh-frrw-r3g6.json b/advisories/unreviewed/2025/03/GHSA-39qh-frrw-r3g6/GHSA-39qh-frrw-r3g6.json new file mode 100644 index 00000000000..e1b7eebb579 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-39qh-frrw-r3g6/GHSA-39qh-frrw-r3g6.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-39qh-frrw-r3g6", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-0151" + ], + "details": "Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0151" + }, + { + "type": "WEB", + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25010" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-3cw8-r66w-2976/GHSA-3cw8-r66w-2976.json b/advisories/unreviewed/2025/03/GHSA-3cw8-r66w-2976/GHSA-3cw8-r66w-2976.json new file mode 100644 index 00000000000..18fbf979cfa --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-3cw8-r66w-2976/GHSA-3cw8-r66w-2976.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3cw8-r66w-2976", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27167" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27167" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-426" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-3hqw-57c7-46jw/GHSA-3hqw-57c7-46jw.json b/advisories/unreviewed/2025/03/GHSA-3hqw-57c7-46jw/GHSA-3hqw-57c7-46jw.json new file mode 100644 index 00000000000..6d17593d9c5 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-3hqw-57c7-46jw/GHSA-3hqw-57c7-46jw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3hqw-57c7-46jw", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24987" + ], + "details": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24987" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24987" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-3jww-f8pj-hj29/GHSA-3jww-f8pj-hj29.json b/advisories/unreviewed/2025/03/GHSA-3jww-f8pj-hj29/GHSA-3jww-f8pj-hj29.json new file mode 100644 index 00000000000..643c3a93ea2 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-3jww-f8pj-hj29/GHSA-3jww-f8pj-hj29.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3jww-f8pj-hj29", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24448" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24448" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-3m36-v5m5-rp9x/GHSA-3m36-v5m5-rp9x.json b/advisories/unreviewed/2025/03/GHSA-3m36-v5m5-rp9x/GHSA-3m36-v5m5-rp9x.json new file mode 100644 index 00000000000..6ccaf58c300 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-3m36-v5m5-rp9x/GHSA-3m36-v5m5-rp9x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3m36-v5m5-rp9x", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24061" + ], + "details": "Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24061" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-693" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-3qqq-rj9x-fp8h/GHSA-3qqq-rj9x-fp8h.json b/advisories/unreviewed/2025/03/GHSA-3qqq-rj9x-fp8h/GHSA-3qqq-rj9x-fp8h.json new file mode 100644 index 00000000000..fd46cf60f5b --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-3qqq-rj9x-fp8h/GHSA-3qqq-rj9x-fp8h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3qqq-rj9x-fp8h", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-22213" + ], + "details": "Inadequate checks in the Media Manager allowed users with \"edit\" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22213" + }, + { + "type": "WEB", + "url": "https://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-managere-malicious-file-uploads-via-media-manager.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-4426-5gmw-3hrf/GHSA-4426-5gmw-3hrf.json b/advisories/unreviewed/2025/03/GHSA-4426-5gmw-3hrf/GHSA-4426-5gmw-3hrf.json new file mode 100644 index 00000000000..b081996716b --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-4426-5gmw-3hrf/GHSA-4426-5gmw-3hrf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4426-5gmw-3hrf", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26631" + ], + "details": "Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26631" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-4463-hw62-cq97/GHSA-4463-hw62-cq97.json b/advisories/unreviewed/2025/03/GHSA-4463-hw62-cq97/GHSA-4463-hw62-cq97.json new file mode 100644 index 00000000000..a33b2b2a147 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-4463-hw62-cq97/GHSA-4463-hw62-cq97.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4463-hw62-cq97", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27179" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27179" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-44vj-x828-cfmj/GHSA-44vj-x828-cfmj.json b/advisories/unreviewed/2025/03/GHSA-44vj-x828-cfmj/GHSA-44vj-x828-cfmj.json new file mode 100644 index 00000000000..979b4135fb9 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-44vj-x828-cfmj/GHSA-44vj-x828-cfmj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-44vj-x828-cfmj", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-24997" + ], + "details": "Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24997" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-4783-m498-cppr/GHSA-4783-m498-cppr.json b/advisories/unreviewed/2025/03/GHSA-4783-m498-cppr/GHSA-4783-m498-cppr.json new file mode 100644 index 00000000000..9e192a6e9a4 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-4783-m498-cppr/GHSA-4783-m498-cppr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4783-m498-cppr", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24050" + ], + "details": "Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24050" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24050" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-48cg-hm45-pp65/GHSA-48cg-hm45-pp65.json b/advisories/unreviewed/2025/03/GHSA-48cg-hm45-pp65/GHSA-48cg-hm45-pp65.json new file mode 100644 index 00000000000..8a45ce98928 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-48cg-hm45-pp65/GHSA-48cg-hm45-pp65.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-48cg-hm45-pp65", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27439" + ], + "details": "Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27439" + }, + { + "type": "WEB", + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25011" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-124" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-4r5p-qqxr-3jgc/GHSA-4r5p-qqxr-3jgc.json b/advisories/unreviewed/2025/03/GHSA-4r5p-qqxr-3jgc/GHSA-4r5p-qqxr-3jgc.json index 1f9ef5982b3..ddf943bf656 100644 --- a/advisories/unreviewed/2025/03/GHSA-4r5p-qqxr-3jgc/GHSA-4r5p-qqxr-3jgc.json +++ b/advisories/unreviewed/2025/03/GHSA-4r5p-qqxr-3jgc/GHSA-4r5p-qqxr-3jgc.