Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-xh7c-xrrg-3jv2/GHSA-xh7c-xrrg-3jv2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh7c-xrrg-3jv2",
-  "modified": "2022-05-24T17:40:56Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2022-05-24T17:40:56Z",
   "aliases": [
     "CVE-2020-16194"
   ],
   "details": "An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-639"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/05/GHSA-4jf5-7pvp-xf23/GHSA-4jf5-7pvp-xf23.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4jf5-7pvp-xf23",
-  "modified": "2025-05-01T15:31:45Z",
+  "modified": "2026-01-27T21:31:32Z",
   "published": "2025-05-01T15:31:45Z",
   "aliases": [
     "CVE-2025-37791"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()\n\nrpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct\nsize of rpl is sizeof(*rpl) which should be just 1 byte.  Using the\npointer size instead can cause stack corruption:\n\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100\nCPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G           OE      6.11.0 #24\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023\nWorkqueue: events module_flash_fw_work\nCall Trace:\n <TASK>\n panic+0x339/0x360\n ? ethtool_cmis_wait_for_cond+0xf4/0x100\n ? __pfx_status_success+0x10/0x10\n ? __pfx_status_fail+0x10/0x10\n __stack_chk_fail+0x10/0x10\n ethtool_cmis_wait_for_cond+0xf4/0x100\n ethtool_cmis_cdb_execute_cmd+0x1fc/0x330\n ? __pfx_status_fail+0x10/0x10\n cmis_cdb_module_features_get+0x6d/0xd0\n ethtool_cmis_cdb_init+0x8a/0xd0\n ethtool_cmis_fw_update+0x46/0x1d0\n module_flash_fw_work+0x17/0xa0\n process_one_work+0x179/0x390\n worker_thread+0x239/0x340\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T14:15:43Z"

advisories/unreviewed/2025/05/GHSA-65v7-4r26-q97r/GHSA-65v7-4r26-q97r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-65v7-4r26-q97r",
-  "modified": "2025-05-02T18:31:35Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-05-02T18:31:35Z",
   "aliases": [
     "CVE-2023-53085"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/edid: fix info leak when failing to get panel id\n\nMake sure to clear the transfer buffer before fetching the EDID to\navoid leaking slab data to the logs on errors that leave the buffer\nunchanged.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:27Z"

advisories/unreviewed/2025/05/GHSA-6jxj-r3pv-7wf7/GHSA-6jxj-r3pv-7wf7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jxj-r3pv-7wf7",
-  "modified": "2025-05-02T18:31:34Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-05-02T18:31:34Z",
   "aliases": [
     "CVE-2023-53059"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-8xff-q6g9-rjjv/GHSA-8xff-q6g9-rjjv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8xff-q6g9-rjjv",
-  "modified": "2025-05-02T18:31:32Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-05-02T18:31:32Z",
   "aliases": [
     "CVE-2023-53035"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n  instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n  _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n  copy_to_user include/linux/uaccess.h:169 [inline]\n  nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n  nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n  nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n  nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n  __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n  __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n  __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n  do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n  __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n  do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n  do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n  entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n  __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n  alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n  __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n  nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n  nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n  nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n  nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n  __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n  __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n  __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n  do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n  __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n  do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n  do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n  entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:22Z"

advisories/unreviewed/2025/05/GHSA-w7gq-mpq5-98vw/GHSA-w7gq-mpq5-98vw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w7gq-mpq5-98vw",
-  "modified": "2025-05-20T18:30:57Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-05-20T18:30:57Z",
   "aliases": [
     "CVE-2025-37966"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL\n\nWhen userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not\navailable, the kernel crashes:\n\nOops - illegal instruction [#1]\n    [snip]\nepc : set_tagged_addr_ctrl+0x112/0x15a\n ra : set_tagged_addr_ctrl+0x74/0x15a\nepc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10\n    [snip]\nstatus: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002\n    set_tagged_addr_ctrl+0x112/0x15a\n    __riscv_sys_prctl+0x352/0x73c\n    do_trap_ecall_u+0x17c/0x20c\n    andle_exception+0x150/0x15c\n\nFix it by checking if Supm is available.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-668"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T17:15:47Z"

advisories/unreviewed/2025/06/GHSA-3464-wq8g-r9gp/GHSA-3464-wq8g-r9gp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3464-wq8g-r9gp",
-  "modified": "2025-09-23T21:30:54Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-06-26T21:31:03Z",
   "aliases": [
     "CVE-2025-34038"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://vulncheck.com/advisories/fanwei-ecology-sql-injection"
     },
+    {
+      "type": "WEB",
+      "url": "https://weaver.com.co/products/ecology"
+    },
     {
       "type": "WEB",
       "url": "https://www.cnblogs.com/0day-li/p/14637680.html"

advisories/unreviewed/2025/08/GHSA-wpqf-xvqm-p9f4/GHSA-wpqf-xvqm-p9f4.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/09/GHSA-h5fg-gggq-x5vh/GHSA-h5fg-gggq-x5vh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h5fg-gggq-x5vh",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53392"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix kernel panic during warm reset\n\nDuring warm reset device->fw_client is set to NULL. If a bus driver is\nregistered after this NULL setting and before new firmware clients are\nenumerated by ISHTP, kernel panic will result in the function\nishtp_cl_bus_match(). This is because of reference to\ndevice->fw_client->props.protocol_name.\n\nISH firmware after getting successfully loaded, sends a warm reset\nnotification to remove all clients from the bus and sets\ndevice->fw_client to NULL. Until kernel v5.15, all enabled ISHTP kernel\nmodule drivers were loaded right after any of the first ISHTP device was\nregistered, regardless of whether it was a matched or an unmatched\ndevice. This resulted in all drivers getting registered much before the\nwarm reset notification from ISH.\n\nStarting kernel v5.16, this issue got exposed after the change was\nintroduced to load only bus drivers for the respective matching devices.\nIn this scenario, cros_ec_ishtp device and cros_ec_ishtp driver are\nregistered after the warm reset device fw_client NULL setting.\ncros_ec_ishtp driver_register() triggers the callback to\nishtp_cl_bus_match() to match ISHTP driver to the device and causes kernel\npanic in guid_equal() when dereferencing fw_client NULL pointer to get\nprotocol_name.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-668"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:42Z"

advisories/unreviewed/2025/09/GHSA-hg25-38jx-wr4p/GHSA-hg25-38jx-wr4p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hg25-38jx-wr4p",
-  "modified": "2025-09-16T15:32:33Z",
+  "modified": "2026-01-27T21:31:33Z",
   "published": "2025-09-16T15:32:33Z",
   "aliases": [
     "CVE-2023-53301"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix kernel crash due to null io->bio\n\nWe should return when io->bio is null before doing anything. Otherwise, panic.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nRIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs]\nCall Trace:\n <TASK>\n f2fs_submit_merged_write+0x1d/0x30 [f2fs]\n commit_checkpoint+0x110/0x1e0 [f2fs]\n f2fs_write_checkpoint+0x9f7/0xf00 [f2fs]\n ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]\n __checkpoint_and_complete_reqs+0x84/0x190 [f2fs]\n ? preempt_count_add+0x82/0xc0\n ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]\n issue_checkpoint_thread+0x4c/0xf0 [f2fs]\n ? __pfx_autoremove_wake_function+0x10/0x10\n kthread+0xff/0x130\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n </TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T08:15:39Z"