Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/04/GHSA-8f6m-fvf9-6397/GHSA-8f6m-fvf9-6397.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8f6m-fvf9-6397",
-  "modified": "2025-11-03T21:33:40Z",
+  "modified": "2025-11-24T15:30:27Z",
   "published": "2025-04-16T21:30:56Z",
   "aliases": [
     "CVE-2025-31200"
@@ -19,10 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31200"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/vulnrichment/issues/200"
+    },
     {
       "type": "WEB",
       "url": "https://blog.noahhw.dev/posts/cve-2025-31200"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md"
+    },
     {
       "type": "WEB",
       "url": "https://news.ycombinator.com/item?id=44161894"
@@ -70,6 +78,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-119",
       "CWE-787"
     ],
     "severity": "HIGH",

advisories/unreviewed/2025/04/GHSA-q4hh-vrvh-r4h7/GHSA-q4hh-vrvh-r4h7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hh-vrvh-r4h7",
-  "modified": "2025-11-03T21:33:40Z",
+  "modified": "2025-11-24T15:30:27Z",
   "published": "2025-04-16T21:30:57Z",
   "aliases": [
     "CVE-2025-31201"
@@ -19,6 +19,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31201"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/vulnrichment/issues/200"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md"
+    },
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/122282"
@@ -61,7 +69,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-1220"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-x9pw-qp8j-96f9/GHSA-x9pw-qp8j-96f9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x9pw-qp8j-96f9",
-  "modified": "2025-05-21T15:30:32Z",
+  "modified": "2025-11-24T15:30:27Z",
   "published": "2025-05-20T21:30:42Z",
   "aliases": [
     "CVE-2025-44893"
@@ -19,9 +19,17 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44893"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xyqer1/Planet-web_acl_mgmt_Rules_Apply_post-ruleName-StackOverflow"
+    },
     {
       "type": "WEB",
       "url": "https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Apply-post-ruleName"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/lafdrew/lafdrew.github.io/7e2c4ab83017611974e61aa1384c2563ec008f49/2025/04/18/web-aaa-loginAuthlistEdit-get-authName-StackOverflow/index.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-4q23-4xwf-899h/GHSA-4q23-4xwf-899h.json

@@ -38,7 +38,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-400"
+      "CWE-400",
+      "CWE-749"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-2949-r76x-4vc4/GHSA-2949-r76x-4vc4.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2949-r76x-4vc4",
+  "modified": "2025-11-24T15:30:29Z",
+  "published": "2025-11-24T15:30:29Z",
+  "aliases": [
+    "CVE-2025-12969"
+  ],
+  "details": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fluentbit.io/announcements/v4.1.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-24T15:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-2hf3-jphf-r8cc/GHSA-2hf3-jphf-r8cc.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2hf3-jphf-r8cc",
-  "modified": "2025-11-18T18:32:52Z",
+  "modified": "2025-11-24T15:30:27Z",
   "published": "2025-11-18T18:32:52Z",
   "aliases": [
     "CVE-2025-58122"
   ],
   "details": "Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/11/GHSA-4qrg-gphx-m2ch/GHSA-4qrg-gphx-m2ch.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4qrg-gphx-m2ch",
-  "modified": "2025-11-18T18:32:52Z",
+  "modified": "2025-11-24T15:30:27Z",
   "published": "2025-11-18T18:32:52Z",
   "aliases": [
     "CVE-2025-58121"
   ],
   "details": "Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/11/GHSA-5gcq-5xrv-2v3w/GHSA-5gcq-5xrv-2v3w.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5gcq-5xrv-2v3w",
+  "modified": "2025-11-24T15:30:29Z",
+  "published": "2025-11-24T15:30:29Z",
+  "aliases": [
+    "CVE-2025-65497"
+  ],
+  "details": "NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/obgm/libcoap/issues/1745"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/obgm/libcoap/pull/1750"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-24T14:15:47Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-5j4g-4f5r-cc5q/GHSA-5j4g-4f5r-cc5q.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-6gh2-mpgg-5hx9/GHSA-6gh2-mpgg-5hx9.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-79"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,