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4r5p-qqxr-3jgc", - "modified": "2025-03-10T21:31:12Z", + "modified": "2025-03-11T18:32:12Z", "published": "2025-03-10T21:31:12Z", "aliases": [ "CVE-2024-56191" ], "details": "In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-281" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-03-10T21:15:39Z" diff --git a/advisories/unreviewed/2025/03/GHSA-4v63-9rgj-4j4x/GHSA-4v63-9rgj-4j4x.json b/advisories/unreviewed/2025/03/GHSA-4v63-9rgj-4j4x/GHSA-4v63-9rgj-4j4x.json new file mode 100644 index 00000000000..50a3731c3fc --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-4v63-9rgj-4j4x/GHSA-4v63-9rgj-4j4x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4v63-9rgj-4j4x", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27176" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27176" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-542w-vqgj-322r/GHSA-542w-vqgj-322r.json b/advisories/unreviewed/2025/03/GHSA-542w-vqgj-322r/GHSA-542w-vqgj-322r.json new file mode 100644 index 00000000000..114e2703fe4 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-542w-vqgj-322r/GHSA-542w-vqgj-322r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-542w-vqgj-322r", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27440" + ], + "details": "Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27440" + }, + { + "type": "WEB", + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25011" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-124" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-5549-wwj2-59q9/GHSA-5549-wwj2-59q9.json b/advisories/unreviewed/2025/03/GHSA-5549-wwj2-59q9/GHSA-5549-wwj2-59q9.json new file mode 100644 index 00000000000..f253943ac31 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-5549-wwj2-59q9/GHSA-5549-wwj2-59q9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5549-wwj2-59q9", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24082" + ], + "details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24082" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24082" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-564p-v49m-6qxf/GHSA-564p-v49m-6qxf.json b/advisories/unreviewed/2025/03/GHSA-564p-v49m-6qxf/GHSA-564p-v49m-6qxf.json new file mode 100644 index 00000000000..a3b13881781 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-564p-v49m-6qxf/GHSA-564p-v49m-6qxf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-564p-v49m-6qxf", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27163" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27163" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-565c-x77x-j8h4/GHSA-565c-x77x-j8h4.json b/advisories/unreviewed/2025/03/GHSA-565c-x77x-j8h4/GHSA-565c-x77x-j8h4.json new file mode 100644 index 00000000000..87d32bbb022 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-565c-x77x-j8h4/GHSA-565c-x77x-j8h4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-565c-x77x-j8h4", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-24998" + ], + "details": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24998" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-5hc5-9qwg-w899/GHSA-5hc5-9qwg-w899.json b/advisories/unreviewed/2025/03/GHSA-5hc5-9qwg-w899/GHSA-5hc5-9qwg-w899.json new file mode 100644 index 00000000000..43f9d8869e7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-5hc5-9qwg-w899/GHSA-5hc5-9qwg-w899.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5hc5-9qwg-w899", + "modified": "2025-03-11T18:32:13Z", + "published": "2025-03-11T18:32:13Z", + "aliases": [ + "CVE-2025-25680" + ], + "details": "LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25680" + }, + { + "type": "WEB", + "url": "https://github.com/Yasha-ops/LSC_Indoor_PTZ_Camera-RCE" + }, + { + "type": "WEB", + "url": "https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-25680" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T16:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-62q2-gc88-c4rh/GHSA-62q2-gc88-c4rh.json b/advisories/unreviewed/2025/03/GHSA-62q2-gc88-c4rh/GHSA-62q2-gc88-c4rh.json new file mode 100644 index 00000000000..f351c7db303 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-62q2-gc88-c4rh/GHSA-62q2-gc88-c4rh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-62q2-gc88-c4rh", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26634" + ], + "details": "Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26634" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-664p-96hw-74xh/GHSA-664p-96hw-74xh.json b/advisories/unreviewed/2025/03/GHSA-664p-96hw-74xh/GHSA-664p-96hw-74xh.json new file mode 100644 index 00000000000..b55519a6b3a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-664p-96hw-74xh/GHSA-664p-96hw-74xh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-664p-96hw-74xh", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24076" + ], + "details": "Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24076" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24076" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-6fp2-jjv9-q3w2/GHSA-6fp2-jjv9-q3w2.json b/advisories/unreviewed/2025/03/GHSA-6fp2-jjv9-q3w2/GHSA-6fp2-jjv9-q3w2.json new file mode 100644 index 00000000000..b53b48c46aa --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-6fp2-jjv9-q3w2/GHSA-6fp2-jjv9-q3w2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6fp2-jjv9-q3w2", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27158" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27158" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-824" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-6hhx-m94h-cc23/GHSA-6hhx-m94h-cc23.json b/advisories/unreviewed/2025/03/GHSA-6hhx-m94h-cc23/GHSA-6hhx-m94h-cc23.json new file mode 100644 index 00000000000..4af31bde71b --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-6hhx-m94h-cc23/GHSA-6hhx-m94h-cc23.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6hhx-m94h-cc23", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27161" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27161" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-6q4f-hgf7-r6p8/GHSA-6q4f-hgf7-r6p8.json b/advisories/unreviewed/2025/03/GHSA-6q4f-hgf7-r6p8/GHSA-6q4f-hgf7-r6p8.json new file mode 100644 index 00000000000..6a1cf33fd61 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-6q4f-hgf7-r6p8/GHSA-6q4f-hgf7-r6p8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6q4f-hgf7-r6p8", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27164" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27164" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json new file mode 100644 index 00000000000..f85c51a7efc --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6v67-599p-fprc", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24054" + ], + "details": "External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24054" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-75mj-5prh-7q9g/GHSA-75mj-5prh-7q9g.json b/advisories/unreviewed/2025/03/GHSA-75mj-5prh-7q9g/GHSA-75mj-5prh-7q9g.json new file mode 100644 index 00000000000..03823ca6272 