Skip to content

Commit 2687dd0

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent cc25232 commit 2687dd0

File tree

187 files changed

+6696
-39
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

187 files changed

+6696
-39
lines changed

advisories/unreviewed/2022/05/GHSA-5x93-92vm-jw5m/GHSA-5x93-92vm-jw5m.json

Lines changed: 120 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5x93-92vm-jw5m",
4-
"modified": "2022-05-24T22:00:04Z",
4+
"modified": "2025-11-11T18:30:17Z",
55
"published": "2022-05-24T22:00:04Z",
66
"aliases": [
77
"CVE-2019-12735"
88
],
99
"details": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,19 +29,129 @@
2429
},
2530
{
2631
"type": "WEB",
27-
"url": "https://bugs.debian.org/930020"
32+
"url": "https://www.exploit-db.com/exploits/46973"
2833
},
2934
{
3035
"type": "WEB",
31-
"url": "https://bugs.debian.org/930024"
36+
"url": "https://www.debian.org/security/2019/dsa-4487"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.debian.org/security/2019/dsa-4467"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://usn.ubuntu.com/4016-2"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://usn.ubuntu.com/4016-1"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://support.f5.com/csp/article/K93144355"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://security.gentoo.org/glsa/202003-04"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://seclists.org/bugtraq/2019/Jun/33"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://seclists.org/bugtraq/2019/Jul/39"
73+
},
74+
{
75+
"type": "WEB",
76+
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR"
77+
},
78+
{
79+
"type": "WEB",
80+
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7"
81+
},
82+
{
83+
"type": "WEB",
84+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR"
85+
},
86+
{
87+
"type": "WEB",
88+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7"
89+
},
90+
{
91+
"type": "WEB",
92+
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
3293
},
3394
{
3495
"type": "WEB",
3596
"url": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md"
97+
},
98+
{
99+
"type": "WEB",
100+
"url": "https://bugs.debian.org/930024"
101+
},
102+
{
103+
"type": "WEB",
104+
"url": "https://bugs.debian.org/930020"
105+
},
106+
{
107+
"type": "WEB",
108+
"url": "https://access.redhat.com/errata/RHSA-2019:1947"
109+
},
110+
{
111+
"type": "WEB",
112+
"url": "https://access.redhat.com/errata/RHSA-2019:1793"
113+
},
114+
{
115+
"type": "WEB",
116+
"url": "https://access.redhat.com/errata/RHSA-2019:1774"
117+
},
118+
{
119+
"type": "WEB",
120+
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
121+
},
122+
{
123+
"type": "WEB",
124+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html"
125+
},
126+
{
127+
"type": "WEB",
128+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html"
129+
},
130+
{
131+
"type": "WEB",
132+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html"
133+
},
134+
{
135+
"type": "WEB",
136+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html"
137+
},
138+
{
139+
"type": "WEB",
140+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html"
141+
},
142+
{
143+
"type": "WEB",
144+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html"
145+
},
146+
{
147+
"type": "WEB",
148+
"url": "http://www.securityfocus.com/bid/108724"
36149
}
37150
],
38151
"database_specific": {
39-
"cwe_ids": [],
152+
"cwe_ids": [
153+
"CWE-78"
154+
],
40155
"severity": "HIGH",
41156
"github_reviewed": false,
42157
"github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-ggrp-mmv9-mmpc/GHSA-ggrp-mmv9-mmpc.json

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ggrp-mmv9-mmpc",
4-
"modified": "2022-05-24T17:29:51Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:29:51Z",
66
"aliases": [
77
"CVE-2020-25761"
88
],
99
"details": "Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -18,6 +23,10 @@
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/author/15149"
2025
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/48830"
29+
},
2130
{
2231
"type": "WEB",
2332
"url": "http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html"
@@ -28,7 +37,9 @@
2837
}
2938
],
3039
"database_specific": {
31-
"cwe_ids": [],
40+
"cwe_ids": [
41+
"CWE-79"
42+
],
3243
"severity": "MODERATE",
3344
"github_reviewed": false,
3445
"github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-mhh4-ggqv-qpg6/GHSA-mhh4-ggqv-qpg6.json

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-mhh4-ggqv-qpg6",
4-
"modified": "2022-05-24T17:47:42Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:47:42Z",
66
"aliases": [
77
"CVE-2021-27129"
88
],
99
"details": "CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -17,6 +22,10 @@
1722
{
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/161080/CASAP-Automated-Enrollment-System-1.0-Cross-Site-Scripting.html"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/49470"
2029
}
2130
],
2231
"database_specific": {

advisories/unreviewed/2022/05/GHSA-rwj7-6838-wfrj/GHSA-rwj7-6838-wfrj.json

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rwj7-6838-wfrj",
4-
"modified": "2022-05-24T17:29:50Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:29:50Z",
66
"aliases": [
77
"CVE-2020-25760"
88
],
99
"details": "Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -18,6 +23,10 @@
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/author/15149"
2025
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/48911"
29+
},
2130
{
2231
"type": "WEB",
2332
"url": "http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html"

advisories/unreviewed/2022/05/GHSA-w9w3-f8q7-x576/GHSA-w9w3-f8q7-x576.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-w9w3-f8q7-x576",
4-
"modified": "2023-08-08T15:31:18Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T19:06:02Z",
66
"aliases": [
77
"CVE-2021-33624"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/benschlueter/CVE-2021-33624"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
@@ -38,7 +42,8 @@
3842
],
3943
"database_specific": {
4044
"cwe_ids": [
41-
"CWE-203"
45+
"CWE-203",
46+
"CWE-843"
4247
],
4348
"severity": "MODERATE",
4449
"github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-j94g-69xw-xx5q/GHSA-j94g-69xw-xx5q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j94g-69xw-xx5q",
4-
"modified": "2023-11-14T18:30:19Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2023-07-10T18:30:50Z",
66
"aliases": [
77
"CVE-2023-36375"
@@ -30,6 +30,10 @@
3030
{
3131
"type": "WEB",
3232
"url": "https://packetstormsecurity.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/50628"
3337
}
3438
],
3539
"database_specific": {

advisories/unreviewed/2023/08/GHSA-jrfx-7644-2jj6/GHSA-jrfx-7644-2jj6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jrfx-7644-2jj6",
4-
"modified": "2024-04-04T07:17:11Z",
4+
"modified": "2025-11-11T18:30:14Z",
55
"published": "2023-08-30T15:30:19Z",
66
"aliases": [
77
"CVE-2023-41537"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version-3.2"
2529
}
2630
],
2731
"database_specific": {

advisories/unreviewed/2023/11/GHSA-4h7h-xhv3-2g96/GHSA-4h7h-xhv3-2g96.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4h7h-xhv3-2g96",
4-
"modified": "2023-11-13T15:30:20Z",
4+
"modified": "2025-11-11T18:30:14Z",
55
"published": "2023-11-03T06:36:29Z",
66
"aliases": [
77
"CVE-2023-38965"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/51795"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"

0 commit comments

Comments
 (0)