From 95ee070f79815a872ea345e6232e019a114cfdae Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 21:33:45 +0000 Subject: [PATCH] Advisory Database Sync --- .../GHSA-4x95-p9f4-3p7r.json | 4 +- .../GHSA-5mcp-h82r-f9v7.json | 3 +- .../GHSA-68w8-q32v-4g44.json | 1 + .../GHSA-89xv-gh3p-mrvg.json | 3 +- .../GHSA-fhhm-9qhh-g52w.json | 3 +- .../GHSA-pmgh-8j9v-4xhf.json | 3 +- .../GHSA-7w8f-q3m3-pfj7.json | 2 +- .../GHSA-9296-w48c-7m8r.json | 2 +- .../GHSA-h44p-c6q5-xj3p.json | 2 +- .../GHSA-jwcx-m84w-h98g.json | 9 ++- .../GHSA-r8h6-cwxj-rv5j.json | 6 +- .../GHSA-7pwv-g7hj-39pr.json | 10 +++- .../GHSA-87qc-q3w7-7m8w.json | 6 +- .../GHSA-mmm5-wgvp-wp8r.json | 14 ++++- .../GHSA-grqq-hcc7-crmr.json | 6 +- .../GHSA-ph84-rcj2-fxxm.json | 6 +- .../GHSA-28rx-w98g-gmx7.json | 4 +- .../GHSA-2fv7-7xr8-8j4g.json | 15 +++-- .../GHSA-3qj2-76xw-wwh7.json | 4 +- .../GHSA-4r8j-mw5f-9g2j.json | 15 +++-- .../GHSA-5qjr-cj9f-phrx.json | 10 +++- .../GHSA-6qg3-p2qr-5hfv.json | 15 +++-- .../GHSA-6rwg-9jq4-qw59.json | 15 +++-- .../GHSA-73fp-jcgm-89g8.json | 15 +++-- .../GHSA-8388-c89m-3x67.json | 4 +- .../GHSA-8584-g85m-7jpm.json | 15 +++-- .../GHSA-942x-h2h3-8wxm.json | 11 +++- .../GHSA-c35g-4p36-qchm.json | 4 +- .../GHSA-f8fm-x537-w56p.json | 15 +++-- .../GHSA-fqm6-c2wr-r94m.json | 15 +++-- .../GHSA-frcw-qgph-774m.json | 4 +- .../GHSA-g64r-mjhp-4487.json | 15 +++-- .../GHSA-gw2x-wpmj-6qcq.json | 56 +++++++++++++++++++ .../GHSA-gw98-8mff-5x24.json | 15 +++-- .../GHSA-h264-cfq7-qp2r.json | 2 +- .../GHSA-h7h9-grcq-c72m.json | 15 +++-- .../GHSA-j659-cmwp-5whv.json | 15 +++-- .../GHSA-jh3j-ppfx-qrwc.json | 11 +++- .../GHSA-mchm-7mqx-7299.json | 1 + .../GHSA-mcpr-mw36-vmqg.json | 4 +- .../GHSA-q749-7rx7-c2g2.json | 15 +++-- .../GHSA-qw73-x9xv-6cch.json | 15 +++-- .../GHSA-r6wm-q4gx-9q2v.json | 15 +++-- .../GHSA-rpx3-33f7-v6hv.json | 2 +- .../GHSA-rx56-hv52-ppxp.json | 15 +++-- .../GHSA-v84w-53rg-fgrf.json | 15 +++-- .../GHSA-v92x-m54x-rp94.json | 15 +++-- .../GHSA-vxf4-hr69-67w5.json | 15 +++-- .../GHSA-wwmx-66w6-2p5v.json | 15 +++-- .../GHSA-x854-759p-6c5g.json | 15 +++-- .../GHSA-xgh9-482q-m2w6.json | 4 +- 51 files changed, 400 insertions(+), 116 deletions(-) create mode 100644 advisories/unreviewed/2025/01/GHSA-gw2x-wpmj-6qcq/GHSA-gw2x-wpmj-6qcq.json diff --git a/advisories/unreviewed/2023/04/GHSA-4x95-p9f4-3p7r/GHSA-4x95-p9f4-3p7r.json b/advisories/unreviewed/2023/04/GHSA-4x95-p9f4-3p7r/GHSA-4x95-p9f4-3p7r.json index 37c63e16cc423..94318cddcb1ab 100644 --- a/advisories/unreviewed/2023/04/GHSA-4x95-p9f4-3p7r/GHSA-4x95-p9f4-3p7r.json +++ b/advisories/unreviewed/2023/04/GHSA-4x95-p9f4-3p7r/GHSA-4x95-p9f4-3p7r.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-863" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2023/04/GHSA-5mcp-h82r-f9v7/GHSA-5mcp-h82r-f9v7.json b/advisories/unreviewed/2023/04/GHSA-5mcp-h82r-f9v7/GHSA-5mcp-h82r-f9v7.json index e5669ba647153..7a82d1e635021 100644 --- a/advisories/unreviewed/2023/04/GHSA-5mcp-h82r-f9v7/GHSA-5mcp-h82r-f9v7.json +++ b/advisories/unreviewed/2023/04/GHSA-5mcp-h82r-f9v7/GHSA-5mcp-h82r-f9v7.json @@ -34,7 +34,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-269" + "CWE-269", + "CWE-863" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/04/GHSA-68w8-q32v-4g44/GHSA-68w8-q32v-4g44.json b/advisories/unreviewed/2023/04/GHSA-68w8-q32v-4g44/GHSA-68w8-q32v-4g44.json index 0732d2fc0abe4..3753ceec3fb06 100644 --- a/advisories/unreviewed/2023/04/GHSA-68w8-q32v-4g44/GHSA-68w8-q32v-4g44.json +++ b/advisories/unreviewed/2023/04/GHSA-68w8-q32v-4g44/GHSA-68w8-q32v-4g44.json @@ -34,6 +34,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-22", "CWE-668" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2023/04/GHSA-89xv-gh3p-mrvg/GHSA-89xv-gh3p-mrvg.json b/advisories/unreviewed/2023/04/GHSA-89xv-gh3p-mrvg/GHSA-89xv-gh3p-mrvg.json index 41e2a5066dc5c..9a924427b06f2 100644 --- a/advisories/unreviewed/2023/04/GHSA-89xv-gh3p-mrvg/GHSA-89xv-gh3p-mrvg.json +++ b/advisories/unreviewed/2023/04/GHSA-89xv-gh3p-mrvg/GHSA-89xv-gh3p-mrvg.json @@ -34,7 +34,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-269" + "CWE-269", + "CWE-863" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/04/GHSA-fhhm-9qhh-g52w/GHSA-fhhm-9qhh-g52w.json b/advisories/unreviewed/2023/04/GHSA-fhhm-9qhh-g52w/GHSA-fhhm-9qhh-g52w.json index 0ff21192683c1..f50d0332b2a10 100644 --- a/advisories/unreviewed/2023/04/GHSA-fhhm-9qhh-g52w/GHSA-fhhm-9qhh-g52w.json +++ b/advisories/unreviewed/2023/04/GHSA-fhhm-9qhh-g52w/GHSA-fhhm-9qhh-g52w.json @@ -34,7 +34,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-269" + "CWE-269", + "CWE-863" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/04/GHSA-pmgh-8j9v-4xhf/GHSA-pmgh-8j9v-4xhf.json b/advisories/unreviewed/2023/04/GHSA-pmgh-8j9v-4xhf/GHSA-pmgh-8j9v-4xhf.json index 73b44c8bb7f85..bb3f05fd7d402 100644 --- a/advisories/unreviewed/2023/04/GHSA-pmgh-8j9v-4xhf/GHSA-pmgh-8j9v-4xhf.json +++ b/advisories/unreviewed/2023/04/GHSA-pmgh-8j9v-4xhf/GHSA-pmgh-8j9v-4xhf.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-367" + "CWE-367", + "CWE-59" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-7w8f-q3m3-pfj7/GHSA-7w8f-q3m3-pfj7.json b/advisories/unreviewed/2023/07/GHSA-7w8f-q3m3-pfj7/GHSA-7w8f-q3m3-pfj7.json index 7f53f365ec17d..1f984a9818f8a 100644 --- a/advisories/unreviewed/2023/07/GHSA-7w8f-q3m3-pfj7/GHSA-7w8f-q3m3-pfj7.json +++ b/advisories/unreviewed/2023/07/GHSA-7w8f-q3m3-pfj7/GHSA-7w8f-q3m3-pfj7.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7w8f-q3m3-pfj7", - "modified": "2024-04-04T05:38:25Z", + "modified": "2025-01-31T21:32:44Z", "published": "2023-07-06T19:24:19Z", "aliases": [ "CVE-2023-2158" diff --git a/advisories/unreviewed/2023/07/GHSA-9296-w48c-7m8r/GHSA-9296-w48c-7m8r.json b/advisories/unreviewed/2023/07/GHSA-9296-w48c-7m8r/GHSA-9296-w48c-7m8r.json index 8ead88d6ac3b6..1ca3119e5ef48 100644 --- a/advisories/unreviewed/2023/07/GHSA-9296-w48c-7m8r/GHSA-9296-w48c-7m8r.json +++ b/advisories/unreviewed/2023/07/GHSA-9296-w48c-7m8r/GHSA-9296-w48c-7m8r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9296-w48c-7m8r", - "modified": "2024-04-04T05:40:13Z", + "modified": "2025-01-31T21:32:44Z", "published": "2023-07-06T21:14:54Z", "aliases": [ "CVE-2023-22782" diff --git a/advisories/unreviewed/2023/07/GHSA-h44p-c6q5-xj3p/GHSA-h44p-c6q5-xj3p.json b/advisories/unreviewed/2023/07/GHSA-h44p-c6q5-xj3p/GHSA-h44p-c6q5-xj3p.json index aa3e38983217b..dd701aeaffec8 100644 --- a/advisories/unreviewed/2023/07/GHSA-h44p-c6q5-xj3p/GHSA-h44p-c6q5-xj3p.json +++ b/advisories/unreviewed/2023/07/GHSA-h44p-c6q5-xj3p/GHSA-h44p-c6q5-xj3p.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-h44p-c6q5-xj3p", - "modified": "2024-04-04T05:40:17Z", + "modified": "2025-01-31T21:32:44Z", "published": "2023-07-06T21:14:54Z", "aliases": [ "CVE-2023-22781" diff --git a/advisories/unreviewed/2023/07/GHSA-jwcx-m84w-h98g/GHSA-jwcx-m84w-h98g.json b/advisories/unreviewed/2023/07/GHSA-jwcx-m84w-h98g/GHSA-jwcx-m84w-h98g.json index 93bedf7a67df8..6c014cc26fa63 100644 --- a/advisories/unreviewed/2023/07/GHSA-jwcx-m84w-h98g/GHSA-jwcx-m84w-h98g.json +++ b/advisories/unreviewed/2023/07/GHSA-jwcx-m84w-h98g/GHSA-jwcx-m84w-h98g.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jwcx-m84w-h98g", - "modified": "2024-04-04T05:38:24Z", + "modified": "2025-01-31T21:32:44Z", "published": "2023-07-06T19:24:19Z", "aliases": [ "CVE-2023-28770" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28770" }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/172277" + }, { "type": "WEB", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities" @@ -30,7 +34,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-200" + "CWE-200", + "CWE-203" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2024/07/GHSA-r8h6-cwxj-rv5j/GHSA-r8h6-cwxj-rv5j.json b/advisories/unreviewed/2024/07/GHSA-r8h6-cwxj-rv5j/GHSA-r8h6-cwxj-rv5j.json index b9101a7dddaf7..e55e1aed7c312 100644 --- a/advisories/unreviewed/2024/07/GHSA-r8h6-cwxj-rv5j/GHSA-r8h6-cwxj-rv5j.json +++ b/advisories/unreviewed/2024/07/GHSA-r8h6-cwxj-rv5j/GHSA-r8h6-cwxj-rv5j.