From aef7ebc5e55367ff318a0d202989b1a160fdef2c Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:33:14 +0000 Subject: [PATCH] Publish Advisories GHSA-fjp9-rfvr-287m GHSA-rfwv-p62g-fm8q GHSA-2rpj-3g7q-6cpj GHSA-38cx-x5rg-m9mx GHSA-4fj3-xj7w-f7cv GHSA-5j33-cvvr-w245 GHSA-5vhj-65c8-9r9j GHSA-653p-vg55-5652 GHSA-6vx6-fgqf-mphh GHSA-792c-2vqr-262x GHSA-883f-932m-665g GHSA-9c83-cg8h-x7rp GHSA-9m5j-63r8-6hp8 GHSA-cwr4-4jj2-mpc2 GHSA-fx48-mhc8-xx2j GHSA-gf85-q5rv-vmw6 GHSA-rmhp-cwvx-258p GHSA-w863-c2hv-xjc5 --- .../GHSA-fjp9-rfvr-287m.json | 11 +++-- .../GHSA-rfwv-p62g-fm8q.json | 15 +++++-- .../GHSA-2rpj-3g7q-6cpj.json | 40 ++++++++++++++++++ .../GHSA-38cx-x5rg-m9mx.json | 15 +++++-- .../GHSA-4fj3-xj7w-f7cv.json | 41 +++++++++++++++++++ .../GHSA-5j33-cvvr-w245.json | 31 ++++++++++++++ .../GHSA-5vhj-65c8-9r9j.json | 15 +++++-- .../GHSA-653p-vg55-5652.json | 31 ++++++++++++++ .../GHSA-6vx6-fgqf-mphh.json | 36 ++++++++++++++++ .../GHSA-792c-2vqr-262x.json | 36 ++++++++++++++++ .../GHSA-883f-932m-665g.json | 9 +++- .../GHSA-9c83-cg8h-x7rp.json | 15 +++++-- .../GHSA-9m5j-63r8-6hp8.json | 15 +++++-- .../GHSA-cwr4-4jj2-mpc2.json | 15 +++++-- .../GHSA-fx48-mhc8-xx2j.json | 41 +++++++++++++++++++ .../GHSA-gf85-q5rv-vmw6.json | 41 +++++++++++++++++++ .../GHSA-rmhp-cwvx-258p.json | 41 +++++++++++++++++++ .../GHSA-w863-c2hv-xjc5.json | 41 +++++++++++++++++++ 18 files changed, 460 insertions(+), 29 deletions(-) create mode 100644 advisories/unreviewed/2024/12/GHSA-2rpj-3g7q-6cpj/GHSA-2rpj-3g7q-6cpj.json create mode 100644 advisories/unreviewed/2024/12/GHSA-4fj3-xj7w-f7cv/GHSA-4fj3-xj7w-f7cv.json create mode 100644 advisories/unreviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json create mode 100644 advisories/unreviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json create mode 100644 advisories/unreviewed/2024/12/GHSA-6vx6-fgqf-mphh/GHSA-6vx6-fgqf-mphh.json create mode 100644 advisories/unreviewed/2024/12/GHSA-792c-2vqr-262x/GHSA-792c-2vqr-262x.json create mode 100644 advisories/unreviewed/2024/12/GHSA-fx48-mhc8-xx2j/GHSA-fx48-mhc8-xx2j.json create mode 100644 advisories/unreviewed/2024/12/GHSA-gf85-q5rv-vmw6/GHSA-gf85-q5rv-vmw6.json create mode 100644 advisories/unreviewed/2024/12/GHSA-rmhp-cwvx-258p/GHSA-rmhp-cwvx-258p.json create mode 100644 advisories/unreviewed/2024/12/GHSA-w863-c2hv-xjc5/GHSA-w863-c2hv-xjc5.json diff --git a/advisories/unreviewed/2024/03/GHSA-fjp9-rfvr-287m/GHSA-fjp9-rfvr-287m.json b/advisories/unreviewed/2024/03/GHSA-fjp9-rfvr-287m/GHSA-fjp9-rfvr-287m.json index 167f842768103..763e191874f55 100644 --- a/advisories/unreviewed/2024/03/GHSA-fjp9-rfvr-287m/GHSA-fjp9-rfvr-287m.json +++ b/advisories/unreviewed/2024/03/GHSA-fjp9-rfvr-287m/GHSA-fjp9-rfvr-287m.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-fjp9-rfvr-287m", - "modified": "2024-03-25T09:32:35Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-03-25T09:32:35Z", "aliases": [ "CVE-2021-47144" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: fix refcount leak\n\n[Why]\nthe gem object rfb->base.obj[0] is get according to num_planes\nin amdgpufb_create, but is not put according to num_planes\n\n[How]\nput rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -37,7 +42,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-03-25T09:15:08Z" diff --git a/advisories/unreviewed/2024/03/GHSA-rfwv-p62g-fm8q/GHSA-rfwv-p62g-fm8q.json b/advisories/unreviewed/2024/03/GHSA-rfwv-p62g-fm8q/GHSA-rfwv-p62g-fm8q.json index 58fc2a17334d2..24ab8708ab61e 100644 --- a/advisories/unreviewed/2024/03/GHSA-rfwv-p62g-fm8q/GHSA-rfwv-p62g-fm8q.json +++ b/advisories/unreviewed/2024/03/GHSA-rfwv-p62g-fm8q/GHSA-rfwv-p62g-fm8q.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rfwv-p62g-fm8q", - "modified": "2024-03-25T09:32:35Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-03-25T09:32:35Z", "aliases": [ "CVE-2021-47142" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix a use-after-free\n\nlooks like we forget to set ttm->sg to NULL.