-
Notifications
You must be signed in to change notification settings - Fork 348
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-jhrr-7ggp-3gv3 GHSA-4jmm-c6jw-g796 GHSA-56wj-jfhp-fq9f GHSA-6qqx-cj95-m623 GHSA-7gch-jrxx-fw58 GHSA-9jv3-q6v2-w6g3 GHSA-cw3q-225p-f4mw GHSA-f6rc-73vx-29h5 GHSA-gqv4-535f-vxpp GHSA-gqx3-6rgq-72pg GHSA-hh2c-m2f3-3q9f GHSA-hw68-mw93-xgrg GHSA-jr9f-6cwx-mfjg GHSA-mpvx-whpp-99xj GHSA-p9pr-gh8g-j3cx GHSA-qjh8-9wf4-5229 GHSA-qpgw-j75c-j585 GHSA-r6qh-j42j-pw64 GHSA-w929-482x-r269 GHSA-wr3p-r5fj-wf97
- Loading branch information
1 parent
96f485b
commit fac12e7
Showing
20 changed files
with
733 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2024/07/GHSA-4jmm-c6jw-g796/GHSA-4jmm-c6jw-g796.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4jmm-c6jw-g796", | ||
| "modified": "2024-07-31T21:32:38Z", | ||
| "published": "2024-07-31T21:32:38Z", | ||
| "aliases": [ | ||
| "CVE-2024-41255" | ||
| ], | ||
| "details": "filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41255" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:18Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/07/GHSA-56wj-jfhp-fq9f/GHSA-56wj-jfhp-fq9f.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-56wj-jfhp-fq9f", | ||
| "modified": "2024-07-31T21:32:38Z", | ||
| "published": "2024-07-31T21:32:38Z", | ||
| "aliases": [ | ||
| "CVE-2019-6198" | ||
| ], | ||
| "details": "A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6198" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://iknow.lenovo.com.cn/detail/186945.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-287" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:12Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/07/GHSA-6qqx-cj95-m623/GHSA-6qqx-cj95-m623.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6qqx-cj95-m623", | ||
| "modified": "2024-07-31T21:32:38Z", | ||
| "published": "2024-07-31T21:32:37Z", | ||
| "aliases": [ | ||
| "CVE-2017-3772" | ||
| ], | ||
| "details": "A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3772" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://iknow.lenovo.com.cn/detail/171959" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-20" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:12Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/07/GHSA-7gch-jrxx-fw58/GHSA-7gch-jrxx-fw58.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7gch-jrxx-fw58", | ||
| "modified": "2024-07-31T21:32:38Z", | ||
| "published": "2024-07-31T21:32:38Z", | ||
| "aliases": [ | ||
| "CVE-2023-1577" | ||
| ], | ||
| "details": "A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1577" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://iknow.lenovo.com.cn/detail/dc_415202.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-20" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:15Z" | ||
| } | ||
| } |
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2024/07/GHSA-9jv3-q6v2-w6g3/GHSA-9jv3-q6v2-w6g3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9jv3-q6v2-w6g3", | ||
| "modified": "2024-07-31T21:32:38Z", | ||
| "published": "2024-07-31T21:32:38Z", | ||
| "aliases": [ | ||
| "CVE-2024-41253" | ||
| ], | ||
| "details": "goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41253" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/nyxfqq/f69d41c69a4d0751841f4d972b9745da" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:17Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/07/GHSA-cw3q-225p-f4mw/GHSA-cw3q-225p-f4mw.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-cw3q-225p-f4mw", | ||
| "modified": "2024-07-31T21:32:39Z", | ||
| "published": "2024-07-31T21:32:39Z", | ||
| "aliases": [ | ||
| "CVE-2024-4187" | ||
| ], | ||
| "details": "Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:D/RE:L/U:Green" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4187" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://portal.microfocus.com/s/article/KM000032291" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-356" | ||
| ], | ||
| "severity": "LOW", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:18Z" | ||
| } | ||
| } |
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2024/07/GHSA-f6rc-73vx-29h5/GHSA-f6rc-73vx-29h5.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-f6rc-73vx-29h5", | ||
| "modified": "2024-07-31T21:32:39Z", | ||
| "published": "2024-07-31T21:32:38Z", | ||
| "aliases": [ | ||
| "CVE-2024-41258" | ||
| ], | ||
| "details": "An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41258" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/nyxfqq/ed8c2ba3398c9e28cd8dbf0902bd8edf" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:18Z" | ||
| } | ||
| } |
43 changes: 43 additions & 0 deletions
43
advisories/unreviewed/2024/07/GHSA-gqv4-535f-vxpp/GHSA-gqv4-535f-vxpp.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-gqv4-535f-vxpp", | ||
| "modified": "2024-07-31T21:32:37Z", | ||
| "published": "2024-07-31T21:32:37Z", | ||
| "aliases": [ | ||
| "CVE-2024-41630" | ||
| ], | ||
| "details": "Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41630" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://palm-vertebra-fe9.notion.site/form_fast_setting_wifi_set-fd47294cf4bb460bb95f804d39e53f34" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.tendacn.com/hk/download/detail-3852.html" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.tendacn.com/hk/download/detail-3863.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T19:15:12Z" | ||
| } | ||
| } |
54 changes: 54 additions & 0 deletions
54
advisories/unreviewed/2024/07/GHSA-gqx3-6rgq-72pg/GHSA-gqx3-6rgq-72pg.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-gqx3-6rgq-72pg", | ||
| "modified": "2024-07-31T21:32:39Z", | ||
| "published": "2024-07-31T21:32:39Z", | ||
| "aliases": [ | ||
| "CVE-2024-7326" | ||
| ], | ||
| "details": "A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7326" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lab52.io/blog/dll-side-loading-through-iobit-against-colombia" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.273249" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.273249" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.378150" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-427" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-07-31T21:15:19Z" | ||
| } | ||
| } |
Oops, something went wrong.