Skip to content

Commit 6c77ef7

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-22q6-7m3g-6r77 GHSA-35pg-8ph2-rp9c GHSA-55vj-qfc7-jrjc GHSA-chfm-4x2p-525p GHSA-f53w-fw63-qjpw GHSA-fp8m-7cjh-3mwc GHSA-g7wm-3q7g-g3q2 GHSA-pcxj-w6pv-x9c5 GHSA-qfx3-m2xp-3pcp GHSA-r268-64hq-mv45 GHSA-v4gj-pj55-4j2p GHSA-v7mj-q2hh-7r72 GHSA-w8hf-8rpm-xjp2 GHSA-wfg8-6fh4-8fp9 GHSA-wh5g-67c3-whmf GHSA-x4fw-fhfj-vm7c
1 parent b4573c6 commit 6c77ef7

File tree

16 files changed

+680
-0
lines changed

16 files changed

+680
-0
lines changed

advisories/unreviewed/2024/09/GHSA-22q6-7m3g-6r77/GHSA-22q6-7m3g-6r77.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-22q6-7m3g-6r77",
4+
"modified": "2024-09-12T03:31:26Z",
5+
"published": "2024-09-12T03:31:26Z",
6+
"aliases": [
7+
"CVE-2024-32846"
8+
],
9+
"details": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
18+
],
19+
"references": [
20+
{
21+
"type": "ADVISORY",
22+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32846"
23+
},
24+
{
25+
"type": "WEB",
26+
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022"
27+
}
28+
],
29+
"database_specific": {
30+
"cwe_ids": [
31+
32+
],
33+
"severity": "CRITICAL",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2024-09-12T02:15:02Z"
37+
}
38+
}

advisories/unreviewed/2024/09/GHSA-35pg-8ph2-rp9c/GHSA-35pg-8ph2-rp9c.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-35pg-8ph2-rp9c",
4+
"modified": "2024-09-12T03:31:26Z",
5+
"published": "2024-09-12T03:31:26Z",
6+
"aliases": [
7+
"CVE-2024-32843"
8+
],
9+
"details": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
18+
],
19+
"references": [
20+
{
21+
"type": "ADVISORY",
22+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32843"
23+
},
24+
{
25+
"type": "WEB",
26+
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022"
27+
}
28+
],
29+
"database_specific": {
30+
"cwe_ids": [
31+
32+
],
33+
"severity": "CRITICAL",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2024-09-12T02:15:02Z"
37+
}
38+
}

advisories/unreviewed/2024/09/GHSA-55vj-qfc7-jrjc/GHSA-55vj-qfc7-jrjc.json

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-55vj-qfc7-jrjc",
4+
"modified": "2024-09-12T03:31:25Z",
5+
"published": "2024-09-12T03:31:25Z",
6+
"aliases": [
7+
"CVE-2024-8707"
8+
],
9+
"details": "A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
22+
],
23+
"references": [
24+
{
25+
"type": "ADVISORY",
26+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8707"
27+
},
28+
{
29+
"type": "WEB",
30+
"url": "https://vuldb.com/?ctiid.277216"
31+
},
32+
{
33+
"type": "WEB",
34+
"url": "https://vuldb.com/?id.277216"
35+
},
36+
{
37+
"type": "WEB",
38+
"url": "https://vuldb.com/?submit.402917"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://wiki.shikangsi.com/post/share/1200e7c6-4514-44e3-980c-298e0b9ccade"
43+
}
44+
],
45+
"database_specific": {
46+
"cwe_ids": [
47+
"CWE-22"
48+
],
49+
"severity": "MODERATE",
50+
"github_reviewed": false,
51+
"github_reviewed_at": null,
52+
"nvd_published_at": "2024-09-12T01:15:10Z"
53+
}
54+
}

