-
Notifications
You must be signed in to change notification settings - Fork 361
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-43vj-hhq4-8c72 GHSA-54pf-9qmv-m7pj GHSA-99jw-x78w-3hcm GHSA-cf2r-vpqc-55g6 GHSA-fcq5-wxxx-j73q GHSA-fh7x-2848-jmpf GHSA-h5x7-x73g-46v4 GHSA-m9g8-46v9-pjp2 GHSA-q8mj-2j9f-gw99 GHSA-qqmj-rrh7-547q GHSA-vhqh-w8vh-h8h6 GHSA-x26x-c8x5-v2rm GHSA-xh5q-pch5-g3xq GHSA-xq9p-h64g-x8mc
- Loading branch information
1 parent
2826093
commit da59c2b
Showing
14 changed files
with
298 additions
and
12 deletions.
There are no files selected for viewing
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-43vj-hhq4-8c72/GHSA-43vj-hhq4-8c72.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-43vj-hhq4-8c72", | ||
| "modified": "2025-01-29T12:31:45Z", | ||
| "published": "2025-01-29T12:31:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-41140" | ||
| ], | ||
| "details": "Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41140" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-863" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-29T12:15:28Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-cf2r-vpqc-55g6/GHSA-cf2r-vpqc-55g6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-cf2r-vpqc-55g6", | ||
| "modified": "2025-01-29T12:31:45Z", | ||
| "published": "2025-01-29T12:31:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0617" | ||
| ], | ||
| "details": "An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0617" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://thrive.trellix.com/s/article/000014214" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-776" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-29T11:15:09Z" | ||
| } | ||
| } |
92 changes: 92 additions & 0 deletions
92
advisories/unreviewed/2025/01/GHSA-fcq5-wxxx-j73q/GHSA-fcq5-wxxx-j73q.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-fcq5-wxxx-j73q", | ||
| "modified": "2025-01-29T12:31:45Z", | ||
| "published": "2025-01-29T12:31:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0353" | ||
| ], | ||
| "details": "The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0353" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/FlipBox/FlipBox.php#L1053" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/GradientHeading/GradientHeading.php#L344" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/ImageCarouselChild/ImageCarouselChild.php#L507" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/InfoBox/InfoBox.php#L852" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/InfoCard/InfoCard.php#L688" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/InlineNotice/InlineNotice.php#L486" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/LogoCarouselChild/LogoCarouselChild.php#L177" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/LogoGridChild/LogoGridChild.php#L193" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/Review/Review.php#L703" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/ScrollImage/ScrollImage.php#L388" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/Testimonial/Testimonial.php#L1147" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/addons-for-divi/trunk/includes/modules/divi-4/VideoModal/VideoModal.php#L593" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/changeset/3230743" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wordpress.org/plugins/addons-for-divi/#developers" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5810757-1866-4788-809f-2c68e16a5156?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-29T12:15:29Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
advisories/unreviewed/2025/01/GHSA-h5x7-x73g-46v4/GHSA-h5x7-x73g-46v4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-h5x7-x73g-46v4", | ||
| "modified": "2025-01-29T12:31:45Z", | ||
| "published": "2025-01-29T12:31:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-13561" | ||
| ], | ||
| "details": "The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13561" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridShortcode.php#L412" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/changeset/3226143" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wordpress.org/plugins/brid-video-easy-publish/#developers" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc67fbfa-d84c-45c3-bbb1-4557dc70a8c9?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-29T12:15:27Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.