Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 2fa86a1dce8e · 2024-02-19T06:31:48.000Z
GHSA-5355-6wp2-29w4 GHSA-5jjq-8cvj-v6m9 GHSA-7m48-vw34-vw84 GHSA-p35x-5893-x6gp
diff --git a/advisories/unreviewed/2024/02/GHSA-5355-6wp2-29w4/GHSA-5355-6wp2-29w4.json b/advisories/unreviewed/2024/02/GHSA-5355-6wp2-29w4/GHSA-5355-6wp2-29w4.json
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5355-6wp2-29w4",
+  "modified": "2024-02-19T06:30:33Z",
+  "published": "2024-02-19T06:30:33Z",
+  "aliases": [
+    "CVE-2024-26328"
+  ],
+  "details": "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-02-19T05:15:26Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/02/GHSA-5jjq-8cvj-v6m9/GHSA-5jjq-8cvj-v6m9.json b/advisories/unreviewed/2024/02/GHSA-5jjq-8cvj-v6m9/GHSA-5jjq-8cvj-v6m9.json
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5jjq-8cvj-v6m9",
+  "modified": "2024-02-19T06:30:33Z",
+  "published": "2024-02-19T06:30:33Z",
+  "aliases": [
+    "CVE-2024-26318"
+  ],
+  "details": "Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26318"
+    },
+    {
+      "type": "WEB",
+      "url": "https://serenity.is/docs/release-notes/6.8.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-02-19T04:15:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/02/GHSA-7m48-vw34-vw84/GHSA-7m48-vw34-vw84.json b/advisories/unreviewed/2024/02/GHSA-7m48-vw34-vw84/GHSA-7m48-vw34-vw84.json
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7m48-vw34-vw84",
+  "modified": "2024-02-19T06:30:33Z",
+  "published": "2024-02-19T06:30:33Z",
+  "aliases": [
+    "CVE-2024-26327"
+  ],
+  "details": "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26327"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-02-19T05:15:22Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/02/GHSA-p35x-5893-x6gp/GHSA-p35x-5893-x6gp.json b/advisories/unreviewed/2024/02/GHSA-p35x-5893-x6gp/GHSA-p35x-5893-x6gp.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p35x-5893-x6gp",
+  "modified": "2024-02-19T06:30:33Z",
+  "published": "2024-02-19T06:30:33Z",
+  "aliases": [
+    "CVE-2024-24722"
+  ],
+  "details": "An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24722"
+    },
+    {
+      "type": "WEB",
+      "url": "https://files.12dsynergy.com/downloads/download.aspx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://help.12dsynergy.com/v1/docs/cve-2024-24722"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.12dsynergy.com/security-statement"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-02-19T06:15:07Z"
+  }
+}
