-
Notifications
You must be signed in to change notification settings - Fork 344
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-2pvv-x6hx-hgmv GHSA-4334-98hj-rq43 GHSA-463p-h598-5ggq GHSA-58m3-45vv-x3pr GHSA-9xfw-qvx6-3jqx GHSA-h6qm-w442-h848 GHSA-j385-mg6r-c27c GHSA-j7gc-m6xw-4q7x GHSA-m7rr-9vhr-9v38 GHSA-r25g-5h2c-5c47 GHSA-vgpg-v44j-569m GHSA-w8fp-x7hq-xp6c GHSA-wcm4-46ph-w33q
- Loading branch information
1 parent
382a2d6
commit 3781448
Showing
13 changed files
with
472 additions
and
0 deletions.
There are no files selected for viewing
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-2pvv-x6hx-hgmv/GHSA-2pvv-x6hx-hgmv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-2pvv-x6hx-hgmv", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47926" | ||
| ], | ||
| "details": "Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47926" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-89" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:07Z" | ||
| } | ||
| } |
40 changes: 40 additions & 0 deletions
40
advisories/unreviewed/2024/12/GHSA-4334-98hj-rq43/GHSA-4334-98hj-rq43.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4334-98hj-rq43", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-12993" | ||
| ], | ||
| "details": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. \nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12993" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cert.pl/posts/2024/12/CVE-2024-12993" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-497" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T11:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-463p-h598-5ggq/GHSA-463p-h598-5ggq.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-463p-h598-5ggq", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47920" | ||
| ], | ||
| "details": "Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47920" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-58m3-45vv-x3pr/GHSA-58m3-45vv-x3pr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-58m3-45vv-x3pr", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47922" | ||
| ], | ||
| "details": "Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47922" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-200" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-9xfw-qvx6-3jqx/GHSA-9xfw-qvx6-3jqx.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9xfw-qvx6-3jqx", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47925" | ||
| ], | ||
| "details": "Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47925" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:07Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-h6qm-w442-h848/GHSA-h6qm-w442-h848.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-h6qm-w442-h848", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-10044" | ||
| ], | ||
| "details": "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10044" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-918" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T12:15:05Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-j385-mg6r-c27c/GHSA-j385-mg6r-c27c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-j385-mg6r-c27c", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47918" | ||
| ], | ||
| "details": "Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47918" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-78" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-j7gc-m6xw-4q7x/GHSA-j7gc-m6xw-4q7x.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-j7gc-m6xw-4q7x", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47917" | ||
| ], | ||
| "details": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47917" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-m7rr-9vhr-9v38/GHSA-m7rr-9vhr-9v38.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-m7rr-9vhr-9v38", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-22063" | ||
| ], | ||
| "details": "The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22063" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-1236" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:05Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-r25g-5h2c-5c47/GHSA-r25g-5h2c-5c47.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-r25g-5h2c-5c47", | ||
| "modified": "2024-12-30T12:30:32Z", | ||
| "published": "2024-12-30T12:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-47923" | ||
| ], | ||
| "details": "Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47923" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.gov.il/en/Departments/faq/cve_advisories" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-200" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-30T10:15:06Z" | ||
| } | ||
| } |
Oops, something went wrong.