Sync EUVD catalog: Mon Apr 6 00:37:38 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2018-21766.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21766",
+  "enisaUuid": "56b0326d-bcbc-3c82-bfd2-2d59d474d006",
+  "description": "IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46286\nhttps://www.ks-soft.net/ip-tools.eng/index.htm\nhttps://www.vulncheck.com/advisories/ip-tools-local-buffer-overflow-denial-of-service\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25256\n",
+  "aliases": "CVE-2018-25256\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "6bdf2816-6d03-328f-8bef-9e19417103b4",
+      "product": {
+        "name": "IP TOOLS"
+      },
+      "product_version": "2.50"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "9396cdd3-6467-3434-9913-870661021ea4",
+      "vendor": {
+        "name": "ks-soft"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20048.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20048",
+  "enisaUuid": "d386da31-a9fc-3fda-ba12-f34bc8d6ff9d",
+  "description": "R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46288\nhttps://www.r-project.org/\nhttps://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe\nhttps://www.vulncheck.com/advisories/r-i386-local-buffer-overflow-seh\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25656\n",
+  "aliases": "GHSA-j848-jmr8-xfgr\nCVE-2019-25656\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "ed2f8e77-3714-344e-a5b3-918c3384fbd3",
+      "product": {
+        "name": "R i386"
+      },
+      "product_version": "3.5.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "4b6d66dd-d6e5-331d-85d8-158692933b9e",
+      "vendor": {
+        "name": "R-Project"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20050.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20050",
+  "enisaUuid": "4b93b716-0490-3090-9082-283b936e0702",
+  "description": "AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46289\nhttp://www.anyburn.com/\nhttps://www.vulncheck.com/advisories/anyburn-x86-denial-of-service-via-image-conversion\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25657\n",
+  "aliases": "CVE-2019-25657\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "50a27a32-b954-3764-b339-27aafdcb0417",
+      "product": {
+        "name": "AnyBurn x86"
+      },
+      "product_version": "4.3 (32-bit)"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "7b2039bd-cfb0-3a35-90f3-a84e3f051277",
+      "vendor": {
+        "name": "Anyburn"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20052.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20052",
+  "enisaUuid": "417ac4cb-2acd-31bc-b09c-2fab75e9019d",
+  "description": "a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46292\nhttp://amac.paqtool.com/\nhttps://www.vulncheck.com/advisories/a-mac-address-change-local-buffer-overflow-dos\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25658\n",
+  "aliases": "CVE-2019-25658\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "864342d6-73db-33e9-8976-b7b45eca844b",
+      "product": {
+        "name": "Mac Address Change"
+      },
+      "product_version": "5.4"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "90271cb5-477f-3694-959e-61183c980eea",
+      "vendor": {
+        "name": "Amac"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20054.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20054",
+  "enisaUuid": "3e7fed0f-a079-3637-9884-4c2fe2575d3a",
+  "description": "ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46293\nhttp://www.xlinesoft.com/asprunnerpro\nhttps://www.vulncheck.com/advisories/asprunner-professional-local-buffer-overflow-dos\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25659\n",
+  "aliases": "CVE-2019-25659\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "27480343-2ffa-3fd5-822d-e33715161899",
+      "product": {
+        "name": "ASPRunner Professional"
+      },
+      "product_version": "6.0.766"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "2f3f7fa8-e4d4-3c1c-98cc-abb858f333ea",
+      "vendor": {
+        "name": "Xlinesoft"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20056.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20056",
+  "enisaUuid": "e9a91aa4-5f30-3742-90e7-33182b9992b0",
+  "description": "LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46295\nhttp://www.hainsoft.com/\nhttps://www.vulncheck.com/advisories/lanhelper-denial-of-service-via-buffer-overflow\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25660\n",
+  "aliases": "CVE-2019-25660\nGHSA-fxf6-j3c6-2ghw\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c0908aa3-9f5d-3bda-b4df-00963ed54a57",
+      "product": {
+        "name": "LanHelper"
+      },
+      "product_version": "1.74"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "e545eb67-38ba-3b15-986d-c7a7a702b7ef",
+      "vendor": {
+        "name": "Hainsoft"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20058.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20058",
+  "enisaUuid": "0cb01b73-ec51-3345-a897-beaedaf9353f",
+  "description": "Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46304\nhttp://lizardsystems.com/action.php?action=home&product=rpexplorer&version=1.0.0.16\nhttps://www.vulncheck.com/advisories/remote-process-explorer-local-buffer-overflow-dos\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25661\n",
+  "aliases": "CVE-2019-25661\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "d4183f43-3cda-3b13-b590-6fb2abad924f",
+      "product": {
+        "name": "Remote Process Explorer"
+      },
+      "product_version": "1.0.0.16"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "f7e3c6fd-01b0-3414-9133-e81619ad0b57",
+      "vendor": {
+        "name": "LizardSystems"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20060.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20060",
+  "enisaUuid": "8ee2055a-44b3-3ef0-8d62-3d1eb6014d25",
+  "description": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46308\nhttps://www.resourcespace.com/\nhttps://www.resourcespace.com/get\nhttps://www.vulncheck.com/advisories/resourcespace-sql-injection-via-watched-searches-php\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25662\n",
+  "aliases": "GHSA-v37v-42c5-gf78\nCVE-2019-25662\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "5e296708-8369-334a-ad00-056fda970aef",
+      "product": {
+        "name": "ResourceSpace"
+      },
+      "product_version": "8.6"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "4c58177f-5975-3214-81e7-729770cd5f4d",
+      "vendor": {
+        "name": "Montala"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20062.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20062",
+  "enisaUuid": "cfc62832-14fc-371c-af68-48c7443e125c",
+  "description": "SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:19 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46310\nhttps://suitecrm.com/\nhttps://suitecrm.com/download/\nhttps://www.vulncheck.com/advisories/suitecrm-sql-injection-via-parenttab-parameter\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25663\n",
+  "aliases": "CVE-2019-25663\nGHSA-hrmj-mfh9-v52r\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "3e71cded-277d-3af8-891a-ee456a617fa6",
+      "product": {
+        "name": "SuiteCRM"
+      },
+      "product_version": "7.10.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "7e2721bd-960f-35e1-8bab-2b3fbfdcff03",
+      "vendor": {
+        "name": "SuiteCRM"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20064.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20064",
+  "enisaUuid": "871ba5d5-a0cf-366b-819a-9f9530ea0c2b",
+  "description": "SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.",
+  "datePublished": "Apr 5, 2026, 9:30:19 PM",
+  "dateUpdated": "Apr 5, 2026, 9:30:20 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46311\nhttps://suitecrm.com/\nhttps://suitecrm.com/download/\nhttps://www.vulncheck.com/advisories/suitecrm-sql-injection-via-record-parameter\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25664\n",
+  "aliases": "GHSA-hmmj-f3hm-rx3f\nCVE-2019-25664\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "39793ace-0819-3695-84de-2d289d1e6bdc",
+      "product": {
+        "name": "SuiteCRM"
+      },
+      "product_version": "7.10.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "7a51d8e8-f8a4-39d7-adeb-3f7fc685c988",
+      "vendor": {
+        "name": "SuiteCRM"
+      }
+    }
+  ]
+}