-
Notifications
You must be signed in to change notification settings - Fork 346
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-82r9-7ww3-jr86 GHSA-m7r5-29r2-m6xh GHSA-3mp3-6fg3-7hxj GHSA-4pwr-w5vw-hxjv GHSA-567c-gxmx-3pq9 GHSA-5jw5-2rj7-x547 GHSA-66fg-h8rx-x4v3 GHSA-6xc9-xr94-5gvv GHSA-74gf-m3p3-28x4 GHSA-7p2g-2vxc-5g55 GHSA-94j5-2r27-g3pc GHSA-9rf3-44g3-h94q GHSA-c893-4f2j-x5ch GHSA-g7cp-p6h8-7899 GHSA-ghr2-c3q4-jgcq GHSA-hf9c-m775-fqh5 GHSA-j376-8r6p-32f7 GHSA-j7jv-x682-58fv GHSA-jj4f-734p-h3c3 GHSA-jphx-whwm-8gpv GHSA-m7mh-v3gj-99xr GHSA-m7pm-65hr-r8px GHSA-p676-v935-rjvf GHSA-x99p-qwh9-pfqr
- Loading branch information
1 parent
75de9ce
commit f6b104d
Showing
24 changed files
with
592 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
advisories/unreviewed/2024/12/GHSA-567c-gxmx-3pq9/GHSA-567c-gxmx-3pq9.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-567c-gxmx-3pq9", | ||
| "modified": "2024-12-27T21:30:30Z", | ||
| "published": "2024-12-27T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-50945" | ||
| ], | ||
| "details": "An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50945" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/AbdullahAlmutawa/CVE-2024-50945" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/simplcommerce/SimplCommerce" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.simplcommerce.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T19:15:08Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2024/12/GHSA-66fg-h8rx-x4v3/GHSA-66fg-h8rx-x4v3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-66fg-h8rx-x4v3", | ||
| "modified": "2024-12-27T21:30:30Z", | ||
| "published": "2024-12-27T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-54453" | ||
| ], | ||
| "details": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54453" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://kurmi-software.com" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://kurmi-software.com/cve/cve-2024-54453" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T20:15:23Z" | ||
| } | ||
| } |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2024/12/GHSA-6xc9-xr94-5gvv/GHSA-6xc9-xr94-5gvv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6xc9-xr94-5gvv", | ||
| "modified": "2024-12-27T21:30:31Z", | ||
| "published": "2024-12-27T21:30:31Z", | ||
| "aliases": [ | ||
| "CVE-2024-50715" | ||
| ], | ||
| "details": "An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50715" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://packetstorm.news/files/id/182451" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://smarts-srl.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T21:15:07Z" | ||
| } | ||
| } |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2024/12/GHSA-74gf-m3p3-28x4/GHSA-74gf-m3p3-28x4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-74gf-m3p3-28x4", | ||
| "modified": "2024-12-27T21:30:31Z", | ||
| "published": "2024-12-27T21:30:31Z", | ||
| "aliases": [ | ||
| "CVE-2024-50713" | ||
| ], | ||
| "details": "SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50713" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://packetstorm.news/files/id/182449" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://smarts-srl.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T21:15:07Z" | ||
| } | ||
| } |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2024/12/GHSA-7p2g-2vxc-5g55/GHSA-7p2g-2vxc-5g55.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7p2g-2vxc-5g55", | ||
| "modified": "2024-12-27T21:30:30Z", | ||
| "published": "2024-12-27T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-39025" | ||
| ], | ||
| "details": "Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39025" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/letta-ai/letta/releases/tag/0.3.17" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://medium.com/@cnetsec/a-vulnerability-cve-2024-39025-has-been-identified-in-lettaai-memgpt-v0-3-17-146cb38bb6db" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T20:15:23Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-94j5-2r27-g3pc/GHSA-94j5-2r27-g3pc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-94j5-2r27-g3pc", | ||
| "modified": "2024-12-27T21:30:30Z", | ||
| "published": "2024-12-27T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-12991" | ||
| ], | ||
| "details": "A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12991" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/Hebing123/cve/issues/31" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289384" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289384" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.464213" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-27T20:15:22Z" | ||
| } | ||
| } |
Oops, something went wrong.