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-75mj-5prh-7q9g/GHSA-75mj-5prh-7q9g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-75mj-5prh-7q9g", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24075" + ], + "details": "Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24075" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-792q-v8qg-wxvv/GHSA-792q-v8qg-wxvv.json b/advisories/unreviewed/2025/03/GHSA-792q-v8qg-wxvv/GHSA-792q-v8qg-wxvv.json new file mode 100644 index 00000000000..a6ab591a7a6 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-792q-v8qg-wxvv/GHSA-792q-v8qg-wxvv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-792q-v8qg-wxvv", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24064" + ], + "details": "Use after free in DNS Server allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24064" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24064" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-7g6p-x2rr-6mm4/GHSA-7g6p-x2rr-6mm4.json b/advisories/unreviewed/2025/03/GHSA-7g6p-x2rr-6mm4/GHSA-7g6p-x2rr-6mm4.json new file mode 100644 index 00000000000..f2b82cb2249 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-7g6p-x2rr-6mm4/GHSA-7g6p-x2rr-6mm4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7g6p-x2rr-6mm4", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-21169" + ], + "details": "Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21169" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-7m8x-93c8-87gw/GHSA-7m8x-93c8-87gw.json b/advisories/unreviewed/2025/03/GHSA-7m8x-93c8-87gw/GHSA-7m8x-93c8-87gw.json new file mode 100644 index 00000000000..7240f4f3060 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-7m8x-93c8-87gw/GHSA-7m8x-93c8-87gw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7m8x-93c8-87gw", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26645" + ], + "details": "Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26645" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-7r2v-48c6-xjmm/GHSA-7r2v-48c6-xjmm.json b/advisories/unreviewed/2025/03/GHSA-7r2v-48c6-xjmm/GHSA-7r2v-48c6-xjmm.json new file mode 100644 index 00000000000..c2596b9ad9e --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-7r2v-48c6-xjmm/GHSA-7r2v-48c6-xjmm.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7r2v-48c6-xjmm", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24035" + ], + "details": "Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24035" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-591" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-88vw-ggf5-3p2w/GHSA-88vw-ggf5-3p2w.json b/advisories/unreviewed/2025/03/GHSA-88vw-ggf5-3p2w/GHSA-88vw-ggf5-3p2w.json new file mode 100644 index 00000000000..748af80cf0c --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-88vw-ggf5-3p2w/GHSA-88vw-ggf5-3p2w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-88vw-ggf5-3p2w", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-26701" + ], + "details": "An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26701" + }, + { + "type": "WEB", + "url": "https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1393" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-8vq3-9942-4x72/GHSA-8vq3-9942-4x72.json b/advisories/unreviewed/2025/03/GHSA-8vq3-9942-4x72/GHSA-8vq3-9942-4x72.json new file mode 100644 index 00000000000..c4479f0ebe9 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-8vq3-9942-4x72/GHSA-8vq3-9942-4x72.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8vq3-9942-4x72", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24077" + ], + "details": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24077" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24077" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-8xfh-434c-qfv7/GHSA-8xfh-434c-qfv7.json b/advisories/unreviewed/2025/03/GHSA-8xfh-434c-qfv7/GHSA-8xfh-434c-qfv7.json new file mode 100644 index 00000000000..71e654a45db --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-8xfh-434c-qfv7/GHSA-8xfh-434c-qfv7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8xfh-434c-qfv7", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26633" + ], + "details": "Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26633" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-707" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-95f7-jm6f-gv7p/GHSA-95f7-jm6f-gv7p.json b/advisories/unreviewed/2025/03/GHSA-95f7-jm6f-gv7p/GHSA-95f7-jm6f-gv7p.json new file mode 100644 index 00000000000..f8deb4891ce --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-95f7-jm6f-gv7p/GHSA-95f7-jm6f-gv7p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-95f7-jm6f-gv7p", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-21199" + ], + "details": "Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21199" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21199" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-9863-cgqf-pf8w/GHSA-9863-cgqf-pf8w.json b/advisories/unreviewed/2025/03/GHSA-9863-cgqf-pf8w/GHSA-9863-cgqf-pf8w.json new file mode 100644 index 00000000000..0b5a93a2cc4 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-9863-cgqf-pf8w/GHSA-9863-cgqf-pf8w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9863-cgqf-pf8w", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24055" + ], + "details": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24055" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-993g-ggfc-h57q/GHSA-993g-ggfc-h57q.json b/advisories/unreviewed/2025/03/GHSA-993g-ggfc-h57q/GHSA-993g-ggfc-h57q.json new file mode 100644 index 00000000000..a58a5a9c97e --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-993g-ggfc-h57q/GHSA-993g-ggfc-h57q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-993g-ggfc-h57q", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24441" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24441" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-9mc4-grwm-pj69/GHSA-9mc4-grwm-pj69.json b/advisories/unreviewed/2025/03/GHSA-9mc4-grwm-pj69/GHSA-9mc4-grwm-pj69.json new file mode 100644 index 00000000000..aaf14120c5a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-9mc4-grwm-pj69/GHSA-9mc4-grwm-pj69.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9mc4-grwm-pj69", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-0149" + ], + "details": "Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0149" + }, + { + "type": "WEB", + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25008" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-345" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-c7jr-56jm-83q7/GHSA-c7jr-56jm-83q7.json b/advisories/unreviewed/2025/03/GHSA-c7jr-56jm-83q7/GHSA-c7jr-56jm-83q7.json new file mode 100644 index 00000000000..9e6e27a4770 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-c7jr-56jm-83q7/GHSA-c7jr-56jm-83q7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c7jr-56jm-83q7", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27175" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27175" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-cp99-pr74-m55v/GHSA-cp99-pr74-m55v.json b/advisories/unreviewed/2025/03/GHSA-cp99-pr74-m55v/GHSA-cp99-pr74-m55v.json new file mode 100644 index 00000000000..9786918d88c --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-cp99-pr74-m55v/GHSA-cp99-pr74-m55v.