Search criteria
37 vulnerabilities
CVE-2025-13762 (GCVE-0-2025-13762)
Vulnerability from cvelistv5 – Published: 2025-11-27 02:50 – Updated: 2025-12-03 16:25
VLAI?
Summary
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | CyberArk Secure Web Sessions Extension |
Affected:
0 , < 2.2.30305
(custom)
|
Credits
Benjamen Lim
Goh Jing Loon
Sean Seah
Tan Inn Fung
Zhang Bosen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:25:14.720836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:25:21.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Chrome",
"Edge"
],
"product": "CyberArk Secure Web Sessions Extension",
"vendor": "CyberArk",
"versions": [
{
"lessThan": "2.2.30305",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benjamen Lim"
},
{
"lang": "en",
"type": "finder",
"value": "Goh Jing Loon"
},
{
"lang": "en",
"type": "finder",
"value": "Sean Seah"
},
{
"lang": "en",
"type": "finder",
"value": "Tan Inn Fung"
},
{
"lang": "en",
"type": "finder",
"value": "Zhang Bosen"
}
],
"datePublic": "2025-11-27T02:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.\u003cp\u003eThis issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T06:03:49.612Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"
},
{
"url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate SWS extension to v2.2.30305 or newer\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update SWS extension to v2.2.30305 or newer"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-13762",
"datePublished": "2025-11-27T02:50:03.874Z",
"dateReserved": "2025-11-27T02:49:11.941Z",
"dateUpdated": "2025-12-03T16:25:21.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52935 (GCVE-0-2025-52935)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:27 – Updated: 2025-06-23 12:29
VLAI?
Summary
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.
This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
1.30.1
(git)
Affected: 1.30.0 (git) Affected: 1.28.18 (git) |
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:29:18.862872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:29:54.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"src/redis/lua/struct"
],
"product": "dragonfly",
"programFiles": [
"lua_struct.c"
],
"repo": "https://github.com/dragonflydb/dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "1.30.1",
"versionType": "git"
},
{
"status": "affected",
"version": "1.30.0",
"versionType": "git"
},
{
"status": "affected",
"version": "1.28.18",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elua_struct.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.\n\nThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:27:18.355Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/4996"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52935",
"datePublished": "2025-06-23T09:27:18.355Z",
"dateReserved": "2025-06-23T09:24:36.335Z",
"dateUpdated": "2025-06-23T12:29:54.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52939 (GCVE-0-2025-52939)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:26 – Updated: 2025-06-23 12:34
VLAI?
Summary
Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.
This issue affects NotepadNext: through v0.11.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dail8859 | NotepadNext |
Affected:
0 , ≤ v0.11
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:31:43.227816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:34:13.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"src/lua/src"
],
"product": "NotepadNext",
"programFiles": [
"ldebug.c",
"lvm.c"
],
"repo": "https://github.com/dail8859/NotepadNext",
"vendor": "dail8859",
"versions": [
{
"lessThanOrEqual": "v0.11",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003eldebug.C\u003c/tt\u003e, \u003ctt\u003elvm.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects NotepadNext: through v0.11.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects NotepadNext: through v0.11."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:26:56.917Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/dail8859/NotepadNext/pull/757/files"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential heap-buffer overflow vulnerability in NotepadNext",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52939",
"datePublished": "2025-06-23T09:26:56.917Z",
"dateReserved": "2025-06-23T09:24:36.336Z",
"dateUpdated": "2025-06-23T12:34:13.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52938 (GCVE-0-2025-52938)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:26 – Updated: 2025-06-23 12:36
VLAI?
Summary
Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C.
This issue affects NotepadNext: through v0.11.
The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dail8859 | NotepadNext |
Affected:
0 , ≤ v0.11
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:36:19.980020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:36:52.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"src/lua/src"
],
"product": "NotepadNext",
"programFiles": [
"lparser.c"
],
"repo": "https://github.com/dail8859/NotepadNext",
"vendor": "dail8859",
"versions": [
{
"lessThanOrEqual": "v0.11",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elparser.C\u003c/tt\u003e.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects NotepadNext: through v0.11.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C.\n\n\nThis issue affects NotepadNext: through v0.11.\n\nThe singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:26:39.214Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/dail8859/NotepadNext/pull/756"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dail8859/NotepadNext/commit/66b8a97d9fdfd2257996875716f39c18d84e004f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential heap-based buffer over-read vulnerability in NotepadNext",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52938",
"datePublished": "2025-06-23T09:26:39.214Z",
"dateReserved": "2025-06-23T09:24:36.336Z",
"dateUpdated": "2025-06-23T12:36:52.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52937 (GCVE-0-2025-52937)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:26 – Updated: 2025-06-23 13:26
VLAI?
