-
Notifications
You must be signed in to change notification settings - Fork 347
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-5667-3wch-7q7w GHSA-9ph3-v2vh-3qx7 GHSA-f8h5-v2vg-46rr GHSA-9442-gm4v-r222 GHSA-xpp6-8r3j-ww43 GHSA-4mm4-33wm-56jr GHSA-vhhq-fxg5-hvp8 GHSA-3c87-xvq4-93w3 GHSA-4rrj-v9hp-2x5j GHSA-f3h5-qqxj-cvgg GHSA-x36j-wqpg-pv3x GHSA-4mh8-9689-38vr GHSA-5pr4-6wfv-6xhj GHSA-64jh-cjwc-w8q6 GHSA-662h-2c64-c76h GHSA-69p6-gp5x-j269 GHSA-85wf-3fq7-j8h4 GHSA-8g2f-8jp6-pr2w GHSA-cwv5-fqmq-fwm6 GHSA-qpj7-w54m-mjrv GHSA-rqj2-mmcv-cgq6 GHSA-wqw3-p83g-r24v
- Loading branch information
1 parent
529b373
commit dd2ab8e
Showing
22 changed files
with
398 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
advisories/unreviewed/2024/06/GHSA-4rrj-v9hp-2x5j/GHSA-4rrj-v9hp-2x5j.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
advisories/unreviewed/2024/06/GHSA-f3h5-qqxj-cvgg/GHSA-f3h5-qqxj-cvgg.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
advisories/unreviewed/2024/06/GHSA-x36j-wqpg-pv3x/GHSA-x36j-wqpg-pv3x.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
advisories/unreviewed/2024/07/GHSA-4mh8-9689-38vr/GHSA-4mh8-9689-38vr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4mh8-9689-38vr", | ||
| "modified": "2024-07-25T21:31:20Z", | ||
| "published": "2024-07-25T21:31:20Z", | ||
| "aliases": [ | ||
| "CVE-2024-1724" | ||
| ], | ||
| "details": "In snapd versions prior to 2.62, when using AppArmor for enforcement of \nsandbox permissions, snapd failed to restrict writes to the $HOME/bin\npath. In Ubuntu, when this path exists, it is automatically added to\nthe users PATH. An attacker who could convince a user to install a\nmalicious snap which used the 'home' plug could use this vulnerability\nto install arbitrary scripts into the users PATH which may then be run\nby the user outside of the expected snap sandbox and hence allow them\nto escape confinement.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1724" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/snapcore/snapd/pull/13689" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gld.mcphail.uk/posts/explaining-cve-2024-1724" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-732" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-25T19:15:09Z" | ||
| } | ||
| } |
54 changes: 54 additions & 0 deletions
54
advisories/unreviewed/2024/07/GHSA-5pr4-6wfv-6xhj/GHSA-5pr4-6wfv-6xhj.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5pr4-6wfv-6xhj", | ||
| "modified": "2024-07-25T21:31:20Z", | ||
| "published": "2024-07-25T21:31:20Z", | ||
| "aliases": [ | ||
| "CVE-2024-7105" | ||
| ], | ||
| "details": "A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7105" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.272430" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.272430" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.376659" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-89" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-25T21:15:11Z" | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2024/07/GHSA-64jh-cjwc-w8q6/GHSA-64jh-cjwc-w8q6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-64jh-cjwc-w8q6", | ||
| "modified": "2024-07-25T21:31:20Z", | ||
| "published": "2024-07-25T21:31:20Z", | ||
| "aliases": [ | ||
| "CVE-2024-29068" | ||
| ], | ||
| "details": "In snapd versions prior to 2.62, snapd failed to properly check the file\ntype when extracting a snap. The snap format is a squashfs file-system\nimage and so can contain files that are non-regular files (such as pipes \nor sockets etc). Various file entries within the snap squashfs image\n(such as icons etc) are directly read by snapd when it is extracted. An \nattacker who could convince a user to install a malicious snap which\ncontained non-regular files at these paths could then cause snapd to block\nindefinitely trying to read from such files and cause a denial of service.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29068" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/snapcore/snapd/pull/13682" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-20" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-25T20:15:04Z" | ||
| } | ||
| } |
2 changes: 1 addition & 1 deletion
2
advisories/unreviewed/2024/07/GHSA-662h-2c64-c76h/GHSA-662h-2c64-c76h.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/07/GHSA-69p6-gp5x-j269/GHSA-69p6-gp5x-j269.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-69p6-gp5x-j269", | ||
| "modified": "2024-07-25T21:31:20Z", | ||
| "published": "2024-07-25T21:31:20Z", | ||
| "aliases": [ | ||
| "CVE-2024-29069" | ||
| ], | ||
| "details": "In snapd versions prior to 2.62, snapd failed to properly check the\ndestination of symbolic links when extracting a snap. The snap format \nis a squashfs file-system image and so can contain symbolic links and\nother file types. Various file entries within the snap squashfs image\n(such as icons and desktop files etc) are directly read by snapd when\nit is extracted. An attacker who could convince a user to install a\nmalicious snap which contained symbolic links at these paths could then \ncause snapd to write out the contents of the symbolic link destination\ninto a world-readable directory. This in-turn could allow an unprivileged\nuser to gain access to privileged information.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29069" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/snapcore/snapd/pull/13682" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-610" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-25T20:15:04Z" | ||
| } | ||
| } |
Oops, something went wrong.