github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-jq4r-95xf-pj6r
GHSA-w9pq-cx97-h8gm
GHSA-wj7c-h9x2-w8cg
GHSA-3375-vg47-m3gm
GHSA-52m3-99g2-f396
GHSA-g74p-v363-hqxr
GHSA-rwqc-8qvc-52fh
GHSA-vh53-65cw-j6wx
GHSA-24xv-7qh2-7x7v
GHSA-6jgw-jcj4-2755
GHSA-cj9p-j3hg-5xmv
GHSA-f46m-922r-q9mg
GHSA-j533-xx2h-c654
GHSA-j7f8-6566-phx5
GHSA-j95r-rm3w-f776
GHSA-mrch-6g3f-vm3c
GHSA-pfqg-fqgc-5rc8
GHSA-rpcx-p9vc-6cq7
GHSA-rpm9-4hwq-7f64
GHSA-wc26-5mpc-q6qx
GHSA-x5mc-f54f-4pwj
This commit is contained in:
advisory-database[bot] 2025-01-24 15:32:41 +00:00
Родитель 848b5b6ced
Коммит dc3f55e3db
21 изменённых файлов: 499 добавлений и 16 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
advisories/unreviewed/2023/05/GHSA-jq4r-95xf-pj6r/GHSA-jq4r-95xf-pj6r.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-20"
"CWE-20",
"CWE-787"
],
"severity": "MODERATE",
"github_reviewed": false,

3
advisories/unreviewed/2023/05/GHSA-w9pq-cx97-h8gm/GHSA-w9pq-cx97-h8gm.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-20"
"CWE-20",
"CWE-787"
],
"severity": "MODERATE",
"github_reviewed": false,

2
advisories/unreviewed/2024/02/GHSA-wj7c-h9x2-w8cg/GHSA-wj7c-h9x2-w8cg.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-wj7c-h9x2-w8cg",
"modified": "2024-02-19T18:31:32Z",
"modified": "2025-01-24T15:30:46Z",
"published": "2024-02-19T18:31:32Z",
"aliases": [
"CVE-2024-1633"

6
advisories/unreviewed/2024/05/GHSA-3375-vg47-m3gm/GHSA-3375-vg47-m3gm.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3375-vg47-m3gm",
"modified": "2024-05-21T12:30:52Z",
"modified": "2025-01-24T15:30:46Z",
"published": "2024-05-21T12:30:52Z",
"aliases": [
"CVE-2024-4876"
@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/05/GHSA-52m3-99g2-f396/GHSA-52m3-99g2-f396.json
Просмотреть файл

@ -53,7 +53,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-g74p-v363-hqxr/GHSA-g74p-v363-hqxr.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-g74p-v363-hqxr",
"modified": "2024-05-21T12:30:52Z",
"modified": "2025-01-24T15:30:46Z",
"published": "2024-05-21T12:30:52Z",
"aliases": [
"CVE-2024-4553"
@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-rwqc-8qvc-52fh/GHSA-rwqc-8qvc-52fh.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rwqc-8qvc-52fh",
"modified": "2024-05-21T12:30:52Z",
"modified": "2025-01-24T15:30:46Z",
"published": "2024-05-21T12:30:52Z",
"aliases": [
"CVE-2024-4619"
@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

6
advisories/unreviewed/2024/05/GHSA-vh53-65cw-j6wx/GHSA-vh53-65cw-j6wx.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vh53-65cw-j6wx",
"modified": "2024-05-22T09:31:47Z",
"modified": "2025-01-24T15:30:46Z",
"published": "2024-05-22T09:31:47Z",
"aliases": [
"CVE-2024-5025"
@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

