Skip to content

Commit 829a95c

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-38mv-4mrh-vpwc GHSA-2v53-p8wg-cgj7 GHSA-6826-cff7-fh67 GHSA-6w3c-869c-375q GHSA-9hhf-w3pr-8g2c GHSA-f68c-94vp-f2q5 GHSA-fj6r-jjmq-57gw GHSA-fx2x-5jph-mxxh GHSA-j2fr-26h3-2878 GHSA-jxwc-xxjw-356x GHSA-pp73-vg9m-6fvw GHSA-qq9p-jh9v-jwwc GHSA-qvwc-59rc-6g3r GHSA-vrjf-6q9f-r3qr GHSA-vrr4-2wxx-29jr GHSA-w392-grj8-mrrf
1 parent 3aafbbf commit 829a95c

File tree

16 files changed

+486
-6
lines changed

16 files changed

+486
-6
lines changed

advisories/unreviewed/2025/12/GHSA-38mv-4mrh-vpwc/GHSA-38mv-4mrh-vpwc.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-38mv-4mrh-vpwc",
4-
"modified": "2026-01-08T21:30:28Z",
4+
"modified": "2026-04-04T00:31:26Z",
55
"published": "2025-12-20T03:31:35Z",
66
"aliases": [
77
"CVE-2025-14300"
@@ -23,6 +23,18 @@
2323
"type": "ADVISORY",
2424
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14300"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.tp-link.com/en/support/download/tapo-c100/v5/#Firmware-Release-Notes"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.tp-link.com/us/support/download/tapo-c100/v5/#Firmware-Release-Notes"
37+
},
2638
{
2739
"type": "WEB",
2840
"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"

advisories/unreviewed/2026/04/GHSA-2v53-p8wg-cgj7/GHSA-2v53-p8wg-cgj7.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2v53-p8wg-cgj7",
4+
"modified": "2026-04-04T00:31:26Z",
5+
"published": "2026-04-04T00:31:26Z",
6+
"aliases": [
7+
"CVE-2017-20236"
8+
],
9+
"details": "ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20236"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-78"
38+
],
39+
"severity": "CRITICAL",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-03T23:17:00Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-6826-cff7-fh67/GHSA-6826-cff7-fh67.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6826-cff7-fh67",
4+
"modified": "2026-04-04T00:31:26Z",
5+
"published": "2026-04-04T00:31:26Z",
6+
"aliases": [
7+
"CVE-2017-20235"
8+
],
9+
"details": "ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20235"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/1281cac2c9e90abf/original/Security-Bulletin-Authentication-Security-ProSoft-ICX35-BSECV-2017-09.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-authentication-bypass"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-287"
38+
],
39+
"severity": "CRITICAL",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-03T23:17:00Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-6w3c-869c-375q/GHSA-6w3c-869c-375q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6w3c-869c-375q",
4-
"modified": "2026-04-02T21:32:53Z",
4+
"modified": "2026-04-04T00:31:25Z",
55
"published": "2026-04-02T21:32:53Z",
66
"aliases": [
77
"CVE-2024-14034"
@@ -26,6 +26,10 @@
2626
{
2727
"type": "WEB",
2828
"url": "https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/hirschmann-hieos-authentication-bypass-via-http-management-module"
2933
}
3034
],
3135
"database_specific": {

advisories/unreviewed/2026/04/GHSA-9hhf-w3pr-8g2c/GHSA-9hhf-w3pr-8g2c.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9hhf-w3pr-8g2c",
4+
"modified": "2026-04-04T00:31:26Z",
5+
"published": "2026-04-04T00:31:26Z",
6+
"aliases": [
7+
"CVE-2018-25236"
8+
],
9+
"details": "Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25236"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-287"
38+
],
39+
"severity": "CRITICAL",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-03T23:17:00Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-f68c-94vp-f2q5/GHSA-f68c-94vp-f2q5.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-f68c-94vp-f2q5",
4-
"modified": "2026-04-02T21:32:53Z",
4+
"modified": "2026-04-04T00:31:26Z",
55
"published": "2026-04-02T21:32:53Z",
66
"aliases": [
77
"CVE-2025-15620"
@@ -26,6 +26,10 @@
2626
{
2727
"type": "WEB",
2828
"url": "https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface"
2933
}
3034
],
3135
"database_specific": {

advisories/unreviewed/2026/04/GHSA-fj6r-jjmq-57gw/GHSA-fj6r-jjmq-57gw.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fj6r-jjmq-57gw",
4+
"modified": "2026-04-04T00:31:26Z",
5+
"published": "2026-04-04T00:31:26Z",
6+
"aliases": [
7+
"CVE-2016-15058"
8+
],
9+
"details": "Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15058"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.kb.cert.org/vuls/id/507216"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-257"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-04-03T22:16:24Z"
47+
}
48+
}

advisories/unreviewed/2026/04/GHSA-fx2x-5jph-mxxh/GHSA-fx2x-5jph-mxxh.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fx2x-5jph-mxxh",
4-
"modified": "2026-04-03T00:31:09Z",
4+
"modified": "2026-04-04T00:31:26Z",
55
"published": "2026-04-03T00:31:09Z",
66
"aliases": [
77
"CVE-2022-4986"
@@ -23,9 +23,17 @@
2323
"type": "ADVISORY",
2424
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4986"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/1c8fe5d916567af6/original/Belden_Security_Bulletin_BSECV-2022-08.pdf"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://www.belden.com/security"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/hirschmann-eaglesdv-denial-of-service-via-tls"
2937
}
3038
],
3139
"database_specific": {

advisories/unreviewed/2026/04/GHSA-j2fr-26h3-2878/GHSA-j2fr-26h3-2878.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j2fr-26h3-2878",
4+
"modified": "2026-04-04T00:31:26Z",
5+
"published": "2026-04-04T00:31:26Z",
6+
"aliases": [
7+
"CVE-2017-20238"
8+
],
9+
"details": "Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20238"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-285"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-03T23:17:00Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-jxwc-xxjw-356x/GHSA-jxwc-xxjw-356x.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jxwc-xxjw-356x",
4-
"modified": "2026-04-03T00:31:09Z",
4+
"modified": "2026-04-04T00:31:25Z",
55
"published": "2026-04-02T21:32:53Z",
66
"aliases": [
77
"CVE-2024-14033"
@@ -34,6 +34,10 @@
3434
{
3535
"type": "WEB",
3636
"url": "https://www.belden.com/security"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-it-hilcos-heap-overflow-dos"
3741
}
3842
],
3943
"database_specific": {

0 commit comments

Comments
 (0)