Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history 
GHSA-37x3-j9jq-vrjx
GHSA-5g7g-x455-7hxw
GHSA-5jh3-v7q7-qv3q
GHSA-6xc9-xr94-5gvv
GHSA-89mf-f6pj-p9h8
GHSA-9q34-7hfr-h8jm
GHSA-g7cp-p6h8-7899
GHSA-hf9c-m775-fqh5
GHSA-mpj7-7mg7-x95j
GHSA-rc49-9xpq-vchg
GHSA-rrq7-ch89-92vr
  • Loading branch information
@advisory-database
advisory-database[bot] committed Dec 28, 2024
1 parent bc9a070 commit f05cb74
Show file tree
Hide file tree
Showing 11 changed files with 134 additions and 34 deletions.
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-37x3-j9jq-vrjx/GHSA-37x3-j9jq-vrjx.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-37x3-j9jq-vrjx",
"modified": "2024-12-28T00:30:43Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-28T00:30:43Z",
"aliases": [
"CVE-2024-54775"
],
"details": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -20,8 +25,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T22:15:12Z"
Expand Down
12 changes: 9 additions & 3 deletions advisories/unreviewed/2024/12/GHSA-5g7g-x455-7hxw/GHSA-5g7g-x455-7hxw.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5g7g-x455-7hxw",
"modified": "2024-12-28T09:31:28Z",
"modified": "2024-12-28T18:30:48Z",
"published": "2024-12-28T09:31:28Z",
"aliases": [
"CVE-2021-22484"
],
"details": "Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.\n\n\n\n\nSuccessful exploitation of this vulnerability may cause a server out of memory (OOM).",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -21,9 +26,10 @@
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-20"
],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T07:15:18Z"
Expand Down
11 changes: 8 additions & 3 deletions advisories/unreviewed/2024/12/GHSA-5jh3-v7q7-qv3q/GHSA-5jh3-v7q7-qv3q.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5jh3-v7q7-qv3q",
"modified": "2024-12-28T06:30:22Z",
"modified": "2024-12-28T18:30:48Z",
"published": "2024-12-28T06:30:22Z",
"aliases": [
"CVE-2024-46973"
],
"details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-416"
],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T05:15:08Z"
Expand Down
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-6xc9-xr94-5gvv/GHSA-6xc9-xr94-5gvv.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6xc9-xr94-5gvv",
"modified": "2024-12-27T21:30:31Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-27T21:30:31Z",
"aliases": [
"CVE-2024-50715"
],
"details": "An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-94"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T21:15:07Z"
Expand Down
4 changes: 3 additions & 1 deletion advisories/unreviewed/2024/12/GHSA-89mf-f6pj-p9h8/GHSA-89mf-f6pj-p9h8.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-276"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
Expand Down
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-9q34-7hfr-h8jm/GHSA-9q34-7hfr-h8jm.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9q34-7hfr-h8jm",
"modified": "2024-12-28T00:30:43Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-28T00:30:43Z",
"aliases": [
"CVE-2024-54774"
],
"details": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -20,8 +25,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T22:15:12Z"
Expand Down
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-g7cp-p6h8-7899/GHSA-g7cp-p6h8-7899.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-g7cp-p6h8-7899",
"modified": "2024-12-27T21:30:31Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-27T21:30:31Z",
"aliases": [
"CVE-2024-50717"
],
"details": "SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T21:15:08Z"
Expand Down
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-hf9c-m775-fqh5/GHSA-hf9c-m775-fqh5.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hf9c-m775-fqh5",
"modified": "2024-12-27T21:30:31Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-27T21:30:31Z",
"aliases": [
"CVE-2024-50716"
],
"details": "SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T21:15:08Z"
Expand Down
40 changes: 40 additions & 0 deletions advisories/unreviewed/2024/12/GHSA-mpj7-7mg7-x95j/GHSA-mpj7-7mg7-x95j.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mpj7-7mg7-x95j",
"modified": "2024-12-28T18:30:48Z",
"published": "2024-12-28T18:30:48Z",
"aliases": [
"CVE-2024-56512"
],
"details": "Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups.\n\nCreating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group.\n\nCreating a new Process Group can also include referencing existing Controller Services or Parameter Providers. The framework did not check user authorization for referenced Controller Services or Parameter Providers, enabling clients to create Process Groups and use these components that were otherwise unauthorized.\n\nThis vulnerability is limited in scope to authenticated users authorized to create Process Groups. The scope is further limited to deployments with component-based authorization policies. Upgrading to Apache NiFi 2.1.0 is the recommended mitigation, which includes authorization checking for Parameter and Controller Service references on Process Group creation.",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:L/U:Green"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56512"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/cjc8fns5kjsho0s7vonlnojokyfx47wn"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/12/28/1"
}
],
"database_specific": {
"cwe_ids": [
"CWE-638"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T17:15:07Z"
}
}
15 changes: 11 additions & 4 deletions advisories/unreviewed/2024/12/GHSA-rc49-9xpq-vchg/GHSA-rc49-9xpq-vchg.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rc49-9xpq-vchg",
"modified": "2024-12-28T00:30:43Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-28T00:30:43Z",
"aliases": [
"CVE-2024-50714"
],
"details": "A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-918"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T22:15:11Z"
Expand Down
11 changes: 8 additions & 3 deletions advisories/unreviewed/2024/12/GHSA-rrq7-ch89-92vr/GHSA-rrq7-ch89-92vr.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rrq7-ch89-92vr",
"modified": "2024-12-28T06:30:22Z",
"modified": "2024-12-28T18:30:47Z",
"published": "2024-12-28T06:30:22Z",
"aliases": [
"CVE-2024-43705"
],
"details": "Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-280"
],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T05:15:07Z"
Expand Down

0 comments on commit f05cb74

Please sign in to comment.