Publish Advisories

GHSA-37p6-2h72-m598
GHSA-4grj-79m7-r238
GHSA-7x54-8vhv-9frj
GHSA-82w3-g3q9-mxc3
GHSA-cwwg-grjw-cmp5
GHSA-gm3p-cxxm-phr6
GHSA-jpc8-626f-3qrq
GHSA-3fr4-6j9r-w2r5
GHSA-4cpx-q734-j233
GHSA-4wqq-mhqm-j8fh
GHSA-5cjw-xf6c-qrgq
GHSA-5x7w-24q4-v7qf
GHSA-6pq6-pgx4-rhpr
GHSA-97wv-h596-7vrg
GHSA-gh9v-q4wx-5m5c
GHSA-qw3c-q5mw-r893
GHSA-qwvh-x5gw-88v2
GHSA-rmhg-2pcx-wcr2
GHSA-xmx8-gmfw-pv3c
GHSA-xrw6-rg6p-44v6

advisories/unreviewed/2024/03/GHSA-37p6-2h72-m598/GHSA-37p6-2h72-m598.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37p6-2h72-m598",
-  "modified": "2024-03-21T03:36:45Z",
+  "modified": "2024-08-03T21:30:33Z",
   "published": "2024-03-21T03:36:45Z",
   "aliases": [
     "CVE-2023-49978"
   ],
   "details": "Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-284"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-21T02:49:38Z"

advisories/unreviewed/2024/03/GHSA-4grj-79m7-r238/GHSA-4grj-79m7-r238.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4grj-79m7-r238",
-  "modified": "2024-03-27T06:30:30Z",
+  "modified": "2024-08-03T21:30:34Z",
   "published": "2024-03-27T06:30:30Z",
   "aliases": [
     "CVE-2023-40286"
   ],
   "details": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-27T04:15:09Z"

advisories/unreviewed/2024/03/GHSA-7x54-8vhv-9frj/GHSA-7x54-8vhv-9frj.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7x54-8vhv-9frj",
-  "modified": "2024-03-20T15:32:30Z",
+  "modified": "2024-08-03T21:30:33Z",
   "published": "2024-03-20T15:32:30Z",
   "aliases": [
     "CVE-2024-22078"
   ],
   "details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-280"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T05:15:45Z"

advisories/unreviewed/2024/03/GHSA-82w3-g3q9-mxc3/GHSA-82w3-g3q9-mxc3.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-82w3-g3q9-mxc3",
-  "modified": "2024-03-05T15:32:41Z",
+  "modified": "2024-08-03T21:30:33Z",
   "published": "2024-03-05T15:32:41Z",
   "aliases": [
     "CVE-2024-27623"
   ],
   "details": "CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-352"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-05T14:15:49Z"

advisories/unreviewed/2024/03/GHSA-cwwg-grjw-cmp5/GHSA-cwwg-grjw-cmp5.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cwwg-grjw-cmp5",
-  "modified": "2024-03-20T15:32:29Z",
+  "modified": "2024-08-03T21:30:33Z",
   "published": "2024-03-20T15:32:29Z",
   "aliases": [
     "CVE-2024-22077"
   ],
   "details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-280"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T05:15:45Z"

advisories/unreviewed/2024/03/GHSA-gm3p-cxxm-phr6/GHSA-gm3p-cxxm-phr6.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gm3p-cxxm-phr6",
-  "modified": "2024-03-20T15:32:32Z",
+  "modified": "2024-08-03T21:30:33Z",
   "published": "2024-03-20T15:32:32Z",
   "aliases": [
     "CVE-2024-22084"
   ],
   "details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-312"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-20T05:15:45Z"

advisories/unreviewed/2024/03/GHSA-jpc8-626f-3qrq/GHSA-jpc8-626f-3qrq.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jpc8-626f-3qrq",
-  "modified": "2024-03-26T21:30:47Z",
+  "modified": "2024-08-03T21:30:34Z",
   "published": "2024-03-26T21:30:47Z",
   "aliases": [
     "CVE-2023-51148"
   ],
   "details": "An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-121"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-26T21:15:52Z"

advisories/unreviewed/2024/08/GHSA-3fr4-6j9r-w2r5/GHSA-3fr4-6j9r-w2r5.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fr4-6j9r-w2r5",
+  "modified": "2024-08-03T21:30:34Z",
+  "published": "2024-08-03T21:30:34Z",
+  "aliases": [
+    "CVE-2024-7446"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273531.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7446"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE10-3.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.273531"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.273531"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.383645"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-08-03T21:15:39Z"
+  }
+}

advisories/unreviewed/2024/08/GHSA-4cpx-q734-j233/GHSA-4cpx-q734-j233.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4cpx-q734-j233",
-  "modified": "2024-08-02T15:31:19Z",
+  "modified": "2024-08-03T21:30:34Z",
   "published": "2024-08-02T15:31:19Z",
   "aliases": [
     "CVE-2024-38890"
   ],
   "details": "An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-294"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-02T15:16:35Z"

advisories/unreviewed/2024/08/GHSA-4wqq-mhqm-j8fh/GHSA-4wqq-mhqm-j8fh.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4wqq-mhqm-j8fh",
+  "modified": "2024-08-03T21:30:34Z",
+  "published": "2024-08-03T21:30:34Z",
+  "aliases": [
+    "CVE-2024-7445"
+  ],
+  "details": "A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273530 is the identifier assigned to this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7445"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.273530"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.273530"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.383644"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-08-03T20:15:39Z"
+  }
+}