Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/07/GHSA-m4wm-24vm-w63j/GHSA-m4wm-24vm-w63j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m4wm-24vm-w63j",
-  "modified": "2024-07-30T09:32:01Z",
+  "modified": "2025-10-03T21:30:52Z",
   "published": "2024-07-30T09:32:01Z",
   "aliases": [
     "CVE-2024-42130"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-07-30T08:15:05Z"

advisories/unreviewed/2024/08/GHSA-9v94-8833-hv33/GHSA-9v94-8833-hv33.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9v94-8833-hv33",
-  "modified": "2024-08-19T06:30:53Z",
+  "modified": "2025-10-03T21:30:52Z",
   "published": "2024-08-17T09:30:24Z",
   "aliases": [
     "CVE-2024-42265"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of ->fd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than ->max_fds;\nhowever, misprediction might end up with\n        tofree = fdt->fd[fd];\nbeing speculatively executed.  That's wrong for the same reasons\nwhy it's wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt->max_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-17T09:15:07Z"

advisories/unreviewed/2024/08/GHSA-cj67-x3pw-qjqp/GHSA-cj67-x3pw-qjqp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cj67-x3pw-qjqp",
-  "modified": "2024-08-19T06:30:53Z",
+  "modified": "2025-10-03T21:30:52Z",
   "published": "2024-08-17T09:30:24Z",
   "aliases": [
     "CVE-2024-42267"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-17T09:15:08Z"

advisories/unreviewed/2024/08/GHSA-xjqc-gcmf-pwgc/GHSA-xjqc-gcmf-pwgc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xjqc-gcmf-pwgc",
-  "modified": "2024-08-17T09:30:24Z",
+  "modified": "2025-10-03T21:30:52Z",
   "published": "2024-08-17T09:30:24Z",
   "aliases": [
     "CVE-2024-42260"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-17T09:15:07Z"

advisories/unreviewed/2024/08/GHSA-xvh5-2mp5-pfc3/GHSA-xvh5-2mp5-pfc3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xvh5-2mp5-pfc3",
-  "modified": "2024-08-17T09:30:24Z",
+  "modified": "2025-10-03T21:30:52Z",
   "published": "2024-08-17T09:30:24Z",
   "aliases": [
     "CVE-2024-42261"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-08-17T09:15:07Z"

advisories/unreviewed/2025/07/GHSA-gmrc-mvc2-6888/GHSA-gmrc-mvc2-6888.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gmrc-mvc2-6888",
-  "modified": "2025-07-21T18:32:19Z",
+  "modified": "2025-10-03T21:30:55Z",
   "published": "2025-07-21T18:32:18Z",
   "aliases": [
     "CVE-2025-7932"

advisories/unreviewed/2025/09/GHSA-m3c8-789m-gj36/GHSA-m3c8-789m-gj36.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-94"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-wr4m-f8q9-97q2/GHSA-wr4m-f8q9-97q2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wr4m-f8q9-97q2",
-  "modified": "2025-09-30T18:30:25Z",
+  "modified": "2025-10-03T21:30:56Z",
   "published": "2025-09-30T18:30:25Z",
   "aliases": [
     "CVE-2025-56513"
   ],
   "details": "NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-494"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-30T18:15:50Z"

advisories/unreviewed/2025/10/GHSA-39x4-ph74-c88f/GHSA-39x4-ph74-c88f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-39x4-ph74-c88f",
+  "modified": "2025-10-03T21:30:58Z",
+  "published": "2025-10-03T21:30:58Z",
+  "aliases": [
+    "CVE-2025-52866"
+  ],
+  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52866"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-03T19:15:48Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-3mgq-766r-8vr6/GHSA-3mgq-766r-8vr6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3mgq-766r-8vr6",
+  "modified": "2025-10-03T21:30:58Z",
+  "published": "2025-10-03T21:30:58Z",
+  "aliases": [
+    "CVE-2025-52656"
+  ],
+  "details": "HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52656"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-915"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-03T19:15:46Z"
+  }
+}