Skip to content

Commit b6d47d4

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent 5e2b7fd commit b6d47d4

File tree

42 files changed

+723
-36
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+723
-36
lines changed

advisories/unreviewed/2025/05/GHSA-3g23-7g3r-898j/GHSA-3g23-7g3r-898j.json

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3g23-7g3r-898j",
4-
"modified": "2025-05-12T21:31:05Z",
4+
"modified": "2025-10-20T21:30:27Z",
55
"published": "2025-05-03T18:30:29Z",
66
"aliases": [
77
"CVE-2024-58134"
@@ -31,6 +31,26 @@
3131
"type": "WEB",
3232
"url": "https://github.com/mojolicious/mojo/pull/2200"
3333
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/mojolicious/mojo/pull/2252"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://docs.mojolicious.org/Mojolicious/Guides/FAQ#What-does-Your-secret-passphrase-needs-to-be-changed-mean"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00016.html"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00017.html"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00018.html"
53+
},
3454
{
3555
"type": "WEB",
3656
"url": "https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802"

advisories/unreviewed/2025/05/GHSA-3r5v-gmfp-3mh9/GHSA-3r5v-gmfp-3mh9.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3r5v-gmfp-3mh9",
4-
"modified": "2025-05-07T21:31:44Z",
4+
"modified": "2025-10-20T21:30:27Z",
55
"published": "2025-05-03T12:30:25Z",
66
"aliases": [
77
"CVE-2024-58135"
@@ -27,6 +27,18 @@
2727
"type": "WEB",
2828
"url": "https://github.com/mojolicious/mojo/pull/2200"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00016.html"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00017.html"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://lists.debian.org/debian-perl/2025/05/msg00018.html"
41+
},
3042
{
3143
"type": "WEB",
3244
"url": "https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220"

advisories/unreviewed/2025/09/GHSA-4pfh-329g-gqpr/GHSA-4pfh-329g-gqpr.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,8 @@
3030
],
3131
"database_specific": {
3232
"cwe_ids": [
33-
"CWE-284"
33+
"CWE-284",
34+
"CWE-639"
3435
],
3536
"severity": "MODERATE",
3637
"github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-575q-7qq6-36m4/GHSA-575q-7qq6-36m4.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-575q-7qq6-36m4",
4-
"modified": "2025-09-03T00:30:58Z",
4+
"modified": "2025-10-20T21:30:26Z",
55
"published": "2025-09-03T00:30:58Z",
66
"aliases": [
77
"CVE-2025-9842"

advisories/unreviewed/2025/09/GHSA-7mhq-hm3w-mqpr/GHSA-7mhq-hm3w-mqpr.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-7mhq-hm3w-mqpr",
4-
"modified": "2025-09-09T15:31:18Z",
4+
"modified": "2025-10-20T21:30:27Z",
55
"published": "2025-09-09T15:31:18Z",
66
"aliases": [
77
"CVE-2025-9065"
88
],
99
"details": "A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -26,7 +30,8 @@
2630
],
2731
"database_specific": {
2832
"cwe_ids": [
29-
"CWE-610"
33+
"CWE-610",
34+
"CWE-918"
3035
],
3136
"severity": "HIGH",
3237
"github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-h66j-7h34-g83p/GHSA-h66j-7h34-g83p.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h66j-7h34-g83p",
4-
"modified": "2025-09-09T15:31:19Z",
4+
"modified": "2025-10-20T21:30:27Z",
55
"published": "2025-09-09T15:31:19Z",
66
"aliases": [
77
"CVE-2025-9161"
88
],
99
"details": "A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-q6x9-7rww-jjgg/GHSA-q6x9-7rww-jjgg.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-q6x9-7rww-jjgg",
4-
"modified": "2025-09-09T15:31:19Z",
4+
"modified": "2025-10-20T21:30:27Z",
55
"published": "2025-09-09T15:31:19Z",
66
"aliases": [
77
"CVE-2025-9166"
88
],
99
"details": "A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-22p7-26xx-rjp2/GHSA-22p7-26xx-rjp2.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-22p7-26xx-rjp2",
4+
"modified": "2025-10-20T21:30:33Z",
5+
"published": "2025-10-20T21:30:33Z",
6+
"aliases": [
7+
"CVE-2025-62658"
8+
],
9+
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62658"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://phabricator.wikimedia.org/T406380"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-89"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-10-20T21:15:38Z"
35+
}
36+
}

advisories/unreviewed/2025/10/GHSA-26rx-w6fm-4p9v/GHSA-26rx-w6fm-4p9v.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-26rx-w6fm-4p9v",
4+
"modified": "2025-10-20T21:30:33Z",
5+
"published": "2025-10-20T21:30:33Z",
6+
"aliases": [
7+
"CVE-2025-8049"
8+
],
9+
"details": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8049"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-1220"
30+
],
31+
"severity": "LOW",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-10-20T20:15:38Z"
35+
}
36+
}

advisories/unreviewed/2025/10/GHSA-2m4x-rxx6-8xjw/GHSA-2m4x-rxx6-8xjw.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@
4242
],
4343
"database_specific": {
4444
"cwe_ids": [
45-
"CWE-284"
45+
"CWE-284",
46+
"CWE-434"
4647
],
4748
"severity": "MODERATE",
4849
"github_reviewed": false,

0 commit comments

Comments
 (0)