Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-qrv4-68mg-fv43/GHSA-qrv4-68mg-fv43.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qrv4-68mg-fv43",
-  "modified": "2024-03-26T00:32:02Z",
+  "modified": "2025-12-16T00:30:27Z",
   "published": "2024-03-26T00:32:02Z",
   "aliases": [
     "CVE-2024-0901"
   ],
-  "details": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n",
+  "details": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/06/GHSA-8fcc-fcfx-x9gq/GHSA-8fcc-fcfx-x9gq.json

@@ -45,7 +45,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-89"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/08/GHSA-3v8v-6j5m-3mhg/GHSA-3v8v-6j5m-3mhg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3v8v-6j5m-3mhg",
-  "modified": "2025-08-22T18:31:22Z",
+  "modified": "2025-12-16T00:30:27Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38647"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi\n\nThe following assertion is triggered on the rtw89 driver startup. It\nlooks meaningless to hold wiphy lock on the early init stage so drop the\nassertion.\n\n WARNING: CPU: 7 PID: 629 at drivers/net/wireless/realtek/rtw89/sar.c:502 rtw89_set_sar_from_acpi+0x365/0x4d0 [rtw89_core]\n CPU: 7 UID: 0 PID: 629 Comm: (udev-worker) Not tainted 6.15.0+ #29 PREEMPT(lazy)\n Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN50WW 09/27/2024\n RIP: 0010:rtw89_set_sar_from_acpi+0x365/0x4d0 [rtw89_core]\n Call Trace:\n  <TASK>\n  rtw89_sar_init+0x68/0x2c0 [rtw89_core]\n  rtw89_core_init+0x188e/0x1e50 [rtw89_core]\n  rtw89_pci_probe+0x530/0xb50 [rtw89_pci]\n  local_pci_probe+0xd9/0x190\n  pci_call_probe+0x183/0x540\n  pci_device_probe+0x171/0x2c0\n  really_probe+0x1e1/0x890\n  __driver_probe_device+0x18c/0x390\n  driver_probe_device+0x4a/0x120\n  __driver_attach+0x1a0/0x530\n  bus_for_each_dev+0x10b/0x190\n  bus_add_driver+0x2eb/0x540\n  driver_register+0x1a3/0x3a0\n  do_one_initcall+0xd5/0x450\n  do_init_module+0x2cc/0x8f0\n  init_module_from_file+0xe1/0x150\n  idempotent_init_module+0x226/0x760\n  __x64_sys_finit_module+0xcd/0x150\n  do_syscall_64+0x94/0x380\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFound by Linux Verification Center (linuxtesting.org).",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:39Z"

advisories/unreviewed/2025/12/GHSA-285f-828q-q7g5/GHSA-285f-828q-q7g5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-285f-828q-q7g5",
-  "modified": "2025-12-05T15:30:26Z",
+  "modified": "2025-12-16T00:30:28Z",
   "published": "2025-12-05T15:30:26Z",
   "aliases": [
     "CVE-2025-6966"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/12/GHSA-3g96-v8h5-2g5f/GHSA-3g96-v8h5-2g5f.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3g96-v8h5-2g5f",
+  "modified": "2025-12-16T00:30:30Z",
+  "published": "2025-12-16T00:30:30Z",
+  "aliases": [
+    "CVE-2025-10898"
+  ],
+  "details": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10898"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/products/autodesk-access/overview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T00:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-43hh-3vfr-vvfx/GHSA-43hh-3vfr-vvfx.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43hh-3vfr-vvfx",
+  "modified": "2025-12-16T00:30:30Z",
+  "published": "2025-12-16T00:30:30Z",
+  "aliases": [
+    "CVE-2025-9459"
+  ],
+  "details": "A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9459"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/products/autodesk-access/overview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T00:16:03Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4f42-626f-cqm7/GHSA-4f42-626f-cqm7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4f42-626f-cqm7",
-  "modified": "2025-12-12T21:31:38Z",
+  "modified": "2025-12-16T00:30:28Z",
   "published": "2025-12-12T21:31:38Z",
   "aliases": [
     "CVE-2025-43406"
   ],
   "details": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-4hm2-jff2-cw82/GHSA-4hm2-jff2-cw82.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hm2-jff2-cw82",
+  "modified": "2025-12-16T00:30:30Z",
+  "published": "2025-12-16T00:30:30Z",
+  "aliases": [
+    "CVE-2025-10884"
+  ],
+  "details": "AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/products/autodesk-access/overview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T00:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4hp4-5c2h-v77h/GHSA-4hp4-5c2h-v77h.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hp4-5c2h-v77h",
+  "modified": "2025-12-16T00:30:30Z",
+  "published": "2025-12-16T00:30:30Z",
+  "aliases": [
+    "CVE-2025-9457"
+  ],
+  "details": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9457"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/products/autodesk-access/overview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T00:16:03Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6f7c-9hm7-xgw3/GHSA-6f7c-9hm7-xgw3.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6f7c-9hm7-xgw3",
+  "modified": "2025-12-16T00:30:30Z",
+  "published": "2025-12-16T00:30:30Z",
+  "aliases": [
+    "CVE-2025-9453"
+  ],
+  "details": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9453"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/products/autodesk-access/overview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T00:16:03Z"
+  }
+}