Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2rvx-jpm5-g848/GHSA-2rvx-jpm5-g848.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rvx-jpm5-g848",
+  "modified": "2026-03-11T21:31:03Z",
+  "published": "2026-03-11T21:31:03Z",
+  "aliases": [
+    "CVE-2026-3949"
+  ],
+  "details": "A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3949"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libheif/issues/1712"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libheif/issues/1712#issuecomment-3947938531"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libheif/commit/b97c8b5f198b27f375127cd597a35f2113544d03"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/biniamf/pocs/tree/main/libheif_vvdec"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libheif"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.350381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.350381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765979"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:16:05Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-34px-6wv4-79ch/GHSA-34px-6wv4-79ch.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34px-6wv4-79ch",
+  "modified": "2026-03-11T21:31:04Z",
+  "published": "2026-03-11T21:31:04Z",
+  "aliases": [
+    "CVE-2026-1717"
+  ],
+  "details": "An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1717"
+    },
+    {
+      "type": "WEB",
+      "url": "https://iknow.lenovo.com.cn/detail/438815"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.lenovo.com/us/en/product_security/LEN-213044"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-88"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T21:16:15Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-36j3-r3wc-mhg7/GHSA-36j3-r3wc-mhg7.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36j3-r3wc-mhg7",
+  "modified": "2026-03-11T21:31:03Z",
+  "published": "2026-03-11T21:31:03Z",
+  "aliases": [
+    "CVE-2025-70024"
+  ],
+  "details": "An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70024"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/zcxlighthouse/4983275f71824ff47b9bdca9de7cb36a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/benkeen"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/benkeen/generatedata"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T21:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3grg-fgcc-7f3v/GHSA-3grg-fgcc-7f3v.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3grg-fgcc-7f3v",
+  "modified": "2026-03-11T21:31:01Z",
+  "published": "2026-03-11T21:31:01Z",
+  "aliases": [
+    "CVE-2019-25468"
+  ],
+  "details": "NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25468"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47391"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/netgain-em-plus-remote-code-execution-via-script-testjsp"
+    },
+    {
+      "type": "WEB",
+      "url": "http://netgain-systems.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4753-7q6g-548g/GHSA-4753-7q6g-548g.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4753-7q6g-548g",
-  "modified": "2026-03-05T06:30:22Z",
+  "modified": "2026-03-11T21:30:58Z",
   "published": "2026-03-05T03:31:26Z",
   "aliases": [
     "CVE-2026-29123"
   ],
   "details": "A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-48cq-3q6q-vxm7/GHSA-48cq-3q6q-vxm7.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-48cq-3q6q-vxm7",
+  "modified": "2026-03-11T21:31:02Z",
+  "published": "2026-03-11T21:31:02Z",
+  "aliases": [
+    "CVE-2019-25485"
+  ],
+  "details": "R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25485"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47122"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/r-windows-x-buffer-overflow-seh-dep-aslr-bypass"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4c84-63pp-c7rv/GHSA-4c84-63pp-c7rv.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4c84-63pp-c7rv",
+  "modified": "2026-03-11T21:31:01Z",
+  "published": "2026-03-11T21:31:01Z",
+  "aliases": [
+    "CVE-2019-25466"
+  ],
+  "details": "Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25466"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/easy-file-sharing-web-server-local-seh-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4f4w-f6p4-xqj8/GHSA-4f4w-f6p4-xqj8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4f4w-f6p4-xqj8",
+  "modified": "2026-03-11T21:31:02Z",
+  "published": "2026-03-11T21:31:02Z",
+  "aliases": [
+    "CVE-2026-24509"
+  ],
+  "details": "Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24509"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000427573/dsa-2026-093"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4p8g-m95v-ggv9/GHSA-4p8g-m95v-ggv9.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4p8g-m95v-ggv9",
+  "modified": "2026-03-11T21:31:02Z",
+  "published": "2026-03-11T21:31:02Z",
+  "aliases": [
+    "CVE-2019-25477"
+  ],
+  "details": "RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25477"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47285"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/rar-password-recovery-denial-of-service-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-11T19:16:01Z"
+  }
+}