\nHit panic below\n\n[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 1235.989074] Call Trace:\n[ 1235.991751] sg_free_table+0x17/0x20\n[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]\n[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]\n[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]\n[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]\n[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]\n[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]\n[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]\n[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]\n[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]\n[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-03-25T09:15:08Z" diff --git a/advisories/unreviewed/2024/12/GHSA-2rpj-3g7q-6cpj/GHSA-2rpj-3g7q-6cpj.json b/advisories/unreviewed/2024/12/GHSA-2rpj-3g7q-6cpj/GHSA-2rpj-3g7q-6cpj.json new file mode 100644 index 0000000000000..1b0e7374ed391 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-2rpj-3g7q-6cpj/GHSA-2rpj-3g7q-6cpj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2rpj-3g7q-6cpj", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-10356" + ], + "details": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10356" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T13:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-38cx-x5rg-m9mx/GHSA-38cx-x5rg-m9mx.json b/advisories/unreviewed/2024/12/GHSA-38cx-x5rg-m9mx/GHSA-38cx-x5rg-m9mx.json index 7eb83b58b3ebe..c337a8c129c69 100644 --- a/advisories/unreviewed/2024/12/GHSA-38cx-x5rg-m9mx/GHSA-38cx-x5rg-m9mx.json +++ b/advisories/unreviewed/2024/12/GHSA-38cx-x5rg-m9mx/GHSA-38cx-x5rg-m9mx.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-38cx-x5rg-m9mx", - "modified": "2024-12-17T00:31:18Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T00:31:18Z", "aliases": [ "CVE-2024-55085" ], "details": "GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-12-16T23:15:06Z" diff --git a/advisories/unreviewed/2024/12/GHSA-4fj3-xj7w-f7cv/GHSA-4fj3-xj7w-f7cv.json b/advisories/unreviewed/2024/12/GHSA-4fj3-xj7w-f7cv/GHSA-4fj3-xj7w-f7cv.json new file mode 100644 index 0000000000000..51a91949925e3 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4fj3-xj7w-f7cv/GHSA-4fj3-xj7w-f7cv.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4fj3-xj7w-f7cv", + "modified": "2024-12-17T15:31:44Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-36832" + ], + "details": "A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36832" + }, + { + "type": "WEB", + "url": "https://docs.google.com/document/d/1qTpwAg7B5E4mqkBzijjuoOWWnf3OE1HXIKBv7OcS8Mc/edit?usp=sharing" + }, + { + "type": "WEB", + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10396" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en/security-bulletin" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T15:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json b/advisories/unreviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json new file mode 100644 index 0000000000000..51bf352e75545 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5j33-cvvr-w245", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-50379" + ], + "details": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-367" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T13:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5vhj-65c8-9r9j/GHSA-5vhj-65c8-9r9j.json b/advisories/unreviewed/2024/12/GHSA-5vhj-65c8-9r9j/GHSA-5vhj-65c8-9r9j.json index f4c1be458f70a..dc8228c793ca8 100644 --- a/advisories/unreviewed/2024/12/GHSA-5vhj-65c8-9r9j/GHSA-5vhj-65c8-9r9j.json +++ b/advisories/unreviewed/2024/12/GHSA-5vhj-65c8-9r9j/GHSA-5vhj-65c8-9r9j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5vhj-65c8-9r9j", - "modified": "2024-12-17T00:31:18Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T00:31:18Z", "aliases": [ "CVE-2024-55452" ], "details": "A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-12-16T23:15:06Z" diff --git a/advisories/unreviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json