github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Advisory Database Sync

This commit is contained in:
advisory-database[bot] 2025-01-27 18:34:01 +00:00
Родитель 644caad540
Коммит b14f057c06
76 изменённых файлов: 984 добавлений и 69 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
advisories/unreviewed/2022/05/GHSA-v596-x9hf-63gj/GHSA-v596-x9hf-63gj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v596-x9hf-63gj",
"modified": "2022-05-14T03:29:33Z",
"modified": "2025-01-27T18:31:53Z",
"published": "2022-05-14T03:29:33Z",
"aliases": [
"CVE-2018-7445"

4
advisories/unreviewed/2023/05/GHSA-3grg-4gwx-fp3c/GHSA-3grg-4gwx-fp3c.json
Просмотреть файл

@ -25,7 +25,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-863"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

3
advisories/unreviewed/2023/05/GHSA-463w-cvvx-2q2c/GHSA-463w-cvvx-2q2c.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-200"
"CWE-200",
"CWE-863"
],
"severity": "MODERATE",
"github_reviewed": false,

4
advisories/unreviewed/2023/05/GHSA-ccx6-6vgf-c5rw/GHSA-ccx6-6vgf-c5rw.json
Просмотреть файл

@ -25,7 +25,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-863"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,

3
advisories/unreviewed/2023/05/GHSA-cw96-grj5-m243/GHSA-cw96-grj5-m243.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-400"
"CWE-400",
"CWE-770"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2023/05/GHSA-gj39-fcfm-v6w8/GHSA-gj39-fcfm-v6w8.json
Просмотреть файл

@ -27,7 +27,8 @@
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-287"
"CWE-287",
"CWE-863"
],
"severity": "MODERATE",
"github_reviewed": false,

3
advisories/unreviewed/2023/05/GHSA-qh8v-25c7-7m9h/GHSA-qh8v-25c7-7m9h.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-119"
"CWE-119",
"CWE-770"
],
"severity": "CRITICAL",
"github_reviewed": false,

4
advisories/unreviewed/2023/05/GHSA-x96f-hhvw-7xp6/GHSA-x96f-hhvw-7xp6.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,

3
advisories/unreviewed/2023/07/GHSA-v3m2-crxw-2gfm/GHSA-v3m2-crxw-2gfm.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-284"
"CWE-284",
"CWE-552"
],
"severity": "HIGH",
"github_reviewed": false,

1
advisories/unreviewed/2023/07/GHSA-v5c3-34xr-4vp7/GHSA-v5c3-34xr-4vp7.json
Просмотреть файл

@ -26,6 +26,7 @@
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"severity": "CRITICAL",

6
advisories/unreviewed/2024/02/GHSA-994h-mf2h-6f5r/GHSA-994h-mf2h-6f5r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-994h-mf2h-6f5r",
"modified": "2024-02-29T03:33:15Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-29T03:33:15Z",
"aliases": [
"CVE-2024-0656"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/02/GHSA-gpw4-cp4w-g7v7/GHSA-gpw4-cp4w-g7v7.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/02/GHSA-jfrp-h2rj-4pmw/GHSA-jfrp-h2rj-4pmw.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jfrp-h2rj-4pmw",
"modified": "2024-02-28T15:30:56Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-28T15:30:56Z",
"aliases": [
"CVE-2024-1808"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/02/GHSA-jp7p-g5x9-86p7/GHSA-jp7p-g5x9-86p7.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jp7p-g5x9-86p7",
"modified": "2024-02-29T03:33:15Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-29T03:33:15Z",
"aliases": [
"CVE-2024-0792"
@ -37,7 +37,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/02/GHSA-jqm3-j4q4-p7rj/GHSA-jqm3-j4q4-p7rj.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jqm3-j4q4-p7rj",
"modified": "2024-02-29T03:33:15Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-29T03:33:15Z",
"aliases": [
"CVE-2024-0506"
@ -37,7 +37,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/02/GHSA-vx3h-hfch-2ch8/GHSA-vx3h-hfch-2ch8.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vx3h-hfch-2ch8",
"modified": "2024-02-29T03:33:17Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-29T03:33:17Z",
"aliases": [
"CVE-2024-1389"
@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

2
advisories/unreviewed/2024/02/GHSA-xp5v-3j5r-jjc9/GHSA-xp5v-3j5r-jjc9.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-xp5v-3j5r-jjc9",
"modified": "2024-08-01T15:31:27Z",
"modified": "2025-01-27T18:31:57Z",
"published": "2024-02-22T06:30:33Z",
"aliases": [
"CVE-2024-23133"

