diff --git a/data/anchore/2024/CVE-2024-54268.json b/data/anchore/2024/CVE-2024-54268.json index 93982b8c..6e773d60 100644 --- a/data/anchore/2024/CVE-2024-54268.json +++ b/data/anchore/2024/CVE-2024-54268.json @@ -7,11 +7,14 @@ "references": [ "https://patchstack.com/database/wordpress/plugin/so-widgets-bundle/vulnerability/wordpress-siteorigin-widgets-bundle-plugin-1-64-0-broken-access-control-vulnerability?_s_id=cve" ], + "solutions": [ + "Update to 1.64.1 or a higher version." + ], "upstream": { "datePublished": "2024-12-13T14:24:45.711Z", "dateReserved": "2024-12-02T12:04:05.093Z", - "dateUpdated": "2024-12-13T21:03:05.693Z", - "digest": "2ed87ff270f7eb4ff57c01a22cb59b39fa55d070e3f51a6346d73e14c823493d" + "dateUpdated": "2024-12-16T22:00:57.531Z", + "digest": "a28a4a60170a0144bb3058c4e74cb6d3c9da6540875c25f15b3acacfad0e5673" } }, "adp": { diff --git a/data/anchore/2024/CVE-2024-56145.json b/data/anchore/2024/CVE-2024-56145.json index 9a734def..eca82746 100644 --- a/data/anchore/2024/CVE-2024-56145.json +++ b/data/anchore/2024/CVE-2024-56145.json @@ -2,7 +2,7 @@ "additionalMetadata": { "cna": "github_m", "cveId": "CVE-2024-56145", - "description": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 4.13.2 or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.", + "description": "Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3", @@ -11,8 +11,8 @@ "upstream": { "datePublished": "2024-12-18T20:37:34.301Z", "dateReserved": "2024-12-16T18:04:39.983Z", - "dateUpdated": "2024-12-18T21:10:48.315Z", - "digest": "fd488b59f0371d0786fa3cda8221ea5d372155c5234137065b1bae8e5d275a6f" + "dateUpdated": "2024-12-19T20:13:33.762Z", + "digest": "9a6b1c75d8ceb0eaf6829f27b168ec4ae6be596f86853d29dbf9a8a295af0aeb" } }, "adp": { @@ -39,6 +39,12 @@ "status": "affected", "version": "5.0.0-rc1", "versionType": "custom" + }, + { + "lessThan": "3.9.14", + "status": "affected", + "version": "3.0.0", + "versionType": "custom" } ] } diff --git a/data/anchore/2024/CVE-2024-56201.json b/data/anchore/2024/CVE-2024-56201.json index 703c873d..b0d5e81e 100644 --- a/data/anchore/2024/CVE-2024-56201.json +++ b/data/anchore/2024/CVE-2024-56201.json @@ -2,7 +2,7 @@ "additionalMetadata": { "cna": "github_m", "cveId": "CVE-2024-56201", - "description": "Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", + "description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f", @@ -13,8 +13,8 @@ "upstream": { "datePublished": "2024-12-23T15:37:36.110Z", "dateReserved": "2024-12-18T18:29:25.896Z", - "dateUpdated": "2024-12-24T01:45:43.607Z", - "digest": "b7a6a49c62cb0342717fb8c7a327c4c3e7b21b409d65691b27930299f29e8e89" + "dateUpdated": "2025-01-09T16:26:45.996Z", + "digest": "668e39849de567fec6227b9124051ba3bdbb024baaf81b59f5d12e3e0c54614e" } }, "adp": { @@ -34,7 +34,7 @@ { "lessThan": "3.1.5", "status": "affected", - "version": "0", + "version": "3.0.0", "versionType": "python" } ] diff --git a/data/anchore/2025/CVE-2025-0237.json b/data/anchore/2025/CVE-2025-0237.json index 7e688892..21f88b8a 100644 --- a/data/anchore/2025/CVE-2025-0237.json +++ b/data/anchore/2025/CVE-2025-0237.json @@ -2,18 +2,20 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0237", - "description": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.", + "description": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257", "https://www.mozilla.org/security/advisories/mfsa2025-01/", - "https://www.mozilla.org/security/advisories/mfsa2025-02/" + "https://www.mozilla.org/security/advisories/mfsa2025-02/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:05.787Z", "dateReserved": "2025-01-06T14:48:59.270Z", - "dateUpdated": "2025-01-07T16:07:05.787Z", - "digest": "45e925945de39272939e7063cc8bd016bed7fa6a2b28bf78ab981f5b0f91b840" + "dateUpdated": "2025-01-13T21:54:58.675Z", + "digest": "42db98d7b9bfbb28c10f0bf376e446e5d7c75a09cedfece798f6e4b5a906ef50" } }, "adp": { @@ -47,6 +49,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0238.json b/data/anchore/2025/CVE-2025-0238.json index 8a351713..30c033da 100644 --- a/data/anchore/2025/CVE-2025-0238.json +++ b/data/anchore/2025/CVE-2025-0238.json @@ -2,19 +2,21 