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-r8h6-cwxj-rv5j", - "modified": "2024-11-05T00:31:27Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-07-30T00:34:24Z", "aliases": [ "CVE-2024-3219" @@ -47,6 +47,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929" diff --git a/advisories/unreviewed/2024/08/GHSA-7pwv-g7hj-39pr/GHSA-7pwv-g7hj-39pr.json b/advisories/unreviewed/2024/08/GHSA-7pwv-g7hj-39pr/GHSA-7pwv-g7hj-39pr.json index 323c9a9d82a0e..a8e51ce6e730e 100644 --- a/advisories/unreviewed/2024/08/GHSA-7pwv-g7hj-39pr/GHSA-7pwv-g7hj-39pr.json +++ b/advisories/unreviewed/2024/08/GHSA-7pwv-g7hj-39pr/GHSA-7pwv-g7hj-39pr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7pwv-g7hj-39pr", - "modified": "2024-09-04T21:30:31Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-08-19T21:35:10Z", "aliases": [ "CVE-2024-7592" @@ -31,6 +31,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06" @@ -54,6 +58,10 @@ { "type": "WEB", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20241018-0006" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/08/GHSA-87qc-q3w7-7m8w/GHSA-87qc-q3w7-7m8w.json b/advisories/unreviewed/2024/08/GHSA-87qc-q3w7-7m8w/GHSA-87qc-q3w7-7m8w.json index d5f8c58885aa7..86b412a37909f 100644 --- a/advisories/unreviewed/2024/08/GHSA-87qc-q3w7-7m8w/GHSA-87qc-q3w7-7m8w.json +++ b/advisories/unreviewed/2024/08/GHSA-87qc-q3w7-7m8w/GHSA-87qc-q3w7-7m8w.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-87qc-q3w7-7m8w", - "modified": "2025-01-11T15:30:27Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-08-01T15:32:20Z", "aliases": [ "CVE-2024-6923" @@ -31,6 +31,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7" diff --git a/advisories/unreviewed/2024/09/GHSA-mmm5-wgvp-wp8r/GHSA-mmm5-wgvp-wp8r.json b/advisories/unreviewed/2024/09/GHSA-mmm5-wgvp-wp8r/GHSA-mmm5-wgvp-wp8r.json index 131f182e5026a..29b265845a9a7 100644 --- a/advisories/unreviewed/2024/09/GHSA-mmm5-wgvp-wp8r/GHSA-mmm5-wgvp-wp8r.json +++ b/advisories/unreviewed/2024/09/GHSA-mmm5-wgvp-wp8r/GHSA-mmm5-wgvp-wp8r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mmm5-wgvp-wp8r", - "modified": "2024-09-04T21:30:31Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-09-03T15:30:44Z", "aliases": [ "CVE-2024-6232" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/pull/121286" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" @@ -54,6 +58,14 @@ { "type": "WEB", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20241018-0007" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/10/GHSA-grqq-hcc7-crmr/GHSA-grqq-hcc7-crmr.json b/advisories/unreviewed/2024/10/GHSA-grqq-hcc7-crmr/GHSA-grqq-hcc7-crmr.json index 4302b5c4bd6f1..a5ca625f3e24e 100644 --- a/advisories/unreviewed/2024/10/GHSA-grqq-hcc7-crmr/GHSA-grqq-hcc7-crmr.json +++ b/advisories/unreviewed/2024/10/GHSA-grqq-hcc7-crmr/GHSA-grqq-hcc7-crmr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-grqq-hcc7-crmr", - "modified": "2024-11-04T18:31:18Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-10-22T18:32:12Z", "aliases": [ "CVE-2024-9287" @@ -43,6 +43,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" diff --git a/advisories/unreviewed/2024/12/GHSA-ph84-rcj2-fxxm/GHSA-ph84-rcj2-fxxm.json b/advisories/unreviewed/2024/12/GHSA-ph84-rcj2-fxxm/GHSA-ph84-rcj2-fxxm.json index 443ff55c2e3cb..56dc7198cd9d1 100644 --- a/advisories/unreviewed/2024/12/GHSA-ph84-rcj2-fxxm/GHSA-ph84-rcj2-fxxm.json +++ b/advisories/unreviewed/2024/12/GHSA-ph84-rcj2-fxxm/GHSA-ph84-rcj2-fxxm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-ph84-rcj2-fxxm", - "modified": "2025-01-06T18:31:00Z", + "modified": "2025-01-31T21:32:44Z", "published": "2024-12-06T18:30:45Z", "aliases": [ "CVE-2024-12254" @@ -39,6 +39,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786" + }, { "type": "WEB", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB" diff --git a/advisories/unreviewed/2025/01/GHSA-28rx-w98g-gmx7/GHSA-28rx-w98g-gmx7.json b/advisories/unreviewed/2025/01/GHSA-28rx-w98g-gmx7/GHSA-28rx-w98g-gmx7.json index 4a95358524020..f38eb2a407557 100644 --- a/advisories/unreviewed/2025/01/GHSA-28rx-w98g-gmx7/GHSA-28rx-w98g-gmx7.json +++ b/advisories/unreviewed/2025/01/GHSA-28rx-w98g-gmx7/GHSA-28rx-w98g-gmx7.