Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-39ch-q5j8-9rjh/GHSA-39ch-q5j8-9rjh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39ch-q5j8-9rjh",
-  "modified": "2022-05-01T17:53:17Z",
+  "modified": "2025-12-11T18:30:31Z",
   "published": "2022-05-01T17:53:17Z",
   "aliases": [
     "CVE-2007-1399"
   ],
   "details": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/08/GHSA-fr9x-3gv2-g88h/GHSA-fr9x-3gv2-g88h.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fr9x-3gv2-g88h",
-  "modified": "2022-08-29T20:06:48Z",
+  "modified": "2025-12-11T18:30:31Z",
   "published": "2022-08-27T00:00:41Z",
   "aliases": [
     "CVE-2022-36548"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20(XSS).md"

advisories/unreviewed/2025/06/GHSA-69rm-w9qj-3x45/GHSA-69rm-w9qj-3x45.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-69rm-w9qj-3x45",
-  "modified": "2025-12-10T00:30:21Z",
+  "modified": "2025-12-11T18:30:32Z",
   "published": "2025-06-17T15:31:09Z",
   "aliases": [
     "CVE-2025-49178"
@@ -19,10 +19,6 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49178"
     },
-    {
-      "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:10258"
-    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10376"
@@ -83,6 +79,14 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.x.org/wiki/Development/Security"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:10258"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10342"

advisories/unreviewed/2025/06/GHSA-pw35-9xmg-v8xw/GHSA-pw35-9xmg-v8xw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pw35-9xmg-v8xw",
-  "modified": "2025-12-10T00:30:20Z",
+  "modified": "2025-12-11T18:30:31Z",
   "published": "2025-06-17T15:31:09Z",
   "aliases": [
     "CVE-2025-49177"
@@ -42,6 +42,10 @@
     {
       "type": "WEB",
       "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.x.org/wiki/Development/Security"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/06/GHSA-q547-25x8-mx66/GHSA-q547-25x8-mx66.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q547-25x8-mx66",
-  "modified": "2025-12-10T00:30:21Z",
+  "modified": "2025-12-11T18:30:32Z",
   "published": "2025-06-17T15:31:10Z",
   "aliases": [
     "CVE-2025-49179"
@@ -19,10 +19,6 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49179"
     },
-    {
-      "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:10258"
-    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10376"
@@ -83,6 +79,14 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.x.org/wiki/Development/Security"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:10258"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10342"

advisories/unreviewed/2025/09/GHSA-354h-3w43-8pjm/GHSA-354h-3w43-8pjm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-354h-3w43-8pjm",
-  "modified": "2025-09-18T18:30:28Z",
+  "modified": "2025-12-11T18:30:34Z",
   "published": "2025-09-18T18:30:27Z",
   "aliases": [
     "CVE-2023-53428"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: arm_scmi: Remove recursion while parsing zones\n\nPowercap zones can be defined as arranged in a hierarchy of trees and when\nregistering a zone with powercap_register_zone(), the kernel powercap\nsubsystem expects this to happen starting from the root zones down to the\nleaves; on the other side, de-registration by powercap_deregister_zone()\nmust begin from the leaf zones.\n\nAvailable SCMI powercap zones are retrieved dynamically from the platform\nat probe time and, while any defined hierarchy between the zones is\ndescribed properly in the zones descriptor, the platform returns the\navailables zones with no particular well-defined order: as a consequence,\nthe trees possibly composing the hierarchy of zones have to be somehow\nwalked properly to register the retrieved zones from the root.\n\nCurrently the ARM SCMI Powercap driver walks the zones using a recursive\nalgorithm; this approach, even though correct and tested can lead to kernel\nstack overflow when processing a returned hierarchy of zones composed by\nparticularly high trees.\n\nAvoid possible kernel stack overflow by substituting the recursive approach\nwith an iterative one supported by a dynamically allocated stack-like data\nstructure.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T16:15:46Z"

