diff --git a/advisories/unreviewed/2024/07/GHSA-fjcc-r94c-wxr8/GHSA-fjcc-r94c-wxr8.json b/advisories/unreviewed/2024/07/GHSA-fjcc-r94c-wxr8/GHSA-fjcc-r94c-wxr8.json index c97a47318fd19..eb1669b252340 100644 --- a/advisories/unreviewed/2024/07/GHSA-fjcc-r94c-wxr8/GHSA-fjcc-r94c-wxr8.json +++ b/advisories/unreviewed/2024/07/GHSA-fjcc-r94c-wxr8/GHSA-fjcc-r94c-wxr8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-fjcc-r94c-wxr8", - "modified": "2024-07-12T15:31:25Z", + "modified": "2024-11-18T09:31:12Z", "published": "2024-07-01T21:31:14Z", "aliases": [ "CVE-2024-38472" diff --git a/advisories/unreviewed/2024/11/GHSA-3m64-79r5-56f2/GHSA-3m64-79r5-56f2.json b/advisories/unreviewed/2024/11/GHSA-3m64-79r5-56f2/GHSA-3m64-79r5-56f2.json new file mode 100644 index 0000000000000..d75f912f1f610 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-3m64-79r5-56f2/GHSA-3m64-79r5-56f2.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3m64-79r5-56f2", + "modified": "2024-11-18T09:31:14Z", + "published": "2024-11-18T09:31:14Z", + "aliases": [ + "CVE-2024-45791" + ], + "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45791" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-522h-49x4-xq7r/GHSA-522h-49x4-xq7r.json b/advisories/unreviewed/2024/11/GHSA-522h-49x4-xq7r/GHSA-522h-49x4-xq7r.json new file mode 100644 index 0000000000000..fb00b7b12741f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-522h-49x4-xq7r/GHSA-522h-49x4-xq7r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-522h-49x4-xq7r", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-41969" + ], + "details": "A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41969" + }, + { + "type": "WEB", + "url": "https://cert.vde.com/en/advisories/VDE-2024-047" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-7236-ccfq-8664/GHSA-7236-ccfq-8664.json b/advisories/unreviewed/2024/11/GHSA-7236-ccfq-8664/GHSA-7236-ccfq-8664.json new file mode 100644 index 0000000000000..1251bccb7e8f1 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-7236-ccfq-8664/GHSA-7236-ccfq-8664.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7236-ccfq-8664", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-41968" + ], + "details": "A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41968" + }, + { + "type": "WEB", + "url": "https://cert.vde.com/en/advisories/VDE-2024-047" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-8c78-wf5j-v7jx/GHSA-8c78-wf5j-v7jx.json b/advisories/unreviewed/2024/11/GHSA-8c78-wf5j-v7jx/GHSA-8c78-wf5j-v7jx.json new file mode 100644 index 0000000000000..13d84897bcf91 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-8c78-wf5j-v7jx/GHSA-8c78-wf5j-v7jx.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8c78-wf5j-v7jx", + "modified": "2024-11-18T09:31:14Z", + "published": "2024-11-18T09:31:14Z", + "aliases": [ + "CVE-2024-45505" + ], + "details": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45505" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-cppr-hw26-jmwp/GHSA-cppr-hw26-jmwp.json b/advisories/unreviewed/2024/11/GHSA-cppr-hw26-jmwp/GHSA-cppr-hw26-jmwp.json new file mode 100644 index 0000000000000..63ac74aafb3f0 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-cppr-hw26-jmwp/GHSA-cppr-hw26-jmwp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cppr-hw26-jmwp", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-22067" + ], + "details": "ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22067" + }, + { + "type": "WEB", + "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-ffrw-8p66-394j/GHSA-ffrw-8p66-394j.json b/advisories/unreviewed/2024/11/GHSA-ffrw-8p66-394j/GHSA-ffrw-8p66-394j.json new file mode 100644 index 0000000000000..3696c37ee8682 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-ffrw-8p66-394j/GHSA-ffrw-8p66-394j.json @@ -0,0 +1,50 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ffrw-8p66-394j", + "modified": "2024-11-18T09:31:14Z", + "published": "2024-11-18T09:31:14Z", + "aliases": [ + "CVE-2024-48962" + ], + "details": "Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48962" + }, + { + "type": "WEB", + "url": "https://issues.apache.org/jira/browse/OFBIZ-13162" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6" + }, + { + "type": "WEB", + "url": "https://ofbiz.apache.org/download.html" + }, + { + "type": "WEB", + "url": "https://ofbiz.apache.org/security.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1336" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-gwhh-pw54-jgx4/GHSA-gwhh-pw54-jgx4.json b/advisories/unreviewed/2024/11/GHSA-gwhh-pw54-jgx4/GHSA-gwhh-pw54-jgx4.json new file mode 100644 index 0000000000000..d166b209681ef --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-gwhh-pw54-jgx4/GHSA-gwhh-pw54-jgx4.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwhh-pw54-jgx4", + "modified": "2024-11-18T09:31:12Z", + "published": "2024-11-18T09:31:12Z", + "aliases": [ + "CVE-2024-11312" + ], + "details": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11312" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/en/cp-139-8249-65252-2.html" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-gwm3-gp4w-96g7/GHSA-gwm3-gp4w-96g7.json b/advisories/unreviewed/2024/11/GHSA-gwm3-gp4w-96g7/GHSA-gwm3-gp4w-96g7.json new file mode 100644 index 0000000000000..91cecaa9df68e --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-gwm3-gp4w-96g7/GHSA-gwm3-gp4w-96g7.