Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 69d1f67d0e44 · 2025-11-27T00:32:13.000Z
GHSA-3v4j-cjvq-5p59 GHSA-4jfm-v5m9-v6gx GHSA-6qj6-gv54-xg63 GHSA-h6v4-7hpg-55pq GHSA-v825-mc9m-64qr GHSA-wxrx-6xjq-jfgp GHSA-xxgx-2q65-m342
diff --git a/advisories/unreviewed/2025/11/GHSA-3v4j-cjvq-5p59/GHSA-3v4j-cjvq-5p59.json b/advisories/unreviewed/2025/11/GHSA-3v4j-cjvq-5p59/GHSA-3v4j-cjvq-5p59.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3v4j-cjvq-5p59",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:27Z",
+  "aliases": [
+    "CVE-2020-36872"
+  ],
+  "details": "BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36872"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cxsecurity.com/issue/WLB-2020100045"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstormsecurity.com/files/159504"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.bac-test.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48860"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/bacnet-test-server-malformed-bvlc-length-dos"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5597.php"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-4jfm-v5m9-v6gx/GHSA-4jfm-v5m9-v6gx.json b/advisories/unreviewed/2025/11/GHSA-4jfm-v5m9-v6gx/GHSA-4jfm-v5m9-v6gx.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4jfm-v5m9-v6gx",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:27Z",
+  "aliases": [
+    "CVE-2020-36873"
+  ],
+  "details": "Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36873"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstorm.news/files/id/156532"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/astak-cm818t3-unauthenticated-config-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-6qj6-gv54-xg63/GHSA-6qj6-gv54-xg63.json b/advisories/unreviewed/2025/11/GHSA-6qj6-gv54-xg63/GHSA-6qj6-gv54-xg63.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6qj6-gv54-xg63",
+  "modified": "2025-11-27T00:30:26Z",
+  "published": "2025-11-27T00:30:26Z",
+  "aliases": [
+    "CVE-2019-25227"
+  ],
+  "details": "Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration may include administrative credentials, wireless keys, and other sensitive settings, enabling an unauthenticated attacker to obtain information that can facilitate further compromise of the device or network.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25227"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstorm.news/files/id/154752"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20190525010559/https://www.tellion.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/tellion-hn2204ap-unauthenticated-config-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-h6v4-7hpg-55pq/GHSA-h6v4-7hpg-55pq.json b/advisories/unreviewed/2025/11/GHSA-h6v4-7hpg-55pq/GHSA-h6v4-7hpg-55pq.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h6v4-7hpg-55pq",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:26Z",
+  "aliases": [
+    "CVE-2019-25226"
+  ],
+  "details": "Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration may include administrative credentials and other sensitive settings, enabling an unauthenticated attacker to obtain information that can facilitate further compromise of the device or network.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cxsecurity.com/issue/WLB-2019100012"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstorm.news/files/id/154719"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/dongyoung-media-dm-ap240tw-unauthenticated-config-disclosure"
+    },
+    {
+      "type": "WEB",
+      "url": "http://dongyoung.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:45Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-v825-mc9m-64qr/GHSA-v825-mc9m-64qr.json b/advisories/unreviewed/2025/11/GHSA-v825-mc9m-64qr/GHSA-v825-mc9m-64qr.json
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v825-mc9m-64qr",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:27Z",
+  "aliases": [
+    "CVE-2025-40934"
+  ],
+  "details": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\n\nAn attacker can remove the signature from the XML document to make it pass the verification check.\n\nXML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40934"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/perl-net-saml2/perl-XML-Sig/issues/63"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-wxrx-6xjq-jfgp/GHSA-wxrx-6xjq-jfgp.json b/advisories/unreviewed/2025/11/GHSA-wxrx-6xjq-jfgp/GHSA-wxrx-6xjq-jfgp.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wxrx-6xjq-jfgp",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:27Z",
+  "aliases": [
+    "CVE-2020-36874"
+  ],
+  "details": "ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36874"
+    },
+    {
+      "type": "WEB",
+      "url": "https://acesecurity.jp/support/top/wip_series/wip-90113"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cxsecurity.com/issue/WLB-2020020137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstorm.news/files/id/156497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ace-security-wip90113-unauthenticated-config-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-xxgx-2q65-m342/GHSA-xxgx-2q65-m342.json b/advisories/unreviewed/2025/11/GHSA-xxgx-2q65-m342/GHSA-xxgx-2q65-m342.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xxgx-2q65-m342",
+  "modified": "2025-11-27T00:30:27Z",
+  "published": "2025-11-27T00:30:27Z",
+  "aliases": [
+    "CVE-2020-36871"
+  ],
+  "details": "ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36871"
+    },
+    {
+      "type": "WEB",
+      "url": "https://packetstorm.news/files/id/156492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48107"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T23:15:47Z"
+  }
+}