advisories/unreviewed/2024/09/GHSA-chfm-4x2p-525p/GHSA-chfm-4x2p-525p.json

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-chfm-4x2p-525p",
4+
"modified": "2024-09-12T03:31:27Z",
5+
"published": "2024-09-12T03:31:27Z",
6+
"aliases": [
7+
"CVE-2024-8710"
8+
],
9+
"details": "A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
22+
],
23+
"references": [
24+
{
25+
"type": "ADVISORY",
26+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8710"
27+
},
28+
{
29+
"type": "WEB",
30+
"url": "https://code-projects.org"
31+
},
32+
{
33+
"type": "WEB",
34+
"url": "https://github.com/ali0999109/Inventory-management/blob/main/Sql.md"
35+
},
36+
{
37+
"type": "WEB",
38+
"url": "https://vuldb.com/?ctiid.277219"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://vuldb.com/?id.277219"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://vuldb.com/?submit.404976"
47+
}
48+
],
49+
"database_specific": {
50+
"cwe_ids": [
51+
"CWE-89"
52+
],
53+
"severity": "MODERATE",
54+
"github_reviewed": false,
55+
"github_reviewed_at": null,
56+
"nvd_published_at": "2024-09-12T03:15:05Z"
57+
}
58+
}

advisories/unreviewed/2024/09/GHSA-f53w-fw63-qjpw/GHSA-f53w-fw63-qjpw.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f53w-fw63-qjpw",
4+
"modified": "2024-09-12T03:31:26Z",
5+
"published": "2024-09-12T03:31:26Z",
6+
"aliases": [
7+
"CVE-2024-32845"
8+
],
9+
"details": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
18+
],
19+
"references": [
20+
{
21+
"type": "ADVISORY",
22+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32845"
23+
},
24+
{
25+
"type": "WEB",
26+
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022"
27+
}
28+
],
29+
"database_specific": {
30+
"cwe_ids": [
31+
32+
],
33+
"severity": "CRITICAL",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2024-09-12T02:15:02Z"
37+
}
38+
}

advisories/unreviewed/2024/09/GHSA-fp8m-7cjh-3mwc/GHSA-fp8m-7cjh-3mwc.json

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fp8m-7cjh-3mwc",
4+
"modified": "2024-09-12T03:31:26Z",
5+
"published": "2024-09-12T03:31:26Z",
6+
"aliases": [
7+
"CVE-2024-8708"
8+
],
9+
"details": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
22+
],
23+
"references": [
24+
{
25+
"type": "ADVISORY",
26+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8708"
27+
},
28+
{
29+
"type": "WEB",
30+
"url": "https://vuldb.com/?ctiid.277217"
31+
},
32+
{
33+
"type": "WEB",
34+
"url": "https://vuldb.com/?id.277217"
35+
},
36+
{
37+
"type": "WEB",
38+
"url": "https://vuldb.com/?submit.404864"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://www.sourcecodester.com"
43+
}
44+
],
45+
"database_specific": {
46+
"cwe_ids": [
47+
"CWE-79"
48+
],
49+
"severity": "MODERATE",
50+
"github_reviewed": false,
51+
"github_reviewed_at": null,
52+
"nvd_published_at": "2024-09-12T02:15:03Z"
53+
}
54+
}

advisories/unreviewed/2024/09/GHSA-g7wm-3q7g-g3q2/GHSA-g7wm-3q7g-g3q2.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-g7wm-3q7g-g3q2",
4+
"modified": "2024-09-12T03:31:26Z",
5+
"published": "2024-09-12T03:31:26Z",
6+
"aliases": [
7+
"CVE-2024-34779"
8+
],
9+
"details": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
18+
],
19+
"references": [
20+
{
21+
"type": "ADVISORY",
22+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34779"
23+
},
24+
{
25+
"type": "WEB",
26+
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022"
27+
}
28+
],
29+
"database_specific": {
30+
"cwe_ids": [
31+
32+
],
33+
"severity": "CRITICAL",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2024-09-12T02:15:03Z"
37+
}
38+
}

advisories/unreviewed/2024/09/GHSA-pcxj-w6pv-x9c5/GHSA-pcxj-w6pv-x9c5.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pcxj-w6pv-x9c5",
4+
"modified": "2024-09-12T03:31:25Z",
5+
"published": "2024-09-12T03:31:25Z",
6+
"aliases": [
7+
"CVE-2024-32840"
8+
],
9+
"details": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
18+
],
19+
"references": [
20+
{
21+
"type": "ADVISORY",
22+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32840"
23+
},
24+
{
25+
"type": "WEB",
26+
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022"
27+
}
28+
],
29+
"database_specific": {
30+
"cwe_ids": [
31+
32+
],
33+
"severity": "CRITICAL",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2024-09-12T02:15:02Z"
37+
}
38+
}

0 commit comments

Comments
 (0)