Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2022/05/GHSA-7vmw-6c7h-rrrv/GHSA-7vmw-6c7h-rrrv.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vmw-6c7h-rrrv",
+  "modified": "2025-10-22T15:32:17Z",
+  "published": "2022-05-24T17:21:01Z",
+  "aliases": [
+    "CVE-2016-11068"
+  ],
+  "summary": "Mattermost Server is vulnerable to Code Injection through its LDAP fields",
+  "details": "An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.2.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-11068"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mattermost/mattermost/commit/6c5a8be6bfe1d6b9d8f71a6b0dc4d8cf93a03aab"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mattermost/mattermost"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-22T15:32:17Z",
+    "nvd_published_at": "2020-06-19T20:15:00Z"
+  }
+}

advisories/unreviewed/2022/05/GHSA-7vmw-6c7h-rrrv/GHSA-7vmw-6c7h-rrrv.json

@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-613",
       "CWE-922"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2025/05/GHSA-5wx3-hjmf-qcgx/GHSA-5wx3-hjmf-qcgx.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25ww-mhx2-69ff",
-  "modified": "2025-06-10T12:30:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-10T12:30:18Z",
   "aliases": [
     "CVE-2025-40659"
   ],
   "details": "An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-25ww-mhx2-69ff/GHSA-25ww-mhx2-69ff.json

@@ -114,7 +114,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/06/GHSA-32vr-5hxf-x93f/GHSA-32vr-5hxf-x93f.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4h25-6mgv-2q43",
-  "modified": "2025-06-10T12:30:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-10T12:30:18Z",
   "aliases": [
     "CVE-2025-40662"
   ],
   "details": "Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-4h25-6mgv-2q43/GHSA-4h25-6mgv-2q43.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7p84-3xrw-mfhg",
-  "modified": "2025-06-10T12:30:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-10T12:30:18Z",
   "aliases": [
     "CVE-2025-40657"
   ],
   "details": "A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-7p84-3xrw-mfhg/GHSA-7p84-3xrw-mfhg.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c2wc-64f2-wxpp",
-  "modified": "2025-06-10T12:30:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-10T12:30:18Z",
   "aliases": [
     "CVE-2025-40658"
   ],
   "details": "An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-c2wc-64f2-wxpp/GHSA-c2wc-64f2-wxpp.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h5mc-fvr9-pr54",
-  "modified": "2025-06-10T12:30:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-10T12:30:18Z",
   "aliases": [
     "CVE-2025-40661"
   ],
   "details": "An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-h5mc-fvr9-pr54/GHSA-h5mc-fvr9-pr54.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vm6c-rqg9-5qqr",
-  "modified": "2025-06-13T00:33:18Z",
+  "modified": "2025-10-22T15:31:04Z",
   "published": "2025-06-13T00:33:18Z",
   "aliases": [
     "CVE-2025-4231"
   ],
   "details": "A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.\n\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber"