Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 4b6e884131ac · 2025-01-30T06:32:25.000Z
GHSA-2ffg-9hw7-35q4 GHSA-4j4g-v3h3-8mqg GHSA-65f9-48qm-g2v2 GHSA-942x-h2h3-8wxm GHSA-fx7g-h676-75c4 GHSA-gxhg-qc42-w3x4 GHSA-qjjh-33hc-226r GHSA-qxj7-rwmv-59qm GHSA-rxh2-ghcp-6j9j GHSA-xr4j-2qp3-r4xc GHSA-xwc6-4mcf-7v2v
diff --git a/advisories/unreviewed/2025/01/GHSA-2ffg-9hw7-35q4/GHSA-2ffg-9hw7-35q4.json b/advisories/unreviewed/2025/01/GHSA-2ffg-9hw7-35q4/GHSA-2ffg-9hw7-35q4.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2ffg-9hw7-35q4",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2025-0374"
+  ],
+  "details": "When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts.  This version does not preserve the mode of the input file, and is world-readable.  This applies to files that would normally have restricted visibility, such as /etc/master.passwd.\n\nAn unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts.  This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0374"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:03.etcupdate.asc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T05:15:10Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-4j4g-v3h3-8mqg/GHSA-4j4g-v3h3-8mqg.json b/advisories/unreviewed/2025/01/GHSA-4j4g-v3h3-8mqg/GHSA-4j4g-v3h3-8mqg.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j4g-v3h3-8mqg",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2025-0373"
+  ],
+  "details": "On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.\n\nA NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client.  Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated.  In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0373"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:02.fs.asc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T05:15:09Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-65f9-48qm-g2v2/GHSA-65f9-48qm-g2v2.json b/advisories/unreviewed/2025/01/GHSA-65f9-48qm-g2v2/GHSA-65f9-48qm-g2v2.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-65f9-48qm-g2v2",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2024-12163"
+  ],
+  "details": "The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12163"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/ea704054-fb66-4014-89bd-1c61074f64e5"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json b/advisories/unreviewed/2025/01/GHSA-942x-h2h3-8wxm/GHSA-942x-h2h3-8wxm.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-942x-h2h3-8wxm",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2025-0662"
+  ],
+  "details": "In some cases, the ktrace facility will log the contents of kernel structures to userspace.  In one such case, ktrace dumps a variable-sized sockaddr to userspace.  There, the full sockaddr is copied, even when it is shorter than the full size.  This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0662"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-122"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T05:15:10Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-fx7g-h676-75c4/GHSA-fx7g-h676-75c4.json b/advisories/unreviewed/2025/01/GHSA-fx7g-h676-75c4/GHSA-fx7g-h676-75c4.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fx7g-h676-75c4",
+  "modified": "2025-01-30T06:30:50Z",
+  "published": "2025-01-30T06:30:50Z",
+  "aliases": [
+    "CVE-2024-12709"
+  ],
+  "details": "The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12709"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/d93056f1-1a6e-405f-a094-d4d270393f87"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-gxhg-qc42-w3x4/GHSA-gxhg-qc42-w3x4.json b/advisories/unreviewed/2025/01/GHSA-gxhg-qc42-w3x4/GHSA-gxhg-qc42-w3x4.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gxhg-qc42-w3x4",
+  "modified": "2025-01-30T06:30:50Z",
+  "published": "2025-01-30T06:30:50Z",
+  "aliases": [
+    "CVE-2024-12638"
+  ],
+  "details": "The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12638"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/a6f5b0fe-00a0-4e30-aec6-87882c035beb"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-qjjh-33hc-226r/GHSA-qjjh-33hc-226r.json b/advisories/unreviewed/2025/01/GHSA-qjjh-33hc-226r/GHSA-qjjh-33hc-226r.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qjjh-33hc-226r",
+  "modified": "2025-01-30T06:30:50Z",
+  "published": "2025-01-30T06:30:50Z",
+  "aliases": [
+    "CVE-2024-12708"
+  ],
+  "details": "The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12708"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-qxj7-rwmv-59qm/GHSA-qxj7-rwmv-59qm.json b/advisories/unreviewed/2025/01/GHSA-qxj7-rwmv-59qm/GHSA-qxj7-rwmv-59qm.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qxj7-rwmv-59qm",
+  "modified": "2025-01-30T06:30:50Z",
+  "published": "2025-01-30T06:30:50Z",
+  "aliases": [
+    "CVE-2024-12921"
+  ],
+  "details": "The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12921"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3230122/ethereumico"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d964c99c-6ab6-453c-969f-66d5cd00dc8e?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-rxh2-ghcp-6j9j/GHSA-rxh2-ghcp-6j9j.json b/advisories/unreviewed/2025/01/GHSA-rxh2-ghcp-6j9j/GHSA-rxh2-ghcp-6j9j.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rxh2-ghcp-6j9j",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2024-10309"
+  ],
+  "details": "The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10309"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:28Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-xr4j-2qp3-r4xc/GHSA-xr4j-2qp3-r4xc.json b/advisories/unreviewed/2025/01/GHSA-xr4j-2qp3-r4xc/GHSA-xr4j-2qp3-r4xc.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xr4j-2qp3-r4xc",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2024-12400"
+  ],
+  "details": "The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/3542315c-93c3-41dd-a99e-02a38cfd58fb"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T06:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-xwc6-4mcf-7v2v/GHSA-xwc6-4mcf-7v2v.json b/advisories/unreviewed/2025/01/GHSA-xwc6-4mcf-7v2v/GHSA-xwc6-4mcf-7v2v.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xwc6-4mcf-7v2v",
+  "modified": "2025-01-30T06:30:49Z",
+  "published": "2025-01-30T06:30:49Z",
+  "aliases": [
+    "CVE-2025-23374"
+  ],
+  "details": "Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23374"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-30T05:15:10Z"
+  }
+}
