-
Notifications
You must be signed in to change notification settings - Fork 346
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-424r-4x2h-9rv9 GHSA-44f8-jm5j-7x8w GHSA-4p8j-vhjm-6pvw GHSA-4pwr-w5vw-hxjv GHSA-5jw5-2rj7-x547 GHSA-9mgx-552f-59p6 GHSA-grhh-r4jj-8jh7 GHSA-h4j7-x8cq-c6wq GHSA-j2hp-7hfp-x96x GHSA-j376-8r6p-32f7 GHSA-m7mh-v3gj-99xr GHSA-m7pm-65hr-r8px GHSA-qx95-cwh6-9mvq GHSA-w95c-7994-ghpr GHSA-wvc7-xrqm-jhp5
- Loading branch information
1 parent
5d69ab1
commit 643261c
Showing
15 changed files
with
620 additions
and
0 deletions.
There are no files selected for viewing
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2024/12/GHSA-424r-4x2h-9rv9/GHSA-424r-4x2h-9rv9.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-424r-4x2h-9rv9", | ||
| "modified": "2024-12-27T06:30:48Z", | ||
| "published": "2024-12-27T06:30:48Z", | ||
| "aliases": [ | ||
| "CVE-2024-12981" | ||
| ], | ||
| "details": "A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12981" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/CharilYang/cve/issues/1" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://codeastro.com" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289357" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289357" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.469156" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T06:15:23Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2024/12/GHSA-44f8-jm5j-7x8w/GHSA-44f8-jm5j-7x8w.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-44f8-jm5j-7x8w", | ||
| "modified": "2024-12-27T06:30:46Z", | ||
| "published": "2024-12-27T06:30:46Z", | ||
| "aliases": [ | ||
| "CVE-2024-12978" | ||
| ], | ||
| "details": "A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12978" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/UnrealdDei/cve/blob/main/sql7.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289354" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289354" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.469145" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T04:15:05Z" | ||
| } | ||
| } |
37 changes: 37 additions & 0 deletions
37
advisories/unreviewed/2024/12/GHSA-4p8j-vhjm-6pvw/GHSA-4p8j-vhjm-6pvw.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4p8j-vhjm-6pvw", | ||
| "modified": "2024-12-27T06:30:47Z", | ||
| "published": "2024-12-27T06:30:47Z", | ||
| "aliases": [ | ||
| "CVE-2024-56519" | ||
| ], | ||
| "details": "An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56519" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://tcpdf.org" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T05:15:07Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2024/12/GHSA-4pwr-w5vw-hxjv/GHSA-4pwr-w5vw-hxjv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4pwr-w5vw-hxjv", | ||
| "modified": "2024-12-27T06:30:48Z", | ||
| "published": "2024-12-27T06:30:48Z", | ||
| "aliases": [ | ||
| "CVE-2024-11645" | ||
| ], | ||
| "details": "The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11645" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T06:15:23Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2024/12/GHSA-5jw5-2rj7-x547/GHSA-5jw5-2rj7-x547.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5jw5-2rj7-x547", | ||
| "modified": "2024-12-27T06:30:48Z", | ||
| "published": "2024-12-27T06:30:48Z", | ||
| "aliases": [ | ||
| "CVE-2024-11921" | ||
| ], | ||
| "details": "The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11921" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/5f196294-5ba9-45b6-a27c-ab1702cc001f" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T06:15:23Z" | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/12/GHSA-9mgx-552f-59p6/GHSA-9mgx-552f-59p6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9mgx-552f-59p6", | ||
| "modified": "2024-12-27T06:30:47Z", | ||
| "published": "2024-12-27T06:30:47Z", | ||
| "aliases": [ | ||
| "CVE-2024-56521" | ||
| ], | ||
| "details": "An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56521" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://tcpdf.org" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-295" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T05:15:07Z" | ||
| } | ||
| } |
45 changes: 45 additions & 0 deletions
45
advisories/unreviewed/2024/12/GHSA-grhh-r4jj-8jh7/GHSA-grhh-r4jj-8jh7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-grhh-r4jj-8jh7", | ||
| "modified": "2024-12-27T06:30:47Z", | ||
| "published": "2024-12-27T06:30:47Z", | ||
| "aliases": [ | ||
| "CVE-2024-56520" | ||
| ], | ||
| "details": "An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56520" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/tc-lib-pdf-font/commit/30012e333ae611c514ec2dc7cb370bbf4da4e677" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/tecnickcom/tc-lib-pdf-font/compare/2.6.2...2.6.4" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://tcpdf.org" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T05:15:07Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2024/12/GHSA-h4j7-x8cq-c6wq/GHSA-h4j7-x8cq-c6wq.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-h4j7-x8cq-c6wq", | ||
| "modified": "2024-12-27T06:30:47Z", | ||
| "published": "2024-12-27T06:30:47Z", | ||
| "aliases": [ | ||
| "CVE-2024-12979" | ||
| ], | ||
| "details": "A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12979" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/705298066/cve/blob/main/xss-1.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289355" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289355" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.469180" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T05:15:07Z" | ||
| } | ||
| } |
Oops, something went wrong.