Summary
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.
This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PointCloudLibrary | pcl |
Affected:
0 , < 1.14.0
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:26:43.507468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:26:46.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"surface/src/3rdparty/opennurbs"
],
"product": "pcl",
"programFiles": [
"crc32.c"
],
"repo": "https://github.com/PointCloudLibrary/pcl",
"vendor": "PointCloudLibrary",
"versions": [
{
"lessThan": "1.14.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ecrc32.C\u003c/tt\u003e.\u003c/p\u003eThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."
}
],
"value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:26:12.727Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/PointCloudLibrary/pcl/pull/6275"
},
{
"tags": [
"patch"
],
"url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in PointCloudLibrary PCL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52937",
"datePublished": "2025-06-23T09:26:12.727Z",
"dateReserved": "2025-06-23T09:24:36.336Z",
"dateUpdated": "2025-06-23T13:26:46.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52936 (GCVE-0-2025-52936)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:25 – Updated: 2025-11-03 20:06
VLAI?
Summary
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:27:09.374416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:27:15.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:16.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "sslh",
"repo": "https://github.com/yrutschle/sslh",
"vendor": "yrutschle",
"versions": [
{
"lessThan": "2.2.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in yrutschle sslh.\u003cp\u003eThis issue affects sslh: before 2.2.2.\u003c/p\u003e"
}
],
"value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:25:41.764Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/yrutschle/sslh/pull/494"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Link Resolution Before File Access vulnerability in yrutschle/sslh",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52936",
"datePublished": "2025-06-23T09:25:41.764Z",
"dateReserved": "2025-06-23T09:24:36.336Z",
"dateUpdated": "2025-11-03T20:06:16.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4636 (GCVE-0-2025-4636)
Vulnerability from cvelistv5 – Published: 2025-05-30 08:24 – Updated: 2025-05-30 12:58
VLAI?
Summary
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JCT | Airpointer |
Affected:
2.4.107-2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:57:36.800508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:58:45.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airpointer",
"vendor": "JCT",
"versions": [
{
"status": "affected",
"version": "2.4.107-2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user"
}
],
"value": "Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T08:28:54.613Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://jct-aq.com/products/airpointer2d/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4636",
"datePublished": "2025-05-30T08:24:50.630Z",
"dateReserved": "2025-05-13T01:42:19.510Z",
"dateUpdated": "2025-05-30T12:58:45.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4635 (GCVE-0-2025-4635)
Vulnerability from cvelistv5 – Published: 2025-05-30 08:23 – Updated: 2025-05-30 13:01
VLAI?
Summary
A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user.
Severity ?
6.6 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JCT | Airpointer |
Affected:
2.4.107-2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T13:01:20.950646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T13:01:33.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airpointer",
"vendor": "JCT",
"versions": [
{
"status": "affected",
"version": "2.4.107-2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user."
}
],
"value": "A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T08:23:42.104Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://jct-aq.com/products/airpointer2d/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4635",
"datePublished": "2025-05-30T08:23:42.104Z",
"dateReserved": "2025-05-13T01:42:17.626Z",
"dateUpdated": "2025-05-30T13:01:33.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4634 (GCVE-0-2025-4634)
Vulnerability from cvelistv5 – Published: 2025-05-30 08:21 – Updated: 2025-05-30 13:54
VLAI?
Summary
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem
Severity ?
4.1 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JCT | Airpointer |
Affected:
2.4.107-2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T13:51:41.885889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T13:54:29.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airpointer",
"vendor": "JCT",
"versions": [
{
"status": "affected",
"version": "2.4.107-2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem \u003cbr\u003e"
}
],
"value": "The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem"
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T08:21:28.420Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://jct-aq.com/products/airpointer2d/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local File Inclusion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4634",
"datePublished": "2025-05-30T08:21:28.420Z",
"dateReserved": "2025-05-13T01:42:15.272Z",
"dateUpdated": "2025-05-30T13:54:29.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4633 (GCVE-0-2025-4633)
Vulnerability from cvelistv5 – Published: 2025-05-30 08:14 – Updated: 2025-05-30 13:55
VLAI?