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cp99-pr74-m55v", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-27172" + ], + "details": "Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27172" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-crc4-mh4v-rxxg/GHSA-crc4-mh4v-rxxg.json b/advisories/unreviewed/2025/03/GHSA-crc4-mh4v-rxxg/GHSA-crc4-mh4v-rxxg.json new file mode 100644 index 00000000000..d660dc8d3a7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-crc4-mh4v-rxxg/GHSA-crc4-mh4v-rxxg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-crc4-mh4v-rxxg", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24072" + ], + "details": "Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24072" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24072" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-f4cq-9rff-835c/GHSA-f4cq-9rff-835c.json b/advisories/unreviewed/2025/03/GHSA-f4cq-9rff-835c/GHSA-f4cq-9rff-835c.json new file mode 100644 index 00000000000..bba1b0dd6c1 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-f4cq-9rff-835c/GHSA-f4cq-9rff-835c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f4cq-9rff-835c", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24078" + ], + "details": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24078" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-f4fr-5w7w-pg2w/GHSA-f4fr-5w7w-pg2w.json b/advisories/unreviewed/2025/03/GHSA-f4fr-5w7w-pg2w/GHSA-f4fr-5w7w-pg2w.json new file mode 100644 index 00000000000..460834bdb75 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-f4fr-5w7w-pg2w/GHSA-f4fr-5w7w-pg2w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f4fr-5w7w-pg2w", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24983" + ], + "details": "Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24983" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-f4rv-pm79-f3jj/GHSA-f4rv-pm79-f3jj.json b/advisories/unreviewed/2025/03/GHSA-f4rv-pm79-f3jj/GHSA-f4rv-pm79-f3jj.json new file mode 100644 index 00000000000..b6660f3a38e --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-f4rv-pm79-f3jj/GHSA-f4rv-pm79-f3jj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f4rv-pm79-f3jj", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-25003" + ], + "details": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25003" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:38Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fc2r-8vhc-cpc7/GHSA-fc2r-8vhc-cpc7.json b/advisories/unreviewed/2025/03/GHSA-fc2r-8vhc-cpc7/GHSA-fc2r-8vhc-cpc7.json new file mode 100644 index 00000000000..c89e7d353dc --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fc2r-8vhc-cpc7/GHSA-fc2r-8vhc-cpc7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fc2r-8vhc-cpc7", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24080" + ], + "details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24080" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24080" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fgcq-9c7c-c4jv/GHSA-fgcq-9c7c-c4jv.json b/advisories/unreviewed/2025/03/GHSA-fgcq-9c7c-c4jv/GHSA-fgcq-9c7c-c4jv.json new file mode 100644 index 00000000000..0b1498fe1a8 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fgcq-9c7c-c4jv/GHSA-fgcq-9c7c-c4jv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fgcq-9c7c-c4jv", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-0150" + ], + "details": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0150" + }, + { + "type": "WEB", + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-696" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fgxr-q758-3mrh/GHSA-fgxr-q758-3mrh.json b/advisories/unreviewed/2025/03/GHSA-fgxr-q758-3mrh/GHSA-fgxr-q758-3mrh.json new file mode 100644 index 00000000000..42ab57a136a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fgxr-q758-3mrh/GHSA-fgxr-q758-3mrh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fgxr-q758-3mrh", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27159" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27159" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fhp9-73g9-7fgj/GHSA-fhp9-73g9-7fgj.json b/advisories/unreviewed/2025/03/GHSA-fhp9-73g9-7fgj/GHSA-fhp9-73g9-7fgj.json new file mode 100644 index 00000000000..fc1ef03e51f --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fhp9-73g9-7fgj/GHSA-fhp9-73g9-7fgj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fhp9-73g9-7fgj", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-21180" + ], + "details": "Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21180" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fjv9-rqq6-m4fm/GHSA-fjv9-rqq6-m4fm.json b/advisories/unreviewed/2025/03/GHSA-fjv9-rqq6-m4fm/GHSA-fjv9-rqq6-m4fm.json new file mode 100644 index 00000000000..e432f1b8ee3 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fjv9-rqq6-m4fm/GHSA-fjv9-rqq6-m4fm.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fjv9-rqq6-m4fm", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24044" + ], + "details": "Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24044" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-frf6-886p-p44m/GHSA-frf6-886p-p44m.json b/advisories/unreviewed/2025/03/GHSA-frf6-886p-p44m/GHSA-frf6-886p-p44m.json new file mode 100644 index 00000000000..e0beaa3f38a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-frf6-886p-p44m/GHSA-frf6-886p-p44m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-frf6-886p-p44m", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24057" + ], + "details": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24057" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fw35-27g6-hvhf/GHSA-fw35-27g6-hvhf.json b/advisories/unreviewed/2025/03/GHSA-fw35-27g6-hvhf/GHSA-fw35-27g6-hvhf.json new file mode 100644 index 00000000000..4c7ced887b7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fw35-27g6-hvhf/GHSA-fw35-27g6-hvhf.