Publish Advisories

GHSA-m9w6-wp3h-vq8g
GHSA-h9qg-8cx4-mh74
GHSA-mvw9-7543-rjjg
GHSA-4pj6-47h8-rhq4
GHSA-6v8j-8q3j-35hh
GHSA-84cg-qrp2-5ch9
GHSA-8wqg-vjqm-m45x
GHSA-fmrw-pfr8-r4j7
GHSA-gj9f-8cgj-386v
GHSA-gxc7-4j9m-mpjc
GHSA-h495-5vrv-2gxp
GHSA-p7wm-h6q7-mx95
GHSA-rvhr-9pp2-823m

Author: advisory-database[bot]

advisories/github-reviewed/2024/04/GHSA-m9w6-wp3h-vq8g/GHSA-m9w6-wp3h-vq8g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m9w6-wp3h-vq8g",
-  "modified": "2024-09-04T12:30:36Z",
+  "modified": "2024-09-12T00:31:22Z",
   "published": "2024-04-25T18:30:39Z",
   "aliases": [
     "CVE-2024-0874"
@@ -71,6 +71,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2024:6009"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6406"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-0874"

advisories/unreviewed/2023/10/GHSA-h9qg-8cx4-mh74/GHSA-h9qg-8cx4-mh74.json

@@ -32,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-117"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2023/10/GHSA-mvw9-7543-rjjg/GHSA-mvw9-7543-rjjg.json

@@ -32,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-117"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2024/09/GHSA-4pj6-47h8-rhq4/GHSA-4pj6-47h8-rhq4.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4pj6-47h8-rhq4",
-  "modified": "2024-09-11T18:31:08Z",
+  "modified": "2024-09-12T00:31:22Z",
   "published": "2024-09-11T18:31:08Z",
   "aliases": [
     "CVE-2024-44571"
   ],
   "details": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-284"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-09-11T17:15:13Z"

advisories/unreviewed/2024/09/GHSA-6v8j-8q3j-35hh/GHSA-6v8j-8q3j-35hh.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6v8j-8q3j-35hh",
-  "modified": "2024-09-11T21:30:36Z",
+  "modified": "2024-09-12T00:31:22Z",
   "published": "2024-09-11T21:30:36Z",
   "aliases": [
     "CVE-2024-44541"
   ],
   "details": "evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the \"username\" parameter in \"/?action=processlogin.\"",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-09-11T19:15:15Z"

advisories/unreviewed/2024/09/GHSA-84cg-qrp2-5ch9/GHSA-84cg-qrp2-5ch9.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-84cg-qrp2-5ch9",
-  "modified": "2024-09-11T00:30:51Z",
+  "modified": "2024-09-12T00:31:21Z",
   "published": "2024-09-11T00:30:51Z",
   "aliases": [
     "CVE-2024-40652"
   ],
   "details": "In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-09-11T00:15:11Z"

advisories/unreviewed/2024/09/GHSA-8wqg-vjqm-m45x/GHSA-8wqg-vjqm-m45x.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8wqg-vjqm-m45x",
-  "modified": "2024-09-11T18:31:08Z",
+  "modified": "2024-09-12T00:31:22Z",
   "published": "2024-09-11T18:31:08Z",
   "aliases": [
     "CVE-2024-44572"
   ],
   "details": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-77"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-09-11T17:15:13Z"

advisories/unreviewed/2024/09/GHSA-fmrw-pfr8-r4j7/GHSA-fmrw-pfr8-r4j7.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fmrw-pfr8-r4j7",
+  "modified": "2024-09-12T00:31:22Z",
+  "published": "2024-09-12T00:31:22Z",
+  "aliases": [
+    "CVE-2024-8706"
+  ],
+  "details": "A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8706"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/heyewei/JFinalcms/issues/IAOSJG"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xingjiuW/cve/blob/main/wh.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.277215"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.277215"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.402346"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T00:15:02Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-gj9f-8cgj-386v/GHSA-gj9f-8cgj-386v.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gj9f-8cgj-386v",
+  "modified": "2024-09-12T00:31:22Z",
+  "published": "2024-09-12T00:31:22Z",
+  "aliases": [
+    "CVE-2024-28981"
+  ],
+  "details": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28981"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.pentaho.com/hc/en-us/articles/27569056997261--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-1-0-0-including-9-3-x-and-8-3-x-impacted-CVE-2024-28981"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-522"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T00:15:02Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-gxc7-4j9m-mpjc/GHSA-gxc7-4j9m-mpjc.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gxc7-4j9m-mpjc",
+  "modified": "2024-09-12T00:31:22Z",
+  "published": "2024-09-12T00:31:22Z",
+  "aliases": [
+    "CVE-2024-8705"
+  ],
+  "details": "A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8705"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.277214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.277214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.402236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.shikangsi.com/post/share/3cd1d639-7b5d-47cf-a69d-552c314b5168"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-11T23:15:10Z"
+  }
+}