Summary
Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal
Severity ?
6.5 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JCT | Airpointer |
Affected:
2.4.107-2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T13:54:51.269093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T13:55:29.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airpointer",
"vendor": "JCT",
"versions": [
{
"status": "affected",
"version": "2.4.107-2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal"
}
],
"value": "Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T08:14:50.821Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://jct-aq.com/products/airpointer2d/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Default Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4633",
"datePublished": "2025-05-30T08:14:50.821Z",
"dateReserved": "2025-05-13T01:42:10.990Z",
"dateUpdated": "2025-05-30T13:55:29.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4641 (GCVE-0-2025-4641)
Vulnerability from cvelistv5 – Published: 2025-05-14 18:09 – Updated: 2025-05-14 20:49
VLAI?
Summary
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.
This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bonigarcia | webdrivermanager |
Affected:
1.0.0 , < 6.0.2
(maven)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:49:52.243488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:49:57.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com/artifact/io.github.bonigarcia/webdrivermanager",
"defaultStatus": "affected",
"modules": [
"XML parsing components"
],
"packageName": "WebDriverManager",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "webdrivermanager",
"programFiles": [
"src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java"
],
"repo": "https://github.com/bonigarcia/webdrivermanager",
"vendor": "bonigarcia",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "1.0.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esrc/main/java/io/github/bonigarcia/wdm/WebDriverManager.java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects webdrivermanager: from 1.0.0 before 6.0.2.\u003c/p\u003e"
}
],
"value": "Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.\n\nThis issue affects webdrivermanager: from 1.0.0 before 6.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 Data Serialization External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:09:26.105Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://github.com/bonigarcia/webdrivermanager/pull/1458"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity (XXE) injection vulnerability in WebDriverManager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4641",
"datePublished": "2025-05-14T18:09:26.105Z",
"dateReserved": "2025-05-13T02:36:29.519Z",
"dateUpdated": "2025-05-14T20:49:57.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4640 (GCVE-0-2025-4640)
Vulnerability from cvelistv5 – Published: 2025-05-14 18:06 – Updated: 2025-05-15 13:47
VLAI?
Summary
Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PointCloudLibrary | pcl |
Affected:
0 , < <1.15.0
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:47:41.053224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:47:49.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pcl",
"vendor": "PointCloudLibrary",
"versions": [
{
"changes": [
{
"at": "patch 1.15.0",
"status": "unaffected"
}
],
"lessThan": "\u003c1.15.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers.\u003cp\u003e Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:06:51.766Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/PointCloudLibrary/pcl/pull/6246"
},
{
"url": "https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70"
},
{
"url": "https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in pcl",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4640",
"datePublished": "2025-05-14T18:06:51.766Z",
"dateReserved": "2025-05-13T02:36:28.084Z",
"dateUpdated": "2025-05-15T13:47:49.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4639 (GCVE-0-2025-4639)
Vulnerability from cvelistv5 – Published: 2025-05-14 18:04 – Updated: 2025-05-14 20:53
VLAI?
Summary
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:53:02.804228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:53:09.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"WebDav servlet"
],
"product": "Peergos",
"programFiles": [
"AbstractMethod.java"
],
"vendor": "Peergos",
"versions": [
{
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0."
}
],
"value": "CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 Data Serialization External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:04:11.726Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://github.com/Peergos/Peergos/pull/1267"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of XML External Entity Reference in Peergos",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4639",
"datePublished": "2025-05-14T18:04:11.726Z",
"dateReserved": "2025-05-13T02:36:26.509Z",
"dateUpdated": "2025-05-14T20:53:09.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4638 (GCVE-0-2025-4638)
Vulnerability from cvelistv5 – Published: 2025-05-14 17:59 – Updated: 2025-05-15 13:49
VLAI?
Summary
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.
Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PointCloudLibrary | pcl |
Affected:
0 , < <1.15.0
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:48:23.859989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:49:10.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pcl",
"vendor": "PointCloudLibrary",
"versions": [
{
"changes": [
{
"at": "patch 1.15.0",
"status": "unaffected"
}
],
"lessThan": "\u003c1.15.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nA vulnerability exists in the \u003ccode\u003einftrees.c\u003c/code\u003e component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic\u003c/span\u003e.\u003cbr\u003e\u003cbr\u003eSince version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib."
