Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/11/GHSA-f74h-hvpw-9xwm/GHSA-f74h-hvpw-9xwm.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f74h-hvpw-9xwm",
-  "modified": "2024-11-20T09:32:54Z",
+  "modified": "2025-11-20T18:30:59Z",
   "published": "2024-11-20T09:32:54Z",
   "aliases": [
     "CVE-2024-10126"
   ],
   "details": "Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/01/GHSA-pq8m-gwqp-g9xv/GHSA-pq8m-gwqp-g9xv.json

@@ -39,6 +39,7 @@
   "database_specific": {
     "cwe_ids": [
       "CWE-288",
+      "CWE-306",
       "CWE-78"
     ],
     "severity": "CRITICAL",

advisories/unreviewed/2025/06/GHSA-6jw4-m8h9-g536/GHSA-6jw4-m8h9-g536.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-78"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2025/06/GHSA-8gmg-2fm9-487f/GHSA-8gmg-2fm9-487f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8gmg-2fm9-487f",
-  "modified": "2025-06-20T21:32:07Z",
+  "modified": "2025-11-20T18:30:59Z",
   "published": "2025-06-20T21:32:07Z",
   "aliases": [
     "CVE-2025-34022"

advisories/unreviewed/2025/06/GHSA-r3xp-pwxv-p43m/GHSA-r3xp-pwxv-p43m.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r3xp-pwxv-p43m",
-  "modified": "2025-06-20T21:32:07Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-06-20T21:32:07Z",
   "aliases": [
     "CVE-2025-25038"
@@ -50,7 +50,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-78"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2025/07/GHSA-5gh2-95vw-62h6/GHSA-5gh2-95vw-62h6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5gh2-95vw-62h6",
-  "modified": "2025-09-09T18:31:11Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38272"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:25Z"

advisories/unreviewed/2025/07/GHSA-7p7v-h84h-xmw3/GHSA-7p7v-h84h-xmw3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7p7v-h84h-xmw3",
-  "modified": "2025-07-10T09:32:28Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38274"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()\n\nfpga_mgr_test_img_load_sgt() allocates memory for sgt using\nkunit_kzalloc() however it does not check if the allocation failed.\nIt then passes sgt to sg_alloc_table(), which passes it to\n__sg_alloc_table(). This function calls memset() on sgt in an attempt to\nzero it out. If the allocation fails then sgt will be NULL and the\nmemset will trigger a NULL pointer dereference.\n\nFix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:25Z"

advisories/unreviewed/2025/07/GHSA-7rq4-pc5w-9jq7/GHSA-7rq4-pc5w-9jq7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7rq4-pc5w-9jq7",
-  "modified": "2025-07-10T09:32:28Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38269"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit after state insertion failure at btrfs_convert_extent_bit()\n\nIf insert_state() state failed it returns an error pointer and we call\nextent_io_tree_panic() which will trigger a BUG() call. However if\nCONFIG_BUG is disabled, which is an uncommon and exotic scenario, then\nwe fallthrough and call cache_state() which will dereference the error\npointer, resulting in an invalid memory access.\n\nSo jump to the 'out' label after calling extent_io_tree_panic(), it also\nmakes the code more clear besides dealing with the exotic scenario where\nCONFIG_BUG is disabled.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:25Z"

