Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-253h-f8wh-gcxr/GHSA-253h-f8wh-gcxr.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-253h-f8wh-gcxr",
+  "modified": "2026-03-28T12:30:29Z",
+  "published": "2026-03-28T12:30:29Z",
+  "aliases": [
+    "CVE-2016-20040"
+  ],
+  "details": "TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20040"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/39692"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/tiemu-nogdb-dfsg-3-buffer-overflow-via-rom-parameter"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lpg.ticalc.org/prj_tiemu"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2fgr-mc24-75x3/GHSA-2fgr-mc24-75x3.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fgr-mc24-75x3",
+  "modified": "2026-03-28T12:30:29Z",
+  "published": "2026-03-28T12:30:29Z",
+  "aliases": [
+    "CVE-2016-20048"
+  ],
+  "details": "iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20048"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/41076"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/iselect-2-b1-local-buffer-overflow-via-key-parameter"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.ossp.org/pkg/tool/iselect"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:01Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-36cw-x2xf-xmg3/GHSA-36cw-x2xf-xmg3.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36cw-x2xf-xmg3",
+  "modified": "2026-03-28T12:30:30Z",
+  "published": "2026-03-28T12:30:30Z",
+  "aliases": [
+    "CVE-2018-25225"
+  ],
+  "details": "SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25225"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/45288"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file"
+    },
+    {
+      "type": "WEB",
+      "url": "http://sipp.sourceforge.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-43wf-f52v-7wq4/GHSA-43wf-f52v-7wq4.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43wf-f52v-7wq4",
+  "modified": "2026-03-28T12:30:30Z",
+  "published": "2026-03-28T12:30:30Z",
+  "aliases": [
+    "CVE-2017-20226"
+  ],
+  "details": "Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/42144"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/mapscrn-stack-based-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "http://ccross.msk.su"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:01Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4xgm-gv32-5pqv/GHSA-4xgm-gv32-5pqv.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4xgm-gv32-5pqv",
+  "modified": "2026-03-28T12:30:30Z",
+  "published": "2026-03-28T12:30:30Z",
+  "aliases": [
+    "CVE-2018-25221"
+  ],
+  "details": "EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/44155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7h35-2q92-xp4r/GHSA-7h35-2q92-xp4r.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7h35-2q92-xp4r",
+  "modified": "2026-03-28T12:30:29Z",
+  "published": "2026-03-28T12:30:29Z",
+  "aliases": [
+    "CVE-2016-20046"
+  ],
+  "details": "zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20046"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/40203"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "http://cernlib.web.cern.ch/cernlib"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7v78-h4hm-8g8r/GHSA-7v78-h4hm-8g8r.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7v78-h4hm-8g8r",
+  "modified": "2026-03-28T12:30:29Z",
+  "published": "2026-03-28T12:30:29Z",
+  "aliases": [
+    "CVE-2016-20045"
+  ],
+  "details": "HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20045"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/40025"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/hnb-organizer-10-local-buffer-overflow-via-rc-parameter"
+    },
+    {
+      "type": "WEB",
+      "url": "http://hnb.sourceforge.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7wfp-phxm-p655/GHSA-7wfp-phxm-p655.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7wfp-phxm-p655",
+  "modified": "2026-03-28T12:30:29Z",
+  "published": "2026-03-28T12:30:29Z",
+  "aliases": [
+    "CVE-2016-20043"
+  ],
+  "details": "NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20043"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/39810"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/nrss-rss-reader-1-stack-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.codezen.org/nrss"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T12:16:00Z"
+  }
+}