}
],
"value": "A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.\n\nSince version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T17:59:58.180Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/PointCloudLibrary/pcl/pull/6245"
},
{
"url": "https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70"
},
{
"url": "https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Pointer Arithmetic in pcl",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4638",
"datePublished": "2025-05-14T17:59:58.180Z",
"dateReserved": "2025-05-13T02:36:24.908Z",
"dateUpdated": "2025-05-15T13:49:10.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4637 (GCVE-0-2025-4637)
Vulnerability from cvelistv5 – Published: 2025-05-14 17:51 – Updated: 2025-05-15 14:26
VLAI?
Summary
Divide By Zero vulnerability in davisking dlib allows
remote attackers to cause a denial of service via a crafted file.
.This issue affects dlib: before <19.24.7.
Severity ?
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:26:49.348017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:26:59.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "dlib",
"vendor": "davisking",
"versions": [
{
"changes": [
{
"at": "patch 19.24.7",
"status": "unaffected"
}
],
"lessThan": "\u003c19.24.7",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Divide By Zero vulnerability in davisking dlib allows \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eremote attackers to cause a denial of service via a crafted file.\u003c/span\u003e\n\n.\u003cp\u003eThis issue affects dlib: before \u0026lt;19.24.7.\u003c/p\u003e"
}
],
"value": "Divide By Zero vulnerability in davisking dlib allows \n\nremote attackers to cause a denial of service via a crafted file.\n\n.This issue affects dlib: before \u003c19.24.7."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T17:51:41.076Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/davisking/dlib/pull/3058"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Divide By Zero in dlib",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-4637",
"datePublished": "2025-05-14T17:51:41.076Z",
"dateReserved": "2025-05-13T02:36:20.929Z",
"dateUpdated": "2025-05-15T14:26:59.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1867 (GCVE-0-2025-1867)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:48 – Updated: 2025-03-03 16:32
VLAI?
Summary
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
Severity ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T16:32:10.659587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T16:32:50.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"product": "libhv",
"vendor": "ithewei",
"versions": [
{
"changes": [
{
"at": "patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"datePublic": "2025-03-03T08:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in ithewei libhv allows HTTP Response Smuggling.\u003cp\u003eThis issue affects libhv: through 1.3.3.\u003c/p\u003e"
}
],
"value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-273",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-273 HTTP Response Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:48:56.284Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/ithewei/libhv/pull/689"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP Response Smuggling Vulnerability in libhv",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-1867",
"datePublished": "2025-03-03T08:48:56.284Z",
"dateReserved": "2025-03-03T08:47:39.905Z",
"dateUpdated": "2025-03-03T16:32:50.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1866 (GCVE-0-2025-1866)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:44 – Updated: 2025-03-03 16:34
VLAI?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.
By default, the affected code is not executed unless one of the following conditions is met:
LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.
LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.
Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| warmcat | libwebsockets |
Affected:
0 , < <4.3.4
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T16:34:26.018890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T16:34:59.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"product": "libwebsockets",
"vendor": "warmcat",
"versions": [
{
"changes": [
{
"at": "patch 4.3.4",
"status": "unaffected"
}
],
"lessThan": "\u003c4.3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\u003cbr\u003e\u003cbr\u003eBy default, the affected code is not executed unless one of the following conditions is met:\u003cbr\u003e\u003cbr\u003eLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\u003cbr\u003eLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\u003cbr\u003eDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior."
