-
Notifications
You must be signed in to change notification settings - Fork 345
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-fjp9-rfvr-287m GHSA-rfwv-p62g-fm8q GHSA-2rpj-3g7q-6cpj GHSA-38cx-x5rg-m9mx GHSA-4fj3-xj7w-f7cv GHSA-5j33-cvvr-w245 GHSA-5vhj-65c8-9r9j GHSA-653p-vg55-5652 GHSA-6vx6-fgqf-mphh GHSA-792c-2vqr-262x GHSA-883f-932m-665g GHSA-9c83-cg8h-x7rp GHSA-9m5j-63r8-6hp8 GHSA-cwr4-4jj2-mpc2 GHSA-fx48-mhc8-xx2j GHSA-gf85-q5rv-vmw6 GHSA-rmhp-cwvx-258p GHSA-w863-c2hv-xjc5
- Loading branch information
1 parent
1b45fef
commit aef7ebc
Showing
18 changed files
with
460 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
advisories/unreviewed/2024/12/GHSA-2rpj-3g7q-6cpj/GHSA-2rpj-3g7q-6cpj.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-2rpj-3g7q-6cpj", | ||
| "modified": "2024-12-17T15:31:43Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-10356" | ||
| ], | ||
| "details": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10356" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-200" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T13:15:17Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
advisories/unreviewed/2024/12/GHSA-4fj3-xj7w-f7cv/GHSA-4fj3-xj7w-f7cv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4fj3-xj7w-f7cv", | ||
| "modified": "2024-12-17T15:31:44Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-36832" | ||
| ], | ||
| "details": "A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36832" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://docs.google.com/document/d/1qTpwAg7B5E4mqkBzijjuoOWWnf3OE1HXIKBv7OcS8Mc/edit?usp=sharing" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10396" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.dlink.com/en" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.dlink.com/en/security-bulletin" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T15:15:13Z" | ||
| } | ||
| } |
31 changes: 31 additions & 0 deletions
31
advisories/unreviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5j33-cvvr-w245", | ||
| "modified": "2024-12-17T15:31:43Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-50379" | ||
| ], | ||
| "details": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-367" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T13:15:18Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
advisories/unreviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-653p-vg55-5652", | ||
| "modified": "2024-12-17T15:31:43Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-54677" | ||
| ], | ||
| "details": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-400" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T13:15:18Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-6vx6-fgqf-mphh/GHSA-6vx6-fgqf-mphh.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6vx6-fgqf-mphh", | ||
| "modified": "2024-12-17T15:31:43Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-8972" | ||
| ], | ||
| "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8972" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.usom.gov.tr/bildirim/tr-24-1890" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-89" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T14:15:20Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-792c-2vqr-262x/GHSA-792c-2vqr-262x.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-792c-2vqr-262x", | ||
| "modified": "2024-12-17T15:31:43Z", | ||
| "published": "2024-12-17T15:31:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-9819" | ||
| ], | ||
| "details": "Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9819" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.usom.gov.tr/bildirim/tr-24-1889" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-639" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-17T13:15:19Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.