github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-4hhv-jc45-cmpc
GHSA-hqp2-6j35-rqp5
GHSA-2rw4-j3h5-72xp
GHSA-8hqc-m445-x46q
GHSA-9mgf-hh2m-346c
GHSA-jjpf-rjhc-fq98
GHSA-pp3c-36rx-j2jw
GHSA-xwcj-m6m8-mr3g
GHSA-327q-mmg5-jm77
GHSA-32pm-63j6-22qc
GHSA-3f6r-qh9c-x6mm
GHSA-528c-fcjh-q2j7
GHSA-7wrw-r4p8-38rx
GHSA-9cwq-g8xg-jgrg
GHSA-9v84-cc9j-pxr6
GHSA-frhw-w3wm-6cw4
GHSA-p8vf-p5g9-f6j7
GHSA-qrrm-hq5g-j2q3
GHSA-v5qx-579h-rr6f
GHSA-v7qx-rccr-23xm
GHSA-vcfp-63cx-4h59
GHSA-x279-fqqw-2jvv
This commit is contained in:
advisory-database[bot] 2025-01-28 03:33:12 +00:00
Родитель 294bf86b34
Коммит 05a932cae3
22 изменённых файлов: 593 добавлений и 12 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
advisories/unreviewed/2022/05/GHSA-4hhv-jc45-cmpc/GHSA-4hhv-jc45-cmpc.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4hhv-jc45-cmpc",
"modified": "2022-05-17T05:49:23Z",
"modified": "2025-01-28T03:31:12Z",
"published": "2022-05-17T05:49:23Z",
"aliases": [
"CVE-2010-2965"
@ -26,6 +26,10 @@
"type": "WEB",
"url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/10"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/362332"

4
advisories/unreviewed/2024/02/GHSA-hqp2-6j35-rqp5/GHSA-hqp2-6j35-rqp5.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/05/GHSA-2rw4-j3h5-72xp/GHSA-2rw4-j3h5-72xp.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-8hqc-m445-x46q/GHSA-8hqc-m445-x46q.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8hqc-m445-x46q",
"modified": "2024-05-14T18:30:53Z",
"modified": "2025-01-28T03:31:13Z",
"published": "2024-05-14T18:30:53Z",
"aliases": [
"CVE-2024-3831"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/05/GHSA-9mgf-hh2m-346c/GHSA-9mgf-hh2m-346c.json
Просмотреть файл

@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-jjpf-rjhc-fq98/GHSA-jjpf-rjhc-fq98.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jjpf-rjhc-fq98",
"modified": "2024-05-14T18:30:53Z",
"modified": "2025-01-28T03:31:13Z",
"published": "2024-05-14T18:30:53Z",
"aliases": [
"CVE-2024-3989"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-pp3c-36rx-j2jw/GHSA-pp3c-36rx-j2jw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pp3c-36rx-j2jw",
"modified": "2024-05-14T18:30:52Z",
"modified": "2025-01-28T03:31:13Z",
"published": "2024-05-14T18:30:52Z",
"aliases": [
"CVE-2024-3680"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-xwcj-m6m8-mr3g/GHSA-xwcj-m6m8-mr3g.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-xwcj-m6m8-mr3g",
"modified": "2024-05-14T18:30:54Z",
"modified": "2025-01-28T03:31:13Z",
"published": "2024-05-14T18:30:54Z",
"aliases": [
"CVE-2024-4158"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

48
advisories/unreviewed/2025/01/GHSA-327q-mmg5-jm77/GHSA-327q-mmg5-jm77.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-327q-mmg5-jm77",
"modified": "2025-01-28T03:31:13Z",
"published": "2025-01-28T03:31:13Z",
"aliases": [
"CVE-2024-12649"
],
"details": "Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12649"
},
{
"type": "WEB",
"url": "https://canon.jp/support/support-info/250127vulnerability-response"
},
{
"type": "WEB",
"url": "https://psirt.canon/advisory-information/cp2025-001"
},
{
"type": "WEB",
"url": "https://www.canon-europe.com/support/product-security/#news"
},
{
"type": "WEB",
"url": "https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers"
}
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

31
advisories/unreviewed/2025/01/GHSA-32pm-63j6-22qc/GHSA-32pm-63j6-22qc.json Normal file
Просмотреть файл

@ -0,0 +1,31 @@
{
"schema_version": "1.4.0",
"id": "GHSA-32pm-63j6-22qc",
"modified": "2025-01-28T03:31:13Z",
"published": "2025-01-28T03:31:13Z",
"aliases": [
"CVE-2022-3365"
],
"details": "Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3365"
},
{
"type": "WEB",
"url": "https://github.com/rapid7/metasploit-framework/pull/17067"
}
],
"database_specific": {
"cwe_ids": [
"CWE-327"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