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\n\nBy default, the affected code is not executed unless one of the following conditions is met:\n\nLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\nLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\nDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:44:23.118Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-1866",
"datePublished": "2025-03-03T08:44:23.118Z",
"dateReserved": "2025-03-03T08:26:24.158Z",
"dateUpdated": "2025-03-03T16:34:59.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1864 (GCVE-0-2025-1864)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:15 – Updated: 2025-03-03 14:09
VLAI?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:09:22.805308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:09:47.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"product": "radare2",
"vendor": "radareorg",
"versions": [
{
"changes": [
{
"at": "patch 5.9.9",
"status": "unaffected"
}
],
"lessThan": "\u003c5.9.9",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"datePublic": "2025-03-03T08:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.\u003cp\u003eThis issue affects radare2: before \u0026lt;5.9.9.\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before \u003c5.9.9."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:15:17.335Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://github.com/radareorg/radare2/pull/23981"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow and Potential Code Execution in Radare2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-1864",
"datePublished": "2025-03-03T08:15:17.335Z",
"dateReserved": "2025-03-03T08:05:50.277Z",
"dateUpdated": "2025-03-03T14:09:47.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1744 (GCVE-0-2025-1744)
Vulnerability from cvelistv5 – Published: 2025-02-28 03:24 – Updated: 2025-02-28 15:21
VLAI?
Summary
Out-of-bounds Write vulnerability in radareorg radare2 allows
heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T15:21:10.472595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T15:21:25.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com",
"defaultStatus": "unaffected",
"product": "radare2",
"vendor": "radareorg",
"versions": [
{
"changes": [
{
"at": "patch 5.9.9",
"status": "unaffected"
}
],
"lessThan": "\u003c5.9.9",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"datePublic": "2025-02-28T03:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Write vulnerability in radareorg radare2 allows \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eheap-based buffer over-read or buffer overflow\u003c/span\u003e.\u003cp\u003eThis issue affects radare2: before \u0026lt;5.9.9.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write vulnerability in radareorg radare2 allows \n\nheap-based buffer over-read or buffer overflow.This issue affects radare2: before \u003c5.9.9."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T03:24:50.301Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/radareorg/radare2/pull/23969"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in radare2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-1744",
"datePublished": "2025-02-28T03:24:50.301Z",
"dateReserved": "2025-02-27T09:09:59.387Z",
"dateUpdated": "2025-02-28T15:21:25.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4225 (GCVE-0-2024-4225)
Vulnerability from cvelistv5 – Published: 2024-04-30 06:47 – Updated: 2024-08-09 14:43
VLAI?
Summary
Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).
Severity ?
7.6 (High)
CWE
- CWE-284 - Improper Access Control, CWE-522 Insufficiently Protected Credentials, CWE-79 Improper Neutralization of Input During Web Page Generation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DPS Telecom | NetGuardian DIN Remote Telemetry Unit (RTU) |
Affected:
NGDIN_ST App v2.0D.0062
|
Credits
Tan Inn Fung
Goh Jing Loon
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://govtech-csg.github.io/security-advisories/2024/04/29/CVE-2024-4225.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dpstele:ngdin_st:2.0d.0062:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ngdin_st",
"vendor": "dpstele",
"versions": [
{
"status": "affected",
"version": "2.0d.0062"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:47:59.124226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:43:30.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetGuardian DIN Remote Telemetry Unit (RTU)",
"vendor": "DPS Telecom",
"versions": [
{
"status": "affected",
"version": "NGDIN_ST App v2.0D.0062"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tan Inn Fung"
},
{
"lang": "en",
"type": "finder",
"value": "Goh Jing Loon"
}
],
"datePublic": "2024-04-29T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user\u0027s privilege, steal user\u0027s credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)."
}
],
"value": "Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user\u0027s privilege, steal user\u0027s credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation, CAPEC-587 Credentials Exposed through Carelessness or Inadequate Security Practices, CAPEC-87 Stored Cross Site Scripting (XSS), CAPEC-62 Cross-Site Request Forgery (CSRF)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control, CWE-522 Insufficiently Protected Credentials, CWE-79 Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T06:57:58.822Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://govtech-csg.github.io/security-advisories/2024/04/29/CVE-2024-4225.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NGDIN_ST v2.0D.0062 - Multiple Vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2024-4225",
"datePublished": "2024-04-30T06:47:30.876Z",
"dateReserved": "2024-04-26T02:57:31.605Z",
"dateUpdated": "2024-08-09T14:43:30.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4163 (GCVE-0-2024-4163)
Vulnerability from cvelistv5 – Published: 2024-04-26 02:26 – Updated: 2024-08-01 20:33
VLAI?
Summary
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway.
Severity ?