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-306" + ], "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-2fv7-7xr8-8j4g/GHSA-2fv7-7xr8-8j4g.json b/advisories/unreviewed/2025/01/GHSA-2fv7-7xr8-8j4g/GHSA-2fv7-7xr8-8j4g.json index f99dad0b0e6c2..fa02e513c6af4 100644 --- a/advisories/unreviewed/2025/01/GHSA-2fv7-7xr8-8j4g/GHSA-2fv7-7xr8-8j4g.json +++ b/advisories/unreviewed/2025/01/GHSA-2fv7-7xr8-8j4g/GHSA-2fv7-7xr8-8j4g.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-2fv7-7xr8-8j4g", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42241" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-3qj2-76xw-wwh7/GHSA-3qj2-76xw-wwh7.json b/advisories/unreviewed/2025/01/GHSA-3qj2-76xw-wwh7/GHSA-3qj2-76xw-wwh7.json index 1d3c210b9dfca..bb97377c35230 100644 --- a/advisories/unreviewed/2025/01/GHSA-3qj2-76xw-wwh7/GHSA-3qj2-76xw-wwh7.json +++ b/advisories/unreviewed/2025/01/GHSA-3qj2-76xw-wwh7/GHSA-3qj2-76xw-wwh7.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-863" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-4r8j-mw5f-9g2j/GHSA-4r8j-mw5f-9g2j.json b/advisories/unreviewed/2025/01/GHSA-4r8j-mw5f-9g2j/GHSA-4r8j-mw5f-9g2j.json index fcb88f7750df0..255b040e03812 100644 --- a/advisories/unreviewed/2025/01/GHSA-4r8j-mw5f-9g2j/GHSA-4r8j-mw5f-9g2j.json +++ b/advisories/unreviewed/2025/01/GHSA-4r8j-mw5f-9g2j/GHSA-4r8j-mw5f-9g2j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4r8j-mw5f-9g2j", - "modified": "2025-01-22T18:31:55Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-22T18:31:55Z", "aliases": [ "CVE-2023-37777" ], "details": "Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-22T16:15:28Z" diff --git a/advisories/unreviewed/2025/01/GHSA-5qjr-cj9f-phrx/GHSA-5qjr-cj9f-phrx.json b/advisories/unreviewed/2025/01/GHSA-5qjr-cj9f-phrx/GHSA-5qjr-cj9f-phrx.json index bd43002fe73c1..e9ae0e222f7ea 100644 --- a/advisories/unreviewed/2025/01/GHSA-5qjr-cj9f-phrx/GHSA-5qjr-cj9f-phrx.json +++ b/advisories/unreviewed/2025/01/GHSA-5qjr-cj9f-phrx/GHSA-5qjr-cj9f-phrx.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5qjr-cj9f-phrx", - "modified": "2025-01-31T18:31:08Z", + "modified": "2025-01-31T21:32:47Z", "published": "2025-01-31T18:31:08Z", "aliases": [ "CVE-2025-0938" @@ -26,6 +26,14 @@ { "type": "WEB", "url": "https://github.com/python/cpython/pull/129418" + }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a" + }, + { + "type": "WEB", + "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/01/GHSA-6qg3-p2qr-5hfv/GHSA-6qg3-p2qr-5hfv.json b/advisories/unreviewed/2025/01/GHSA-6qg3-p2qr-5hfv/GHSA-6qg3-p2qr-5hfv.json index 766454852c633..3d920b1486a82 100644 --- a/advisories/unreviewed/2025/01/GHSA-6qg3-p2qr-5hfv/GHSA-6qg3-p2qr-5hfv.json +++ b/advisories/unreviewed/2025/01/GHSA-6qg3-p2qr-5hfv/GHSA-6qg3-p2qr-5hfv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-6qg3-p2qr-5hfv", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:44Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42236" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:11Z" diff --git a/advisories/unreviewed/2025/01/GHSA-6rwg-9jq4-qw59/GHSA-6rwg-9jq4-qw59.json b/advisories/unreviewed/2025/01/GHSA-6rwg-9jq4-qw59/GHSA-6rwg-9jq4-qw59.json index 9a45c7b003266..31709e0b0dfd3 100644 --- a/advisories/unreviewed/2025/01/GHSA-6rwg-9jq4-qw59/GHSA-6rwg-9jq4-qw59.json +++ b/advisories/unreviewed/2025/01/GHSA-6rwg-9jq4-qw59/GHSA-6rwg-9jq4-qw59.