forked from github/advisory-database
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-4262-7rxm-xfp7 GHSA-597x-4hfr-67c4 GHSA-6xj8-67w9-54rv GHSA-fjfc-48h7-67x9 GHSA-mfh5-9vgh-ffpg GHSA-ph95-6589-h2hv
- Loading branch information
1 parent
0e95084
commit ec3a3d3
Showing
6 changed files
with
226 additions
and
0 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/04/GHSA-4262-7rxm-xfp7/GHSA-4262-7rxm-xfp7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4262-7rxm-xfp7", | ||
| "modified": "2024-04-03T09:30:32Z", | ||
| "published": "2024-04-03T09:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-28515" | ||
| ], | ||
| "details": "Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28515" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/heshi906/090b647a76981b8aa621e99fd6e1795d" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/heshi906/CVE-2024-28515" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T07:15:44Z" | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/04/GHSA-597x-4hfr-67c4/GHSA-597x-4hfr-67c4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-597x-4hfr-67c4", | ||
| "modified": "2024-04-03T09:30:32Z", | ||
| "published": "2024-04-03T09:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2024-24506" | ||
| ], | ||
| "details": "Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24506" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugs.limesurvey.org/bug_relationship_graph.php?bug_id=19364&graph=relation" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.exploit-db.com/exploits/51926" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T07:15:42Z" | ||
| } | ||
| } |
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2024/04/GHSA-6xj8-67w9-54rv/GHSA-6xj8-67w9-54rv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6xj8-67w9-54rv", | ||
| "modified": "2024-04-03T09:30:33Z", | ||
| "published": "2024-04-03T09:30:33Z", | ||
| "aliases": [ | ||
| "CVE-2024-28589" | ||
| ], | ||
| "details": "An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28589" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.axigen.com/knowledgebase/Local-Privilege-Escalation-Vulnerability-on-Axigen-for-Windows-CVE-2024-28589-_402.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T08:15:49Z" | ||
| } | ||
| } |
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2024/04/GHSA-fjfc-48h7-67x9/GHSA-fjfc-48h7-67x9.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-fjfc-48h7-67x9", | ||
| "modified": "2024-04-03T09:30:33Z", | ||
| "published": "2024-04-03T09:30:33Z", | ||
| "aliases": [ | ||
| "CVE-2024-29734" | ||
| ], | ||
| "details": "Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29734" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://jvn.jp/en/jp/JVN40367518" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T08:15:49Z" | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/04/GHSA-mfh5-9vgh-ffpg/GHSA-mfh5-9vgh-ffpg.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-mfh5-9vgh-ffpg", | ||
| "modified": "2024-04-03T09:30:32Z", | ||
| "published": "2024-04-03T09:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2023-35764" | ||
| ], | ||
| "details": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35764" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://jvn.jp/en/jp/JVN51098626" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wordpress.org/plugins/survey-maker" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T08:15:49Z" | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/04/GHSA-ph95-6589-h2hv/GHSA-ph95-6589-h2hv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-ph95-6589-h2hv", | ||
| "modified": "2024-04-03T09:30:32Z", | ||
| "published": "2024-04-03T09:30:32Z", | ||
| "aliases": [ | ||
| "CVE-2023-34423" | ||
| ], | ||
| "details": "Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34423" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://jvn.jp/en/jp/JVN51098626" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wordpress.org/plugins/survey-maker" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-04-03T08:15:48Z" | ||
| } | ||
| } |