Publish Advisories

GHSA-25c8-fq6j-8vvf
GHSA-365w-7p77-9f2q
GHSA-3q46-58r5-2xq6
GHSA-5crx-9pjw-hxgw
GHSA-8pj9-4w5f-p42v
GHSA-9xj4-jx6j-wv3x
GHSA-c52x-7cpj-qw5f
GHSA-fww6-h55r-7gx6
GHSA-gjwv-45pm-f62j
GHSA-hg2m-cjh9-f76f
GHSA-hp4c-hq8q-pvf3
GHSA-hqrc-chfp-x3xh
GHSA-qqrg-hpxx-mmvw
GHSA-v8xj-9mr9-jmpq
GHSA-x3vf-39hj-gxr4
GHSA-x5w7-h7fg-w2g5

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-25c8-fq6j-8vvf/GHSA-25c8-fq6j-8vvf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-25c8-fq6j-8vvf",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47320"
+  ],
+  "details": "Memory corruption while processing MFC channel configuration during music playback.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47320"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-365w-7p77-9f2q/GHSA-365w-7p77-9f2q.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-365w-7p77-9f2q",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-68460"
+  ],
+  "details": "Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68460"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571"
+    },
+    {
+      "type": "WEB",
+      "url": "https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-116"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T05:15:52Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3q46-58r5-2xq6/GHSA-3q46-58r5-2xq6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3q46-58r5-2xq6",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47323"
+  ],
+  "details": "Memory corruption while routing GPR packets between user and root when handling large data packet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-5crx-9pjw-hxgw/GHSA-5crx-9pjw-hxgw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5crx-9pjw-hxgw",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47387"
+  ],
+  "details": "Memory Corruption when processing IOCTLs for JPEG data without verification.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47387"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-822"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-8pj9-4w5f-p42v/GHSA-8pj9-4w5f-p42v.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8pj9-4w5f-p42v",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47325"
+  ],
+  "details": "Information disclosure while processing system calls with invalid parameters.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-822"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-9xj4-jx6j-wv3x/GHSA-9xj4-jx6j-wv3x.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9xj4-jx6j-wv3x",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47350"
+  ],
+  "details": "Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47350"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-c52x-7cpj-qw5f/GHSA-c52x-7cpj-qw5f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c52x-7cpj-qw5f",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47372"
+  ],
+  "details": "Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47372"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-fww6-h55r-7gx6/GHSA-fww6-h55r-7gx6.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fww6-h55r-7gx6",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-68459"
+  ],
+  "details": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68459"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/vu/JVNVU94068946"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-gjwv-45pm-f62j/GHSA-gjwv-45pm-f62j.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gjwv-45pm-f62j",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-68462"
+  ],
+  "details": "Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68462"
+    },
+    {
+      "type": "WEB",
+      "url": "https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-hg2m-cjh9-f76f/GHSA-hg2m-cjh9-f76f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hg2m-cjh9-f76f",
+  "modified": "2025-12-18T06:30:13Z",
+  "published": "2025-12-18T06:30:13Z",
+  "aliases": [
+    "CVE-2025-47321"
+  ],
+  "details": "Memory corruption while copying packets received from unix clients.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47321"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T06:15:48Z"
+  }
+}