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-6rwg-9jq4-qw59", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42240" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-73fp-jcgm-89g8/GHSA-73fp-jcgm-89g8.json b/advisories/unreviewed/2025/01/GHSA-73fp-jcgm-89g8/GHSA-73fp-jcgm-89g8.json index e3df1182d90c6..19b536d770c62 100644 --- a/advisories/unreviewed/2025/01/GHSA-73fp-jcgm-89g8/GHSA-73fp-jcgm-89g8.json +++ b/advisories/unreviewed/2025/01/GHSA-73fp-jcgm-89g8/GHSA-73fp-jcgm-89g8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-73fp-jcgm-89g8", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:44Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42235" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:11Z" diff --git a/advisories/unreviewed/2025/01/GHSA-8388-c89m-3x67/GHSA-8388-c89m-3x67.json b/advisories/unreviewed/2025/01/GHSA-8388-c89m-3x67/GHSA-8388-c89m-3x67.json index 462b10a56b469..d164759959f9e 100644 --- a/advisories/unreviewed/2025/01/GHSA-8388-c89m-3x67/GHSA-8388-c89m-3x67.json +++ b/advisories/unreviewed/2025/01/GHSA-8388-c89m-3x67/GHSA-8388-c89m-3x67.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-8584-g85m-7jpm/GHSA-8584-g85m-7jpm.json b/advisories/unreviewed/2025/01/GHSA-8584-g85m-7jpm/GHSA-8584-g85m-7jpm.json index 844c95be80978..179ac032a30c9 100644 --- a/advisories/unreviewed/2025/01/GHSA-8584-g85m-7jpm/GHSA-8584-g85m-7jpm.json +++ b/advisories/unreviewed/2025/01/GHSA-8584-g85m-7jpm/GHSA-8584-g85m-7jpm.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-8584-g85m-7jpm", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:44Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42237" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:11Z" diff --git a/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json b/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json index 73ec3b832d6e8..c2e4eb89c8fe0 100644 --- a/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json +++ b/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-942x-h2h3-8wxm", - "modified": "2025-01-30T06:30:49Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T06:30:49Z", "aliases": [ "CVE-2025-0662" ], "details": "In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -23,7 +28,7 @@ "cwe_ids": [ "CWE-122" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-30T05:15:10Z" diff --git a/advisories/unreviewed/2025/01/GHSA-c35g-4p36-qchm/GHSA-c35g-4p36-qchm.json b/advisories/unreviewed/2025/01/GHSA-c35g-4p36-qchm/GHSA-c35g-4p36-qchm.json index 528f4a9d8c647..ab1742e50e615 100644 --- a/advisories/unreviewed/2025/01/GHSA-c35g-4p36-qchm/GHSA-c35g-4p36-qchm.json +++ b/advisories/unreviewed/2025/01/GHSA-c35g-4p36-qchm/GHSA-c35g-4p36-qchm.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-306" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-f8fm-x537-w56p/GHSA-f8fm-x537-w56p.json b/advisories/unreviewed/2025/01/GHSA-f8fm-x537-w56p/GHSA-f8fm-x537-w56p.json index 5258eaa2734c4..cbb96d5f4223d 100644 --- a/advisories/unreviewed/2025/01/GHSA-f8fm-x537-w56p/GHSA-f8fm-x537-w56p.json +++ b/advisories/unreviewed/2025/01/GHSA-f8fm-x537-w56p/GHSA-f8fm-x537-w56p.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-f8fm-x537-w56p", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:47Z", "published": "2025-01-31T00:30:45Z", "aliases": [ "CVE-2024-24731" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:10Z" diff --git a/advisories/unreviewed/2025/01/GHSA-fqm6-c2wr-r94m/GHSA-fqm6-c2wr-r94m.json b/advisories/unreviewed/2025/01/GHSA-fqm6-c2wr-r94m/GHSA-fqm6-c2wr-r94m.json index 47d98cc6e1aa5..4f431e27932b8 100644 --- a/advisories/unreviewed/2025/01/GHSA-fqm6-c2wr-r94m/GHSA-fqm6-c2wr-r94m.json +++ b/advisories/unreviewed/2025/01/GHSA-fqm6-c2wr-r94m/GHSA-fqm6-c2wr-r94m.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-fqm6-c2wr-r94m", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:47Z", "published": "2025-01-31T00:30:45Z", "aliases": [ "CVE-2024-23973" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:10Z" diff --git a/advisories/unreviewed/2025/01/GHSA-frcw-qgph-774m/GHSA-frcw-qgph-774m.json b/advisories/unreviewed/2025/01/GHSA-frcw-qgph-774m/GHSA-frcw-qgph-774m.json index e9fcf22c18b86..6d930b5f667b0 100644 --- a/advisories/unreviewed/2025/01/GHSA-frcw-qgph-774m/GHSA-frcw-qgph-774m.json +++ b/advisories/unreviewed/2025/01/GHSA-frcw-qgph-774m/GHSA-frcw-qgph-774m.