-
Notifications
You must be signed in to change notification settings - Fork 365
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-8pp6-343g-mgj6 GHSA-238m-xccf-m2f6 GHSA-65f9-wqxf-mh9r GHSA-v567-j6g5-phvx GHSA-3pfh-7988-fh4j GHSA-3qhf-qr39-9c9w GHSA-3rm2-4q4r-254r GHSA-4g52-qrp4-6j69 GHSA-j97x-4gxg-7x49 GHSA-mpcv-wcv8-6rxw GHSA-q68p-h2v7-5w73 GHSA-r9hc-hfrh-p2p9
- Loading branch information
1 parent
2179904
commit 472f1a4
Showing
12 changed files
with
352 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -29,6 +29,10 @@ | |
| "type": "WEB", | ||
| "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -29,6 +29,10 @@ | |
| "type": "WEB", | ||
| "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" | ||
|
|
||
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2023/10/GHSA-3pfh-7988-fh4j/GHSA-3pfh-7988-fh4j.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-3pfh-7988-fh4j", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-41668" | ||
| ], | ||
| "details": "Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41668" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/leadster-marketing-conversacional/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-352" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
46 changes: 46 additions & 0 deletions
46
advisories/unreviewed/2023/10/GHSA-3qhf-qr39-9c9w/GHSA-3qhf-qr39-9c9w.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-3qhf-qr39-9c9w", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-39194" | ||
| ], | ||
| "details": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39194" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-39194" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226788" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2023/10/GHSA-3rm2-4q4r-254r/GHSA-3rm2-4q4r-254r.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-3rm2-4q4r-254r", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-39189" | ||
| ], | ||
| "details": "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39189" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-39189" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226777" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2023/10/GHSA-4g52-qrp4-6j69/GHSA-4g52-qrp4-6j69.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-4g52-qrp4-6j69", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-41667" | ||
| ], | ||
| "details": "Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41667" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/wp-dtree-30/wordpress-wp-dtree-plugin-4-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-352" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
35 changes: 35 additions & 0 deletions
35
advisories/unreviewed/2023/10/GHSA-j97x-4gxg-7x49/GHSA-j97x-4gxg-7x49.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-j97x-4gxg-7x49", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-5365" | ||
| ], | ||
| "details": "HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5365" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://support.hp.com/us-en/document/ish_9393937-9393961-16/hpsbgn03870" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
46 changes: 46 additions & 0 deletions
46
advisories/unreviewed/2023/10/GHSA-mpcv-wcv8-6rxw/GHSA-mpcv-wcv8-6rxw.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-mpcv-wcv8-6rxw", | ||
| "modified": "2023-10-09T18:30:20Z", | ||
| "published": "2023-10-09T18:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-39193" | ||
| ], | ||
| "details": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39193" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-39193" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226787" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2023/10/GHSA-q68p-h2v7-5w73/GHSA-q68p-h2v7-5w73.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-q68p-h2v7-5w73", | ||
| "modified": "2023-10-09T18:30:19Z", | ||
| "published": "2023-10-09T18:30:19Z", | ||
| "aliases": [ | ||
| "CVE-2023-30910" | ||
| ], | ||
| "details": "HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. ", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30910" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-444" | ||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
Oops, something went wrong.