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fw35-27g6-hvhf", + "modified": "2025-03-11T18:32:13Z", + "published": "2025-03-11T18:32:13Z", + "aliases": [ + "CVE-2025-25747" + ], + "details": "Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25747" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/79.html" + }, + { + "type": "WEB", + "url": "https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T16:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-fxhc-7857-mhjj/GHSA-fxhc-7857-mhjj.json b/advisories/unreviewed/2025/03/GHSA-fxhc-7857-mhjj/GHSA-fxhc-7857-mhjj.json new file mode 100644 index 00000000000..bb20c397206 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-fxhc-7857-mhjj/GHSA-fxhc-7857-mhjj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fxhc-7857-mhjj", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2024-9157" + ], + "details": "** UNSUPPORTED WHEN ASSIGNED ** \n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record’s reference information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9157" + }, + { + "type": "WEB", + "url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-g85v-525p-358p/GHSA-g85v-525p-358p.json b/advisories/unreviewed/2025/03/GHSA-g85v-525p-358p/GHSA-g85v-525p-358p.json new file mode 100644 index 00000000000..54ccf5e5ce5 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-g85v-525p-358p/GHSA-g85v-525p-358p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g85v-525p-358p", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-21247" + ], + "details": "Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21247" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21247" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-41" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-g97r-96hh-j5vv/GHSA-g97r-96hh-j5vv.json b/advisories/unreviewed/2025/03/GHSA-g97r-96hh-j5vv/GHSA-g97r-96hh-j5vv.json new file mode 100644 index 00000000000..454c0406043 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-g97r-96hh-j5vv/GHSA-g97r-96hh-j5vv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g97r-96hh-j5vv", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24443" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24443" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-gghm-r42p-98f9/GHSA-gghm-r42p-98f9.json b/advisories/unreviewed/2025/03/GHSA-gghm-r42p-98f9/GHSA-gghm-r42p-98f9.json new file mode 100644 index 00000000000..fda62917536 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-gghm-r42p-98f9/GHSA-gghm-r42p-98f9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gghm-r42p-98f9", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-24431" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24431" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-gprr-v9f2-px3c/GHSA-gprr-v9f2-px3c.json b/advisories/unreviewed/2025/03/GHSA-gprr-v9f2-px3c/GHSA-gprr-v9f2-px3c.json new file mode 100644 index 00000000000..fa5bd364771 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-gprr-v9f2-px3c/GHSA-gprr-v9f2-px3c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gprr-v9f2-px3c", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24986" + ], + "details": "Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24986" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-653" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-h8rm-7p58-mx4h/GHSA-h8rm-7p58-mx4h.json b/advisories/unreviewed/2025/03/GHSA-h8rm-7p58-mx4h/GHSA-h8rm-7p58-mx4h.json new file mode 100644 index 00000000000..a7e280d02b5 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-h8rm-7p58-mx4h/GHSA-h8rm-7p58-mx4h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h8rm-7p58-mx4h", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27177" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27177" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-hg9j-pwrg-h4qq/GHSA-hg9j-pwrg-h4qq.json b/advisories/unreviewed/2025/03/GHSA-hg9j-pwrg-h4qq/GHSA-hg9j-pwrg-h4qq.json new file mode 100644 index 00000000000..c5dadc43c0b --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-hg9j-pwrg-h4qq/GHSA-hg9j-pwrg-h4qq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hg9j-pwrg-h4qq", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24991" + ], + "details": "Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24991" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-hjp3-f5wg-2c6q/GHSA-hjp3-f5wg-2c6q.json b/advisories/unreviewed/2025/03/GHSA-hjp3-f5wg-2c6q/GHSA-hjp3-f5wg-2c6q.json new file mode 100644 index 00000000000..92054011210 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-hjp3-f5wg-2c6q/GHSA-hjp3-f5wg-2c6q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hjp3-f5wg-2c6q", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27160" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27160" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-j6gj-863p-72m9/GHSA-j6gj-863p-72m9.json b/advisories/unreviewed/2025/03/GHSA-j6gj-863p-72m9/GHSA-j6gj-863p-72m9.json new file mode 100644 index 00000000000..de37c9672ed --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-j6gj-863p-72m9/GHSA-j6gj-863p-72m9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j6gj-863p-72m9", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24449" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24449" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-jc66-89rv-h4xm/GHSA-jc66-89rv-h4xm.json b/advisories/unreviewed/2025/03/GHSA-jc66-89rv-h4xm/GHSA-jc66-89rv-h4xm.json new file mode 100644 index 00000000000..3d77eb098ca --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-jc66-89rv-h4xm/GHSA-jc66-89rv-h4xm.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jc66-89rv-h4xm", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27171" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27171" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-jfwf-rfmg-7f8m/GHSA-jfwf-rfmg-7f8m.json b/advisories/unreviewed/2025/03/GHSA-jfwf-rfmg-7f8m/GHSA-jfwf-rfmg-7f8m.json index 1a4d179437f..ee03be6e164 100644 --- a/advisories/unreviewed/2025/03/GHSA-jfwf-rfmg-7f8m/GHSA-jfwf-rfmg-7f8m.json +++ b/advisories/unreviewed/2025/03/GHSA-jfwf-rfmg-7f8m/GHSA-jfwf-rfmg-7f8m.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jfwf-rfmg-7f8m", - "modified": "2025-03-10T15:30:46Z", + "modified": "2025-03-11T18:32:12Z", "published": "2025-03-08T21:30:52Z", "aliases": [ "CVE-2025-27840" @@ -67,6 +67,10 @@ "type": "WEB", "url": "https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices" }, + { + "type": "WEB", + "url": "https://www.espressif.com/en/news/Response_ESP32_Bluetooth" + }, { "type": "WEB", "url": "https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices" diff --git a/advisories/unreviewed/2025/03/GHSA-jfx8-97fx-6vfq/GHSA-jfx8-97fx-6vfq.json b/advisories/unreviewed/2025/03/GHSA-jfx8-97fx-6vfq/GHSA-jfx8-97fx-6vfq.json new file mode 100644 index 00000000000..4ccf40251b7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-jfx8-97fx-6vfq/GHSA-jfx8-97fx-6vfq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfx8-97fx-6vfq", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24084" + ], + "details": "Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24084" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-822" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-jq9q-wq4q-gqww/GHSA-jq9q-wq4q-gqww.json b/advisories/unreviewed/2025/03/GHSA-jq9q-wq4q-gqww/GHSA-jq9q-wq4q-gqww.json new file mode 100644 index 00000000000..3e84218050a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-jq9q-wq4q-gqww/GHSA-jq9q-wq4q-gqww.