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-732" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-g64r-mjhp-4487/GHSA-g64r-mjhp-4487.json b/advisories/unreviewed/2025/01/GHSA-g64r-mjhp-4487/GHSA-g64r-mjhp-4487.json index 2c279ec8a6e9a..9aef0953e1a83 100644 --- a/advisories/unreviewed/2025/01/GHSA-g64r-mjhp-4487/GHSA-g64r-mjhp-4487.json +++ b/advisories/unreviewed/2025/01/GHSA-g64r-mjhp-4487/GHSA-g64r-mjhp-4487.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-g64r-mjhp-4487", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42243" ], "details": "In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-gw2x-wpmj-6qcq/GHSA-gw2x-wpmj-6qcq.json b/advisories/unreviewed/2025/01/GHSA-gw2x-wpmj-6qcq/GHSA-gw2x-wpmj-6qcq.json new file mode 100644 index 0000000000000..3440add319431 --- /dev/null +++ b/advisories/unreviewed/2025/01/GHSA-gw2x-wpmj-6qcq/GHSA-gw2x-wpmj-6qcq.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gw2x-wpmj-6qcq", + "modified": "2025-01-31T21:32:47Z", + "published": "2025-01-31T21:32:47Z", + "aliases": [ + "CVE-2025-0934" + ], + "details": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of the argument n leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0934" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://github.com/1337g/CVE-2025-X/blob/main/job-recruitment_call_job_search_ajax-sqli.pdf" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.294243" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.294243" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.491802" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-01-31T20:15:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/01/GHSA-gw98-8mff-5x24/GHSA-gw98-8mff-5x24.json b/advisories/unreviewed/2025/01/GHSA-gw98-8mff-5x24/GHSA-gw98-8mff-5x24.json index 875f9bdf8a1ee..084a9cbf14896 100644 --- a/advisories/unreviewed/2025/01/GHSA-gw98-8mff-5x24/GHSA-gw98-8mff-5x24.json +++ b/advisories/unreviewed/2025/01/GHSA-gw98-8mff-5x24/GHSA-gw98-8mff-5x24.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-gw98-8mff-5x24", - "modified": "2025-01-15T00:30:42Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-15T00:30:42Z", "aliases": [ "CVE-2024-57767" ], "details": "MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-15T00:15:34Z" diff --git a/advisories/unreviewed/2025/01/GHSA-h264-cfq7-qp2r/GHSA-h264-cfq7-qp2r.json b/advisories/unreviewed/2025/01/GHSA-h264-cfq7-qp2r/GHSA-h264-cfq7-qp2r.json index 1ca4428fd77d3..adf83d448e503 100644 --- a/advisories/unreviewed/2025/01/GHSA-h264-cfq7-qp2r/GHSA-h264-cfq7-qp2r.json +++ b/advisories/unreviewed/2025/01/GHSA-h264-cfq7-qp2r/GHSA-h264-cfq7-qp2r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-h264-cfq7-qp2r", - "modified": "2025-01-21T12:30:46Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-21T12:30:46Z", "aliases": [ "CVE-2024-12104" diff --git a/advisories/unreviewed/2025/01/GHSA-h7h9-grcq-c72m/GHSA-h7h9-grcq-c72m.json b/advisories/unreviewed/2025/01/GHSA-h7h9-grcq-c72m/GHSA-h7h9-grcq-c72m.json index 99949d170afe8..b694ecd6c94c7 100644 --- a/advisories/unreviewed/2025/01/GHSA-h7h9-grcq-c72m/GHSA-h7h9-grcq-c72m.json +++ b/advisories/unreviewed/2025/01/GHSA-h7h9-grcq-c72m/GHSA-h7h9-grcq-c72m.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h7h9-grcq-c72m", - "modified": "2025-01-30T00:31:04Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T00:31:04Z", "aliases": [ "CVE-2024-57509" ], "details": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-29T22:15:29Z" diff --git a/advisories/unreviewed/2025/01/GHSA-j659-cmwp-5whv/GHSA-j659-cmwp-5whv.json b/advisories/unreviewed/2025/01/GHSA-j659-cmwp-5whv/GHSA-j659-cmwp-5whv.json index d507b8f3a71f2..e74bde98c9170 100644 --- a/advisories/unreviewed/2025/01/GHSA-j659-cmwp-5whv/GHSA-j659-cmwp-5whv.json +++ b/advisories/unreviewed/2025/01/GHSA-j659-cmwp-5whv/GHSA-j659-cmwp-5whv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-j659-cmwp-5whv", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42242" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-jh3j-ppfx-qrwc/GHSA-jh3j-ppfx-qrwc.json b/advisories/unreviewed/2025/01/GHSA-jh3j-ppfx-qrwc/GHSA-jh3j-ppfx-qrwc.json index d068e9d9a98c8..2e6a6efbc8ffe 100644 --- a/advisories/unreviewed/2025/01/GHSA-jh3j-ppfx-qrwc/GHSA-jh3j-ppfx-qrwc.json +++ b/advisories/unreviewed/2025/01/GHSA-jh3j-ppfx-qrwc/GHSA-jh3j-ppfx-qrwc.