CWE
- Limited shell breakout leading to root access
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Skylab | IIoT Gateway (IGX) |
Affected:
1.2.12
|
Credits
Tan Inn Fung
Mah Chia Hui
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:skylab:igx_iiot_gateway:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "igx_iiot_gateway",
"vendor": "skylab",
"versions": [
{
"status": "affected",
"version": "1.2.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:47:02.223690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:56.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://govtech-csg.github.io/security-advisories/2024/04/25/CVE-2024-4163.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IIoT Gateway (IGX)",
"vendor": "Skylab",
"versions": [
{
"status": "affected",
"version": "1.2.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tan Inn Fung"
},
{
"lang": "en",
"type": "finder",
"value": "Mah Chia Hui"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway."
}
],
"value": "The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Limited shell breakout leading to root access",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T06:59:38.364Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://govtech-csg.github.io/security-advisories/2024/04/25/CVE-2024-4163.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation on Skylab IIoT Gateway (IGX)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2024-4163",
"datePublished": "2024-04-26T02:26:22.758Z",
"dateReserved": "2024-04-25T02:38:12.253Z",
"dateUpdated": "2024-08-01T20:33:52.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3991 (GCVE-0-2023-3991)
Vulnerability from cvelistv5 – Published: 2023-10-16 09:07 – Updated: 2024-09-16 16:37
VLAI?
Summary
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FreshTomato | FreshTomato |
Affected:
2023.3
|
Credits
Eugene Lim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:36:48.390153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:37:12.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FreshTomato",
"vendor": "FreshTomato",
"versions": [
{
"status": "affected",
"version": "2023.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eugene Lim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"value": "An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T09:14:32.286Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS command injection vulnerability in FreshTomato 2023.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2023-3991",
"datePublished": "2023-10-16T09:07:46.666Z",
"dateReserved": "2023-07-28T03:32:37.859Z",
"dateUpdated": "2024-09-16T16:37:12.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0996 (GCVE-0-2023-0996)
Vulnerability from cvelistv5 – Published: 2023-02-24 03:35 – Updated: 2025-03-11 20:47
VLAI?
Summary
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/strukturag/libheif/pull/759"
},
{
"tags": [
"x_transferred"
],
"url": "https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T20:46:37.332139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T20:47:36.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libheif",
"repo": "https://github.com/strukturag/libheif",
"vendor": "Struktur",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eThere is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nThere is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T03:35:58.752Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://github.com/strukturag/libheif/pull/759"
},
{
"url": "https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2023-0996",
"datePublished": "2023-02-24T03:35:58.752Z",
"dateReserved": "2023-02-24T03:17:18.663Z",
"dateUpdated": "2025-03-11T20:47:36.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0324 (GCVE-0-2022-0324)
Vulnerability from cvelistv5 – Published: 2022-11-14 16:08 – Updated: 2025-04-30 13:37
VLAI?
Summary
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.
Discovered by Eugene Lim of GovTech Singapore.
Severity ?
8.1 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Software for Open Networking in the Cloud (SONiC) |
Affected:
202111
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"
},
{
"tags": [
"x_transferred"
],
"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:37:32.242628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:37:45.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software for Open Networking in the Cloud (SONiC)",
"repo": "https://github.com/sonic-net/sonic-buildimage",
"vendor": "Linux Foundation",
"versions": [
{
"status": "affected",
"version": "202111"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\u003cbr\u003e\u003cbr\u003eDiscovered by Eugene Lim of GovTech Singapore.\u003cbr\u003e"
}
],
"value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T16:12:37.331Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"
},
{
"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2022-0324",
"datePublished": "2022-11-14T16:08:34.224Z",
"dateReserved": "2022-01-21T01:21:20.305Z",
"dateUpdated": "2025-04-30T13:37:45.488Z",
"requesterUserId": "26d1c047-c31c-4646-bd07-241f86433aca",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0982 (GCVE-0-2022-0982)
Vulnerability from cvelistv5 – Published: 2022-03-16 14:04 – Updated: 2024-09-17 04:20
VLAI?
Summary
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
Severity ?
No CVSS data available.