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jq9q-wq4q-gqww", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24066" + ], + "details": "Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24066" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-m2pg-wf9w-f2mv/GHSA-m2pg-wf9w-f2mv.json b/advisories/unreviewed/2025/03/GHSA-m2pg-wf9w-f2mv/GHSA-m2pg-wf9w-f2mv.json new file mode 100644 index 00000000000..2c6ab93af57 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-m2pg-wf9w-f2mv/GHSA-m2pg-wf9w-f2mv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m2pg-wf9w-f2mv", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24442" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24442" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-m2vp-68mm-v9pg/GHSA-m2vp-68mm-v9pg.json b/advisories/unreviewed/2025/03/GHSA-m2vp-68mm-v9pg/GHSA-m2vp-68mm-v9pg.json new file mode 100644 index 00000000000..5b93504b367 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-m2vp-68mm-v9pg/GHSA-m2vp-68mm-v9pg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m2vp-68mm-v9pg", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24079" + ], + "details": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24079" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24079" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-m9fp-2r32-q2mw/GHSA-m9fp-2r32-q2mw.json b/advisories/unreviewed/2025/03/GHSA-m9fp-2r32-q2mw/GHSA-m9fp-2r32-q2mw.json new file mode 100644 index 00000000000..10041456bd8 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-m9fp-2r32-q2mw/GHSA-m9fp-2r32-q2mw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m9fp-2r32-q2mw", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24059" + ], + "details": "Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24059" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-mppc-8qxh-4wjw/GHSA-mppc-8qxh-4wjw.json b/advisories/unreviewed/2025/03/GHSA-mppc-8qxh-4wjw/GHSA-mppc-8qxh-4wjw.json new file mode 100644 index 00000000000..9e75925ac58 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-mppc-8qxh-4wjw/GHSA-mppc-8qxh-4wjw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mppc-8qxh-4wjw", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24071" + ], + "details": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24071" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-mv4j-jp28-hffr/GHSA-mv4j-jp28-hffr.json b/advisories/unreviewed/2025/03/GHSA-mv4j-jp28-hffr/GHSA-mv4j-jp28-hffr.json new file mode 100644 index 00000000000..1b50c05a8bc --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-mv4j-jp28-hffr/GHSA-mv4j-jp28-hffr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mv4j-jp28-hffr", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24046" + ], + "details": "Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24046" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24046" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-mxp2-jxp5-cwxp/GHSA-mxp2-jxp5-cwxp.json b/advisories/unreviewed/2025/03/GHSA-mxp2-jxp5-cwxp/GHSA-mxp2-jxp5-cwxp.json new file mode 100644 index 00000000000..a7c69dc0457 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-mxp2-jxp5-cwxp/GHSA-mxp2-jxp5-cwxp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mxp2-jxp5-cwxp", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24440" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24440" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-p6r9-p725-g42c/GHSA-p6r9-p725-g42c.json b/advisories/unreviewed/2025/03/GHSA-p6r9-p725-g42c/GHSA-p6r9-p725-g42c.json new file mode 100644 index 00000000000..37e9714d05f --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-p6r9-p725-g42c/GHSA-p6r9-p725-g42c.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p6r9-p725-g42c", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2021-37787" + ], + "details": "The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37787" + }, + { + "type": "WEB", + "url": "https://www.abocms.ru" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-p92m-v75r-rj7m/GHSA-p92m-v75r-rj7m.json b/advisories/unreviewed/2025/03/GHSA-p92m-v75r-rj7m/GHSA-p92m-v75r-rj7m.json new file mode 100644 index 00000000000..cc73f972890 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-p92m-v75r-rj7m/GHSA-p92m-v75r-rj7m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p92m-v75r-rj7m", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24451" + ], + "details": "Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24451" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-pg34-362q-29pw/GHSA-pg34-362q-29pw.json b/advisories/unreviewed/2025/03/GHSA-pg34-362q-29pw/GHSA-pg34-362q-29pw.json new file mode 100644 index 00000000000..b7ea1432b88 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-pg34-362q-29pw/GHSA-pg34-362q-29pw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pg34-362q-29pw", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26627" + ], + "details": "Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26627" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:38Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-pgq6-cmg5-ghf7/GHSA-pgq6-cmg5-ghf7.json b/advisories/unreviewed/2025/03/GHSA-pgq6-cmg5-ghf7/GHSA-pgq6-cmg5-ghf7.json new file mode 100644 index 00000000000..cf3f0428e9d --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-pgq6-cmg5-ghf7/GHSA-pgq6-cmg5-ghf7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgq6-cmg5-ghf7", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24045" + ], + "details": "Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24045" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-591" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-pm58-f9hw-7c82/GHSA-pm58-f9hw-7c82.json b/advisories/unreviewed/2025/03/GHSA-pm58-f9hw-7c82/GHSA-pm58-f9hw-7c82.json new file mode 100644 index 00000000000..74348605586 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-pm58-f9hw-7c82/GHSA-pm58-f9hw-7c82.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm58-f9hw-7c82", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-25008" + ], + "details": "Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25008" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:38Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-pxwf-h36w-wcxx/GHSA-pxwf-h36w-wcxx.json b/advisories/unreviewed/2025/03/GHSA-pxwf-h36w-wcxx/GHSA-pxwf-h36w-wcxx.json new file mode 100644 index 00000000000..8ffee0dd40d --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-pxwf-h36w-wcxx/GHSA-pxwf-h36w-wcxx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxwf-h36w-wcxx", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27170" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27170" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qcw5-7wmm-6mrc/GHSA-qcw5-7wmm-6mrc.json b/advisories/unreviewed/2025/03/GHSA-qcw5-7wmm-6mrc/GHSA-qcw5-7wmm-6mrc.json new file mode 100644 index 00000000000..88a27ac4a0c --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qcw5-7wmm-6mrc/GHSA-qcw5-7wmm-6mrc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qcw5-7wmm-6mrc", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24988" + ], + "details": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24988" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qggh-2gcm-jvj8/GHSA-qggh-2gcm-jvj8.json b/advisories/unreviewed/2025/03/GHSA-qggh-2gcm-jvj8/GHSA-qggh-2gcm-jvj8.json new file mode 100644 index 00000000000..58a6aff3f1e --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qggh-2gcm-jvj8/GHSA-qggh-2gcm-jvj8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qggh-2gcm-jvj8", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24056" + ], + "details": "Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24056" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24056" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qhgf-332f-8jqf/GHSA-qhgf-332f-8jqf.json b/advisories/unreviewed/2025/03/GHSA-qhgf-332f-8jqf/GHSA-qhgf-332f-8jqf.json new file mode 100644 index 00000000000..b9ad51ec62a --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qhgf-332f-8jqf/GHSA-qhgf-332f-8jqf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qhgf-332f-8jqf", + "modified": "2025-03-11T18:32:15Z", + "published": "2025-03-11T18:32:15Z", + "aliases": [ + "CVE-2024-56338" + ], + "details": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56338" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7185265" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qjf4-cfqr-rj5j/GHSA-qjf4-cfqr-rj5j.json b/advisories/unreviewed/2025/03/GHSA-qjf4-cfqr-rj5j/GHSA-qjf4-cfqr-rj5j.json new file mode 100644 index 00000000000..29ea228dbfb --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qjf4-cfqr-rj5j/GHSA-qjf4-cfqr-rj5j.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qjf4-cfqr-rj5j", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24049" + ], + "details": "Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24049" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24049" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qp6q-xwww-8q6h/GHSA-qp6q-xwww-8q6h.json b/advisories/unreviewed/2025/03/GHSA-qp6q-xwww-8q6h/GHSA-qp6q-xwww-8q6h.json new file mode 100644 index 00000000000..a977aeb2537 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qp6q-xwww-8q6h/GHSA-qp6q-xwww-8q6h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qp6q-xwww-8q6h", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27168" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27168" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qv4m-g3fh-68fc/GHSA-qv4m-g3fh-68fc.json b/advisories/unreviewed/2025/03/GHSA-qv4m-g3fh-68fc/GHSA-qv4m-g3fh-68fc.json new file mode 100644 index 00000000000..082f50f8039 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qv4m-g3fh-68fc/GHSA-qv4m-g3fh-68fc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qv4m-g3fh-68fc", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24452" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24452" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-qwpp-86xq-33j8/GHSA-qwpp-86xq-33j8.json b/advisories/unreviewed/2025/03/GHSA-qwpp-86xq-33j8/GHSA-qwpp-86xq-33j8.json new file mode 100644 index 00000000000..633e5ca1ff6 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-qwpp-86xq-33j8/GHSA-qwpp-86xq-33j8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qwpp-86xq-33j8", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24051" + ], + "details": "Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24051" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-r375-j569-v9qr/GHSA-r375-j569-v9qr.json b/advisories/unreviewed/2025/03/GHSA-r375-j569-v9qr/GHSA-r375-j569-v9qr.json new file mode 100644 index 00000000000..40fc0882b7b --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-r375-j569-v9qr/GHSA-r375-j569-v9qr.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r375-j569-v9qr", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-25748" + ], + "details": "A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25748" + }, + { + "type": "WEB", + "url": "https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-r9q7-893f-9rvf/GHSA-r9q7-893f-9rvf.json b/advisories/unreviewed/2025/03/GHSA-r9q7-893f-9rvf/GHSA-r9q7-893f-9rvf.json new file mode 100644 index 00000000000..93dfaea009e --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-r9q7-893f-9rvf/GHSA-r9q7-893f-9rvf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r9q7-893f-9rvf", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26630" + ], + "details": "Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26630" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26630" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-rgvq-jxq2-4849/GHSA-rgvq-jxq2-4849.json b/advisories/unreviewed/2025/03/GHSA-rgvq-jxq2-4849/GHSA-rgvq-jxq2-4849.json new file mode 100644 index 00000000000..e50e75ad7d7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-rgvq-jxq2-4849/GHSA-rgvq-jxq2-4849.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgvq-jxq2-4849", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27166" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27166" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-rr2j-hf5q-32mg/GHSA-rr2j-hf5q-32mg.json b/advisories/unreviewed/2025/03/GHSA-rr2j-hf5q-32mg/GHSA-rr2j-hf5q-32mg.json new file mode 100644 index 00000000000..70f2350c006 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-rr2j-hf5q-32mg/GHSA-rr2j-hf5q-32mg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rr2j-hf5q-32mg", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24453" + ], + "details": "InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24453" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/indesign/apsb25-19.