Skip to content

Commit 6a6615b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-5pmf-w3jq-5hrj GHSA-7hf5-m4m3-v944 GHSA-83f6-rpg2-3v27 GHSA-cmvv-rx7c-4vmx GHSA-cw4r-p223-gfc3 GHSA-hp87-2chw-7hmc GHSA-rrmw-gv85-w824 GHSA-wv75-vg2r-ppj6
1 parent 90822ae commit 6a6615b

File tree

8 files changed

+357
-0
lines changed

8 files changed

+357
-0
lines changed

advisories/unreviewed/2025/06/GHSA-5pmf-w3jq-5hrj/GHSA-5pmf-w3jq-5hrj.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5pmf-w3jq-5hrj",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-6270"
8+
],
9+
"details": "A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6270"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/HDFGroup/hdf5/issues/5580"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/20626642/reproduce.tar.gz"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313274"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313274"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.592588"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-19T17:15:27Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-7hf5-m4m3-v944/GHSA-7hf5-m4m3-v944.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7hf5-m4m3-v944",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2006-2192"
8+
],
9+
"details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2192"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-06-19T16:15:21Z"
24+
}
25+
}

advisories/unreviewed/2025/06/GHSA-83f6-rpg2-3v27/GHSA-83f6-rpg2-3v27.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-83f6-rpg2-3v27",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-6271"
8+
],
9+
"details": "A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6271"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/swftools/swftools/issues/239"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/19415662/wav2swf_crash.txt"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313275"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313275"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.593005"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-19T18:15:21Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-cmvv-rx7c-4vmx/GHSA-cmvv-rx7c-4vmx.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cmvv-rx7c-4vmx",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-33117"
8+
],
9+
"details": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33117"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7237317"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-73"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-06-19T18:15:21Z"
35+
}
36+
}

advisories/unreviewed/2025/06/GHSA-cw4r-p223-gfc3/GHSA-cw4r-p223-gfc3.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cw4r-p223-gfc3",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-36050"
8+
],
9+
"details": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36050"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7237317"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-532"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-06-19T18:15:21Z"
35+
}
36+
}

advisories/unreviewed/2025/06/GHSA-hp87-2chw-7hmc/GHSA-hp87-2chw-7hmc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hp87-2chw-7hmc",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-6269"
8+
],
9+
"details": "A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6269"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/HDFGroup/hdf5/issues/5579"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/20626503/reproduce.tar.gz"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313273"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313273"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.592587"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-19T16:15:22Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-rrmw-gv85-w824/GHSA-rrmw-gv85-w824.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rrmw-gv85-w824",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-6272"
8+
],
9+
"details": "A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6272"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wasm3/wasm3/issues/531"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/19516600/wasm3_crash.txt"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313276"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313276"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.593008"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-19T18:15:22Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-wv75-vg2r-ppj6/GHSA-wv75-vg2r-ppj6.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wv75-vg2r-ppj6",
4+
"modified": "2025-06-19T18:31:47Z",
5+
"published": "2025-06-19T18:31:47Z",
6+
"aliases": [
7+
"CVE-2025-33121"
8+
],
9+
"details": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33121"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7237317"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-611"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-06-19T18:15:21Z"
35+
}
36+
}

0 commit comments

Comments
 (0)