netbird/advisory-database
0
0
Fork 0
mirror of https://github.com/netbirdio/advisory-database.git synced 2026-05-22 18:04:22 -07:00
Code Issues Packages Projects Releases Wiki Activity

Advisory Database Sync

Browse Source
This commit is contained in:
advisory-database[bot]
2025-04-08 06:32:27 +00:00
parent 5cbb895809
commit d974955f2d
32 changed files with 1177 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
advisories/unreviewed/2024/05/GHSA-4qq8-w3q5-56jf/GHSA-4qq8-w3q5-56jf.json
+9 -1
View File
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4qq8-w3q5-56jf",
"modified": "2024-08-15T18:31:43Z",
"modified": "2025-04-08T06:30:37Z",
"published": "2024-05-31T06:30:28Z",
"aliases": [
"CVE-2024-36246"
@@ -26,6 +26,14 @@
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html"
},
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html"
}
],
"database_specific": {
advisories/unreviewed/2024/05/GHSA-w2mp-xqqj-8v36/GHSA-w2mp-xqqj-8v36.json
+9 -1
View File
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-w2mp-xqqj-8v36",
"modified": "2024-07-03T18:43:54Z",
"modified": "2025-04-08T06:30:36Z",
"published": "2024-05-31T06:30:27Z",
"aliases": [
"CVE-2024-23847"
@@ -26,6 +26,14 @@
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html"
},
{
"type": "WEB",
"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html"
}
],
"database_specific": {
advisories/unreviewed/2025/03/GHSA-33fh-4pvq-9x35/GHSA-33fh-4pvq-9x35.json
+5 -1
View File
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-33fh-4pvq-9x35",
"modified": "2025-04-08T03:32:36Z",
"modified": "2025-04-08T06:30:37Z",
"published": "2025-03-18T18:30:50Z",
"aliases": [
"CVE-2025-2487"
@@ -19,6 +19,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2487"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3663"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3670"
advisories/unreviewed/2025/04/GHSA-294x-x7jx-8864/GHSA-294x-x7jx-8864.json
+36
View File
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-294x-x7jx-8864",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-0361"
],
"details": "During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0361"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/f4/9b/13/cve-2025-0361pdf-en-US-474511.pdf"
}
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T06:15:44Z"
}
}
advisories/unreviewed/2025/04/GHSA-355w-v9ph-gc4h/GHSA-355w-v9ph-gc4h.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-355w-v9ph-gc4h",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20938"
],
"details": "Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20938"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:38Z"
}
}
advisories/unreviewed/2025/04/GHSA-369j-gmrm-fw78/GHSA-369j-gmrm-fw78.json
+52
View File
@@ -0,0 +1,52 @@
{
"schema_version": "1.4.0",
"id": "GHSA-369j-gmrm-fw78",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-3413"
],
"details": "A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3413"
},
{
"type": "WEB",
"url": "https://github.com/mapl3miss/Vul/blob/main/Vul.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.303691"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.303691"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.545374"
}
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T06:15:45Z"
}
}
advisories/unreviewed/2025/04/GHSA-535p-c89j-pqj5/GHSA-535p-c89j-pqj5.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-535p-c89j-pqj5",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20945"
],
"details": "Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20945"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:39Z"
}
}
advisories/unreviewed/2025/04/GHSA-53wr-h738-wq84/GHSA-53wr-h738-wq84.json
+48
View File
@@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-53wr-h738-wq84",
"modified": "2025-04-08T06:30:38Z",
"published": "2025-04-08T06:30:38Z",
"aliases": [
"CVE-2025-3407"
],
"details": "A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3407"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.303685"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.303685"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.544227"
}
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T04:15:31Z"
}
}
advisories/unreviewed/2025/04/GHSA-6853-8846-j885/GHSA-6853-8846-j885.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6853-8846-j885",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20935"
],
"details": "Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. User interaction is required for triggering this vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20935"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:37Z"
}
}
advisories/unreviewed/2025/04/GHSA-69p9-7943-9qhx/GHSA-69p9-7943-9qhx.json
+48
View File
@@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-69p9-7943-9qhx",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-3409"
],
"details": "A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3409"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.303687"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.303687"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.544231"
}
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:40Z"
}
}
advisories/unreviewed/2025/04/GHSA-69q6-wh98-33qx/GHSA-69q6-wh98-33qx.json
+52
View File
@@ -0,0 +1,52 @@
{
"schema_version": "1.4.0",
"id": "GHSA-69q6-wh98-33qx",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-3412"
],
"details": "A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3412"
},
{
"type": "WEB",
"url": "https://github.com/Tr0e/CVE_Hunter/blob/main/AIAS/AIAS_SSRF2.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.303690"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.303690"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.544289"
}
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T06:15:44Z"
}
}
advisories/unreviewed/2025/04/GHSA-7249-98jq-4p25/GHSA-7249-98jq-4p25.json
+48
View File
@@ -0,0 +1,48 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7249-98jq-4p25",
"modified": "2025-04-08T06:30:38Z",
"published": "2025-04-08T06:30:38Z",
"aliases": [
"CVE-2025-3406"
],
"details": "A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3406"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.303684"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.303684"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.544226"
}
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T04:15:31Z"
}
}
advisories/unreviewed/2025/04/GHSA-85r7-qj2g-694p/GHSA-85r7-qj2g-694p.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-85r7-qj2g-694p",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20942"
],
"details": "Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20942"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:38Z"
}
}
advisories/unreviewed/2025/04/GHSA-95xh-x8h9-w4qm/GHSA-95xh-x8h9-w4qm.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-95xh-x8h9-w4qm",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-20947"
],
"details": "Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20947"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:39Z"
}
}
advisories/unreviewed/2025/04/GHSA-9p3c-x238-grgc/GHSA-9p3c-x238-grgc.json
+40
View File
@@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9p3c-x238-grgc",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-2004"
],
"details": "The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2004"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-73"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:39Z"
}
}
advisories/unreviewed/2025/04/GHSA-9xpj-6p26-cwqj/GHSA-9xpj-6p26-cwqj.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9xpj-6p26-cwqj",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20944"
],
"details": "Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20944"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:38Z"
}
}
advisories/unreviewed/2025/04/GHSA-c8pp-hw6h-x368/GHSA-c8pp-hw6h-x368.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c8pp-hw6h-x368",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2025-20946"
],
"details": "Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20946"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:39Z"
}
}
advisories/unreviewed/2025/04/GHSA-f2pr-mh68-xp6p/GHSA-f2pr-mh68-xp6p.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f2pr-mh68-xp6p",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20943"
],
"details": "Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20943"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:38Z"
}
}
advisories/unreviewed/2025/04/GHSA-f59c-7r8p-q47f/GHSA-f59c-7r8p-q47f.json
+34
View File
@@ -0,0 +1,34 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f59c-7r8p-q47f",
"modified": "2025-04-08T06:30:39Z",
"published": "2025-04-08T06:30:39Z",
"aliases": [
"CVE-2025-20940"
],
"details": "Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20940"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"
}
],
"database_specific": {
"cwe_ids": [],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:38Z"
}
}
advisories/unreviewed/2025/04/GHSA-f6xw-xqhc-gwg3/GHSA-f6xw-xqhc-gwg3.json
+36
View File
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f6xw-xqhc-gwg3",
"modified": "2025-04-08T06:30:40Z",
"published": "2025-04-08T06:30:40Z",
"aliases": [
"CVE-2024-47261"
],
"details": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47261"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf"
}
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T06:15:43Z"
}
}

Some files were not shown because too many files have changed in this diff Show More