Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-8xvq-q955-pv4g/GHSA-8xvq-q955-pv4g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8xvq-q955-pv4g",
-  "modified": "2025-05-01T15:31:47Z",
+  "modified": "2025-11-03T15:30:27Z",
   "published": "2025-05-01T15:31:47Z",
   "aliases": [
     "CVE-2022-49793"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()\n\ndev_set_name() allocates memory for name, it need be freed\nwhen device_add() fails, call put_device() to give up the\nreference that hold in device_initialize(), so that it can\nbe freed in kobject_cleanup() when the refcount hit to 0.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff8e8340a7b4c0 (size 32):\n  comm \"modprobe\", pid 243, jiffies 4294678145 (age 48.845s)\n  hex dump (first 32 bytes):\n    69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65  iio_sysfs_trigge\n    72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff  r..@............\n  backtrace:\n    [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360\n    [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0\n    [<000000003636c520>] kstrdup+0x2d/0x60\n    [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90\n    [<0000000092efe493>] dev_set_name+0x4e/0x70",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:02Z"

advisories/unreviewed/2025/05/GHSA-wqr7-3rhv-2c6r/GHSA-wqr7-3rhv-2c6r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wqr7-3rhv-2c6r",
-  "modified": "2025-05-01T15:31:47Z",
+  "modified": "2025-11-03T15:30:27Z",
   "published": "2025-05-01T15:31:47Z",
   "aliases": [
     "CVE-2022-49795"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrethook: fix a potential memleak in rethook_alloc()\n\nIn rethook_alloc(), the variable rh is not freed or passed out\nif handler is NULL, which could lead to a memleak, fix it.\n\n[Masami: Add \"rethook:\" tag to the title.]\n\nAcke-by: Masami Hiramatsu (Google) <[email protected]>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:02Z"

advisories/unreviewed/2025/05/GHSA-xh29-jpw9-pv7c/GHSA-xh29-jpw9-pv7c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh29-jpw9-pv7c",
-  "modified": "2025-05-01T15:31:47Z",
+  "modified": "2025-11-03T15:30:27Z",
   "published": "2025-05-01T15:31:47Z",
   "aliases": [
     "CVE-2022-49794"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:02Z"

advisories/unreviewed/2025/06/GHSA-98qw-prqm-9f4p/GHSA-98qw-prqm-9f4p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98qw-prqm-9f4p",
-  "modified": "2025-11-03T06:30:26Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-06-26T21:31:08Z",
   "aliases": [
     "CVE-2025-5318"
@@ -51,6 +51,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19401"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19470"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19472"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5318"

advisories/unreviewed/2025/10/GHSA-38qg-7h9q-7h29/GHSA-38qg-7h9q-7h29.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-672"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-5858-fx7f-5pv5/GHSA-5858-fx7f-5pv5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5858-fx7f-5pv5",
-  "modified": "2025-10-31T21:31:03Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-10-31T21:31:03Z",
   "aliases": [
     "CVE-2025-63458"
   ],
   "details": "Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-31T19:15:51Z"

advisories/unreviewed/2025/10/GHSA-6jc3-vhwv-4rgh/GHSA-6jc3-vhwv-4rgh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jc3-vhwv-4rgh",
-  "modified": "2025-10-31T18:31:14Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-10-31T18:31:14Z",
   "aliases": [
     "CVE-2025-63467"
   ],
   "details": "Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-31T16:15:40Z"

advisories/unreviewed/2025/10/GHSA-7q52-2j42-2p9r/GHSA-7q52-2j42-2p9r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7q52-2j42-2p9r",
-  "modified": "2025-10-06T00:30:19Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-10-06T00:30:18Z",
   "aliases": [
     "CVE-2025-11311"
@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-cr74-mw42-hr4j/GHSA-cr74-mw42-hr4j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cr74-mw42-hr4j",
-  "modified": "2025-10-06T00:30:18Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-10-06T00:30:18Z",
   "aliases": [
     "CVE-2025-11310"
@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-g78v-rm2r-hxw5/GHSA-g78v-rm2r-hxw5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g78v-rm2r-hxw5",
-  "modified": "2025-10-31T18:31:14Z",
+  "modified": "2025-11-03T15:30:28Z",
   "published": "2025-10-31T18:31:14Z",
   "aliases": [
     "CVE-2025-63466"
   ],
   "details": "Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-31T16:15:40Z"