3
advisories/unreviewed/2024/03/GHSA-395r-v34f-5jmw/GHSA-395r-v34f-5jmw.json
Просмотреть файл

@ -34,7 +34,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/03/GHSA-fw86-52fv-6jpx/GHSA-fw86-52fv-6jpx.json
Просмотреть файл

@ -34,7 +34,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/03/GHSA-v34r-9w5x-4c33/GHSA-v34r-9w5x-4c33.json
Просмотреть файл

@ -34,7 +34,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-2p5q-v3v6-46h5/GHSA-2p5q-v3v6-46h5.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-3cf7-8394-7xmp/GHSA-3cf7-8394-7xmp.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-4qf6-pw5g-fjgf/GHSA-4qf6-pw5g-fjgf.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-5ccm-hxhv-w693/GHSA-5ccm-hxhv-w693.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-5cp4-5pxh-47cm/GHSA-5cp4-5pxh-47cm.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-7rww-65p2-qxxm/GHSA-7rww-65p2-qxxm.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-9wwg-9qf5-q4v9/GHSA-9wwg-9qf5-q4v9.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-cgq2-cjx2-777w/GHSA-cgq2-cjx2-777w.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-cwvf-gq9g-7g6c/GHSA-cwvf-gq9g-7g6c.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-f755-p72c-mhgq/GHSA-f755-p72c-mhgq.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-fp82-ccw9-7g5p/GHSA-fp82-ccw9-7g5p.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-hq97-78w2-f272/GHSA-hq97-78w2-f272.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-j9wm-c67x-v933/GHSA-j9wm-c67x-v933.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-jq6r-qxvf-4wrv/GHSA-jq6r-qxvf-4wrv.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-m46f-6r28-g554/GHSA-m46f-6r28-g554.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-m5cm-ff2v-j4hc/GHSA-m5cm-ff2v-j4hc.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-mcqc-h58c-24vj/GHSA-mcqc-h58c-24vj.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-mhrv-ffq7-3g67/GHSA-mhrv-ffq7-3g67.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-p79r-6qwm-7xg5/GHSA-p79r-6qwm-7xg5.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-q4xw-qv7c-q8pp/GHSA-q4xw-qv7c-q8pp.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-q74p-v389-xm2f/GHSA-q74p-v389-xm2f.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-rx97-mvj7-rx8w/GHSA-rx97-mvj7-rx8w.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/04/GHSA-vp2r-x5x7-7629/GHSA-vp2r-x5x7-7629.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

4
advisories/unreviewed/2024/05/GHSA-97cq-v4mw-v427/GHSA-97cq-v4mw-v427.json
Просмотреть файл

@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

3
advisories/unreviewed/2024/05/GHSA-98jv-mj99-2vh5/GHSA-98jv-mj99-2vh5.json
Просмотреть файл

@ -38,7 +38,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-121"
"CWE-121",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

3
advisories/unreviewed/2024/05/GHSA-f4jg-5wj8-pr9p/GHSA-f4jg-5wj8-pr9p.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f4jg-5wj8-pr9p",
"modified": "2024-05-14T18:30:52Z",
"modified": "2025-01-27T18:31:59Z",
"published": "2024-05-14T18:30:52Z",
"aliases": [
"CVE-2024-3037"
@ -26,6 +26,7 @@
],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-59"
],
"severity": "MODERATE",

4
advisories/unreviewed/2024/06/GHSA-6j9m-j3p6-r74x/GHSA-6j9m-j3p6-r74x.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/06/GHSA-cx9r-mjxm-vrgw/GHSA-cx9r-mjxm-vrgw.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

2
advisories/unreviewed/2024/09/GHSA-f95m-8pg6-37q7/GHSA-f95m-8pg6-37q7.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f95m-8pg6-37q7",
"modified": "2024-09-26T15:30:38Z",
"modified": "2025-01-27T18:31:59Z",
"published": "2024-09-25T03:30:36Z",
"aliases": [
"CVE-2024-8914"

3
advisories/unreviewed/2024/10/GHSA-5qpf-cx59-xvm8/GHSA-5qpf-cx59-xvm8.json
Просмотреть файл

@ -30,7 +30,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-288"
"CWE-288",
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,

11
advisories/unreviewed/2024/11/GHSA-x8m2-f296-h7vh/GHSA-x8m2-f296-h7vh.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x8m2-f296-h7vh",
"modified": "2024-11-11T00:30:44Z",
"modified": "2025-01-27T18:32:00Z",
"published": "2024-11-11T00:30:44Z",
"aliases": [
"CVE-2020-10370"
],
"details": "Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a \"Spectra\" attack.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
@ -37,7 +42,7 @@
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-11T00:15:13Z"

