-
Notifications
You must be signed in to change notification settings - Fork 349
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-238m-xccf-m2f6 GHSA-32vq-v62x-64mm GHSA-46r2-w44r-8qr8 GHSA-4w89-86x6-qgv9 GHSA-65f9-wqxf-mh9r GHSA-6x3p-j7vv-4vc2 GHSA-7wwm-57j8-wx2j GHSA-82mc-rg5w-c9rj GHSA-8v5f-8948-9qm6 GHSA-9jvx-p6mq-fw4v GHSA-f4xh-jq5v-423g GHSA-f6g2-47v5-3qv6 GHSA-fh2j-2j24-wjwp GHSA-jfcf-98f5-5xjf GHSA-mp98-q49w-jjhw GHSA-mwq7-4r6c-mwqg GHSA-pfmr-7m9x-5jwr GHSA-qfcm-r8pp-mrfm GHSA-r9jr-jpgm-rcwh GHSA-v567-j6g5-phvx GHSA-w2g4-5x4v-rvp3 GHSA-w4m7-v5fj-39g7
- Loading branch information
1 parent
ab2d302
commit 3fc0076
Showing
22 changed files
with
357 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
advisories/unreviewed/2023/09/GHSA-7wwm-57j8-wx2j/GHSA-7wwm-57j8-wx2j.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7wwm-57j8-wx2j", | ||
| "modified": "2023-09-29T06:30:29Z", | ||
| "published": "2023-09-29T06:30:29Z", | ||
| "aliases": [ | ||
| "CVE-2023-44466" | ||
| ], | ||
| "details": "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44466" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.spinics.net/lists/ceph-devel/msg57909.html" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
advisories/unreviewed/2023/09/GHSA-9jvx-p6mq-fw4v/GHSA-9jvx-p6mq-fw4v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9jvx-p6mq-fw4v", | ||
| "modified": "2023-09-29T06:30:29Z", | ||
| "published": "2023-09-29T06:30:29Z", | ||
| "aliases": [ | ||
| "CVE-2023-44464" | ||
| ], | ||
| "details": "pretix before 2023.7.2 allows Pillow to parse EPS files.", | ||
| "severity": [ | ||
|
|
||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44464" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/pretix/pretix/tags" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://pretix.eu/about/en/ticketing" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2023/09/GHSA-f4xh-jq5v-423g/GHSA-f4xh-jq5v-423g.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-f4xh-jq5v-423g", | ||
| "modified": "2023-09-29T06:30:29Z", | ||
| "published": "2023-09-29T06:30:29Z", | ||
| "aliases": [ | ||
| "CVE-2023-26146" | ||
| ], | ||
| "details": "All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26146" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.