45
advisories/unreviewed/2025/01/GHSA-3f6r-qh9c-x6mm/GHSA-3f6r-qh9c-x6mm.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3f6r-qh9c-x6mm",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-45341"
],
"details": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"type": "WEB",
"url": "https://go.dev/cl/643099"
},
{
"type": "WEB",
"url": "https://go.dev/issue/71156"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3373"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-528c-fcjh-q2j7/GHSA-528c-fcjh-q2j7.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-528c-fcjh-q2j7",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-27263"
],
"details": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27263"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176072"
}
],
"database_specific": {
"cwe_ids": [
"CWE-300"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

45
advisories/unreviewed/2025/01/GHSA-7wrw-r4p8-38rx/GHSA-7wrw-r4p8-38rx.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7wrw-r4p8-38rx",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-45336"
],
"details": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336"
},
{
"type": "WEB",
"url": "https://go.dev/cl/643100"
},
{
"type": "WEB",
"url": "https://go.dev/issue/70530"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3420"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:28Z"
}
}

48
advisories/unreviewed/2025/01/GHSA-9cwq-g8xg-jgrg/GHSA-9cwq-g8xg-jgrg.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9cwq-g8xg-jgrg",
"modified": "2025-01-28T03:31:13Z",
"published": "2025-01-28T03:31:13Z",
"aliases": [
"CVE-2024-12648"
],
"details": "Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12648"
},
{
"type": "WEB",
"url": "https://canon.jp/support/support-info/250127vulnerability-response"
},
{
"type": "WEB",
"url": "https://psirt.canon/advisory-information/cp2025-001"
},
{
"type": "WEB",
"url": "https://www.canon-europe.com/support/product-security/#news"
},
{
"type": "WEB",
"url": "https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers"
}
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-9v84-cc9j-pxr6/GHSA-9v84-cc9j-pxr6.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9v84-cc9j-pxr6",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-0135"
],
"details": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0135"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5599"
}
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T03:15:07Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-frhw-w3wm-6cw4/GHSA-frhw-w3wm-6cw4.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-frhw-w3wm-6cw4",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-0137"
],
"details": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the hosts network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0137"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5599"
}
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T03:15:07Z"
}
}

48
advisories/unreviewed/2025/01/GHSA-p8vf-p5g9-f6j7/GHSA-p8vf-p5g9-f6j7.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p8vf-p5g9-f6j7",
"modified": "2025-01-28T03:31:13Z",
"published": "2025-01-28T03:31:13Z",
"aliases": [
"CVE-2024-12647"
],
"details": "Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12647"
},
{
"type": "WEB",
"url": "https://canon.jp/support/support-info/250127vulnerability-response"
},
{
"type": "WEB",
"url": "https://psirt.canon/advisory-information/cp2025-001"
},
{
"type": "WEB",
"url": "https://www.canon-europe.com/support/product-security/#news"
},
{
"type": "WEB",
"url": "https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers"
}
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-qrrm-hq5g-j2q3/GHSA-qrrm-hq5g-j2q3.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qrrm-hq5g-j2q3",
"modified": "2025-01-28T03:31:13Z",
"published": "2025-01-28T03:31:13Z",
"aliases": [
"CVE-2023-50316"
],
"details": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1\nis vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50316"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176072"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T01:15:08Z"
}
}

41
advisories/unreviewed/2025/01/GHSA-v5qx-579h-rr6f/GHSA-v5qx-579h-rr6f.json Normal file
Просмотреть файл

@ -0,0 +1,41 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v5qx-579h-rr6f",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-45340"
],
"details": "Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45340"
},
{
"type": "WEB",
"url": "https://go.dev/cl/643097"
},
{
"type": "WEB",
"url": "https://go.dev/issue/71249"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3383"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:29Z"
}
}

41
advisories/unreviewed/2025/01/GHSA-v7qx-rccr-23xm/GHSA-v7qx-rccr-23xm.json Normal file
Просмотреть файл

@ -0,0 +1,41 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v7qx-rccr-23xm",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2025-22865"
],
"details": "Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"type": "WEB",
"url": "https://go.dev/cl/643098"
},
{
"type": "WEB",
"url": "https://go.dev/issue/71216"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-vcfp-63cx-4h59/GHSA-vcfp-63cx-4h59.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vcfp-63cx-4h59",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-0136"
],
"details": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0136"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5599"
}
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T03:15:07Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-x279-fqqw-2jvv/GHSA-x279-fqqw-2jvv.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x279-fqqw-2jvv",
"modified": "2025-01-28T03:31:14Z",
"published": "2025-01-28T03:31:14Z",
"aliases": [
"CVE-2024-22315"
],
"details": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22315"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7179168"
}
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:28Z"
}
}