48
advisories/unreviewed/2025/01/GHSA-22rr-c324-2vj7/GHSA-22rr-c324-2vj7.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-22rr-c324-2vj7",
"modified": "2025-01-27T18:32:02Z",
"published": "2025-01-27T18:32:02Z",
"aliases": [
"CVE-2025-0732"
],
"details": "A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0732"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293510"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293510"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.481209"
}
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T18:15:40Z"
}
}

40
advisories/unreviewed/2025/01/GHSA-2mvp-p4pm-xcpx/GHSA-2mvp-p4pm-xcpx.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2mvp-p4pm-xcpx",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2024-38320"
],
"details": "IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38320"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7173462"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7173465"
}
],
"database_specific": {
"cwe_ids": [
"CWE-327"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:30Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-2qh5-xjr3-fwj3/GHSA-2qh5-xjr3-fwj3.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2qh5-xjr3-fwj3",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-48418"
],
"details": "In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48418"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md"
},
{
"type": "WEB",
"url": "http://edimax.com"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:15Z"
}
}

45
advisories/unreviewed/2025/01/GHSA-2v3r-gvq5-qqgh/GHSA-2v3r-gvq5-qqgh.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2v3r-gvq5-qqgh",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-55227"
],
"details": "A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55227"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99"
},
{
"type": "WEB",
"url": "https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/security/policy"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

29
advisories/unreviewed/2025/01/GHSA-2xfh-jfm3-6xpr/GHSA-2xfh-jfm3-6xpr.json Normal file
Просмотреть файл

@ -0,0 +1,29 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2xfh-jfm3-6xpr",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-57272"
],
"details": "SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS).",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57272"
},
{
"type": "WEB",
"url": "https://github.com/kklzzcun/Camera/blob/main/SecureSTATION%20%E5%AD%98%E5%9C%A8%E5%8F%8D%E5%B0%84%E5%BD%A2XSS%E6%BC%8F%E6%B4%9E.md"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-2xxp-jv88-pg4x/GHSA-2xxp-jv88-pg4x.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2xxp-jv88-pg4x",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2024-38325"
],
"details": "IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI \n\ncould allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38325"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7168640"
}
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:31Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-398q-xwvh-4mpj/GHSA-398q-xwvh-4mpj.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-398q-xwvh-4mpj",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-57276"
],
"details": "In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57276"
},
{
"type": "WEB",
"url": "https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md"
},
{
"type": "WEB",
"url": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Dragon%20Age%20Origins/Description.md"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

48
advisories/unreviewed/2025/01/GHSA-3gvp-wpmx-3ff3/GHSA-3gvp-wpmx-3ff3.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3gvp-wpmx-3ff3",
"modified": "2025-01-27T18:32:02Z",
"published": "2025-01-27T18:32:02Z",
"aliases": [
"CVE-2025-0733"
],
"details": "A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0733"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293511"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293511"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.481185"
}
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T18:15:40Z"
}
}

38
advisories/unreviewed/2025/01/GHSA-5mwc-px82-x995/GHSA-5mwc-px82-x995.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5mwc-px82-x995",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-12740"
],
"details": "Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12740"
},
{
"type": "WEB",
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dependency-on-vulnerable-third-party-component-exposes-vulnerabi.html"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T18:15:36Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-6wqf-f4xj-mxq4/GHSA-6wqf-f4xj-mxq4.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6wqf-f4xj-mxq4",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-48419"
],
"details": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with \"root\" privileges.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48419"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48419.md"
},
{
"type": "WEB",
"url": "http://edimax.com"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

6
advisories/unreviewed/2025/01/GHSA-6xjp-947h-mxr8/GHSA-6xjp-947h-mxr8.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6xjp-947h-mxr8",
"modified": "2025-01-22T15:32:35Z",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-22T15:32:35Z",
"aliases": [
"CVE-2025-22980"
@ -17,6 +17,10 @@
{
"type": "WEB",
"url": "https://github.com/slims/slims9_bulian/issues/270"
},
{
"type": "WEB",
"url": "https://mebroccoli.blogspot.com/2025/01/sql-injection-vulnerability-in-senayan.html"
}
],
"database_specific": {