advisories/unreviewed/2025/09/GHSA-37xw-4ccx-fh4g/GHSA-37xw-4ccx-fh4g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37xw-4ccx-fh4g",
-  "modified": "2025-09-18T15:30:32Z",
+  "modified": "2025-12-11T18:30:33Z",
   "published": "2025-09-18T15:30:32Z",
   "aliases": [
     "CVE-2022-50378"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: reorder driver deinit sequence to fix use-after-free bug\n\nUnloading the driver triggers the following KASAN warning:\n\n[  +0.006275] =============================================================\n[  +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0\n[  +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695\n\n[  +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G         C O      5.19.0-rc6-lrmbkasan+ #1\n[  +0.000013] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[  +0.000008] Call trace:\n[  +0.000007]  dump_backtrace+0x1ec/0x280\n[  +0.000013]  show_stack+0x24/0x80\n[  +0.000008]  dump_stack_lvl+0x98/0xd4\n[  +0.000011]  print_address_description.constprop.0+0x80/0x520\n[  +0.000011]  print_report+0x128/0x260\n[  +0.000007]  kasan_report+0xb8/0xfc\n[  +0.000008]  __asan_report_load8_noabort+0x3c/0x50\n[  +0.000010]  __list_del_entry_valid+0xe0/0x1a0\n[  +0.000009]  drm_atomic_private_obj_fini+0x30/0x200 [drm]\n[  +0.000172]  drm_bridge_detach+0x94/0x260 [drm]\n[  +0.000145]  drm_encoder_cleanup+0xa4/0x290 [drm]\n[  +0.000144]  drm_mode_config_cleanup+0x118/0x740 [drm]\n[  +0.000143]  drm_mode_config_init_release+0x1c/0x2c [drm]\n[  +0.000144]  drm_managed_release+0x170/0x414 [drm]\n[  +0.000142]  drm_dev_put.part.0+0xc0/0x124 [drm]\n[  +0.000143]  drm_dev_put+0x20/0x30 [drm]\n[  +0.000142]  meson_drv_unbind+0x1d8/0x2ac [meson_drm]\n[  +0.000028]  take_down_aggregate_device+0xb0/0x160\n[  +0.000016]  component_del+0x18c/0x360\n[  +0.000009]  meson_dw_hdmi_remove+0x28/0x40 [meson_dw_hdmi]\n[  +0.000015]  platform_remove+0x64/0xb0\n[  +0.000009]  device_remove+0xb8/0x154\n[  +0.000009]  device_release_driver_internal+0x398/0x5b0\n[  +0.000009]  driver_detach+0xac/0x1b0\n[  +0.000009]  bus_remove_driver+0x158/0x29c\n[  +0.000009]  driver_unregister+0x70/0xb0\n[  +0.000008]  platform_driver_unregister+0x20/0x2c\n[  +0.000008]  meson_dw_hdmi_platform_driver_exit+0x1c/0x30 [meson_dw_hdmi]\n[  +0.000012]  __do_sys_delete_module+0x288/0x400\n[  +0.000011]  __arm64_sys_delete_module+0x5c/0x80\n[  +0.000009]  invoke_syscall+0x74/0x260\n[  +0.000009]  el0_svc_common.constprop.0+0xcc/0x260\n[  +0.000009]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000012]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000008]  el0t_64_sync+0x18c/0x190\n\n[  +0.000018] Allocated by task 0:\n[  +0.000007] (stack is not available)\n\n[  +0.000011] Freed by task 2695:\n[  +0.000008]  kasan_save_stack+0x2c/0x5c\n[  +0.000011]  kasan_set_track+0x2c/0x40\n[  +0.000008]  kasan_set_free_info+0x28/0x50\n[  +0.000009]  ____kasan_slab_free+0x128/0x1d4\n[  +0.000008]  __kasan_slab_free+0x18/0x24\n[  +0.000007]  slab_free_freelist_hook+0x108/0x230\n[  +0.000011]  kfree+0x110/0x35c\n[  +0.000008]  release_nodes+0xf0/0x16c\n[  +0.000009]  devres_release_group+0x180/0x270\n[  +0.000008]  component_unbind+0x128/0x1e0\n[  +0.000010]  component_unbind_all+0x1b8/0x264\n[  +0.000009]  meson_drv_unbind+0x1a0/0x2ac [meson_drm]\n[  +0.000025]  take_down_aggregate_device+0xb0/0x160\n[  +0.000009]  component_del+0x18c/0x360\n[  +0.000009]  meson_dw_hdmi_remove+0x28/0x40 [meson_dw_hdmi]\n[  +0.000012]  platform_remove+0x64/0xb0\n[  +0.000008]  device_remove+0xb8/0x154\n[  +0.000009]  device_release_driver_internal+0x398/0x5b0\n[  +0.000009]  driver_detach+0xac/0x1b0\n[  +0.000009]  bus_remove_driver+0x158/0x29c\n[  +0.000008]  driver_unregister+0x70/0xb0\n[  +0.000008]  platform_driver_unregister+0x20/0x2c\n[  +0.000008]  meson_dw_hdmi_platform_driver_exit+0x1c/0x30 [meson_dw_hdmi]\n[  +0.000011]  __do_sys_delete_module+0x288/0x400\n[  +0.000010]  __arm64_sys_delete_module+0x5c/0x80\n[  +0.000008]  invoke_syscall+0x74/0x260\n[  +0.000008]  el0_svc_common.constprop.0+0xcc/0x260\n[  +0.000008]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000009]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000009]  el0t_64_sync+0x18c/0x190\n\n[  +0.000014] The buggy address belongs to the object at ffff000020c39000\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:36Z"

advisories/unreviewed/2025/09/GHSA-4r9g-c2fj-783p/GHSA-4r9g-c2fj-783p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4r9g-c2fj-783p",
-  "modified": "2025-09-18T18:30:28Z",
+  "modified": "2025-12-11T18:30:35Z",
   "published": "2025-09-18T18:30:28Z",
   "aliases": [
     "CVE-2023-53442"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Block switchdev mode when ADQ is active and vice versa\n\nADQ and switchdev are not supported simultaneously. Enabling both at the\nsame time can result in nullptr dereference.\n\nTo prevent this, check if ADQ is active when changing devlink mode to\nswitchdev mode, and check if switchdev is active when enabling ADQ.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T16:15:48Z"