CWE
- https://cwe.mitre.org/data/definitions/120.html
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://accel-ppp.org/ | Accel-PPP |
Affected:
1.12 , ≤ 1.12
(custom)
|
Credits
Chloe Ong from Government Technology Agency of Singapore
Eugene Lim from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Accel-PPP",
"vendor": "https://accel-ppp.org/",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-\u003ebuf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "https://cwe.mitre.org/data/definitions/120.html",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:04:22",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow via crafted client request in Accel-PPP v1.12",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-03-15T09:32:00.000Z",
"ID": "CVE-2022-0982",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow via crafted client request in Accel-PPP v1.12"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Accel-PPP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "https://accel-ppp.org/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-\u003ebuf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "https://cwe.mitre.org/data/definitions/120.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xebd/accel-ppp/issues/164",
"refsource": "MISC",
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2022-0982",
"datePublished": "2022-03-16T14:04:22.485737Z",
"dateReserved": "2022-03-15T00:00:00",
"dateUpdated": "2024-09-17T04:20:24.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42854 (GCVE-0-2021-42854)
Vulnerability from cvelistv5 – Published: 2022-03-09 16:52 – Updated: 2024-09-16 17:54
VLAI?
Summary
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent |
Affected:
10.x
Affected: 12.13.0 , < 12.13.0 (custom) Affected: 11.8.8 , < 11.8.8 (custom) |
Credits
Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SteelCentral AppInternals Dynamic Sampling Agent",
"vendor": "Aternity",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThan": "12.13.0",
"status": "affected",
"version": "12.13.0",
"versionType": "custom"
},
{
"lessThan": "11.8.8",
"status": "affected",
"version": "11.8.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) PluginServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/plugin/pmx\" API. The affected endpoint does not have any input validation of the user\u0027s input that allows a malicious payload to be injected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T16:52:02",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Directory Traversal Read/Write/Delete at PluginServlet",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-23T10:30:00.000Z",
"ID": "CVE-2021-42854",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal Read/Write/Delete at PluginServlet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SteelCentral AppInternals Dynamic Sampling Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.13.0",
"version_value": "12.13.0"
},
{
"version_affected": "\u003c",
"version_name": "11.8.8",
"version_value": "11.8.8"
},
{
"version_affected": "=",
"version_name": "10.x",
"version_value": "10.x"
}
]
}
}
]
},
"vendor_name": "Aternity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) PluginServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/plugin/pmx\" API. The affected endpoint does not have any input validation of the user\u0027s input that allows a malicious payload to be injected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854",
"refsource": "CONFIRM",
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42854",
"datePublished": "2022-03-09T16:52:02.819876Z",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-09-16T17:54:38.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42856 (GCVE-0-2021-42856)
Vulnerability from cvelistv5 – Published: 2022-03-09 16:51 – Updated: 2024-09-17 04:18
VLAI?
Summary
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
Severity ?
4.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent |
Affected:
10.x
Affected: 12.13.0 , < 12.13.0 (custom) Affected: 11.8.8 , < 11.8.8 (custom) |
Credits
Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SteelCentral AppInternals Dynamic Sampling Agent",
"vendor": "Aternity",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThan": "12.13.0",
"status": "affected",
"version": "12.13.0",
"versionType": "custom"
},
{
"lessThan": "11.8.8",
"status": "affected",
"version": "11.8.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T16:51:56",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Reflected Cross-site Scripting at DsaDataTest",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-23T10:30:00.000Z",
"ID": "CVE-2021-42856",
"STATE": "PUBLIC",
"TITLE": "Reflected Cross-site Scripting at DsaDataTest"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SteelCentral AppInternals Dynamic Sampling Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.13.0",
"version_value": "12.13.0"
},
{
"version_affected": "\u003c",
"version_name": "11.8.8",
"version_value": "11.8.8"
},
{
"version_affected": "=",
"version_name": "10.x",
"version_value": "10.x"
}
]
}
}
]
},
"vendor_name": "Aternity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856",
"refsource": "CONFIRM",
"url": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42856",
"datePublished": "2022-03-09T16:51:56.184251Z",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-09-17T04:18:57.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42787 (GCVE-0-2021-42787)
Vulnerability from cvelistv5 – Published: 2022-03-09 16:51 – Updated: 2024-09-16 22:35
VLAI?
Summary
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
Severity ?