60
advisories/unreviewed/2025/01/GHSA-735v-r5c6-6249/GHSA-735v-r5c6-6249.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.4.0",
"id": "GHSA-735v-r5c6-6249",
"modified": "2025-01-27T18:32:02Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2025-0730"
],
"details": "A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0730"
},
{
"type": "WEB",
"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20sensitive%20info%20in%20GET.md"
},
{
"type": "WEB",
"url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293508"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293508"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.478465"
},
{
"type": "WEB",
"url": "https://www.tp-link.com"
}
],
"database_specific": {
"cwe_ids": [
"CWE-598"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:17Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-8787-qmx9-7w46/GHSA-8787-qmx9-7w46.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8787-qmx9-7w46",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-48420"
],
"details": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48420"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48420.md"
},
{
"type": "WEB",
"url": "http://edimax.com"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-9q3v-94jq-7v4q/GHSA-9q3v-94jq-7v4q.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9q3v-94jq-7v4q",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-48416"
],
"details": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48416"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48416.md"
},
{
"type": "WEB",
"url": "http://edimax.com"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:15Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-9qc8-8f6v-4qc3/GHSA-9qc8-8f6v-4qc3.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9qc8-8f6v-4qc3",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-48417"
],
"details": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48417"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48417.md"
},
{
"type": "WEB",
"url": "http://edimax.com"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:15Z"
}
}

60
advisories/unreviewed/2025/01/GHSA-cg43-4593-g94c/GHSA-cg43-4593-g94c.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cg43-4593-g94c",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2025-0729"
],
"details": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0729"
},
{
"type": "WEB",
"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md"
},
{
"type": "WEB",
"url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293507"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293507"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.478451"
},
{
"type": "WEB",
"url": "https://www.tp-link.com"
}
],
"database_specific": {
"cwe_ids": [
"CWE-451"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-f29g-4ccg-j7fc/GHSA-f29g-4ccg-j7fc.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f29g-4ccg-j7fc",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2023-52292"
],
"details": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52292"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176079"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:29Z"
}
}

15
advisories/unreviewed/2025/01/GHSA-hrpc-m3r9-f5w5/GHSA-hrpc-m3r9-f5w5.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hrpc-m3r9-f5w5",
"modified": "2025-01-27T15:30:57Z",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2024-57595"
],
"details": "DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter \"wps_pin\" passed to the apc_client_pin.cgi binary through a POST request.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-78"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:11Z"

36
advisories/unreviewed/2025/01/GHSA-m2cc-r4gc-qq4v/GHSA-m2cc-r4gc-qq4v.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m2cc-r4gc-qq4v",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2024-37527"
],
"details": "IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37527"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7171880"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:30Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-p5mg-83xj-vfq6/GHSA-p5mg-83xj-vfq6.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p5mg-83xj-vfq6",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2024-22316"
],
"details": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22316"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176083"
}
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:30Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-q9fm-h69x-8j48/GHSA-q9fm-h69x-8j48.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q9fm-h69x-8j48",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T18:32:00Z",
"aliases": [
"CVE-2023-47159"
],
"details": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47159"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176083"
}
],
"database_specific": {
"cwe_ids": [
"CWE-204"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T16:15:29Z"
}
}

37
advisories/unreviewed/2025/01/GHSA-rx3r-45qh-9rcc/GHSA-rx3r-45qh-9rcc.json Normal file
Просмотреть файл

@ -0,0 +1,37 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rx3r-45qh-9rcc",
"modified": "2025-01-27T18:32:02Z",
"published": "2025-01-27T18:32:02Z",
"aliases": [
"CVE-2024-26317"
],
"details": "In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26317"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1aGLAFz20-fc7ZLiWouegyK_65jCkGTDb/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://github.com/illumos/illumos-gate"
},
{
"type": "WEB",
"url": "https://rashidkhanpathan.github.io/posts/CVE-2024-26317-Elliptic-curve-point-addition-error"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T18:15:38Z"
}
}

11
advisories/unreviewed/2025/01/GHSA-v9f7-mhwh-hfh9/GHSA-v9f7-mhwh-hfh9.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v9f7-mhwh-hfh9",
"modified": "2025-01-27T06:30:26Z",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-27T06:30:26Z",
"aliases": [
"CVE-2024-12773"
],
"details": "The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
@ -21,7 +26,7 @@
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T06:15:22Z"

15
advisories/unreviewed/2025/01/GHSA-vg55-9467-jpw8/GHSA-vg55-9467-jpw8.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vg55-9467-jpw8",
"modified": "2025-01-25T00:33:10Z",
"modified": "2025-01-27T18:32:00Z",
"published": "2025-01-25T00:33:10Z",
"aliases": [
"CVE-2024-50697"
],
"details": "In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
@ -20,8 +25,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-120"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T23:15:09Z"

45
advisories/unreviewed/2025/01/GHSA-x2j8-vjg7-386r/GHSA-x2j8-vjg7-386r.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x2j8-vjg7-386r",
"modified": "2025-01-27T18:32:01Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-55228"
],
"details": "A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55228"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99"
},
{
"type": "WEB",
"url": "https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/security/policy"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}