Publish Advisories

GHSA-4r2r-hjrw-mpq6
GHSA-943v-4mfm-9hjg
GHSA-g632-g6jh-g6fg
GHSA-hggh-f6m4-4c3w
GHSA-mvcm-644q-5c9p
GHSA-p4fv-9x78-9jfq
GHSA-vw47-58pm-68j7

Author: advisory-database[bot]

advisories/unreviewed/2024/11/GHSA-4r2r-hjrw-mpq6/GHSA-4r2r-hjrw-mpq6.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4r2r-hjrw-mpq6",
+  "modified": "2024-11-08T12:31:12Z",
+  "published": "2024-11-08T12:31:12Z",
+  "aliases": [
+    "CVE-2024-10839"
+  ],
+  "details": "Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10839"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-611"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T11:15:03Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-943v-4mfm-9hjg/GHSA-943v-4mfm-9hjg.json

@@ -0,0 +1,46 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-943v-4mfm-9hjg",
+  "modified": "2024-11-08T12:31:12Z",
+  "published": "2024-11-08T12:31:12Z",
+  "aliases": [
+    "CVE-2024-10187"
+  ],
+  "details": "The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10187"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3183178"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/mycred/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T10:15:03Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-g632-g6jh-g6fg/GHSA-g632-g6jh-g6fg.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g632-g6jh-g6fg",
+  "modified": "2024-11-08T12:31:13Z",
+  "published": "2024-11-08T12:31:13Z",
+  "aliases": [
+    "CVE-2024-50590"
+  ],
+  "details": "Attackers with local access to the medical office computer can \nescalate their Windows user privileges to \"NT AUTHORITY\\SYSTEM\" by \noverwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is \"C:\\Elefant1\" which is \nwritable for all users. In addition, the Elefant installer registers two\n Firebird database services which are running as “NT AUTHORITY\\SYSTEM”. \n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbserver.exe\n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbguard.exe\n\n\nBoth service binaries are user writable. This means that a local \nattacker can rename one of the service binaries, replace the service \nexecutable with a new executable, and then restart the system. Once the \nsystem has rebooted, the new service binary is executed as \"NT \nAUTHORITY\\SYSTEM\".",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50590"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hasomed.de/produkte/elefant"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/hasomed"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-250"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T12:15:14Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-hggh-f6m4-4c3w/GHSA-hggh-f6m4-4c3w.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hggh-f6m4-4c3w",
+  "modified": "2024-11-08T12:31:14Z",
+  "published": "2024-11-08T12:31:14Z",
+  "aliases": [
+    "CVE-2024-50591"
+  ],
+  "details": "An attacker with local access the to medical office computer can \nescalate his Windows user privileges to \"NT AUTHORITY\\SYSTEM\" by \nexploiting a command injection vulnerability in the Elefant Update \nService. The command injection can be exploited by communicating with \nthe Elefant Update Service which is running as \"SYSTEM\" via Windows \nNamed Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU\n service which runs as \"NT AUTHORITY\\SYSTEM\" and an ESU tray client \nwhich communicates with the service to update or repair the installation\n and is running with user permissions. The communication is implemented \nusing named pipes. A crafted message of type \n\"MessageType.SupportServiceInfos\" can be sent to the local ESU service \nto inject commands, which are then executed as \"NT AUTHORITY\\SYSTEM\".",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50591"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hasomed.de/produkte/elefant"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/hasomed"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T12:15:14Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-mvcm-644q-5c9p/GHSA-mvcm-644q-5c9p.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mvcm-644q-5c9p",
+  "modified": "2024-11-08T12:31:13Z",
+  "published": "2024-11-08T12:31:13Z",
+  "aliases": [
+    "CVE-2024-50589"
+  ],
+  "details": "An unauthenticated attacker with access to the local network of the \nmedical office can query an unprotected Fast Healthcare Interoperability\n Resources (FHIR) API to get access to sensitive electronic health \nrecords (EHR).",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50589"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hasomed.de/produkte/elefant"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/hasomed"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T12:15:14Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-p4fv-9x78-9jfq/GHSA-p4fv-9x78-9jfq.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p4fv-9x78-9jfq",
+  "modified": "2024-11-08T12:31:14Z",
+  "published": "2024-11-08T12:31:14Z",
+  "aliases": [
+    "CVE-2024-50593"
+  ],
+  "details": "An attacker with local access to the medical office computer can \naccess restricted functions of the Elefant Service tool by using a \nhard-coded \"Hotline\" password in the Elefant service binary, which is shipped with the software.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50593"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hasomed.de/produkte/elefant"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/hasomed"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T12:15:15Z"
+  }
+}

advisories/unreviewed/2024/11/GHSA-vw47-58pm-68j7/GHSA-vw47-58pm-68j7.json

@@ -0,0 +1,46 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vw47-58pm-68j7",
+  "modified": "2024-11-08T12:31:13Z",
+  "published": "2024-11-08T12:31:13Z",
+  "aliases": [
+    "CVE-2024-10325"
+  ],
+  "details": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3182862"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/header-footer-elementor/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7773fd3a-2417-415e-97b0-735e99e62097?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-08T12:15:14Z"
+  }
+}