Skip to content

Commit b498d52

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-7chv-rrw6-w6fc GHSA-23vx-xx4m-jf8w GHSA-2qv8-5g35-4jxg GHSA-427v-vg76-wcjg GHSA-54p7-6g3w-c6qg GHSA-85xp-66c9-65fx GHSA-8849-3gmw-cqc7 GHSA-92x5-3wh4-435c GHSA-93qg-f4mj-vh6p GHSA-9fwx-p432-xmr2 GHSA-f7qj-xcc8-v25j GHSA-fg49-2894-qr7w GHSA-g8qx-492c-9982 GHSA-m66r-fg5x-99cr GHSA-qv5g-75w4-jq79 GHSA-xc75-cc6q-49fg GHSA-xpp4-mh2g-6345
1 parent cae2f60 commit b498d52

17 files changed

Lines changed: 642 additions & 2 deletions

File tree

advisories/github-reviewed/2021/05/GHSA-7chv-rrw6-w6fc/GHSA-7chv-rrw6-w6fc.json

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-7chv-rrw6-w6fc",
4-
"modified": "2025-05-29T23:28:48Z",
4+
"modified": "2025-05-30T00:31:13Z",
55
"published": "2021-05-18T18:36:27Z",
66
"aliases": [
77
"CVE-2021-29505"
@@ -92,6 +92,18 @@
9292
"type": "WEB",
9393
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
9494
},
95+
{
96+
"type": "WEB",
97+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB"
98+
},
99+
{
100+
"type": "WEB",
101+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7"
102+
},
103+
{
104+
"type": "WEB",
105+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
106+
},
95107
{
96108
"type": "WEB",
97109
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
@@ -100,6 +112,10 @@
100112
"type": "WEB",
101113
"url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E"
102114
},
115+
{
116+
"type": "WEB",
117+
"url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E"
118+
},
103119
{
104120
"type": "PACKAGE",
105121
"url": "https://github.com/x-stream/xstream"

advisories/unreviewed/2025/05/GHSA-23vx-xx4m-jf8w/GHSA-23vx-xx4m-jf8w.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-23vx-xx4m-jf8w",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-5332"
8+
],
9+
"details": "A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5332"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/ubfbuz3/cve/issues/16"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://1000projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.310505"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.310505"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.586566"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-05-29T23:15:26Z"
55+
}
56+
}

advisories/unreviewed/2025/05/GHSA-2qv8-5g35-4jxg/GHSA-2qv8-5g35-4jxg.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2qv8-5g35-4jxg",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-5330"
8+
],
9+
"details": "A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5330"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/r3ng4f/FreeFloat_1/blob/main/01-exploit.txt"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.310503"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.310503"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.585402"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-05-29T22:15:22Z"
51+
}
52+
}

advisories/unreviewed/2025/05/GHSA-427v-vg76-wcjg/GHSA-427v-vg76-wcjg.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-427v-vg76-wcjg",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-46352"
8+
],
9+
"details": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46352"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.consiliumsafety.com/en/support"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-798"
38+
],
39+
"severity": "CRITICAL",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-05-30T00:15:23Z"
43+
}
44+
}

advisories/unreviewed/2025/05/GHSA-54p7-6g3w-c6qg/GHSA-54p7-6g3w-c6qg.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-54p7-6g3w-c6qg",
4-
"modified": "2025-05-07T15:31:44Z",
4+
"modified": "2025-05-30T00:31:13Z",
55
"published": "2025-05-07T15:31:44Z",
66
"aliases": [
77
"CVE-2025-47497"
@@ -19,6 +19,10 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47497"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00044.html"
25+
},
2226
{
2327
"type": "WEB",
2428
"url": "https://patchstack.com/database/wordpress/plugin/logo-showcase/vulnerability/wordpress-logo-showcase-3-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2025/05/GHSA-85xp-66c9-65fx/GHSA-85xp-66c9-65fx.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-85xp-66c9-65fx",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-41438"
8+
],
9+
"details": "The CS5000 Fire Panel is vulnerable due to a default account that exists\n on the panel. Even though it is possible to change this by SSHing into \nthe device, it has remained unchanged on every installed system \nobserved. This account is not root but holds high-level permissions that\n could severely impact the device's operation if exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41438"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.consiliumsafety.com/en/support"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-1188"
38+
],
39+
"severity": "CRITICAL",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-05-30T00:15:23Z"
43+
}
44+
}

advisories/unreviewed/2025/05/GHSA-8849-3gmw-cqc7/GHSA-8849-3gmw-cqc7.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8849-3gmw-cqc7",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-31263"
8+
],
9+
"details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31263"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://support.apple.com/en-us/122373"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-05-29T22:15:22Z"
28+
}
29+
}

advisories/unreviewed/2025/05/GHSA-92x5-3wh4-435c/GHSA-92x5-3wh4-435c.json

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-92x5-3wh4-435c",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-31264"
8+
],
9+
"details": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31264"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://support.apple.com/en-us/122373"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://support.apple.com/en-us/122374"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://support.apple.com/en-us/122375"
28+
}
29+
],
30+
"database_specific": {
31+
"cwe_ids": [],
32+
"severity": null,
33+
"github_reviewed": false,
34+
"github_reviewed_at": null,
35+
"nvd_published_at": "2025-05-29T22:15:22Z"
36+
}
37+
}

advisories/unreviewed/2025/05/GHSA-93qg-f4mj-vh6p/GHSA-93qg-f4mj-vh6p.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-93qg-f4mj-vh6p",
4+
"modified": "2025-05-30T00:31:14Z",
5+
"published": "2025-05-30T00:31:14Z",
6+
"aliases": [
7+
"CVE-2025-5331"
8+
],
9+
"details": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5331"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.310504"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.310504"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.585404"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-05-29T22:15:22Z"
51+
}
52+
}

0 commit comments

Comments
 (0)