Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-864h-2g93-vww3/GHSA-864h-2g93-vww3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-864h-2g93-vww3",
-  "modified": "2024-03-22T15:31:06Z",
+  "modified": "2025-10-15T18:31:46Z",
   "published": "2024-03-22T15:31:06Z",
   "aliases": [
     "CVE-2024-2724"

advisories/unreviewed/2024/03/GHSA-9m9c-g4c8-j95g/GHSA-9m9c-g4c8-j95g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9m9c-g4c8-j95g",
-  "modified": "2024-03-22T15:31:06Z",
+  "modified": "2025-10-15T18:31:46Z",
   "published": "2024-03-22T15:31:06Z",
   "aliases": [
     "CVE-2024-2722"

advisories/unreviewed/2024/03/GHSA-rg8q-jvhc-8jw2/GHSA-rg8q-jvhc-8jw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rg8q-jvhc-8jw2",
-  "modified": "2024-03-22T15:31:06Z",
+  "modified": "2025-10-15T18:31:46Z",
   "published": "2024-03-22T15:31:06Z",
   "aliases": [
     "CVE-2024-2723"

advisories/unreviewed/2024/06/GHSA-2fjv-ffr6-wh68/GHSA-2fjv-ffr6-wh68.json

@@ -1,13 +1,22 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fjv-ffr6-wh68",
-  "modified": "2024-06-24T21:33:21Z",
+  "modified": "2025-10-15T18:31:47Z",
   "published": "2024-06-24T21:33:21Z",
   "aliases": [
     "CVE-2023-45196"
   ],
   "details": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +32,7 @@
     "cwe_ids": [
       "CWE-400"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-06-24T21:15:25Z"

advisories/unreviewed/2024/06/GHSA-p59q-w6ff-wf6f/GHSA-p59q-w6ff-wf6f.json

@@ -1,13 +1,22 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p59q-w6ff-wf6f",
-  "modified": "2024-06-25T00:34:45Z",
+  "modified": "2025-10-15T18:31:47Z",
   "published": "2024-06-25T00:34:45Z",
   "aliases": [
     "CVE-2023-45195"
   ],
   "details": "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +32,7 @@
     "cwe_ids": [
       "CWE-918"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-06-24T22:15:10Z"

advisories/unreviewed/2024/09/GHSA-fgxf-657w-ggqj/GHSA-fgxf-657w-ggqj.json

@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-306",
       "CWE-863"
     ],
     "severity": "CRITICAL",

advisories/unreviewed/2024/12/GHSA-6mmm-fwjc-qrhc/GHSA-6mmm-fwjc-qrhc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6mmm-fwjc-qrhc",
-  "modified": "2024-12-29T09:30:46Z",
+  "modified": "2025-10-15T18:31:48Z",
   "published": "2024-12-29T09:30:46Z",
   "aliases": [
     "CVE-2024-56709"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find ->io_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n->iowq check would race.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-29T09:15:05Z"

advisories/unreviewed/2024/12/GHSA-cpp9-c2g7-vmh7/GHSA-cpp9-c2g7-vmh7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cpp9-c2g7-vmh7",
-  "modified": "2024-12-29T09:30:46Z",
+  "modified": "2025-10-15T18:31:48Z",
   "published": "2024-12-29T09:30:46Z",
   "aliases": [
     "CVE-2024-56713"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: fix nsim_pp_hold_write()\n\nnsim_pp_hold_write() has two problems:\n\n1) It may return with rtnl held, as found by syzbot.\n\n2) Its return value does not propagate an error if any.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-29T09:15:06Z"

advisories/unreviewed/2024/12/GHSA-hv38-55qj-8p77/GHSA-hv38-55qj-8p77.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hv38-55qj-8p77",
-  "modified": "2024-12-29T09:30:47Z",
+  "modified": "2025-10-15T18:31:48Z",
   "published": "2024-12-29T09:30:47Z",
   "aliases": [
     "CVE-2024-56714"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue.  Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-29T09:15:06Z"

advisories/unreviewed/2024/12/GHSA-qq79-x2qm-v335/GHSA-qq79-x2qm-v335.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qq79-x2qm-v335",
-  "modified": "2024-12-26T18:30:36Z",
+  "modified": "2025-10-15T18:31:47Z",
   "published": "2024-12-26T18:30:36Z",
   "aliases": [
     "CVE-2024-12908"