Publish Advisories

GHSA-9xfw-jjq2-7v8h GHSA-3g75-6vfp-4hm3 GHSA-vmjp-26xc-5h39 GHSA-5vqj-7m73-9w2p GHSA-j67f-pcrr-6x36 GHSA-r9fv-h47r-823f GHSA-x8gx-r9p5-6xp8
github · Jan 20, 2025 · ae995f5 · ae995f5
1 parent a47018b
commit ae995f5
Show file tree

Hide file tree

Showing 7 changed files with 126 additions and 6 deletions.
diff --git a/advisories/github-reviewed/2024/02/GHSA-9xfw-jjq2-7v8h/GHSA-9xfw-jjq2-7v8h.json b/advisories/github-reviewed/2024/02/GHSA-9xfw-jjq2-7v8h/GHSA-9xfw-jjq2-7v8h.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9xfw-jjq2-7v8h",
-  "modified": "2025-01-20T16:51:02Z",
+  "modified": "2025-01-20T16:52:56Z",
   "published": "2024-02-05T20:19:30Z",
   "aliases": [
     "CVE-2024-24768"
@@ -11,7 +11,7 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
     }
   ],
   "affected": [
@@ -65,7 +65,7 @@
       "CWE-311",
       "CWE-315"
     ],
-    "severity": "MODERATE",
+    "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2024-02-05T20:19:30Z",
     "nvd_published_at": "2024-02-05T15:15:09Z"

diff --git a/advisories/unreviewed/2024/01/GHSA-3g75-6vfp-4hm3/GHSA-3g75-6vfp-4hm3.json b/advisories/unreviewed/2024/01/GHSA-3g75-6vfp-4hm3/GHSA-3g75-6vfp-4hm3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3g75-6vfp-4hm3",
-  "modified": "2024-02-08T18:30:38Z",
+  "modified": "2025-01-20T18:30:48Z",
   "published": "2024-01-27T03:30:21Z",
   "aliases": [
     "CVE-2023-52389"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00017.html"
+    },
     {
       "type": "WEB",
       "url": "https://pocoproject.org/blog/?p=1226"

diff --git a/advisories/unreviewed/2024/01/GHSA-vmjp-26xc-5h39/GHSA-vmjp-26xc-5h39.json b/advisories/unreviewed/2024/01/GHSA-vmjp-26xc-5h39/GHSA-vmjp-26xc-5h39.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vmjp-26xc-5h39",
-  "modified": "2024-01-22T18:31:15Z",
+  "modified": "2025-01-20T18:30:48Z",
   "published": "2024-01-12T03:30:49Z",
   "aliases": [
     "CVE-2023-52339"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00016.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJUXVOIRWPP7OFYUKQZDNJTSLWCPIZBH"

diff --git a/advisories/unreviewed/2025/01/GHSA-5vqj-7m73-9w2p/GHSA-5vqj-7m73-9w2p.json b/advisories/unreviewed/2025/01/GHSA-5vqj-7m73-9w2p/GHSA-5vqj-7m73-9w2p.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5vqj-7m73-9w2p",
+  "modified": "2025-01-20T18:30:49Z",
+  "published": "2025-01-20T18:30:49Z",
+  "aliases": [
+    "CVE-2024-22349"
+  ],
+  "details": "IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22349"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7172750"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-525"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-20T18:15:13Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-j67f-pcrr-6x36/GHSA-j67f-pcrr-6x36.json b/advisories/unreviewed/2025/01/GHSA-j67f-pcrr-6x36/GHSA-j67f-pcrr-6x36.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j67f-pcrr-6x36",
+  "modified": "2025-01-20T18:30:49Z",
+  "published": "2025-01-20T18:30:49Z",
+  "aliases": [
+    "CVE-2024-22348"
+  ],
+  "details": "IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22348"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7172750"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-942"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-20T18:15:13Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-r9fv-h47r-823f/GHSA-r9fv-h47r-823f.json b/advisories/unreviewed/2025/01/GHSA-r9fv-h47r-823f/GHSA-r9fv-h47r-823f.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r9fv-h47r-823f",
-  "modified": "2025-01-20T15:31:22Z",
+  "modified": "2025-01-20T18:30:49Z",
   "published": "2025-01-20T15:31:22Z",
   "aliases": [
     "CVE-2024-13176"
@@ -45,6 +45,10 @@
     {
       "type": "WEB",
       "url": "https://openssl-library.org/news/secadv/20250120.txt"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
     }
   ],
   "database_specific": {

diff --git a/advisories/unreviewed/2025/01/GHSA-x8gx-r9p5-6xp8/GHSA-x8gx-r9p5-6xp8.json b/advisories/unreviewed/2025/01/GHSA-x8gx-r9p5-6xp8/GHSA-x8gx-r9p5-6xp8.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x8gx-r9p5-6xp8",
+  "modified": "2025-01-20T18:30:49Z",
+  "published": "2025-01-20T18:30:49Z",
+  "aliases": [
+    "CVE-2024-22347"
+  ],
+  "details": "IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22347"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7172750"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-327"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-20T18:15:13Z"
+  }
+}