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-jh3j-ppfx-qrwc", - "modified": "2025-01-30T21:31:21Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T21:31:21Z", "aliases": [ "CVE-2024-44142" ], "details": "The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -21,7 +26,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-30T19:15:13Z" diff --git a/advisories/unreviewed/2025/01/GHSA-mchm-7mqx-7299/GHSA-mchm-7mqx-7299.json b/advisories/unreviewed/2025/01/GHSA-mchm-7mqx-7299/GHSA-mchm-7mqx-7299.json index 61343458102b7..57923fd9f6ad8 100644 --- a/advisories/unreviewed/2025/01/GHSA-mchm-7mqx-7299/GHSA-mchm-7mqx-7299.json +++ b/advisories/unreviewed/2025/01/GHSA-mchm-7mqx-7299/GHSA-mchm-7mqx-7299.json @@ -30,6 +30,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-22", "CWE-59" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2025/01/GHSA-mcpr-mw36-vmqg/GHSA-mcpr-mw36-vmqg.json b/advisories/unreviewed/2025/01/GHSA-mcpr-mw36-vmqg/GHSA-mcpr-mw36-vmqg.json index cad226a862e15..c69b7066af686 100644 --- a/advisories/unreviewed/2025/01/GHSA-mcpr-mw36-vmqg/GHSA-mcpr-mw36-vmqg.json +++ b/advisories/unreviewed/2025/01/GHSA-mcpr-mw36-vmqg/GHSA-mcpr-mw36-vmqg.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/01/GHSA-q749-7rx7-c2g2/GHSA-q749-7rx7-c2g2.json b/advisories/unreviewed/2025/01/GHSA-q749-7rx7-c2g2/GHSA-q749-7rx7-c2g2.json index d2272be9e0faf..9c0b6d7cbd5c3 100644 --- a/advisories/unreviewed/2025/01/GHSA-q749-7rx7-c2g2/GHSA-q749-7rx7-c2g2.json +++ b/advisories/unreviewed/2025/01/GHSA-q749-7rx7-c2g2/GHSA-q749-7rx7-c2g2.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-q749-7rx7-c2g2", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42239" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-qw73-x9xv-6cch/GHSA-qw73-x9xv-6cch.json b/advisories/unreviewed/2025/01/GHSA-qw73-x9xv-6cch/GHSA-qw73-x9xv-6cch.json index 049ed5e5e8b93..2729a3e2e6b9a 100644 --- a/advisories/unreviewed/2025/01/GHSA-qw73-x9xv-6cch/GHSA-qw73-x9xv-6cch.json +++ b/advisories/unreviewed/2025/01/GHSA-qw73-x9xv-6cch/GHSA-qw73-x9xv-6cch.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-qw73-x9xv-6cch", - "modified": "2025-01-30T00:31:04Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T00:31:04Z", "aliases": [ "CVE-2024-57395" ], "details": "Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-522" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-29T22:15:29Z" diff --git a/advisories/unreviewed/2025/01/GHSA-r6wm-q4gx-9q2v/GHSA-r6wm-q4gx-9q2v.json b/advisories/unreviewed/2025/01/GHSA-r6wm-q4gx-9q2v/GHSA-r6wm-q4gx-9q2v.json index ffc38a7e50976..9d5304ec8e587 100644 --- a/advisories/unreviewed/2025/01/GHSA-r6wm-q4gx-9q2v/GHSA-r6wm-q4gx-9q2v.json +++ b/advisories/unreviewed/2025/01/GHSA-r6wm-q4gx-9q2v/GHSA-r6wm-q4gx-9q2v.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-r6wm-q4gx-9q2v", - "modified": "2025-01-14T00:30:45Z", + "modified": "2025-01-31T21:32:45Z", "published": "2025-01-14T00:30:45Z", "aliases": [ "CVE-2023-42238" ], "details": "An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-13T22:15:12Z" diff --git a/advisories/unreviewed/2025/01/GHSA-rpx3-33f7-v6hv/GHSA-rpx3-33f7-v6hv.json b/advisories/unreviewed/2025/01/GHSA-rpx3-33f7-v6hv/GHSA-rpx3-33f7-v6hv.json index df24a4de01d05..0771f16a6eebf 100644 --- a/advisories/unreviewed/2025/01/GHSA-rpx3-33f7-v6hv/GHSA-rpx3-33f7-v6hv.json +++ b/advisories/unreviewed/2025/01/GHSA-rpx3-33f7-v6hv/GHSA-rpx3-33f7-v6hv.