diff --git a/advisories/unreviewed/2024/12/GHSA-2r73-v75c-63j8/GHSA-2r73-v75c-63j8.json b/advisories/unreviewed/2024/12/GHSA-2r73-v75c-63j8/GHSA-2r73-v75c-63j8.json new file mode 100644 index 0000000000000..845bfd331c25b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-2r73-v75c-63j8/GHSA-2r73-v75c-63j8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2r73-v75c-63j8", + "modified": "2024-12-21T15:30:32Z", + "published": "2024-12-21T15:30:32Z", + "aliases": [ + "CVE-2024-51463" + ], + "details": "IBM i 7.3, 7.4, and 7.5 \n\nis vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51463" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7179509" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-21T14:15:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5vvc-xx34-vxvm/GHSA-5vvc-xx34-vxvm.json b/advisories/unreviewed/2024/12/GHSA-5vvc-xx34-vxvm/GHSA-5vvc-xx34-vxvm.json new file mode 100644 index 0000000000000..7df0aab8724bd --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-5vvc-xx34-vxvm/GHSA-5vvc-xx34-vxvm.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5vvc-xx34-vxvm", + "modified": "2024-12-21T15:30:32Z", + "published": "2024-12-21T15:30:32Z", + "aliases": [ + "CVE-2024-12884" + ], + "details": "A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12884" + }, + { + "type": "WEB", + "url": "https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289142" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289142" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.466519" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-21T14:15:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-fqvv-mh7w-3jq3/GHSA-fqvv-mh7w-3jq3.json b/advisories/unreviewed/2024/12/GHSA-fqvv-mh7w-3jq3/GHSA-fqvv-mh7w-3jq3.json new file mode 100644 index 0000000000000..404757088e57b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-fqvv-mh7w-3jq3/GHSA-fqvv-mh7w-3jq3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fqvv-mh7w-3jq3", + "modified": "2024-12-21T15:30:32Z", + "published": "2024-12-21T15:30:32Z", + "aliases": [ + "CVE-2024-51464" + ], + "details": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51464" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7179509" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-644" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-21T14:15:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-x5px-7xqx-qr2x/GHSA-x5px-7xqx-qr2x.json b/advisories/unreviewed/2024/12/GHSA-x5px-7xqx-qr2x/GHSA-x5px-7xqx-qr2x.json new file mode 100644 index 0000000000000..fc86bc8eec41c --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-x5px-7xqx-qr2x/GHSA-x5px-7xqx-qr2x.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5px-7xqx-qr2x", + "modified": "2024-12-21T15:30:32Z", + "published": "2024-12-21T15:30:32Z", + "aliases": [ + "CVE-2024-12883" + ], + "details": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12883" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://github.com/su-co/cve/blob/main/xss-su-co.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289141" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289141" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.466393" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-21T13:15:05Z" + } +} \ No newline at end of file