advisories/unreviewed/2025/09/GHSA-5322-f7jr-cv4m/GHSA-5322-f7jr-cv4m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5322-f7jr-cv4m",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-11T18:30:33Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53382"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Reset connection when trying to use SMCRv2 fails.\n\nWe found a crash when using SMCRv2 with 2 Mellanox ConnectX-4. It\ncan be reproduced by:\n\n- smc_run nginx\n- smc_run wrk -t 32 -c 500 -d 30 http://<ip>:<port>\n\n BUG: kernel NULL pointer dereference, address: 0000000000000014\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 8000000108713067 P4D 8000000108713067 PUD 151127067 PMD 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 4 PID: 2441 Comm: kworker/4:249 Kdump: loaded Tainted: G        W   E      6.4.0-rc1+ #42\n Workqueue: smc_hs_wq smc_listen_work [smc]\n RIP: 0010:smc_clc_send_confirm_accept+0x284/0x580 [smc]\n RSP: 0018:ffffb8294b2d7c78 EFLAGS: 00010a06\n RAX: ffff8f1873238880 RBX: ffffb8294b2d7dc8 RCX: 0000000000000000\n RDX: 00000000000000b4 RSI: 0000000000000001 RDI: 0000000000b40c00\n RBP: ffffb8294b2d7db8 R08: ffff8f1815c5860c R09: 0000000000000000\n R10: 0000000000000400 R11: 0000000000000000 R12: ffff8f1846f56180\n R13: ffff8f1815c5860c R14: 0000000000000001 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8f1aefd00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000014 CR3: 00000001027a0001 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  <TASK>\n  ? mlx5_ib_map_mr_sg+0xa1/0xd0 [mlx5_ib]\n  ? smcr_buf_map_link+0x24b/0x290 [smc]\n  ? __smc_buf_create+0x4ee/0x9b0 [smc]\n  smc_clc_send_accept+0x4c/0xb0 [smc]\n  smc_listen_work+0x346/0x650 [smc]\n  ? __schedule+0x279/0x820\n  process_one_work+0x1e5/0x3f0\n  worker_thread+0x4d/0x2f0\n  ? __pfx_worker_thread+0x10/0x10\n  kthread+0xe5/0x120\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x2c/0x50\n  </TASK>\n\nDuring the CLC handshake, server sequentially tries available SMCRv2\nand SMCRv1 devices in smc_listen_work().\n\nIf an SMCRv2 device is found. SMCv2 based link group and link will be\nassigned to the connection. Then assumed that some buffer assignment\nerrors happen later in the CLC handshake, such as RMB registration\nfailure, server will give up SMCRv2 and try SMCRv1 device instead. But\nthe resources assigned to the connection won't be reset.\n\nWhen server tries SMCRv1 device, the connection creation process will\nbe executed again. Since conn->lnk has been assigned when trying SMCRv2,\nit will not be set to the correct SMCRv1 link in\nsmcr_lgr_conn_assign_link(). So in such situation, conn->lgr points to\ncorrect SMCRv1 link group but conn->lnk points to the SMCRv2 link\nmistakenly.\n\nThen in smc_clc_send_confirm_accept(), conn->rmb_desc->mr[link->link_idx]\nwill be accessed. Since the link->link_idx is not correct, the related\nMR may not have been initialized, so crash happens.\n\n | Try SMCRv2 device first\n |     |-> conn->lgr:\tassign existed SMCRv2 link group;\n |     |-> conn->link:\tassign existed SMCRv2 link (link_idx may be 1 in SMC_LGR_SYMMETRIC);\n |     |-> sndbuf & RMB creation fails, quit;\n |\n | Try SMCRv1 device then\n |     |-> conn->lgr:\tcreate SMCRv1 link group and assign;\n |     |-> conn->link:\tkeep SMCRv2 link mistakenly;\n |     |-> sndbuf & RMB creation succeed, only RMB->mr[link_idx = 0]\n |         initialized.\n |\n | Then smc_clc_send_confirm_accept() accesses\n | conn->rmb_desc->mr[conn->link->link_idx, which is 1], then crash.\n v\n\nThis patch tries to fix this by cleaning conn->lnk before assigning\nlink. In addition, it is better to reset the connection and clean the\nresources assigned if trying SMCRv2 failed in buffer creation or\nregistration.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:41Z"

advisories/unreviewed/2025/09/GHSA-593m-cjxc-9623/GHSA-593m-cjxc-9623.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-593m-cjxc-9623",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-11T18:30:33Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53381"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix leaked reference count of nfsd4_ssc_umount_item\n\nThe reference count of nfsd4_ssc_umount_item is not decremented\non error conditions. This prevents the laundromat from unmounting\nthe vfsmount of the source file.\n\nThis patch decrements the reference count of nfsd4_ssc_umount_item\non error.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:41Z"