Publish Advisories

GHSA-38cc-8h76-38hf
GHSA-5pv6-mmq6-6w3p
GHSA-7jr6-fvm5-h86m
GHSA-cjq8-723f-8fmv
GHSA-f2wx-vcrf-76pc
GHSA-h2v6-2834-235m
GHSA-jh2w-8chx-3fxj
GHSA-m2vv-g52m-x3qw
GHSA-qw4m-qq5c-43c6
GHSA-rgcv-cq58-fv8p
GHSA-vv8h-m63v-53pq

Author: advisory-database[bot]

advisories/unreviewed/2024/07/GHSA-38cc-8h76-38hf/GHSA-38cc-8h76-38hf.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-38cc-8h76-38hf",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3175"
   ],
   "details": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
+    }
   ],
   "affected": [
 
@@ -31,7 +34,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:24Z"

advisories/unreviewed/2024/07/GHSA-5pv6-mmq6-6w3p/GHSA-5pv6-mmq6-6w3p.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pv6-mmq6-6w3p",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3172"
   ],
   "details": "Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -31,7 +34,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:23Z"

advisories/unreviewed/2024/07/GHSA-7jr6-fvm5-h86m/GHSA-7jr6-fvm5-h86m.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7jr6-fvm5-h86m",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-5500"
   ],
   "details": "Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -31,7 +34,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:24Z"

advisories/unreviewed/2024/07/GHSA-cjq8-723f-8fmv/GHSA-cjq8-723f-8fmv.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cjq8-723f-8fmv",
+  "modified": "2024-07-18T15:31:19Z",
+  "published": "2024-07-18T15:31:19Z",
+  "aliases": [
+    "CVE-2024-31143"
+  ],
+  "details": "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors.  Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo.  In this handling an error path could be taken in different\nsituations, with or without a particular lock held.  This error path\nwrongly releases the lock even when it is not currently held.\n",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31143"
+    },
+    {
+      "type": "WEB",
+      "url": "https://xenbits.xenproject.org/xsa/advisory-458.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-07-18T14:15:04Z"
+  }
+}

advisories/unreviewed/2024/07/GHSA-f2wx-vcrf-76pc/GHSA-f2wx-vcrf-76pc.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f2wx-vcrf-76pc",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3171"
   ],
   "details": "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-416"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:23Z"

advisories/unreviewed/2024/07/GHSA-h2v6-2834-235m/GHSA-h2v6-2834-235m.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h2v6-2834-235m",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3176"
   ],
   "details": "Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-787"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:24Z"

advisories/unreviewed/2024/07/GHSA-jh2w-8chx-3fxj/GHSA-jh2w-8chx-3fxj.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jh2w-8chx-3fxj",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:55Z",
   "aliases": [
     "CVE-2024-3170"
   ],
   "details": "Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-416"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:23Z"

advisories/unreviewed/2024/07/GHSA-m2vv-g52m-x3qw/GHSA-m2vv-g52m-x3qw.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m2vv-g52m-x3qw",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3173"
   ],
   "details": "Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-345"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:24Z"

advisories/unreviewed/2024/07/GHSA-qw4m-qq5c-43c6/GHSA-qw4m-qq5c-43c6.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qw4m-qq5c-43c6",
-  "modified": "2024-07-17T00:32:56Z",
+  "modified": "2024-07-18T15:31:19Z",
   "published": "2024-07-17T00:32:56Z",
   "aliases": [
     "CVE-2024-3174"
   ],
   "details": "Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -31,7 +34,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-16T23:15:24Z"

advisories/unreviewed/2024/07/GHSA-rgcv-cq58-fv8p/GHSA-rgcv-cq58-fv8p.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rgcv-cq58-fv8p",
+  "modified": "2024-07-18T15:31:19Z",
+  "published": "2024-07-18T15:31:19Z",
+  "aliases": [
+    "CVE-2024-34013"
+  ],
+  "details": "Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34013"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security-advisory.acronis.com/advisories/SEC-7035"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-07-18T14:15:04Z"
+  }
+}