Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-85c3-6734-6rqp/GHSA-85c3-6734-6rqp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-85c3-6734-6rqp",
-  "modified": "2023-01-11T09:30:32Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2022-05-24T19:13:10Z",
   "aliases": [
     "CVE-2021-33287"
@@ -27,6 +27,14 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3"
@@ -58,6 +66,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-20",
       "CWE-787"
     ],
     "severity": "HIGH",

advisories/unreviewed/2022/05/GHSA-g9p5-p7h5-p2wg/GHSA-g9p5-p7h5-p2wg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g9p5-p7h5-p2wg",
-  "modified": "2022-05-24T19:04:21Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2022-05-24T19:04:21Z",
   "aliases": [
     "CVE-2021-33560"
@@ -39,6 +39,14 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB"
@@ -70,7 +78,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-203"
+      "CWE-203",
+      "CWE-325"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-p947-gfm7-f4g7/GHSA-p947-gfm7-f4g7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p947-gfm7-f4g7",
-  "modified": "2022-05-24T17:44:28Z",
+  "modified": "2025-12-03T15:30:26Z",
   "published": "2022-05-24T17:44:28Z",
   "aliases": [
     "CVE-2021-20232"
   ],
   "details": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -16,51 +21,87 @@
     },
     {
       "type": "WEB",
-      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
+      "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E"
+      "url": "https://security.netapp.com/advisory/ntap-20210416-0005"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected].org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected].org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER"
+      "url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://security.netapp.com/advisory/ntap-20210416-0005"
+      "url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
+      "url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
     }
   ],
   "database_specific": {

advisories/unreviewed/2022/05/GHSA-rq67-5wpf-96wv/GHSA-rq67-5wpf-96wv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rq67-5wpf-96wv",
-  "modified": "2022-06-04T00:00:51Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2022-05-24T17:45:32Z",
   "aliases": [
     "CVE-2021-20197"

advisories/unreviewed/2025/07/GHSA-5h4w-vg6x-93m2/GHSA-5h4w-vg6x-93m2.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/07/GHSA-h9v3-wvxh-4mwp/GHSA-h9v3-wvxh-4mwp.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h9v3-wvxh-4mwp",
-  "modified": "2025-07-19T00:32:31Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2025-07-19T00:32:31Z",
   "aliases": [
     "CVE-2025-7396"
   ],
   "details": "In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/07/GHSA-jgh6-fqf6-cpj8/GHSA-jgh6-fqf6-cpj8.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jgh6-fqf6-cpj8",
-  "modified": "2025-07-19T00:32:31Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2025-07-19T00:32:31Z",
   "aliases": [
     "CVE-2025-7394"
   ],
   "details": "In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -26,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-200"
+      "CWE-200",
+      "CWE-338"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-2px5-v96w-8g69/GHSA-2px5-v96w-8g69.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2px5-v96w-8g69",
-  "modified": "2025-09-15T15:31:29Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2025-09-15T15:31:28Z",
   "aliases": [
     "CVE-2023-53221"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memleak due to fentry attach failure\n\nIf it fails to attach fentry, the allocated bpf trampoline image will be\nleft in the system. That can be verified by checking /proc/kallsyms.\n\nThis meamleak can be verified by a simple bpf program as follows:\n\n  SEC(\"fentry/trap_init\")\n  int fentry_run()\n  {\n      return 0;\n  }\n\nIt will fail to attach trap_init because this function is freed after\nkernel init, and then we can find the trampoline image is left in the\nsystem by checking /proc/kallsyms.\n\n  $ tail /proc/kallsyms\n  ffffffffc0613000 t bpf_trampoline_6442453466_1  [bpf]\n  ffffffffc06c3000 t bpf_trampoline_6442453466_1  [bpf]\n\n  $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep \"FUNC 'trap_init'\"\n  [2522] FUNC 'trap_init' type_id=119 linkage=static\n\n  $ echo $((6442453466 & 0x7fffffff))\n  2522\n\nNote that there are two left bpf trampoline images, that is because the\nlibbpf will fallback to raw tracepoint if -EINVAL is returned.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:48Z"

advisories/unreviewed/2025/09/GHSA-3ppg-6j84-f79c/GHSA-3ppg-6j84-f79c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3ppg-6j84-f79c",
-  "modified": "2025-09-15T15:31:28Z",
+  "modified": "2025-12-03T15:30:27Z",
   "published": "2025-09-15T15:31:28Z",
   "aliases": [
     "CVE-2023-53220"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: az6007: Fix null-ptr-deref in az6007_i2c_xfer()\n\nIn az6007_i2c_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach az6007_i2c_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:48Z"

advisories/unreviewed/2025/10/GHSA-wf68-85vc-c49w/GHSA-wf68-85vc-c49w.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wf68-85vc-c49w",
-  "modified": "2025-11-02T15:30:12Z",
+  "modified": "2025-12-03T15:30:28Z",
   "published": "2025-10-29T15:31:56Z",
   "aliases": [
     "CVE-2025-40083"
@@ -22,6 +22,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379"