Skip to content

Commit e316d67

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-4x7j-66xr-jfqf GHSA-hcf6-r7h4-97g5 GHSA-rp53-2m2g-pmqq GHSA-whx8-c8r7-rv23 GHSA-xw6v-xv6h-m7g3
1 parent 2a6d40c commit e316d67

5 files changed

Lines changed: 284 additions & 0 deletions

File tree

advisories/unreviewed/2025/12/GHSA-4x7j-66xr-jfqf/GHSA-4x7j-66xr-jfqf.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4x7j-66xr-jfqf",
4+
"modified": "2025-12-29T00:30:26Z",
5+
"published": "2025-12-29T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15156"
8+
],
9+
"details": "A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15156"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/omec-project/upf/issues/979"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.338534"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.338534"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.719824"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-404"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-12-28T22:15:43Z"
51+
}
52+
}

advisories/unreviewed/2025/12/GHSA-hcf6-r7h4-97g5/GHSA-hcf6-r7h4-97g5.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hcf6-r7h4-97g5",
4+
"modified": "2025-12-29T00:30:26Z",
5+
"published": "2025-12-29T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15162"
8+
],
9+
"details": "A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15162"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/RouteStatic/RouteStatic.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.338537"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.338537"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.721210"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-29T00:15:51Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-rp53-2m2g-pmqq/GHSA-rp53-2m2g-pmqq.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rp53-2m2g-pmqq",
4+
"modified": "2025-12-29T00:30:26Z",
5+
"published": "2025-12-29T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15155"
8+
],
9+
"details": "A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15155"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/floooh/sokol/issues/1405"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/oneafter/1212/blob/main/hbf1"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.338533"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.338533"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.719823"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-119"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2025-12-28T22:15:43Z"
63+
}
64+
}

advisories/unreviewed/2025/12/GHSA-whx8-c8r7-rv23/GHSA-whx8-c8r7-rv23.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-whx8-c8r7-rv23",
4+
"modified": "2025-12-29T00:30:26Z",
5+
"published": "2025-12-29T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15161"
8+
],
9+
"details": "A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15161"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPUserSetting/PPTPUserSetting.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.338536"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.338536"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.720887"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-28T23:15:52Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-xw6v-xv6h-m7g3/GHSA-xw6v-xv6h-m7g3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xw6v-xv6h-m7g3",
4+
"modified": "2025-12-29T00:30:26Z",
5+
"published": "2025-12-29T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15160"
8+
],
9+
"details": "A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15160"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/PPTPServer/PPTPServer.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.338535"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.338535"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.720886"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-28T23:15:52Z"
55+
}
56+
}

0 commit comments

Comments
 (0)