b/advisories/unreviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json new file mode 100644 index 0000000000000..02f859c1c025e --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-653p-vg55-5652", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-54677" + ], + "details": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T13:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-6vx6-fgqf-mphh/GHSA-6vx6-fgqf-mphh.json b/advisories/unreviewed/2024/12/GHSA-6vx6-fgqf-mphh/GHSA-6vx6-fgqf-mphh.json new file mode 100644 index 0000000000000..a8d1e34197d8c --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-6vx6-fgqf-mphh/GHSA-6vx6-fgqf-mphh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6vx6-fgqf-mphh", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-8972" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8972" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-24-1890" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T14:15:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-792c-2vqr-262x/GHSA-792c-2vqr-262x.json b/advisories/unreviewed/2024/12/GHSA-792c-2vqr-262x/GHSA-792c-2vqr-262x.json new file mode 100644 index 0000000000000..aea74294d0e7f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-792c-2vqr-262x/GHSA-792c-2vqr-262x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-792c-2vqr-262x", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-9819" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9819" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-24-1889" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T13:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-883f-932m-665g/GHSA-883f-932m-665g.json b/advisories/unreviewed/2024/12/GHSA-883f-932m-665g/GHSA-883f-932m-665g.json index 6c43f527927be..2f3cf912b6f03 100644 --- a/advisories/unreviewed/2024/12/GHSA-883f-932m-665g/GHSA-883f-932m-665g.json +++ b/advisories/unreviewed/2024/12/GHSA-883f-932m-665g/GHSA-883f-932m-665g.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-883f-932m-665g", - "modified": "2024-12-17T06:30:33Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T06:30:33Z", "aliases": [ "CVE-2024-38499" ], "details": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" @@ -26,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-269" + "CWE-269", + "CWE-276" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2024/12/GHSA-9c83-cg8h-x7rp/GHSA-9c83-cg8h-x7rp.json b/advisories/unreviewed/2024/12/GHSA-9c83-cg8h-x7rp/GHSA-9c83-cg8h-x7rp.json index 8408b744ddf70..87bb27159e3c9 100644 --- a/advisories/unreviewed/2024/12/GHSA-9c83-cg8h-x7rp/GHSA-9c83-cg8h-x7rp.json +++ b/advisories/unreviewed/2024/12/GHSA-9c83-cg8h-x7rp/GHSA-9c83-cg8h-x7rp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-9c83-cg8h-x7rp", - "modified": "2024-12-17T00:31:17Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T00:31:17Z", "aliases": [ "CVE-2024-37775" ], "details": "Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-12-16T22:15:06Z" diff --git a/advisories/unreviewed/2024/12/GHSA-9m5j-63r8-6hp8/GHSA-9m5j-63r8-6hp8.json b/advisories/unreviewed/2024/12/GHSA-9m5j-63r8-6hp8/GHSA-9m5j-63r8-6hp8.json index ed5755decf2f2..433f0a4b4df42 100644 --- a/advisories/unreviewed/2024/12/GHSA-9m5j-63r8-6hp8/GHSA-9m5j-63r8-6hp8.json +++ b/advisories/unreviewed/2024/12/GHSA-9m5j-63r8-6hp8/GHSA-9m5j-63r8-6hp8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-9m5j-63r8-6hp8", - "modified": "2024-12-17T00:31:17Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T00:31:17Z", "aliases": [ "CVE-2024-29671" ], "details": "Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-12-16T22:15:05Z" diff --git a/advisories/unreviewed/2024/12/GHSA-cwr4-4jj2-mpc2/GHSA-cwr4-4jj2-mpc2.json b/advisories/unreviewed/2024/12/GHSA-cwr4-4jj2-mpc2/GHSA-cwr4-4jj2-mpc2.json index a6cb5e863d69f..2c43ea79dc164 100644 --- a/advisories/unreviewed/2024/12/GHSA-cwr4-4jj2-mpc2/GHSA-cwr4-4jj2-mpc2.json +++ b/advisories/unreviewed/2024/12/GHSA-cwr4-4jj2-mpc2/GHSA-cwr4-4jj2-mpc2.