diff --git a/advisories/unreviewed/2024/03/GHSA-pv98-48f2-5vjr/GHSA-pv98-48f2-5vjr.json b/advisories/unreviewed/2024/03/GHSA-pv98-48f2-5vjr/GHSA-pv98-48f2-5vjr.json index 51e1b0a2b9556..1c7b54503146c 100644 --- a/advisories/unreviewed/2024/03/GHSA-pv98-48f2-5vjr/GHSA-pv98-48f2-5vjr.json +++ b/advisories/unreviewed/2024/03/GHSA-pv98-48f2-5vjr/GHSA-pv98-48f2-5vjr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pv98-48f2-5vjr", - "modified": "2024-07-08T18:31:15Z", + "modified": "2024-07-08T21:31:40Z", "published": "2024-03-03T00:30:32Z", "aliases": [ "CVE-2024-26621" @@ -37,6 +37,22 @@ { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/07/08/3" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/07/08/4" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/07/08/5" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/07/08/6" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/07/08/7" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/07/GHSA-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json b/advisories/unreviewed/2024/07/GHSA-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json new file mode 100644 index 0000000000000..3282d721ca930 --- /dev/null +++ b/advisories/unreviewed/2024/07/GHSA-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-36h2-g4c8-9xcm", + "modified": "2024-07-08T21:31:40Z", + "published": "2024-07-08T21:31:40Z", + "aliases": [ + "CVE-2024-6227" + ], + "details": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6227" + }, + { + "type": "WEB", + "url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-07-08T19:15:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/07/GHSA-v7mh-qpq8-5g5p/GHSA-v7mh-qpq8-5g5p.json b/advisories/unreviewed/2024/07/GHSA-v7mh-qpq8-5g5p/GHSA-v7mh-qpq8-5g5p.json new file mode 100644 index 0000000000000..aa01c449aa2be --- /dev/null +++ b/advisories/unreviewed/2024/07/GHSA-v7mh-qpq8-5g5p/GHSA-v7mh-qpq8-5g5p.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v7mh-qpq8-5g5p", + "modified": "2024-07-08T21:31:40Z", + "published": "2024-07-08T21:31:40Z", + "aliases": [ + "CVE-2024-6580" + ], + "details": "The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:X" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6580" + }, + { + "type": "WEB", + "url": "https://www.nsoftware.com/kb/articles/cve-2024-5806" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1390" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-07-08T19:15:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/07/GHSA-xpp6-8r3j-ww43/GHSA-xpp6-8r3j-ww43.json b/advisories/unreviewed/2024/07/GHSA-xpp6-8r3j-ww43/GHSA-xpp6-8r3j-ww43.json new file mode 100644 index 0000000000000..3f1b32c260aae --- /dev/null +++ b/advisories/unreviewed/2024/07/GHSA-xpp6-8r3j-ww43/GHSA-xpp6-8r3j-ww43.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xpp6-8r3j-ww43", + "modified": "2024-07-08T21:31:40Z", + "published": "2024-07-08T21:31:40Z", + "aliases": [ + "CVE-2024-5971" + ], + "details": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2024-5971" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-07-08T21:15:12Z" + } +} \ No newline at end of file