Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-7g68-w67q-848v/GHSA-7g68-w67q-848v.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7g68-w67q-848v",
-  "modified": "2025-09-11T09:31:43Z",
+  "modified": "2026-01-31T00:30:28Z",
   "published": "2025-08-01T15:34:18Z",
   "aliases": [
     "CVE-2025-41375"
   ],
   "details": "A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/08/GHSA-g37j-43j6-2q28/GHSA-g37j-43j6-2q28.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g37j-43j6-2q28",
-  "modified": "2025-09-11T09:31:43Z",
+  "modified": "2026-01-31T00:30:28Z",
   "published": "2025-08-01T15:34:18Z",
   "aliases": [
     "CVE-2025-41376"
   ],
   "details": "A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-29f9-wqmc-g6q2/GHSA-29f9-wqmc-g6q2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29f9-wqmc-g6q2",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2025-2668"
+  ],
+  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2668"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7257518"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-789"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T22:15:52Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2vf6-7r77-ggp5/GHSA-2vf6-7r77-ggp5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vf6-7r77-ggp5",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2025-36424"
+  ],
+  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36424"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7257695"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T22:15:55Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3jqv-gvhw-8crp/GHSA-3jqv-gvhw-8crp.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3jqv-gvhw-8crp",
+  "modified": "2026-01-31T00:30:29Z",
+  "published": "2026-01-31T00:30:29Z",
+  "aliases": [
+    "CVE-2020-37050"
+  ],
+  "details": "Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37050"
+    },
+    {
+      "type": "WEB",
+      "url": "https://download.cnet.com/quick-player/3000-2168_4-10871417.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20201022211753/https://whitecr0wz.github.io/posts/Exploiting-Quick-Player"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20210105222205/https://whitecr0wz.github.io/assets/img/Findings6/18.gif"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48564"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/quick-player-ml-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T23:16:10Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3m38-cq7f-rwm2/GHSA-3m38-cq7f-rwm2.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3m38-cq7f-rwm2",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2020-37027"
+  ],
+  "details": "Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37027"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/midgetspy/Sick-Beard"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20190722085652/https://sickbeard.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48646"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/sickbeard-remote-command-injection"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T23:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3wp5-gwjr-7mpv/GHSA-3wp5-gwjr-7mpv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3wp5-gwjr-7mpv",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2025-36407"
+  ],
+  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3  could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36407"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7257692"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T22:15:54Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-4364-jq2q-6hrc/GHSA-4364-jq2q-6hrc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4364-jq2q-6hrc",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2025-36098"
+  ],
+  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36098"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7257629"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T22:15:53Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-44v3-67p5-8x9h/GHSA-44v3-67p5-8x9h.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44v3-67p5-8x9h",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2020-37026"
+  ],
+  "details": "Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37026"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/midgetspy/Sick-Beard"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20190722085652/https://sickbeard.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48712"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/sickbeard-cross-site-request-forgery"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T23:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-49g9-689m-w7vr/GHSA-49g9-689m-w7vr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49g9-689m-w7vr",
+  "modified": "2026-01-31T00:30:28Z",
+  "published": "2026-01-31T00:30:28Z",
+  "aliases": [
+    "CVE-2025-36387"
+  ],
+  "details": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36387"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7257690"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T22:15:54Z"
+  }
+}