Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5e70f2ddd272 · 2026-01-23T12:31:52.000Z
GHSA-2838-84rj-32xc GHSA-cgjw-h652-c9q2 GHSA-6vrm-p9h8-2v3j GHSA-79rg-2hx6-cpcp GHSA-gg2r-3wrr-86p6 GHSA-gvrw-mwmc-rrfx GHSA-m6mc-jpfq-vw85 GHSA-mmh3-9rwx-pch9
diff --git a/advisories/unreviewed/2025/07/GHSA-2838-84rj-32xc/GHSA-2838-84rj-32xc.json b/advisories/unreviewed/2025/07/GHSA-2838-84rj-32xc/GHSA-2838-84rj-32xc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2838-84rj-32xc",
-  "modified": "2025-11-19T21:31:15Z",
+  "modified": "2026-01-23T12:30:28Z",
   "published": "2025-07-09T12:31:34Z",
   "aliases": [
     "CVE-2025-38248"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/7544f3f5b0b58c396f374d060898b5939da31709"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bdced577da71b118b6ed4242ebd47f81bf54d406"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/f05a4f9e959e0fc098046044c650acf897ea52d2"
diff --git a/advisories/unreviewed/2025/08/GHSA-cgjw-h652-c9q2/GHSA-cgjw-h652-c9q2.json b/advisories/unreviewed/2025/08/GHSA-cgjw-h652-c9q2/GHSA-cgjw-h652-c9q2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cgjw-h652-c9q2",
-  "modified": "2025-11-26T18:30:57Z",
+  "modified": "2026-01-23T12:30:28Z",
   "published": "2025-08-19T18:31:33Z",
   "aliases": [
     "CVE-2025-38591"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38591"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/058a0da4f6d916a79b693384111bb80a90d73763"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/202900ceeef67458c964c2af6e1427c8e533ea7c"
diff --git a/advisories/unreviewed/2026/01/GHSA-6vrm-p9h8-2v3j/GHSA-6vrm-p9h8-2v3j.json b/advisories/unreviewed/2026/01/GHSA-6vrm-p9h8-2v3j/GHSA-6vrm-p9h8-2v3j.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6vrm-p9h8-2v3j",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2026-22274"
+  ],
+  "details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-319"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T10:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-79rg-2hx6-cpcp/GHSA-79rg-2hx6-cpcp.json b/advisories/unreviewed/2026/01/GHSA-79rg-2hx6-cpcp/GHSA-79rg-2hx6-cpcp.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-79rg-2hx6-cpcp",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2025-46699"
+  ],
+  "details": "Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46699"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1336"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T10:15:52Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-gg2r-3wrr-86p6/GHSA-gg2r-3wrr-86p6.json b/advisories/unreviewed/2026/01/GHSA-gg2r-3wrr-86p6/GHSA-gg2r-3wrr-86p6.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gg2r-3wrr-86p6",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2025-2204"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2204"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-26-0004"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T12:15:48Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-gvrw-mwmc-rrfx/GHSA-gvrw-mwmc-rrfx.json b/advisories/unreviewed/2026/01/GHSA-gvrw-mwmc-rrfx/GHSA-gvrw-mwmc-rrfx.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gvrw-mwmc-rrfx",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2026-22275"
+  ],
+  "details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-540"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T10:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-m6mc-jpfq-vw85/GHSA-m6mc-jpfq-vw85.json b/advisories/unreviewed/2026/01/GHSA-m6mc-jpfq-vw85/GHSA-m6mc-jpfq-vw85.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m6mc-jpfq-vw85",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2026-22276"
+  ],
+  "details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22276"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-312"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T10:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-mmh3-9rwx-pch9/GHSA-mmh3-9rwx-pch9.json b/advisories/unreviewed/2026/01/GHSA-mmh3-9rwx-pch9/GHSA-mmh3-9rwx-pch9.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mmh3-9rwx-pch9",
+  "modified": "2026-01-23T12:30:28Z",
+  "published": "2026-01-23T12:30:28Z",
+  "aliases": [
+    "CVE-2026-22273"
+  ],
+  "details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22273"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1392"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T10:15:53Z"
+  }
+}