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-v994-58rq-3xj9/GHSA-v994-58rq-3xj9.json b/advisories/unreviewed/2025/03/GHSA-v994-58rq-3xj9/GHSA-v994-58rq-3xj9.json new file mode 100644 index 00000000000..e0eaac81cf3 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-v994-58rq-3xj9/GHSA-v994-58rq-3xj9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v994-58rq-3xj9", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24450" + ], + "details": "Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24450" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-vf6f-gpmv-93m4/GHSA-vf6f-gpmv-93m4.json b/advisories/unreviewed/2025/03/GHSA-vf6f-gpmv-93m4/GHSA-vf6f-gpmv-93m4.json new file mode 100644 index 00000000000..9792126ce0f --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-vf6f-gpmv-93m4/GHSA-vf6f-gpmv-93m4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf6f-gpmv-93m4", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24985" + ], + "details": "Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24985" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-vg49-rwfh-vp3c/GHSA-vg49-rwfh-vp3c.json b/advisories/unreviewed/2025/03/GHSA-vg49-rwfh-vp3c/GHSA-vg49-rwfh-vp3c.json new file mode 100644 index 00000000000..c1b6cc0b342 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-vg49-rwfh-vp3c/GHSA-vg49-rwfh-vp3c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vg49-rwfh-vp3c", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24995" + ], + "details": "Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24995" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-vp5v-82jp-8jvv/GHSA-vp5v-82jp-8jvv.json b/advisories/unreviewed/2025/03/GHSA-vp5v-82jp-8jvv/GHSA-vp5v-82jp-8jvv.json new file mode 100644 index 00000000000..291ea935cd0 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-vp5v-82jp-8jvv/GHSA-vp5v-82jp-8jvv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp5v-82jp-8jvv", + "modified": "2025-03-11T18:32:21Z", + "published": "2025-03-11T18:32:21Z", + "aliases": [ + "CVE-2025-27169" + ], + "details": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27169" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-vrx6-p5v9-5w9r/GHSA-vrx6-p5v9-5w9r.json b/advisories/unreviewed/2025/03/GHSA-vrx6-p5v9-5w9r/GHSA-vrx6-p5v9-5w9r.json new file mode 100644 index 00000000000..dfc7a4d6571 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-vrx6-p5v9-5w9r/GHSA-vrx6-p5v9-5w9r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrx6-p5v9-5w9r", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24444" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24444" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-w95m-f858-6462/GHSA-w95m-f858-6462.json b/advisories/unreviewed/2025/03/GHSA-w95m-f858-6462/GHSA-w95m-f858-6462.json new file mode 100644 index 00000000000..7105f25b1c2 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-w95m-f858-6462/GHSA-w95m-f858-6462.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w95m-f858-6462", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-24994" + ], + "details": "Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24994" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24994" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-wp2p-82h9-r4vv/GHSA-wp2p-82h9-r4vv.json b/advisories/unreviewed/2025/03/GHSA-wp2p-82h9-r4vv/GHSA-wp2p-82h9-r4vv.json index 651f72df8fc..5774bd5708e 100644 --- a/advisories/unreviewed/2025/03/GHSA-wp2p-82h9-r4vv/GHSA-wp2p-82h9-r4vv.json +++ b/advisories/unreviewed/2025/03/GHSA-wp2p-82h9-r4vv/GHSA-wp2p-82h9-r4vv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wp2p-82h9-r4vv", - "modified": "2025-03-10T21:31:12Z", + "modified": "2025-03-11T18:32:12Z", "published": "2025-03-10T21:31:12Z", "aliases": [ "CVE-2024-56192" ], "details": "In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-281" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-03-10T21:15:40Z" diff --git a/advisories/unreviewed/2025/03/GHSA-wr2c-p6c6-86mg/GHSA-wr2c-p6c6-86mg.json b/advisories/unreviewed/2025/03/GHSA-wr2c-p6c6-86mg/GHSA-wr2c-p6c6-86mg.json new file mode 100644 index 00000000000..3fcdb49f6e7 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-wr2c-p6c6-86mg/GHSA-wr2c-p6c6-86mg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wr2c-p6c6-86mg", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-24445" + ], + "details": "Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24445" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-wvf7-94g7-p6gg/GHSA-wvf7-94g7-p6gg.json b/advisories/unreviewed/2025/03/GHSA-wvf7-94g7-p6gg/GHSA-wvf7-94g7-p6gg.json new file mode 100644 index 00000000000..ed8a1818fb9 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-wvf7-94g7-p6gg/GHSA-wvf7-94g7-p6gg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvf7-94g7-p6gg", + "modified": "2025-03-11T18:32:19Z", + "published": "2025-03-11T18:32:19Z", + "aliases": [ + "CVE-2025-26629" + ], + "details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26629" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-x273-gr5c-73w4/GHSA-x273-gr5c-73w4.json b/advisories/unreviewed/2025/03/GHSA-x273-gr5c-73w4/GHSA-x273-gr5c-73w4.json new file mode 100644 index 00000000000..0f8b213d212 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-x273-gr5c-73w4/GHSA-x273-gr5c-73w4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x273-gr5c-73w4", + "modified": "2025-03-11T18:32:17Z", + "published": "2025-03-11T18:32:17Z", + "aliases": [ + "CVE-2025-24067" + ], + "details": "Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24067" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24067" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-x9f4-v83p-9c3c/GHSA-x9f4-v83p-9c3c.json b/advisories/unreviewed/2025/03/GHSA-x9f4-v83p-9c3c/GHSA-x9f4-v83p-9c3c.json new file mode 100644 index 00000000000..9d7e2f522c5 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-x9f4-v83p-9c3c/GHSA-x9f4-v83p-9c3c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x9f4-v83p-9c3c", + "modified": "2025-03-11T18:32:18Z", + "published": "2025-03-11T18:32:18Z", + "aliases": [ + "CVE-2025-24996" + ], + "details": "External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24996" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-x9rg-3v34-vj95/GHSA-x9rg-3v34-vj95.json b/advisories/unreviewed/2025/03/GHSA-x9rg-3v34-vj95/GHSA-x9rg-3v34-vj95.json new file mode 100644 index 00000000000..c58b939c0b1 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-x9rg-3v34-vj95/GHSA-x9rg-3v34-vj95.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x9rg-3v34-vj95", + "modified": "2025-03-11T18:32:16Z", + "published": "2025-03-11T18:32:16Z", + "aliases": [ + "CVE-2025-24048" + ], + "details": "Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24048" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24048" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T17:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/03/GHSA-xx69-9jc8-q7jv/GHSA-xx69-9jc8-q7jv.json b/advisories/unreviewed/2025/03/GHSA-xx69-9jc8-q7jv/GHSA-xx69-9jc8-q7jv.json new file mode 100644 index 00000000000..3af2f368258 --- /dev/null +++ b/advisories/unreviewed/2025/03/GHSA-xx69-9jc8-q7jv/GHSA-xx69-9jc8-q7jv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xx69-9jc8-q7jv", + "modified": "2025-03-11T18:32:20Z", + "published": "2025-03-11T18:32:20Z", + "aliases": [ + "CVE-2025-27162" + ], + "details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27162" + }, + { + "type": "WEB", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-824" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-03-11T18:15:34Z" + } +} \ No newline at end of file