Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-5g62-9q93-xrv9/GHSA-5g62-9q93-xrv9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5g62-9q93-xrv9",
-  "modified": "2024-03-07T03:30:41Z",
+  "modified": "2025-10-14T18:30:25Z",
   "published": "2024-03-07T03:30:41Z",
   "aliases": [
     "CVE-2024-1460"

advisories/unreviewed/2024/07/GHSA-c2q4-mfpf-x8wh/GHSA-c2q4-mfpf-x8wh.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c2q4-mfpf-x8wh",
-  "modified": "2024-07-10T18:32:17Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2024-07-10T18:32:17Z",
   "aliases": [
     "CVE-2024-3325"
   ],
   "details": "Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2024/10/GHSA-856w-qx7w-v664/GHSA-856w-qx7w-v664.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856w-qx7w-v664",
-  "modified": "2024-10-02T18:31:32Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2024-10-02T18:31:32Z",
   "aliases": [
     "CVE-2024-6360"
   ],
   "details": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Green"

advisories/unreviewed/2024/10/GHSA-cm3c-fgqh-p9r2/GHSA-cm3c-fgqh-p9r2.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cm3c-fgqh-p9r2",
-  "modified": "2024-10-28T21:30:34Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2024-10-28T21:30:34Z",
   "aliases": [
     "CVE-2024-5532"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. \n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red"

advisories/unreviewed/2025/04/GHSA-2cp9-r2rg-qvgg/GHSA-2cp9-r2rg-qvgg.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2cp9-r2rg-qvgg",
-  "modified": "2025-04-07T21:32:03Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2025-04-01T06:30:44Z",
   "aliases": [
     "CVE-2025-1534"
   ],
   "details": "CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-2q8m-2xcf-6rrj/GHSA-2q8m-2xcf-6rrj.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2q8m-2xcf-6rrj",
-  "modified": "2025-06-26T09:32:37Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2025-06-26T09:32:37Z",
   "aliases": [
     "CVE-2025-5459"
   ],
   "details": "A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-pww7-j9v6-xc6j/GHSA-pww7-j9v6-xc6j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pww7-j9v6-xc6j",
-  "modified": "2025-06-10T15:30:42Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2025-06-05T15:31:32Z",
   "aliases": [
     "CVE-2025-47827"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/Zedeldi/igelfs"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/07/GHSA-pmfv-5ppm-9fqc/GHSA-pmfv-5ppm-9fqc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmfv-5ppm-9fqc",
-  "modified": "2025-07-23T18:30:36Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2025-07-23T18:30:36Z",
   "aliases": [
     "CVE-2025-8069"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-014"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-windows-release-notes.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/08/GHSA-hf8h-76fm-735v/GHSA-hf8h-76fm-735v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hf8h-76fm-735v",
-  "modified": "2025-09-19T12:30:19Z",
+  "modified": "2025-10-14T18:30:26Z",
   "published": "2025-08-13T18:31:25Z",
   "aliases": [
     "CVE-2025-8904"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-017"
     },
+    {
+      "type": "WEB",
+      "url": "https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-750-release.html"
+    },
     {
       "type": "WEB",
       "url": "https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-app-versions-7.x.html"

advisories/unreviewed/2025/10/GHSA-23c7-w4rj-j8hh/GHSA-23c7-w4rj-j8hh.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23c7-w4rj-j8hh",
+  "modified": "2025-10-14T18:30:29Z",
+  "published": "2025-10-14T18:30:28Z",
+  "aliases": [
+    "CVE-2025-37140"
+  ],
+  "details": "Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37140"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-14T17:15:40Z"
+  }
+}