Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-9w96-529w-5xrx/GHSA-9w96-529w-5xrx.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9w96-529w-5xrx",
-  "modified": "2024-03-22T00:31:15Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2024-03-22T00:31:15Z",
   "aliases": [
     "CVE-2024-28045"
   ],
-  "details": "\nImproper neutralization of input within the affected product could lead to cross-site scripting.\n\n",
+  "details": "Improper neutralization of input within the affected product could lead to cross-site scripting.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/03/GHSA-mgcc-v376-cqg5/GHSA-mgcc-v376-cqg5.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mgcc-v376-cqg5",
-  "modified": "2024-03-22T00:31:15Z",
+  "modified": "2025-11-05T15:31:00Z",
   "published": "2024-03-22T00:31:15Z",
   "aliases": [
     "CVE-2024-25567"
   ],
-  "details": "\nPath traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n",
+  "details": "Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/05/GHSA-3x3q-3c9j-4x72/GHSA-3x3q-3c9j-4x72.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3x3q-3c9j-4x72",
-  "modified": "2025-05-01T15:31:47Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:47Z",
   "aliases": [
     "CVE-2022-49790"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - invert valid length check when fetching device IDs\n\nsyzbot is reporting uninitialized value at iforce_init_device() [1], for\ncommit 6ac0aec6b0a6 (\"Input: iforce - allow callers supply data buffer\nwhen fetching device IDs\") is checking that valid length is shorter than\nbytes to read. Since iforce_get_id_packet() stores valid length when\nreturning 0, the caller needs to check that valid length is longer than or\nequals to bytes to read.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-908"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:02Z"

advisories/unreviewed/2025/05/GHSA-5fcx-mjhh-4qw9/GHSA-5fcx-mjhh-4qw9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5fcx-mjhh-4qw9",
-  "modified": "2025-11-03T21:33:45Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:44Z",
   "aliases": [
     "CVE-2025-37768"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:39Z"

advisories/unreviewed/2025/05/GHSA-7jq4-g7p4-jx98/GHSA-7jq4-g7p4-jx98.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7jq4-g7p4-jx98",
-  "modified": "2025-11-03T21:33:45Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:44Z",
   "aliases": [
     "CVE-2025-37771"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:40Z"

advisories/unreviewed/2025/05/GHSA-f6mf-84fx-cph2/GHSA-f6mf-84fx-cph2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f6mf-84fx-cph2",
-  "modified": "2025-05-01T15:31:41Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:41Z",
   "aliases": [
     "CVE-2025-23154"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix io_req_post_cqe abuse by send bundle\n\n[  114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0\n[  114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0\n[  115.001880][ T5313] Call Trace:\n[  115.002222][ T5313]  <TASK>\n[  115.007813][ T5313]  io_send+0x4fe/0x10f0\n[  115.009317][ T5313]  io_issue_sqe+0x1a6/0x1740\n[  115.012094][ T5313]  io_wq_submit_work+0x38b/0xed0\n[  115.013223][ T5313]  io_worker_handle_work+0x62a/0x1600\n[  115.013876][ T5313]  io_wq_worker+0x34f/0xdf0\n\nAs the comment states, io_req_post_cqe() should only be used by\nmultishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are\nnot. Add a flag signifying whether a request wants to post multiple\nCQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but\nthat's left out for simplicity.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T13:15:51Z"

advisories/unreviewed/2025/05/GHSA-g3xx-h684-wg52/GHSA-g3xx-h684-wg52.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g3xx-h684-wg52",
-  "modified": "2025-11-03T21:33:45Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:44Z",
   "aliases": [
     "CVE-2025-37770"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:40Z"

advisories/unreviewed/2025/05/GHSA-h8wv-w7mj-x6rc/GHSA-h8wv-w7mj-x6rc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h8wv-w7mj-x6rc",
-  "modified": "2025-11-03T21:33:44Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:44Z",
   "aliases": [
     "CVE-2025-37767"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:39Z"

advisories/unreviewed/2025/05/GHSA-ph3p-q84c-pqrw/GHSA-ph3p-q84c-pqrw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ph3p-q84c-pqrw",
-  "modified": "2025-11-03T21:33:44Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:43Z",
   "aliases": [
     "CVE-2025-37766"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:39Z"

advisories/unreviewed/2025/05/GHSA-q2ww-4r37-g77p/GHSA-q2ww-4r37-g77p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q2ww-4r37-g77p",
-  "modified": "2025-05-01T15:31:47Z",
+  "modified": "2025-11-05T15:31:01Z",
   "published": "2025-05-01T15:31:47Z",
   "aliases": [
     "CVE-2022-49792"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: mp2629: fix potential array out of bound access\n\nAdd sentinel at end of maps to avoid potential array out of\nbound access in iio core.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:02Z"