Skip to content

Commit b6df262

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-6h4f-pj3g-q8fq GHSA-2p5w-cvg5-gc5c GHSA-4853-2382-frfw GHSA-7423-48c4-v7wf GHSA-74q7-8ffv-3j46 GHSA-7x64-vh67-7fgv GHSA-83jv-37p5-gc2r GHSA-8q3v-mp8g-6w48 GHSA-gp26-36x8-p39m GHSA-mv2c-2q2x-3x5v GHSA-qc7g-9546-gc47 GHSA-qjcw-r4cf-vp97 GHSA-r26r-6m7m-c35r GHSA-rghm-p4mw-93h3 GHSA-rj7r-w646-cjw4 GHSA-v466-77r2-7589 GHSA-vhgc-p69c-hp2h GHSA-x4g8-cm9x-f937
1 parent dcca2ee commit b6df262

18 files changed

Lines changed: 787 additions & 2 deletions

File tree

advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6h4f-pj3g-q8fq",
4-
"modified": "2026-03-18T18:31:09Z",
4+
"modified": "2026-03-30T12:32:26Z",
55
"published": "2025-12-03T21:31:04Z",
66
"aliases": [
77
"CVE-2024-3884"
@@ -125,6 +125,14 @@
125125
"type": "WEB",
126126
"url": "https://access.redhat.com/security/cve/CVE-2024-3884"
127127
},
128+
{
129+
"type": "WEB",
130+
"url": "https://access.redhat.com/errata/RHSA-2026:6012"
131+
},
132+
{
133+
"type": "WEB",
134+
"url": "https://access.redhat.com/errata/RHSA-2026:6011"
135+
},
128136
{
129137
"type": "WEB",
130138
"url": "https://access.redhat.com/errata/RHSA-2026:4924"

advisories/unreviewed/2026/01/GHSA-2p5w-cvg5-gc5c/GHSA-2p5w-cvg5-gc5c.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2p5w-cvg5-gc5c",
4-
"modified": "2026-03-18T18:31:10Z",
4+
"modified": "2026-03-30T12:32:26Z",
55
"published": "2026-01-23T09:30:28Z",
66
"aliases": [
77
"CVE-2026-0603"
@@ -35,6 +35,14 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:6011"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://access.redhat.com/errata/RHSA-2026:6012"
45+
},
3846
{
3947
"type": "WEB",
4048
"url": "https://access.redhat.com/security/cve/CVE-2026-0603"

advisories/unreviewed/2026/03/GHSA-4853-2382-frfw/GHSA-4853-2382-frfw.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4853-2382-frfw",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:26Z",
6+
"aliases": [
7+
"CVE-2018-25230"
8+
],
9+
"details": "Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25230"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/46382"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/free-ip-switcher-denial-of-service-via-computer-name"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "http://www.eusing.com/index.html"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://www.eusing.com/ipscan/free_ip_scanner.htm"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-787"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-30T12:16:16Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-7423-48c4-v7wf/GHSA-7423-48c4-v7wf.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7423-48c4-v7wf",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:27Z",
6+
"aliases": [
7+
"CVE-2018-25232"
8+
],
9+
"details": "Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25232"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://messenger.softros.com"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://messenger.softros.com/downloads"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/45781"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/softros-lan-messenger-denial-of-service-via-log-files-location"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-1285"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-30T12:16:17Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-74q7-8ffv-3j46/GHSA-74q7-8ffv-3j46.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-74q7-8ffv-3j46",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:27Z",
6+
"aliases": [
7+
"CVE-2026-4425"
8+
],
9+
"details": "Rejected reason: Reserved for EastLink case, but no need for CVE anymore",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4425"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2026-03-30T12:16:38Z"
24+
}
25+
}

advisories/unreviewed/2026/03/GHSA-7x64-vh67-7fgv/GHSA-7x64-vh67-7fgv.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7x64-vh67-7fgv",
4+
"modified": "2026-03-30T12:32:26Z",
5+
"published": "2026-03-30T12:32:26Z",
6+
"aliases": [
7+
"CVE-2026-1612"
8+
],
9+
"details": "AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1612"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://cert.pl/en/posts/2026/03/CVE-2026-1612"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-798"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-03-30T11:16:04Z"
35+
}
36+
}

advisories/unreviewed/2026/03/GHSA-83jv-37p5-gc2r/GHSA-83jv-37p5-gc2r.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-83jv-37p5-gc2r",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:27Z",
6+
"aliases": [
7+
"CVE-2019-25653"
8+
],
9+
"details": "Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25653"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/46383"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.navicat.com/es"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.navicat.com/es/download/navicat-for-oracle"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-620"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-30T12:16:17Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-8q3v-mp8g-6w48/GHSA-8q3v-mp8g-6w48.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8q3v-mp8g-6w48",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:27Z",
6+
"aliases": [
7+
"CVE-2018-25231"
8+
],
9+
"details": "HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to trigger an application crash.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25231"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/45806"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.heidisql.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.heidisql.com/download.php"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/heidisql-denial-of-service-via-preferences"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-98"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-30T12:16:16Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-gp26-36x8-p39m/GHSA-gp26-36x8-p39m.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gp26-36x8-p39m",
4+
"modified": "2026-03-30T12:32:27Z",
5+
"published": "2026-03-30T12:32:26Z",
6+
"aliases": [
7+
"CVE-2018-25229"
8+
],
9+
"details": "BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25229"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/46422"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-smtp"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "http://bpftpserver.com"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://bpftpserver.com/products/bpftpserver/windows/download"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-1282"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-30T12:16:16Z"
51+
}
52+
}

0 commit comments

Comments
 (0)