Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-p743-h3f6-5f74/GHSA-p743-h3f6-5f74.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p743-h3f6-5f74",
-  "modified": "2026-02-25T21:31:19Z",
+  "modified": "2026-03-04T18:31:47Z",
   "published": "2026-02-25T21:31:19Z",
   "aliases": [
     "CVE-2026-22721"

advisories/unreviewed/2026/02/GHSA-rr3q-q2xp-f894/GHSA-rr3q-q2xp-f894.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rr3q-q2xp-f894",
-  "modified": "2026-02-25T21:31:19Z",
+  "modified": "2026-03-04T18:31:47Z",
   "published": "2026-02-25T21:31:18Z",
   "aliases": [
     "CVE-2026-22720"

advisories/unreviewed/2026/03/GHSA-2369-45jq-xgc9/GHSA-2369-45jq-xgc9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2369-45jq-xgc9",
+  "modified": "2026-03-04T18:31:52Z",
+  "published": "2026-03-04T18:31:52Z",
+  "aliases": [
+    "CVE-2025-59785"
+  ],
+  "details": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1286"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T16:16:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2cx5-9j54-v8vq/GHSA-2cx5-9j54-v8vq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cx5-9j54-v8vq",
+  "modified": "2026-03-04T18:31:55Z",
+  "published": "2026-03-04T18:31:55Z",
+  "aliases": [
+    "CVE-2026-20073"
+  ],
+  "details": "A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device.\n\nThis vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20073"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-aclbypass-dos-CVxVRSvQ"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T18:16:23Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2p8h-37p5-9g77/GHSA-2p8h-37p5-9g77.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p8h-37p5-9g77",
-  "modified": "2026-03-03T21:31:17Z",
+  "modified": "2026-03-04T18:31:50Z",
   "published": "2026-03-03T21:31:17Z",
   "aliases": [
     "CVE-2025-70240"
   ],
   "details": "Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-03T21:15:57Z"

advisories/unreviewed/2026/03/GHSA-33pq-q8j2-pf3g/GHSA-33pq-q8j2-pf3g.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33pq-q8j2-pf3g",
+  "modified": "2026-03-04T18:31:54Z",
+  "published": "2026-03-04T18:31:54Z",
+  "aliases": [
+    "CVE-2026-20007"
+  ],
+  "details": "A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped.\n\nThis vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20007"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-bypass-rLggKzVF"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T18:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3fxq-cwj2-m4x3/GHSA-3fxq-cwj2-m4x3.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fxq-cwj2-m4x3",
+  "modified": "2026-03-04T18:31:55Z",
+  "published": "2026-03-04T18:31:55Z",
+  "aliases": [
+    "CVE-2026-20057"
+  ],
+  "details": "Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. \n \nThis vulnerability is due to lack of proper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending a crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart causing a a denial of service (DoS) condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20057"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T18:16:20Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3v29-g9xv-3c6v/GHSA-3v29-g9xv-3c6v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3v29-g9xv-3c6v",
-  "modified": "2026-03-03T18:31:33Z",
+  "modified": "2026-03-04T18:31:49Z",
   "published": "2026-03-03T18:31:33Z",
   "aliases": [
     "CVE-2021-35486"
   ],
   "details": "A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-03T18:16:21Z"

advisories/unreviewed/2026/03/GHSA-3xgp-5q28-4f22/GHSA-3xgp-5q28-4f22.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xgp-5q28-4f22",
+  "modified": "2026-03-04T18:31:53Z",
+  "published": "2026-03-04T18:31:53Z",
+  "aliases": [
+    "CVE-2026-23808"
+  ],
+  "details": "A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23808"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T17:16:18Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-42hx-qv2c-ff49/GHSA-42hx-qv2c-ff49.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42hx-qv2c-ff49",
+  "modified": "2026-03-04T18:31:54Z",
+  "published": "2026-03-04T18:31:54Z",
+  "aliases": [
+    "CVE-2026-20008"
+  ],
+  "details": "A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root.\n\nThis vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20008"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-luainject-VescqgmS"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-04T18:16:14Z"
+  }
+}