-
Notifications
You must be signed in to change notification settings - Fork 346
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-36vc-7w44-2c6h GHSA-5855-pjcr-9mh8 GHSA-62rj-q587-5xq8 GHSA-665g-3f9r-875q GHSA-77mp-qmr4-jggx GHSA-8g3g-85w5-qrm6 GHSA-c3vh-vj4j-ph6x GHSA-ghpw-cph8-v3rm GHSA-gp3c-h68x-v9g8 GHSA-pq62-7rf2-mhcm
- Loading branch information
1 parent
f038fab
commit 5328ada
Showing
10 changed files
with
260 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-5855-pjcr-9mh8/GHSA-5855-pjcr-9mh8.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5855-pjcr-9mh8", | ||
| "modified": "2024-12-21T00:33:05Z", | ||
| "published": "2024-12-21T00:33:05Z", | ||
| "aliases": [ | ||
| "CVE-2024-12845" | ||
| ], | ||
| "details": "A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12845" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/emlog/emlog/issues/306" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289081" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289081" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.462477" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-20T22:15:24Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2024/12/GHSA-62rj-q587-5xq8/GHSA-62rj-q587-5xq8.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-62rj-q587-5xq8", | ||
| "modified": "2024-12-21T00:33:05Z", | ||
| "published": "2024-12-21T00:33:05Z", | ||
| "aliases": [ | ||
| "CVE-2021-40959" | ||
| ], | ||
| "details": "A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim's session.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40959" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://rubiya.kr/CVE-2021-40959" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-20T22:15:24Z" | ||
| } | ||
| } |
40 changes: 40 additions & 0 deletions
40
advisories/unreviewed/2024/12/GHSA-665g-3f9r-875q/GHSA-665g-3f9r-875q.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-665g-3f9r-875q", | ||
| "modified": "2024-12-21T00:33:05Z", | ||
| "published": "2024-12-21T00:33:05Z", | ||
| "aliases": [ | ||
| "CVE-2024-11811" | ||
| ], | ||
| "details": "The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11811" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3209183%40push-notification-by-feedify%2Ftrunk&old=3177773%40push-notification-by-feedify%2Ftrunk&sfp_email=&sfph_mail=#file15" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5a33fd-ecc6-40bf-93a5-10ead1c4c1f5?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-20T23:15:05Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
advisories/unreviewed/2024/12/GHSA-8g3g-85w5-qrm6/GHSA-8g3g-85w5-qrm6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-8g3g-85w5-qrm6", | ||
| "modified": "2024-12-21T00:33:04Z", | ||
| "published": "2024-12-21T00:33:04Z", | ||
| "aliases": [ | ||
| "CVE-2020-13712" | ||
| ], | ||
| "details": "A command injection is possible through the user interface, allowing arbitrary command execution as \nthe root user. oMG2000 running MGOS 3.15.1 or earlier is affected. \n\nMG90 running MGOS 4.2.1 or earlier is affected.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13712" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-78" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-20T22:15:23Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-c3vh-vj4j-ph6x/GHSA-c3vh-vj4j-ph6x.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-c3vh-vj4j-ph6x", | ||
| "modified": "2024-12-21T00:33:05Z", | ||
| "published": "2024-12-21T00:33:05Z", | ||
| "aliases": [ | ||
| "CVE-2023-31280" | ||
| ], | ||
| "details": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31280" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-200" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T00:15:27Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-pq62-7rf2-mhcm/GHSA-pq62-7rf2-mhcm.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-pq62-7rf2-mhcm", | ||
| "modified": "2024-12-21T00:33:05Z", | ||
| "published": "2024-12-21T00:33:05Z", | ||
| "aliases": [ | ||
| "CVE-2023-31279" | ||
| ], | ||
| "details": "The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered \ndevices on the AirVantage platform when the owner has not disabled the AirVantage Management \nService on the devices or registered the device. This could enable an attacker to configure, manage, \nand execute AT commands on an unsuspecting user’s devices.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31279" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-287" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T00:15:27Z" | ||
| } | ||
| } |