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0238", - "description": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19.", + "description": "Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535", "https://www.mozilla.org/security/advisories/mfsa2025-01/", "https://www.mozilla.org/security/advisories/mfsa2025-02/", - "https://www.mozilla.org/security/advisories/mfsa2025-03/" + "https://www.mozilla.org/security/advisories/mfsa2025-03/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:06.043Z", "dateReserved": "2025-01-06T14:49:02.331Z", - "dateUpdated": "2025-01-07T16:07:06.043Z", - "digest": "8c78fdff1b3246dded818c04e42c53f1095ea21af200fc1efe19797f895a62c9" + "dateUpdated": "2025-01-13T21:54:58.998Z", + "digest": "3ed08772b0751efb82a977d459455c2900190e04e8bf9c55f26ef4f9baa2ffbb" } }, "adp": { @@ -46,7 +48,16 @@ "status": "affected", "version": "116", "versionType": "custom" - }, + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" + ], + "product": "Firefox ESR", + "vendor": "Mozilla", + "versions": [ { "lessThan": "115.19", "status": "affected", @@ -54,6 +65,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0239.json b/data/anchore/2025/CVE-2025-0239.json index a5fb59a5..3798774a 100644 --- a/data/anchore/2025/CVE-2025-0239.json +++ b/data/anchore/2025/CVE-2025-0239.json @@ -2,18 +2,20 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0239", - "description": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.", + "description": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156", "https://www.mozilla.org/security/advisories/mfsa2025-01/", - "https://www.mozilla.org/security/advisories/mfsa2025-02/" + "https://www.mozilla.org/security/advisories/mfsa2025-02/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:06.317Z", "dateReserved": "2025-01-06T14:49:04.597Z", - "dateUpdated": "2025-01-07T16:07:06.317Z", - "digest": "45e925945de39272939e7063cc8bd016bed7fa6a2b28bf78ab981f5b0f91b840" + "dateUpdated": "2025-01-13T21:54:59.320Z", + "digest": "42db98d7b9bfbb28c10f0bf376e446e5d7c75a09cedfece798f6e4b5a906ef50" } }, "adp": { @@ -47,6 +49,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0240.json b/data/anchore/2025/CVE-2025-0240.json index 8968b62d..474652e6 100644 --- a/data/anchore/2025/CVE-2025-0240.json +++ b/data/anchore/2025/CVE-2025-0240.json @@ -2,18 +2,20 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0240", - "description": "Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.", + "description": "Parsing a JavaScript module as JSON could under some circumstances cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623", "https://www.mozilla.org/security/advisories/mfsa2025-01/", - "https://www.mozilla.org/security/advisories/mfsa2025-02/" + "https://www.mozilla.org/security/advisories/mfsa2025-02/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:06.551Z", "dateReserved": "2025-01-06T14:49:06.842Z", - "dateUpdated": "2025-01-07T16:07:06.551Z", - "digest": "45e925945de39272939e7063cc8bd016bed7fa6a2b28bf78ab981f5b0f91b840" + "dateUpdated": "2025-01-13T21:54:59.635Z", + "digest": "42db98d7b9bfbb28c10f0bf376e446e5d7c75a09cedfece798f6e4b5a906ef50" } }, "adp": { @@ -47,6 +49,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0241.json b/data/anchore/2025/CVE-2025-0241.json index 28026485..81386f78 100644 --- a/data/anchore/2025/CVE-2025-0241.json +++ b/data/anchore/2025/CVE-2025-0241.json @@ -2,18 +2,20 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0241", - "description": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.", + "description": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023", "https://www.mozilla.org/security/advisories/mfsa2025-01/", - "https://www.mozilla.org/security/advisories/mfsa2025-02/" + "https://www.mozilla.org/security/advisories/mfsa2025-02/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:06.824Z", "dateReserved": "2025-01-06T14:49:09.192Z", - "dateUpdated": "2025-01-07T16:07:06.824Z", - "digest": "45e925945de39272939e7063cc8bd016bed7fa6a2b28bf78ab981f5b0f91b840" + "dateUpdated": "2025-01-13T21:54:59.970Z", + "digest": "42db98d7b9bfbb28c10f0bf376e446e5d7c75a09cedfece798f6e4b5a906ef50" } }, "adp": { @@ -47,6 +49,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0242.json b/data/anchore/2025/CVE-2025-0242.json index f5c04554..4be75b83 100644 --- a/data/anchore/2025/CVE-2025-0242.json +++ b/data/anchore/2025/CVE-2025-0242.json @@ -2,19 +2,21 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0242", - "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19.", + "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169", "https://www.mozilla.org/security/advisories/mfsa2025-01/", "https://www.mozilla.org/security/advisories/mfsa2025-02/", - "https://www.mozilla.org/security/advisories/mfsa2025-03/" + "https://www.mozilla.org/security/advisories/mfsa2025-03/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:07.093Z", "dateReserved": "2025-01-06T14:49:11.467Z", - "dateUpdated": "2025-01-07T16:07:07.093Z", - "digest": "8c78fdff1b3246dded818c04e42c53f1095ea21af200fc1efe19797f895a62c9" + "dateUpdated": "2025-01-13T21:55:00.579Z", + "digest": "3ed08772b0751efb82a977d459455c2900190e04e8bf9c55f26ef4f9baa2ffbb" } }, "adp": { @@ -46,7 +48,16 @@ "status": "affected", "version": "116", "versionType": "custom" - }, + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" + ], + "product": "Firefox ESR", + "vendor": "Mozilla", + "versions": [ { "lessThan": "115.19", "status": "affected", @@ -54,6 +65,36 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "129", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "128.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": { diff --git a/data/anchore/2025/CVE-2025-0243.json b/data/anchore/2025/CVE-2025-0243.json index 766d3f7e..667bce5a 100644 --- a/data/anchore/2025/CVE-2025-0243.json +++ b/data/anchore/2025/CVE-2025-0243.json @@ -2,18 +2,20 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0243", - "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.", + "description": "Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783", "https://www.mozilla.org/security/advisories/mfsa2025-01/", - "https://www.mozilla.org/security/advisories/mfsa2025-02/" + "https://www.mozilla.org/security/advisories/mfsa2025-02/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/", + "https://www.mozilla.org/security/advisories/mfsa2025-05/" ], "upstream": { "datePublished": "2025-01-07T16:07:07.372Z", "dateReserved": "2025-01-06T14:49:13.142Z", - "dateUpdated": "2025-01-07T16:07:07.372Z", - "digest": "45e925945de39272939e7063cc8bd016bed7fa6a2b28bf78ab981f5b0f91b840" + "dateUpdated": "2025-01-13T21:55:00.882Z", + "digest": "42db98d7b9bfbb28c10f0bf376e446e5d7c75a09cedfece798f6e4b5a906ef50" } }, "adp": { @@ -60,7 +62,16 @@ "status": "affected", "version": "129", "versionType": "custom" - }, + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ { "lessThan": "128.6", "status": "affected", diff --git a/data/anchore/2025/CVE-2025-0247.json b/data/anchore/2025/CVE-2025-0247.json index 471111cf..734cb414 100644 --- a/data/anchore/2025/CVE-2025-0247.json +++ b/data/anchore/2025/CVE-2025-0247.json @@ -2,17 +2,18 @@ "additionalMetadata": { "cna": "mozilla", "cveId": "CVE-2025-0247", - "description": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134.", + "description": "Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.", "reason": "Added CPE configurations because not yet analyzed by NVD.", "references": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173", - "https://www.mozilla.org/security/advisories/mfsa2025-01/" + "https://www.mozilla.org/security/advisories/mfsa2025-01/", + "https://www.mozilla.org/security/advisories/mfsa2025-04/" ], "upstream": { "datePublished": "2025-01-07T16:07:07.636Z", "dateReserved": "2025-01-06T14:49:19.275Z", - "dateUpdated": "2025-01-07T16:07:07.636Z", - "digest": "86356cdeeef6b2ba9d404cda158163648e3c8ed9f17a2d1c58811436d34ad55d" + "dateUpdated": "2025-01-14T16:32:10.790Z", + "digest": "92b2c6c0a1aa1fc0195d99eacae746a12db044be4b13e54c8201a09de762fa40" } }, "adp": { @@ -31,6 +32,21 @@ "versionType": "custom" } ] + }, + { + "cpes": [ + "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" + ], + "product": "Thunderbird", + "vendor": "Mozilla", + "versions": [ + { + "lessThan": "134", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] } ], "providerMetadata": {