40
advisories/unreviewed/2025/01/GHSA-24xv-7qh2-7x7v/GHSA-24xv-7qh2-7x7v.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-24xv-7qh2-7x7v",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-10324"
],
"details": "The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10324"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:30Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-6jgw-jcj4-2755/GHSA-6jgw-jcj4-2755.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6jgw-jcj4-2755",
"modified": "2025-01-24T15:30:48Z",
"published": "2025-01-24T15:30:48Z",
"aliases": [
"CVE-2024-9492"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9492"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:10Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-cj9p-j3hg-5xmv/GHSA-cj9p-j3hg-5xmv.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cj9p-j3hg-5xmv",
"modified": "2025-01-24T15:30:48Z",
"published": "2025-01-24T15:30:48Z",
"aliases": [
"CVE-2024-9493"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the \n\nToolStick\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9493"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:11Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-f46m-922r-q9mg/GHSA-f46m-922r-q9mg.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f46m-922r-q9mg",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-41739"
],
"details": "IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41739"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7177766"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:31Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-j533-xx2h-c654/GHSA-j533-xx2h-c654.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j533-xx2h-c654",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-9490"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9490"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:10Z"
}
}

40
advisories/unreviewed/2025/01/GHSA-j7f8-6566-phx5/GHSA-j7f8-6566-phx5.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j7f8-6566-phx5",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-57184"
],
"details": "An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57184"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1421"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2"
}
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:31Z"
}
}

40
advisories/unreviewed/2025/01/GHSA-j95r-rm3w-f776/GHSA-j95r-rm3w-f776.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j95r-rm3w-f776",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-11913"
],
"details": "The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11913"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-activity-plus-reloaded/tags/1.1.2/src/handlers/class-bpapr-preview-handler.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69485409-8e91-4651-b9b8-69beb2364fa8?source=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:31Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-mrch-6g3f-vm3c/GHSA-mrch-6g3f-vm3c.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mrch-6g3f-vm3c",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2024-9491"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9491"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:10Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-pfqg-fqgc-5rc8/GHSA-pfqg-fqgc-5rc8.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pfqg-fqgc-5rc8",
"modified": "2025-01-24T15:30:48Z",
"published": "2025-01-24T15:30:48Z",
"aliases": [
"CVE-2024-9495"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9495"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:11Z"
}
}

52
advisories/unreviewed/2025/01/GHSA-rpcx-p9vc-6cq7/GHSA-rpcx-p9vc-6cq7.json Normal file
Просмотреть файл

@ -0,0 +1,52 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rpcx-p9vc-6cq7",
"modified": "2025-01-24T15:30:48Z",
"published": "2025-01-24T15:30:48Z",
"aliases": [
"CVE-2025-0697"
],
"details": "A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0697"
},
{
"type": "WEB",
"url": "https://github.com/bloodbile/Telstra-RHI"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293223"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293223"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.480045"
}
],
"database_specific": {
"cwe_ids": [
"CWE-74"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:12Z"
}
}

15
advisories/unreviewed/2025/01/GHSA-rpm9-4hwq-7f64/GHSA-rpm9-4hwq-7f64.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rpm9-4hwq-7f64",
"modified": "2025-01-24T00:31:47Z",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T00:31:47Z",
"aliases": [
"CVE-2021-42718"
],
"details": "Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800.\n\nThis CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024.\n\nSummary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”)\n\nDescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured.\n\nThis data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed.\n\nTimelineThis issue was discovered during a security review on 16 September 2021.\nPatched versions were released on 23 September 2021.\nThis advisory was published on 21 October 2021.\n\n\nThe CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
@ -20,8 +25,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-922"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-23T23:15:07Z"

40
advisories/unreviewed/2025/01/GHSA-wc26-5mpc-q6qx/GHSA-wc26-5mpc-q6qx.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-wc26-5mpc-q6qx",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"aliases": [
"CVE-2022-47090"
],
"details": "GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47090"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2341"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d"
}
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-x5mc-f54f-4pwj/GHSA-x5mc-f54f-4pwj.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x5mc-f54f-4pwj",
"modified": "2025-01-24T15:30:48Z",
"published": "2025-01-24T15:30:48Z",
"aliases": [
"CVE-2024-9494"
],
"details": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the \n\n\n\nCP210 VCP Win 2k\n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9494"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T15:15:11Z"
}
}