-
Notifications
You must be signed in to change notification settings - Fork 303
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-rpj2-w6fr-79hc GHSA-3w8w-mhj7-j5rc GHSA-9f3q-2p9h-qmq9 GHSA-c83p-m9mw-q96q GHSA-px5q-x4wp-pg95 GHSA-q7pj-pvmx-gpfg GHSA-qj9h-vqcc-rfjq GHSA-9rrf-x8wr-qf65 GHSA-g76x-m5qr-8rc7 GHSA-jvx4-vmw6-g8xc GHSA-xf35-ghx9-6hhf GHSA-xrrv-gjcc-h93v
- Loading branch information
1 parent
3d41f46
commit db3a9ef
Showing
12 changed files
with
231 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,7 +28,7 @@ | |
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
"CWE-79" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
advisories/unreviewed/2022/12/GHSA-9rrf-x8wr-qf65/GHSA-9rrf-x8wr-qf65.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
{ | ||
"schema_version": "1.3.0", | ||
"id": "GHSA-9rrf-x8wr-qf65", | ||
"modified": "2022-12-01T15:30:19Z", | ||
"published": "2022-12-01T15:30:19Z", | ||
"aliases": [ | ||
"CVE-2022-30528" | ||
], | ||
"details": "SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30528" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/asith-eranga/isic" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/killmonday/isic.lk-RCE" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2022/12/GHSA-g76x-m5qr-8rc7/GHSA-g76x-m5qr-8rc7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"schema_version": "1.3.0", | ||
"id": "GHSA-g76x-m5qr-8rc7", | ||
"modified": "2022-12-01T15:30:19Z", | ||
"published": "2022-12-01T15:30:19Z", | ||
"aliases": [ | ||
"CVE-2022-28607" | ||
], | ||
"details": "An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28607" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/killmonday/isic.lk-RCE" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false | ||
} | ||
} |
37 changes: 37 additions & 0 deletions
37
advisories/unreviewed/2022/12/GHSA-jvx4-vmw6-g8xc/GHSA-jvx4-vmw6-g8xc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
{ | ||
"schema_version": "1.3.0", | ||
"id": "GHSA-jvx4-vmw6-g8xc", | ||
"modified": "2022-12-01T15:30:19Z", | ||
"published": "2022-12-01T15:30:19Z", | ||
"aliases": [ | ||
"CVE-2022-4257" | ||
], | ||
"details": "A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4257" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://vuldb.com/?id.214631" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-74" | ||
], | ||
"severity": null, | ||
"github_reviewed": false | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2022/12/GHSA-xf35-ghx9-6hhf/GHSA-xf35-ghx9-6hhf.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"schema_version": "1.3.0", | ||
"id": "GHSA-xf35-ghx9-6hhf", | ||
"modified": "2022-12-01T15:30:19Z", | ||
"published": "2022-12-01T15:30:19Z", | ||
"aliases": [ | ||
"CVE-2022-37016" | ||
], | ||
"details": "Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37016" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21014" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
advisories/unreviewed/2022/12/GHSA-xrrv-gjcc-h93v/GHSA-xrrv-gjcc-h93v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"schema_version": "1.3.0", | ||
"id": "GHSA-xrrv-gjcc-h93v", | ||
"modified": "2022-12-01T15:30:19Z", | ||
"published": "2022-12-01T15:30:19Z", | ||
"aliases": [ | ||
"CVE-2022-37017" | ||
], | ||
"details": "Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37017" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21014" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false | ||
} | ||
} |