Advisory Database Sync

advisories/github-reviewed/2024/08/GHSA-frvj-cfq4-3228/GHSA-frvj-cfq4-3228.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-frvj-cfq4-3228",
-  "modified": "2024-08-02T21:13:14Z",
+  "modified": "2024-08-02T21:32:26Z",
   "published": "2024-08-02T21:13:13Z",
   "aliases": [
     "CVE-2024-36116"
@@ -22,7 +22,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "com.dzikoysk:reposilite-backend"
+        "name": "com.reposilite:reposilite-backend"
       },
       "ranges": [
         {

advisories/unreviewed/2022/10/GHSA-6prj-5r8w-3x38/GHSA-6prj-5r8w-3x38.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6prj-5r8w-3x38",
-  "modified": "2022-10-21T12:00:22Z",
+  "modified": "2024-08-02T21:31:32Z",
   "published": "2022-10-18T19:00:33Z",
   "aliases": [
     "CVE-2022-41479"
@@ -24,6 +24,14 @@
     {
       "type": "WEB",
       "url": "https://github.com/IthacaLabs/DevExpress/tree/main/ASP.NET_Web_Forms_Build_19.2.3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://supportcenter.devexpress.com/ticket/details/t1171808/penetration-test-idor-source-code-cve-2022-41479"
+    },
+    {
+      "type": "WEB",
+      "url": "https://supportcenter.devexpress.com/ticket/details/t190349/false-positive-vulnerabilities-known-alerts-detected-by-various-security-scanners-and"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/02/GHSA-35j4-pxc2-3gcf/GHSA-35j4-pxc2-3gcf.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-35j4-pxc2-3gcf",
-  "modified": "2024-02-26T18:30:31Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-02-26T18:30:31Z",
   "aliases": [
     "CVE-2024-25344"
   ],
   "details": "Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -37,9 +40,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-02-26T16:27:58Z"

advisories/unreviewed/2024/03/GHSA-268q-c8pq-99pj/GHSA-268q-c8pq-99pj.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-268q-c8pq-99pj",
-  "modified": "2024-03-20T21:31:14Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T21:31:14Z",
   "aliases": [
     "CVE-2024-25294"
   ],
   "details": "An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -33,9 +36,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-918"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T21:15:30Z"

advisories/unreviewed/2024/03/GHSA-3j55-px9j-gc5p/GHSA-3j55-px9j-gc5p.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3j55-px9j-gc5p",
-  "modified": "2024-03-13T15:31:03Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-13T15:31:03Z",
   "aliases": [
     "CVE-2024-28430"
   ],
   "details": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-13T13:15:47Z"

advisories/unreviewed/2024/03/GHSA-52q4-4w7h-h6vp/GHSA-52q4-4w7h-h6vp.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-52q4-4w7h-h6vp",
-  "modified": "2024-03-27T06:30:32Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-27T06:30:32Z",
   "aliases": [
     "CVE-2023-29134"
   ],
   "details": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
+    }
   ],
   "affected": [
 
@@ -41,9 +44,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-20"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-27T06:15:08Z"

advisories/unreviewed/2024/03/GHSA-5vqc-63mj-rggw/GHSA-5vqc-63mj-rggw.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5vqc-63mj-rggw",
-  "modified": "2024-03-20T15:32:46Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:46Z",
   "aliases": [
     "CVE-2024-28581"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:11Z"

advisories/unreviewed/2024/03/GHSA-746c-3fpg-6m7j/GHSA-746c-3fpg-6m7j.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-746c-3fpg-6m7j",
-  "modified": "2024-03-21T03:36:46Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-21T03:36:46Z",
   "aliases": [
     "CVE-2024-25359"
   ],
   "details": "An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-94"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-21T02:52:14Z"

advisories/unreviewed/2024/03/GHSA-7rg9-mm6v-qwrq/GHSA-7rg9-mm6v-qwrq.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7rg9-mm6v-qwrq",
-  "modified": "2024-03-20T15:32:43Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:43Z",
   "aliases": [
     "CVE-2024-28567"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:09Z"

advisories/unreviewed/2024/03/GHSA-9gc2-35h9-mhj5/GHSA-9gc2-35h9-mhj5.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9gc2-35h9-mhj5",
-  "modified": "2024-03-20T15:32:45Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:45Z",
   "aliases": [
     "CVE-2024-28575"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:10Z"

advisories/unreviewed/2024/03/GHSA-c7gv-5x7r-f2g7/GHSA-c7gv-5x7r-f2g7.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c7gv-5x7r-f2g7",
-  "modified": "2024-03-20T15:32:43Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:43Z",
   "aliases": [
     "CVE-2024-28568"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:09Z"

advisories/unreviewed/2024/03/GHSA-fcwm-gx7c-6hgc/GHSA-fcwm-gx7c-6hgc.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fcwm-gx7c-6hgc",
-  "modified": "2024-03-20T15:32:46Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:46Z",
   "aliases": [
     "CVE-2024-28580"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:11Z"

advisories/unreviewed/2024/03/GHSA-fwx6-53vm-r73w/GHSA-fwx6-53vm-r73w.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwx6-53vm-r73w",
-  "modified": "2024-03-20T15:32:45Z",
+  "modified": "2024-08-02T21:31:33Z",
   "published": "2024-03-20T15:32:45Z",
   "aliases": [
     "CVE-2024-28574"
   ],
   "details": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T06:15:10Z"