Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2023/07/GHSA-vgvm-wwrq-c4xw/GHSA-vgvm-wwrq-c4xw.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vgvm-wwrq-c4xw",
-  "modified": "2024-04-04T05:39:17Z",
+  "modified": "2025-09-18T21:30:54Z",
   "published": "2023-07-06T21:14:53Z",
   "aliases": [
     "CVE-2023-29240"
   ],
-  "details": "\nAn authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
+  "details": "An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -27,7 +27,8 @@
   "database_specific": {
     "cwe_ids": [
       "CWE-269",
-      "CWE-434"
+      "CWE-434",
+      "CWE-863"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2023/10/GHSA-m6pg-q484-64g9/GHSA-m6pg-q484-64g9.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m6pg-q484-64g9",
-  "modified": "2024-04-04T08:28:58Z",
+  "modified": "2025-09-18T21:30:55Z",
   "published": "2023-10-10T15:30:50Z",
   "aliases": [
     "CVE-2023-40542"
   ],
-  "details": "\nWhen TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
+  "details": "When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/05/GHSA-fj43-9cjj-qw2v/GHSA-fj43-9cjj-qw2v.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fj43-9cjj-qw2v",
-  "modified": "2024-12-12T21:30:45Z",
+  "modified": "2025-09-18T21:30:55Z",
   "published": "2024-05-08T15:30:42Z",
   "aliases": [
     "CVE-2024-26026"
   ],
-  "details": "\n\n\nAn SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n",
+  "details": "An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/05/GHSA-w9q2-p57h-r357/GHSA-w9q2-p57h-r357.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w9q2-p57h-r357",
-  "modified": "2024-12-12T21:30:45Z",
+  "modified": "2025-09-18T21:30:55Z",
   "published": "2024-05-08T15:30:42Z",
   "aliases": [
     "CVE-2024-21793"
   ],
-  "details": "\nAn OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
+  "details": "An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/09/GHSA-222w-wff7-mff2/GHSA-222w-wff7-mff2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-222w-wff7-mff2",
-  "modified": "2025-09-18T15:30:35Z",
+  "modified": "2025-09-18T21:30:56Z",
   "published": "2025-09-18T15:30:35Z",
   "aliases": [
     "CVE-2025-55911"
   ],
   "details": "An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T15:15:38Z"

advisories/unreviewed/2025/09/GHSA-3fcf-vq7f-5hpg/GHSA-3fcf-vq7f-5hpg.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-434"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-3fgm-3m4r-2x8g/GHSA-3fgm-3m4r-2x8g.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fgm-3m4r-2x8g",
+  "modified": "2025-09-18T21:30:57Z",
+  "published": "2025-09-18T21:30:57Z",
+  "aliases": [
+    "CVE-2025-30519"
+  ],
+  "details": "Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard \nadministrative means. An attacker with network access to the device can \ngain administrative access to the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30519"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1391"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-18T21:15:47Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-4894-phvw-pmxv/GHSA-4894-phvw-pmxv.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-5qj7-cv36-4gxh/GHSA-5qj7-cv36-4gxh.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-693"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/09/GHSA-65x9-r46v-g944/GHSA-65x9-r46v-g944.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-65x9-r46v-g944",
+  "modified": "2025-09-18T21:30:57Z",
+  "published": "2025-09-18T21:30:57Z",
+  "aliases": [
+    "CVE-2025-53947"
+  ],
+  "details": "A local attacker with low privileges on the Windows system where the \nsoftware is installed can exploit this vulnerability to corrupt \nsensitive data. A data folder is created with very weak privileges, \nallowing any user logged into the Windows system to modify its content.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53947"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-18T21:15:48Z"
+  }
+}