Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-rmr3-2hxj-3h7h/GHSA-rmr3-2hxj-3h7h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rmr3-2hxj-3h7h",
-  "modified": "2022-05-24T19:17:44Z",
+  "modified": "2026-01-20T18:31:50Z",
   "published": "2022-05-24T19:17:44Z",
   "aliases": [
     "CVE-2021-39332"
   ],
   "details": "The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2025/06/GHSA-5fmq-4fvm-96qg/GHSA-5fmq-4fvm-96qg.json

@@ -54,7 +54,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-502"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/06/GHSA-rwr2-gc8x-639j/GHSA-rwr2-gc8x-639j.json

@@ -50,7 +50,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-502"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/09/GHSA-m9hx-h78h-jqvc/GHSA-m9hx-h78h-jqvc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m9hx-h78h-jqvc",
-  "modified": "2025-11-03T21:34:26Z",
+  "modified": "2026-01-20T18:31:51Z",
   "published": "2025-09-09T18:31:24Z",
   "aliases": [
     "CVE-2025-10198"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/LizardByte/Sunshine/pull/3971"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LizardByte/Sunshine/commit/9db11a906167bd962e57896223d7b9718058aeb2"
+    },
     {
       "type": "WEB",
       "url": "https://www.kb.cert.org/vuls/id/974249"

advisories/unreviewed/2025/10/GHSA-362x-q9rc-h58c/GHSA-362x-q9rc-h58c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-362x-q9rc-h58c",
-  "modified": "2025-10-01T12:30:28Z",
+  "modified": "2026-01-20T18:31:51Z",
   "published": "2025-10-01T12:30:27Z",
   "aliases": [
     "CVE-2022-50428"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one errors in fast-commit block filling\n\nDue to several different off-by-one errors, or perhaps due to a late\nchange in design that wasn't fully reflected in the code that was\nactually merged, there are several very strange constraints on how\nfast-commit blocks are filled with tlv entries:\n\n- tlvs must start at least 10 bytes before the end of the block, even\n  though the minimum tlv length is 8.  Otherwise, the replay code will\n  ignore them.  (BUG: ext4_fc_reserve_space() could violate this\n  requirement if called with a len of blocksize - 9 or blocksize - 8.\n  Fortunately, this doesn't seem to happen currently.)\n\n- tlvs must end at least 1 byte before the end of the block.  Otherwise\n  the replay code will consider them to be invalid.  This quirk\n  contributed to a bug (fixed by an earlier commit) where uninitialized\n  memory was being leaked to disk in the last byte of blocks.\n\nAlso, strangely these constraints don't apply to the replay code in\ne2fsprogs, which will accept any tlvs in the blocks (with no bounds\nchecks at all, but that is a separate issue...).\n\nGiven that this all seems to be a bug, let's fix it by just filling\nblocks with tlv entries in the natural way.\n\nNote that old kernels will be unable to replay fast-commit journals\ncreated by kernels that have this commit.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-193"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:34Z"

advisories/unreviewed/2025/10/GHSA-3cm3-4557-5h5h/GHSA-3cm3-4557-5h5h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cm3-4557-5h5h",
-  "modified": "2025-10-01T12:30:29Z",
+  "modified": "2026-01-20T18:31:51Z",
   "published": "2025-10-01T12:30:29Z",
   "aliases": [
     "CVE-2023-53467"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()\n\nDo `kfree_skb(new)` before `goto out` to prevent potential leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:48Z"

advisories/unreviewed/2025/10/GHSA-3g53-3cmj-qjrh/GHSA-3g53-3cmj-qjrh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3g53-3cmj-qjrh",
-  "modified": "2025-10-01T12:30:29Z",
+  "modified": "2026-01-20T18:31:51Z",
   "published": "2025-10-01T12:30:29Z",
   "aliases": [
     "CVE-2023-53472"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: lpc32xx: Remove handling of PWM channels\n\nBecause LPC32xx PWM controllers have only a single output which is\nregistered as the only PWM device/channel per controller, it is known in\nadvance that pwm->hwpwm value is always 0. On basis of this fact\nsimplify the code by removing operations with pwm->hwpwm, there is no\ncontrols which require channel number as input.\n\nEven though I wasn't aware at the time when I forward ported that patch,\nthis fixes a null pointer dereference as lpc32xx->chip.pwms is NULL\nbefore devm_pwmchip_add() is called.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:49Z"

advisories/unreviewed/2025/10/GHSA-3gm7-2gq6-fqjf/GHSA-3gm7-2gq6-fqjf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3gm7-2gq6-fqjf",
-  "modified": "2025-11-03T18:31:44Z",
+  "modified": "2026-01-20T18:31:51Z",
   "published": "2025-10-01T09:30:25Z",
   "aliases": [
     "CVE-2025-39923"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don't have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It's safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -53,7 +58,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T08:15:35Z"

advisories/unreviewed/2025/10/GHSA-3pv3-rmr2-25g2/GHSA-3pv3-rmr2-25g2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pv3-rmr2-25g2",
-  "modified": "2025-10-01T12:30:30Z",
+  "modified": "2026-01-20T18:31:52Z",
   "published": "2025-10-01T12:30:30Z",
   "aliases": [
     "CVE-2023-53481"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed\n\nFollowing process will trigger an infinite loop in ubi_wl_put_peb():\n\n\tubifs_bgt\t\tubi_bgt\nubifs_leb_unmap\n  ubi_leb_unmap\n    ubi_eba_unmap_leb\n      ubi_wl_put_peb\twear_leveling_worker\n                          e1 = rb_entry(rb_first(&ubi->used)\n\t\t\t  e2 = get_peb_for_wl(ubi)\n\t\t\t  ubi_io_read_vid_hdr  // return err (flash fault)\n\t\t\t  out_error:\n\t\t\t    ubi->move_from = ubi->move_to = NULL\n\t\t\t    wl_entry_destroy(ubi, e1)\n\t\t\t      ubi->lookuptbl[e->pnum] = NULL\n      retry:\n        e = ubi->lookuptbl[pnum];\t// return NULL\n\tif (e == ubi->move_from) {\t// NULL == NULL gets true\n\t  goto retry;\t\t\t// infinite loop !!!\n\n$ top\n  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     COMMAND\n  7676 root     20   0       0      0      0 R 100.0  0.0  ubifs_bgt0_0\n\nFix it by:\n 1) Letting ubi_wl_put_peb() returns directly if wearl leveling entry has\n    been removed from 'ubi->lookuptbl'.\n 2) Using 'ubi->wl_lock' protecting wl entry deletion to preventing an\n    use-after-free problem for wl entry in ubi_wl_put_peb().\n\nFetch a reproducer in [Link].",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:50Z"

advisories/unreviewed/2025/10/GHSA-4xvq-93jj-7c4r/GHSA-4xvq-93jj-7c4r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4xvq-93jj-7c4r",
-  "modified": "2025-10-02T21:31:18Z",
+  "modified": "2026-01-20T18:31:52Z",
   "published": "2025-10-02T18:30:59Z",
   "aliases": [
     "CVE-2025-56154"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/danpros/htmly/releases/tag/v3.0.9#:~:text=Security%20fixes%20found%20in%20version%203.0.8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pastebin.com/dVityKmU"
     }
   ],
   "database_specific": {