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwm3-gp4w-96g7", + "modified": "2024-11-18T09:31:12Z", + "published": "2024-11-18T09:31:12Z", + "aliases": [ + "CVE-2024-11313" + ], + "details": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11313" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-gx4q-m69p-mf52/GHSA-gx4q-m69p-mf52.json b/advisories/unreviewed/2024/11/GHSA-gx4q-m69p-mf52/GHSA-gx4q-m69p-mf52.json new file mode 100644 index 0000000000000..51a2849365170 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-gx4q-m69p-mf52/GHSA-gx4q-m69p-mf52.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gx4q-m69p-mf52", + "modified": "2024-11-18T09:31:12Z", + "published": "2024-11-18T09:31:12Z", + "aliases": [ + "CVE-2024-11314" + ], + "details": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11314" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/tw/cp-132-8252-91d6a-1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-j34c-54rj-94x3/GHSA-j34c-54rj-94x3.json b/advisories/unreviewed/2024/11/GHSA-j34c-54rj-94x3/GHSA-j34c-54rj-94x3.json new file mode 100644 index 0000000000000..de99b656cd0f5 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-j34c-54rj-94x3/GHSA-j34c-54rj-94x3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j34c-54rj-94x3", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-41967" + ], + "details": "A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41967" + }, + { + "type": "WEB", + "url": "https://cert.vde.com/en/advisories/VDE-2024-047" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-jc5h-x77p-hhq6/GHSA-jc5h-x77p-hhq6.json b/advisories/unreviewed/2024/11/GHSA-jc5h-x77p-hhq6/GHSA-jc5h-x77p-hhq6.json new file mode 100644 index 0000000000000..19caabdf125d3 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-jc5h-x77p-hhq6/GHSA-jc5h-x77p-hhq6.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jc5h-x77p-hhq6", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-41151" + ], + "details": "Deserialization of Untrusted Data vulnerability in Apache HertzBeat.\n\nThis vulnerability can only be exploited by authorized attackers.\n\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41151" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-pr37-gvg2-qr9v/GHSA-pr37-gvg2-qr9v.json b/advisories/unreviewed/2024/11/GHSA-pr37-gvg2-qr9v/GHSA-pr37-gvg2-qr9v.json new file mode 100644 index 0000000000000..0f46cacefeac6 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-pr37-gvg2-qr9v/GHSA-pr37-gvg2-qr9v.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pr37-gvg2-qr9v", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:12Z", + "aliases": [ + "CVE-2024-11315" + ], + "details": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11315" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/tw/cp-132-8254-8daa2-1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qj3w-6895-r5mf/GHSA-qj3w-6895-r5mf.json b/advisories/unreviewed/2024/11/GHSA-qj3w-6895-r5mf/GHSA-qj3w-6895-r5mf.json new file mode 100644 index 0000000000000..0f10cf49ec0a2 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qj3w-6895-r5mf/GHSA-qj3w-6895-r5mf.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj3w-6895-r5mf", + "modified": "2024-11-18T09:31:12Z", + "published": "2024-11-18T09:31:12Z", + "aliases": [ + "CVE-2024-11311" + ], + "details": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11311" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/en/cp-139-8247-83457-2.html" + }, + { + "type": "WEB", + "url": "https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T07:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qxp5-vjrm-298x/GHSA-qxp5-vjrm-298x.json b/advisories/unreviewed/2024/11/GHSA-qxp5-vjrm-298x/GHSA-qxp5-vjrm-298x.json new file mode 100644 index 0000000000000..b556b812ecb0b --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qxp5-vjrm-298x/GHSA-qxp5-vjrm-298x.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxp5-vjrm-298x", + "modified": "2024-11-18T09:31:14Z", + "published": "2024-11-18T09:31:14Z", + "aliases": [ + "CVE-2024-47208" + ], + "details": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47208" + }, + { + "type": "WEB", + "url": "https://issues.apache.org/jira/browse/OFBIZ-13158" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11" + }, + { + "type": "WEB", + "url": "https://ofbiz.apache.org/download.html" + }, + { + "type": "WEB", + "url": "https://ofbiz.apache.org/security.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T09:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-rc9f-q3jv-fx7r/GHSA-rc9f-q3jv-fx7r.json b/advisories/unreviewed/2024/11/GHSA-rc9f-q3jv-fx7r/GHSA-rc9f-q3jv-fx7r.json new file mode 100644 index 0000000000000..a7ee5b975de41 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-rc9f-q3jv-fx7r/GHSA-rc9f-q3jv-fx7r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rc9f-q3jv-fx7r", + "modified": "2024-11-18T09:31:13Z", + "published": "2024-11-18T09:31:13Z", + "aliases": [ + "CVE-2024-49574" + ], + "details": "Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49574" + }, + { + "type": "WEB", + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-18T08:15:03Z" + } +} \ No newline at end of file