Advisory Database Sync

advisories/unreviewed/2024/11/GHSA-236f-m6gm-vp93/GHSA-236f-m6gm-vp93.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-236f-m6gm-vp93",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-52944"
+  ],
+  "details": "An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52944"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.veritas.com/support/en_US/security/VTS24-013"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T06:15:06Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-3fvw-4j76-wpj7/GHSA-3fvw-4j76-wpj7.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fvw-4j76-wpj7",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-52922"
+  ],
+  "details": "In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52922"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation"
+    },
+    {
+      "type": "WEB",
+      "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T04:15:05Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-3r2v-8348-hx3r/GHSA-3r2v-8348-hx3r.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r2v-8348-hx3r",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-52946"
+  ],
+  "details": "An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an \"Adaptative authentication rule\" with an increment instead of an absolute value.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52946"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T06:15:06Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-425w-xhjg-hfcm/GHSA-425w-xhjg-hfcm.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-425w-xhjg-hfcm",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-52947"
+  ],
+  "details": "A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the \"Upgrade session\" plugin has been enabled by an admin",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52947"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T06:15:06Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-48rr-fh2m-hhjh/GHSA-48rr-fh2m-hhjh.json

@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-48rr-fh2m-hhjh",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-11309"
+  ],
+  "details": "The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11309"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-8243-3d818-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-8242-384a1-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-23"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T06:15:04Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-4w2f-m236-fggc/GHSA-4w2f-m236-fggc.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w2f-m236-fggc",
+  "modified": "2024-11-18T06:30:36Z",
+  "published": "2024-11-18T06:30:36Z",
+  "aliases": [
+    "CVE-2024-52943"
+  ],
+  "details": "An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52943"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.veritas.com/support/en_US/security/VTS24-013"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T06:15:05Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-7ph6-jpfh-8f79/GHSA-7ph6-jpfh-8f79.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7ph6-jpfh-8f79",
+  "modified": "2024-11-18T06:30:35Z",
+  "published": "2024-11-18T06:30:35Z",
+  "aliases": [
+    "CVE-2024-52914"
+  ],
+  "details": "In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos"
+    },
+    {
+      "type": "WEB",
+      "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T04:15:04Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-fx2f-v4hx-q8h6/GHSA-fx2f-v4hx-q8h6.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fx2f-v4hx-q8h6",
+  "modified": "2024-11-18T06:30:35Z",
+  "published": "2024-11-18T06:30:35Z",
+  "aliases": [
+    "CVE-2024-52917"
+  ],
+  "details": "Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52917"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom"
+    },
+    {
+      "type": "WEB",
+      "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T04:15:04Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-h7hm-94xj-mhpm/GHSA-h7hm-94xj-mhpm.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h7hm-94xj-mhpm",
+  "modified": "2024-11-18T06:30:35Z",
+  "published": "2024-11-18T06:30:35Z",
+  "aliases": [
+    "CVE-2024-52913"
+  ],
+  "details": "In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52913"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for"
+    },
+    {
+      "type": "WEB",
+      "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-18T04:15:04Z"
+  }
+}