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rpx3-33f7-v6hv", - "modified": "2025-01-30T09:30:37Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T09:30:37Z", "aliases": [ "CVE-2024-13732" diff --git a/advisories/unreviewed/2025/01/GHSA-rx56-hv52-ppxp/GHSA-rx56-hv52-ppxp.json b/advisories/unreviewed/2025/01/GHSA-rx56-hv52-ppxp/GHSA-rx56-hv52-ppxp.json index fd4df851b100b..cf15151af6fee 100644 --- a/advisories/unreviewed/2025/01/GHSA-rx56-hv52-ppxp/GHSA-rx56-hv52-ppxp.json +++ b/advisories/unreviewed/2025/01/GHSA-rx56-hv52-ppxp/GHSA-rx56-hv52-ppxp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rx56-hv52-ppxp", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-31T00:30:45Z", "aliases": [ "CVE-2024-23970" ], "details": "This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-295" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:09Z" diff --git a/advisories/unreviewed/2025/01/GHSA-v84w-53rg-fgrf/GHSA-v84w-53rg-fgrf.json b/advisories/unreviewed/2025/01/GHSA-v84w-53rg-fgrf/GHSA-v84w-53rg-fgrf.json index 1399e4771f63a..06079a1169748 100644 --- a/advisories/unreviewed/2025/01/GHSA-v84w-53rg-fgrf/GHSA-v84w-53rg-fgrf.json +++ b/advisories/unreviewed/2025/01/GHSA-v84w-53rg-fgrf/GHSA-v84w-53rg-fgrf.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-v84w-53rg-fgrf", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-31T00:30:44Z", "aliases": [ "CVE-2024-23968" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:09Z" diff --git a/advisories/unreviewed/2025/01/GHSA-v92x-m54x-rp94/GHSA-v92x-m54x-rp94.json b/advisories/unreviewed/2025/01/GHSA-v92x-m54x-rp94/GHSA-v92x-m54x-rp94.json index fc179e9ad26f6..69a7c6a38b1ac 100644 --- a/advisories/unreviewed/2025/01/GHSA-v92x-m54x-rp94/GHSA-v92x-m54x-rp94.json +++ b/advisories/unreviewed/2025/01/GHSA-v92x-m54x-rp94/GHSA-v92x-m54x-rp94.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-v92x-m54x-rp94", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-31T00:30:45Z", "aliases": [ "CVE-2024-23971" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:09Z" diff --git a/advisories/unreviewed/2025/01/GHSA-vxf4-hr69-67w5/GHSA-vxf4-hr69-67w5.json b/advisories/unreviewed/2025/01/GHSA-vxf4-hr69-67w5/GHSA-vxf4-hr69-67w5.json index 233e7ad4d2d00..8e7834a7bdabf 100644 --- a/advisories/unreviewed/2025/01/GHSA-vxf4-hr69-67w5/GHSA-vxf4-hr69-67w5.json +++ b/advisories/unreviewed/2025/01/GHSA-vxf4-hr69-67w5/GHSA-vxf4-hr69-67w5.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-vxf4-hr69-67w5", - "modified": "2025-01-30T00:31:03Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T00:31:03Z", "aliases": [ "CVE-2024-23733" ], "details": "The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-522" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-29T22:15:28Z" diff --git a/advisories/unreviewed/2025/01/GHSA-wwmx-66w6-2p5v/GHSA-wwmx-66w6-2p5v.json b/advisories/unreviewed/2025/01/GHSA-wwmx-66w6-2p5v/GHSA-wwmx-66w6-2p5v.json index 48259833c43c7..5fb9d217261a2 100644 --- a/advisories/unreviewed/2025/01/GHSA-wwmx-66w6-2p5v/GHSA-wwmx-66w6-2p5v.json +++ b/advisories/unreviewed/2025/01/GHSA-wwmx-66w6-2p5v/GHSA-wwmx-66w6-2p5v.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wwmx-66w6-2p5v", - "modified": "2025-01-30T00:31:04Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-30T00:31:04Z", "aliases": [ "CVE-2024-57513" ], "details": "A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-29T22:15:30Z" diff --git a/advisories/unreviewed/2025/01/GHSA-x854-759p-6c5g/GHSA-x854-759p-6c5g.json b/advisories/unreviewed/2025/01/GHSA-x854-759p-6c5g/GHSA-x854-759p-6c5g.json index d379c4112ebb9..e75a3e26e349a 100644 --- a/advisories/unreviewed/2025/01/GHSA-x854-759p-6c5g/GHSA-x854-759p-6c5g.json +++ b/advisories/unreviewed/2025/01/GHSA-x854-759p-6c5g/GHSA-x854-759p-6c5g.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-x854-759p-6c5g", - "modified": "2025-01-31T00:30:45Z", + "modified": "2025-01-31T21:32:46Z", "published": "2025-01-31T00:30:45Z", "aliases": [ "CVE-2024-23969" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-01-31T00:15:09Z" diff --git a/advisories/unreviewed/2025/01/GHSA-xgh9-482q-m2w6/GHSA-xgh9-482q-m2w6.json b/advisories/unreviewed/2025/01/GHSA-xgh9-482q-m2w6/GHSA-xgh9-482q-m2w6.json index 4ea10814ca125..407123d8b8880 100644 --- a/advisories/unreviewed/2025/01/GHSA-xgh9-482q-m2w6/GHSA-xgh9-482q-m2w6.json +++ b/advisories/unreviewed/2025/01/GHSA-xgh9-482q-m2w6/GHSA-xgh9-482q-m2w6.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null,