9.4 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent |
Affected:
10.x
Affected: 12.13.0 , < 12.13.0 (custom) Affected: 11.8.8 , < 11.8.8 (custom) |
Credits
Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SteelCentral AppInternals Dynamic Sampling Agent",
"vendor": "Aternity",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThan": "12.13.0",
"status": "affected",
"version": "12.13.0",
"versionType": "custom"
},
{
"lessThan": "11.8.8",
"status": "affected",
"version": "11.8.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/configuration\" API. The affected endpoint does not have any input validation of the user\u0027s input that allows a malicious payload to be injected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T16:51:50",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-23T10:30:00.000Z",
"ID": "CVE-2021-42787",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SteelCentral AppInternals Dynamic Sampling Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.13.0",
"version_value": "12.13.0"
},
{
"version_affected": "\u003c",
"version_name": "11.8.8",
"version_value": "11.8.8"
},
{
"version_affected": "=",
"version_name": "10.x",
"version_value": "10.x"
}
]
}
}
]
},
"vendor_name": "Aternity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/configuration\" API. The affected endpoint does not have any input validation of the user\u0027s input that allows a malicious payload to be injected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787",
"refsource": "CONFIRM",
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42787",
"datePublished": "2022-03-09T16:51:50.594465Z",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-09-16T22:35:02.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42857 (GCVE-0-2021-42857)
Vulnerability from cvelistv5 – Published: 2022-03-09 16:51 – Updated: 2024-09-16 21:57
VLAI?
Summary
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent |
Affected:
10.x
Affected: 12.13.0 , < 12.13.0 (custom) Affected: 11.8.8 , < 11.8.8 (custom) |
Credits
Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SteelCentral AppInternals Dynamic Sampling Agent",
"vendor": "Aternity",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThan": "12.13.0",
"status": "affected",
"version": "12.13.0",
"versionType": "custom"
},
{
"lessThan": "11.8.8",
"status": "affected",
"version": "11.8.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) AgentDaServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/da/pcf\" API. The affected endpoint does not have any validation of the user\u0027s input that allows a malicious payload to be injected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T16:51:44",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Directory Traversal Partial Write at AgentDaServlet",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-23T10:30:00.000Z",
"ID": "CVE-2021-42857",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal Partial Write at AgentDaServlet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SteelCentral AppInternals Dynamic Sampling Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.13.0",
"version_value": "12.13.0"
},
{
"version_affected": "\u003c",
"version_name": "11.8.8",
"version_value": "11.8.8"
},
{
"version_affected": "=",
"version_name": "10.x",
"version_value": "10.x"
}
]
}
}
]
},
"vendor_name": "Aternity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent\u0027s (DSA) AgentDaServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/da/pcf\" API. The affected endpoint does not have any validation of the user\u0027s input that allows a malicious payload to be injected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857",
"refsource": "CONFIRM",
"url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42857",
"datePublished": "2022-03-09T16:51:44.553702Z",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-09-16T21:57:35.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42855 (GCVE-0-2021-42855)
Vulnerability from cvelistv5 – Published: 2022-03-09 16:51 – Updated: 2024-09-17 02:36
VLAI?
Summary
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aternity | SteelCentral AppInternals Dynamic Sampling Agent |
Affected:
10.x
Affected: 12.13.0 , < 12.13.0 (custom) Affected: 11.8.8 , < 11.8.8 (custom) |
Credits
Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SteelCentral AppInternals Dynamic Sampling Agent",
"vendor": "Aternity",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThan": "12.13.0",
"status": "affected",
"version": "12.13.0",
"versionType": "custom"
},
{
"lessThan": "11.8.8",
"status": "affected",
"version": "11.8.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the \".debug_command.config\" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the \"/api/appInternals/1.0/agent/configuration\" API to map the corresponding ID to a command to be executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T16:51:38",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to misconfigured write permission on .debug_command.config file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-23T10:30:00.000Z",
"ID": "CVE-2021-42855",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to misconfigured write permission on .debug_command.config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SteelCentral AppInternals Dynamic Sampling Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.13.0",
"version_value": "12.13.0"
},
{
"version_affected": "\u003c",
"version_name": "11.8.8",
"version_value": "11.8.8"
},
{
"version_affected": "=",
"version_name": "10.x",
"version_value": "10.x"
}
]
}
}
]
},
"vendor_name": "Aternity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the \".debug_command.config\" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the \"/api/appInternals/1.0/agent/configuration\" API to map the corresponding ID to a command to be executed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855",
"refsource": "CONFIRM",
"url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2021-42855",
"datePublished": "2022-03-09T16:51:38.176848Z",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-09-17T02:36:31.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}