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-cwr4-4jj2-mpc2", - "modified": "2024-12-17T00:31:17Z", + "modified": "2024-12-17T15:31:43Z", "published": "2024-12-17T00:31:17Z", "aliases": [ "CVE-2024-37774" ], "details": "A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-12-16T22:15:06Z" diff --git a/advisories/unreviewed/2024/12/GHSA-fx48-mhc8-xx2j/GHSA-fx48-mhc8-xx2j.json b/advisories/unreviewed/2024/12/GHSA-fx48-mhc8-xx2j/GHSA-fx48-mhc8-xx2j.json new file mode 100644 index 0000000000000..d7ef5f628aa54 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-fx48-mhc8-xx2j/GHSA-fx48-mhc8-xx2j.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fx48-mhc8-xx2j", + "modified": "2024-12-17T15:31:44Z", + "published": "2024-12-17T15:31:44Z", + "aliases": [ + "CVE-2024-37606" + ], + "details": "A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37606" + }, + { + "type": "WEB", + "url": "https://docs.google.com/document/d/1qWJh2jgEhmyeW3OefMQNsrlKdATMSU6Twjkk1p3qfAs/edit?usp=sharing" + }, + { + "type": "WEB", + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10247" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en/security-bulletin" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T15:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-gf85-q5rv-vmw6/GHSA-gf85-q5rv-vmw6.json b/advisories/unreviewed/2024/12/GHSA-gf85-q5rv-vmw6/GHSA-gf85-q5rv-vmw6.json new file mode 100644 index 0000000000000..9b98bc93dc0cc --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-gf85-q5rv-vmw6/GHSA-gf85-q5rv-vmw6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gf85-q5rv-vmw6", + "modified": "2024-12-17T15:31:43Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-36831" + ], + "details": "A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36831" + }, + { + "type": "WEB", + "url": "https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing" + }, + { + "type": "WEB", + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en/security-bulletin" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T15:15:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-rmhp-cwvx-258p/GHSA-rmhp-cwvx-258p.json b/advisories/unreviewed/2024/12/GHSA-rmhp-cwvx-258p/GHSA-rmhp-cwvx-258p.json new file mode 100644 index 0000000000000..e3fb8e1502069 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-rmhp-cwvx-258p/GHSA-rmhp-cwvx-258p.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rmhp-cwvx-258p", + "modified": "2024-12-17T15:31:44Z", + "published": "2024-12-17T15:31:44Z", + "aliases": [ + "CVE-2024-37607" + ], + "details": "A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37607" + }, + { + "type": "WEB", + "url": "https://docs.google.com/document/d/1haRDAIN8SbAF8qKNHAm1awnI_LCAPauR8T_pbFREnMM/edit?usp=sharing" + }, + { + "type": "WEB", + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10232" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en/security-bulletin" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T15:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-w863-c2hv-xjc5/GHSA-w863-c2hv-xjc5.json b/advisories/unreviewed/2024/12/GHSA-w863-c2hv-xjc5/GHSA-w863-c2hv-xjc5.json new file mode 100644 index 0000000000000..4612dd515b00b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-w863-c2hv-xjc5/GHSA-w863-c2hv-xjc5.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w863-c2hv-xjc5", + "modified": "2024-12-17T15:31:44Z", + "published": "2024-12-17T15:31:43Z", + "aliases": [ + "CVE-2024-37605" + ], + "details": "A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37605" + }, + { + "type": "WEB", + "url": "https://docs.google.com/document/d/1cWlVLaVvr_xzkqbKIXY7EW89hNHE89SSlNtesv6lzl8/edit?usp=sharing" + }, + { + "type": "WEB", + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10397" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en" + }, + { + "type": "WEB", + "url": "https://www.dlink.com/en/security-bulletin" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-17T15:15:13Z" + } +} \ No newline at end of file