advisories/unreviewed/2025/07/GHSA-mg8g-g7c5-2wpm/GHSA-mg8g-g7c5-2wpm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mg8g-g7c5-2wpm",
-  "modified": "2025-07-10T09:32:28Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38268"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver's cancel_work_sync call.\n\nBecause the state check isn't protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][    C7] Call trace:\n[110121.667396][    C7]  __switch_to+0x174/0x338\n[110121.667406][    C7]  __schedule+0x608/0x9f0\n[110121.667414][    C7]  schedule+0x7c/0xe8\n[110121.667423][    C7]  kernfs_drain+0xb0/0x114\n[110121.667431][    C7]  __kernfs_remove+0x16c/0x20c\n[110121.667436][    C7]  kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][    C7]  sysfs_remove_group+0x84/0xe8\n[110121.667450][    C7]  sysfs_remove_groups+0x34/0x58\n[110121.667458][    C7]  device_remove_groups+0x10/0x20\n[110121.667464][    C7]  device_release_driver_internal+0x164/0x2e4\n[110121.667475][    C7]  device_release_driver+0x18/0x28\n[110121.667484][    C7]  bus_remove_device+0xec/0x118\n[110121.667491][    C7]  device_del+0x1e8/0x4ac\n[110121.667498][    C7]  device_unregister+0x18/0x38\n[110121.667504][    C7]  typec_unregister_altmode+0x30/0x44\n[110121.667515][    C7]  tcpm_reset_port+0xac/0x370\n[110121.667523][    C7]  tcpm_snk_detach+0x84/0xb8\n[110121.667529][    C7]  run_state_machine+0x4c0/0x1b68\n[110121.667536][    C7]  tcpm_state_machine_work+0x94/0xe4\n[110121.667544][    C7]  kthread_worker_fn+0x10c/0x244\n[110121.667552][    C7]  kthread+0x104/0x1d4\n[110121.667557][    C7]  ret_from_fork+0x10/0x20\n\n[110121.667689][    C7] Workqueue: events dp_altmode_work\n[110121.667697][    C7] Call trace:\n[110121.667701][    C7]  __switch_to+0x174/0x338\n[110121.667710][    C7]  __schedule+0x608/0x9f0\n[110121.667717][    C7]  schedule+0x7c/0xe8\n[110121.667725][    C7]  schedule_preempt_disabled+0x24/0x40\n[110121.667733][    C7]  __mutex_lock+0x408/0xdac\n[110121.667741][    C7]  __mutex_lock_slowpath+0x14/0x24\n[110121.667748][    C7]  mutex_lock+0x40/0xec\n[110121.667757][    C7]  tcpm_altmode_enter+0x78/0xb4\n[110121.667764][    C7]  typec_altmode_enter+0xdc/0x10c\n[110121.667769][    C7]  dp_altmode_work+0x68/0x164\n[110121.667775][    C7]  process_one_work+0x1e4/0x43c\n[110121.667783][    C7]  worker_thread+0x25c/0x430\n[110121.667789][    C7]  kthread+0x104/0x1d4\n[110121.667794][    C7]  ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:24Z"

advisories/unreviewed/2025/07/GHSA-v9wx-3hgc-c95m/GHSA-v9wx-3hgc-c95m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v9wx-3hgc-c95m",
-  "modified": "2025-07-10T09:32:28Z",
+  "modified": "2025-11-20T18:31:00Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38271"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent a NULL deref in rtnl_create_link()\n\nAt the time rtnl_create_link() is running, dev->netdev_ops is NULL,\nwe must not use netdev_lock_ops() or risk a NULL deref if\nCONFIG_NET_SHAPER is defined.\n\nUse netif_set_group() instead of dev_set_group().\n\n RIP: 0010:netdev_need_ops_lock include/net/netdev_lock.h:33 [inline]\n RIP: 0010:netdev_lock_ops include/net/netdev_lock.h:41 [inline]\n RIP: 0010:dev_set_group+0xc0/0x230 net/core/dev_api.c:82\nCall Trace:\n <TASK>\n  rtnl_create_link+0x748/0xd10 net/core/rtnetlink.c:3674\n  rtnl_newlink_create+0x25c/0xb00 net/core/rtnetlink.c:3813\n  __rtnl_newlink net/core/rtnetlink.c:3940 [inline]\n  rtnl_newlink+0x16d6/0x1c70 net/core/rtnetlink.c:4055\n  rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6944\n  netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534\n  netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n  netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339\n  netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883\n  sock_sendmsg_nosec net/socket.c:712 [inline]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:25Z"