Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-273c-4g26-4jpm",
+  "modified": "2025-10-30T12:31:11Z",
+  "published": "2025-10-30T12:31:11Z",
+  "aliases": [
+    "CVE-2025-62402"
+  ],
+  "details": "API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62402"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/10/29/7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-250"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:35Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-326q-28hh-wvjc/GHSA-326q-28hh-wvjc.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-326q-28hh-wvjc",
+  "modified": "2025-10-30T12:31:10Z",
+  "published": "2025-10-30T12:31:10Z",
+  "aliases": [
+    "CVE-2025-40104"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF & VF drivers is already increased to\n1.6 and doesn't incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40104"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-527r-239p-grh5/GHSA-527r-239p-grh5.json

@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-527r-239p-grh5",
+  "modified": "2025-10-30T12:31:09Z",
+  "published": "2025-10-30T12:31:09Z",
+  "aliases": [
+    "CVE-2025-40087"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40087"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-58x9-22gw-84q7/GHSA-58x9-22gw-84q7.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-58x9-22gw-84q7",
+  "modified": "2025-10-30T12:31:10Z",
+  "published": "2025-10-30T12:31:10Z",
+  "aliases": [
+    "CVE-2025-40099"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40099"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-68rx-wr32-vgh2/GHSA-68rx-wr32-vgh2.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68rx-wr32-vgh2",
+  "modified": "2025-10-30T12:31:09Z",
+  "published": "2025-10-30T12:31:09Z",
+  "aliases": [
+    "CVE-2025-40092"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ncm->notify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep->ops->free_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nCall trace:\n usb_ep_free_request+0x2c/0xec\n ncm_bind+0x39c/0x3dc\n usb_add_function+0xcc/0x1f0\n configfs_composite_bind+0x468/0x588\n gadget_bind_driver+0x104/0x270\n really_probe+0x190/0x374\n __driver_probe_device+0xa0/0x12c\n driver_probe_device+0x3c/0x218\n __device_attach_driver+0x14c/0x188\n bus_for_each_drv+0x10c/0x168\n __device_attach+0xfc/0x198\n device_initial_probe+0x14/0x24\n bus_probe_device+0x94/0x11c\n device_add+0x268/0x48c\n usb_add_gadget+0x198/0x28c\n dwc3_gadget_init+0x700/0x858\n __dwc3_set_mode+0x3cc/0x664\n process_scheduled_works+0x1d8/0x488\n worker_thread+0x244/0x334\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40092"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/185193a4714aa9c78437a7a1858fbe5771f0f45c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1cde4516295a030cb8ab4c93114ca3b6c3c6a1e2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d3fe7143928d8dfa2ec7bac9f906b48bc75b98ee"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ed78f4d6079d872432b1ed54f155ef61965d3137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f37de8dec6a4c379b4b8486003a1de00ff8cff3b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-6m5m-pcmh-qg5r/GHSA-6m5m-pcmh-qg5r.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6m5m-pcmh-qg5r",
+  "modified": "2025-10-30T12:31:10Z",
+  "published": "2025-10-30T12:31:10Z",
+  "aliases": [
+    "CVE-2025-40095"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the rndis->notify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep->ops->free_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40095"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/08228941436047bdcd35a612c1aec0912a29d8cd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/380353c3a92be7d928e6f973bd065c5b79755ac3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5f65c8ad8c7292ed7e3716343fcd590a51818cc3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a8366263b7e5b663d7fb489d3a9ba1e2600049a6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ef81226bb1f8b6e761cd0b53d2696e9c1bc955d1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-6v27-vrfr-9j74/GHSA-6v27-vrfr-9j74.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6v27-vrfr-9j74",
+  "modified": "2025-10-30T12:31:11Z",
+  "published": "2025-10-30T12:31:11Z",
+  "aliases": [
+    "CVE-2025-10317"
+  ],
+  "details": "Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker.\nThis software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10317"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/posts/2025/10/CVE-2025-10317"
+    },
+    {
+      "type": "WEB",
+      "url": "https://opensolution.org/sklep-internetowy-quick-cart.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T12:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7jm9-29fh-9vrx/GHSA-7jm9-29fh-9vrx.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7jm9-29fh-9vrx",
+  "modified": "2025-10-30T12:31:09Z",
+  "published": "2025-10-30T12:31:09Z",
+  "aliases": [
+    "CVE-2025-40093"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ecm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ecm->notify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep->ops->free_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40093"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/070f341d86cf2c098d63e484a86c7c1d2696a868"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/15b9faf53ba8719700596e7ef78879ce200e8c2e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4630c68bade82f087eaaab22e9a361da2f18d139"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d3745aaef19198d0c81637a7dd50ef53c4f879b7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T10:15:33Z"
+  }
+}