Advisory Database Sync

advisories/unreviewed/2024/04/GHSA-4g4r-f763-vv8x/GHSA-4g4r-f763-vv8x.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4g4r-f763-vv8x",
-  "modified": "2024-04-16T18:31:36Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-16T18:31:36Z",
   "aliases": [
     "CVE-2024-3865"
   ],
   "details": "Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-119"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-16T16:15:08Z"

advisories/unreviewed/2024/04/GHSA-4rjg-8j2c-ccv6/GHSA-4rjg-8j2c-ccv6.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4rjg-8j2c-ccv6",
-  "modified": "2024-04-08T03:30:52Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-08T03:30:52Z",
   "aliases": [
     "CVE-2023-52535"
   ],
   "details": "In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-20"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-08T03:15:08Z"

advisories/unreviewed/2024/04/GHSA-c57v-m6pm-5pr4/GHSA-c57v-m6pm-5pr4.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c57v-m6pm-5pr4",
-  "modified": "2024-04-04T06:30:34Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-04T06:30:34Z",
   "aliases": [
     "CVE-2024-31025"
   ],
   "details": "SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-04T05:15:19Z"

advisories/unreviewed/2024/04/GHSA-fmpc-xp2h-4h2w/GHSA-fmpc-xp2h-4h2w.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fmpc-xp2h-4h2w",
-  "modified": "2024-04-25T21:30:31Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-25T21:30:30Z",
   "aliases": [
     "CVE-2024-30939"
   ],
   "details": "An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-287"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-25T19:15:49Z"

advisories/unreviewed/2024/04/GHSA-pwff-c3p7-fx7c/GHSA-pwff-c3p7-fx7c.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pwff-c3p7-fx7c",
-  "modified": "2024-04-29T03:30:46Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-29T03:30:46Z",
   "aliases": [
     "CVE-2024-33903"
   ],
   "details": "In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -41,9 +44,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-693"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-29T01:15:09Z"

advisories/unreviewed/2024/04/GHSA-vccv-g694-8ww5/GHSA-vccv-g694-8ww5.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vccv-g694-8ww5",
-  "modified": "2024-04-17T00:30:57Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-04-17T00:30:57Z",
   "aliases": [
     "CVE-2024-31680"
   ],
   "details": "File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-434"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-04-17T00:15:07Z"

advisories/unreviewed/2024/05/GHSA-9hf6-6h22-3j9h/GHSA-9hf6-6h22-3j9h.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9hf6-6h22-3j9h",
-  "modified": "2024-05-14T15:32:54Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-05-14T15:32:54Z",
   "aliases": [
     "CVE-2024-30802"
   ],
   "details": "An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-1393"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-05-14T15:23:53Z"

advisories/unreviewed/2024/06/GHSA-2jfg-r68g-p4gm/GHSA-2jfg-r68g-p4gm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jfg-r68g-p4gm",
-  "modified": "2024-06-25T21:31:16Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-06-25T21:31:16Z",
   "aliases": [
     "CVE-2024-4884"

advisories/unreviewed/2024/06/GHSA-5prg-92hj-2g9x/GHSA-5prg-92hj-2g9x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5prg-92hj-2g9x",
-  "modified": "2024-06-25T21:31:16Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-06-25T21:31:16Z",
   "aliases": [
     "CVE-2024-5008"

advisories/unreviewed/2024/06/GHSA-67p8-jrm8-g765/GHSA-67p8-jrm8-g765.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-67p8-jrm8-g765",
-  "modified": "2024-06-26T15:31:01Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-06-25T21:31:16Z",
   "aliases": [
     "CVE-2024-5011"

advisories/unreviewed/2024/06/GHSA-h33q-qggg-pqmj/GHSA-h33q-qggg-pqmj.json

@@ -28,7 +28,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-327"
+      "CWE-327",
+      "CWE-347"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2024/07/GHSA-54h9-mq6x-g6rj/GHSA-54h9-mq6x-g6rj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-54h9-mq6x-g6rj",
-  "modified": "2024-07-21T09:30:32Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-07-21T09:30:32Z",
   "aliases": [
     "CVE-2024-37522"

advisories/unreviewed/2024/07/GHSA-9hx9-q6rp-5gwc/GHSA-9hx9-q6rp-5gwc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9hx9-q6rp-5gwc",
-  "modified": "2024-07-30T09:32:06Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-07-30T09:32:06Z",
   "aliases": [
     "CVE-2024-38431"
@@ -28,6 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-203",
       "CWE-204"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2024/07/GHSA-p8cq-42f6-5q3j/GHSA-p8cq-42f6-5q3j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p8cq-42f6-5q3j",
-  "modified": "2024-07-30T09:32:09Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-07-30T09:32:09Z",
   "aliases": [
     "CVE-2024-38432"
@@ -28,6 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-345",
       "CWE-646"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2024/08/GHSA-28pw-27gw-65v8/GHSA-28pw-27gw-65v8.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28pw-27gw-65v8",
-  "modified": "2024-08-27T12:30:44Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-08-27T12:30:44Z",
   "aliases": [
     "CVE-2024-6789"
   ],
   "details": "A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green"

advisories/unreviewed/2024/08/GHSA-436p-pp82-ppwq/GHSA-436p-pp82-ppwq.json

@@ -36,7 +36,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/08/GHSA-78jf-j6qx-c7j3/GHSA-78jf-j6qx-c7j3.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-78jf-j6qx-c7j3",
-  "modified": "2024-08-05T21:31:19Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-08-05T21:31:19Z",
   "aliases": [
     "CVE-2024-42008"
   ],
   "details": "A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -41,9 +44,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-05T19:15:38Z"

advisories/unreviewed/2024/08/GHSA-78wv-wpmf-ghfp/GHSA-78wv-wpmf-ghfp.json

@@ -28,7 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2024/08/GHSA-c382-6838-fr3r/GHSA-c382-6838-fr3r.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c382-6838-fr3r",
-  "modified": "2024-08-29T18:31:35Z",
+  "modified": "2024-09-07T00:31:28Z",
   "published": "2024-08-29T18:31:35Z",
   "aliases": [
     "CVE-2024-8255"
   ],
   "details": "Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"