Skip to content

Commit fa135d7

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-pf65-pxf7-f5gv GHSA-4hgc-wr2q-wf2q GHSA-5cw2-54cw-vcc9 GHSA-23vf-m99m-mvr7 GHSA-2853-mpq7-6f9j GHSA-37qv-3hw5-x3ph GHSA-3v8j-7v8f-5qp2 GHSA-5gw4-7cfm-h82q GHSA-749j-2hp6-8cxm GHSA-74jr-8vhj-2c3f GHSA-7738-gqcf-gx4x GHSA-9887-33qw-3wcg GHSA-c95h-vj6h-jv2w GHSA-gcrg-j5vc-rhvg GHSA-m566-cfc2-crhm GHSA-m8r3-279x-ff46 GHSA-pmcm-fwgg-qxqr GHSA-prv5-c2px-j9q3 GHSA-q7ph-73xr-mr6g
1 parent 2362ace commit fa135d7

File tree

19 files changed

+368
-18
lines changed

19 files changed

+368
-18
lines changed

advisories/unreviewed/2024/10/GHSA-pf65-pxf7-f5gv/GHSA-pf65-pxf7-f5gv.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pf65-pxf7-f5gv",
4-
"modified": "2024-10-16T09:30:31Z",
4+
"modified": "2025-12-12T15:30:25Z",
55
"published": "2024-10-16T09:30:31Z",
66
"aliases": [
77
"CVE-2024-9582"

advisories/unreviewed/2025/09/GHSA-4hgc-wr2q-wf2q/GHSA-4hgc-wr2q-wf2q.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4hgc-wr2q-wf2q",
4-
"modified": "2025-09-18T15:30:33Z",
4+
"modified": "2025-12-12T15:30:25Z",
55
"published": "2025-09-18T15:30:33Z",
66
"aliases": [
77
"CVE-2022-50392"
88
],
99
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe()\n\nThe node returned by of_parse_phandle() with refcount incremented,\nof_node_put() needs be called when finish using it. So add it in the\nerror path in mt8183_mt6358_ts3a227_max98357_dev_probe().",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -33,7 +38,7 @@
3338
],
3439
"database_specific": {
3540
"cwe_ids": [],
36-
"severity": null,
41+
"severity": "MODERATE",
3742
"github_reviewed": false,
3843
"github_reviewed_at": null,
3944
"nvd_published_at": "2025-09-18T14:15:38Z"

advisories/unreviewed/2025/09/GHSA-5cw2-54cw-vcc9/GHSA-5cw2-54cw-vcc9.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5cw2-54cw-vcc9",
4-
"modified": "2025-09-18T15:30:33Z",
4+
"modified": "2025-12-12T15:30:25Z",
55
"published": "2025-09-18T15:30:33Z",
66
"aliases": [
77
"CVE-2022-50390"
88
],
99
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in ./include/drm/ttm/ttm_tt.h:122:26\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n <TASK>\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n ttm_bo_move_memcpy+0x3b4/0x460 [ttm]\n bo_driver_move+0x32/0x40 [drm_vram_helper]\n ttm_bo_handle_move_mem+0x118/0x200 [ttm]\n ttm_bo_validate+0xfa/0x220 [ttm]\n drm_gem_vram_pin_locked+0x70/0x1b0 [drm_vram_helper]\n drm_gem_vram_pin+0x48/0xb0 [drm_vram_helper]\n drm_gem_vram_plane_helper_prepare_fb+0x53/0xe0 [drm_vram_helper]\n drm_gem_vram_simple_display_pipe_prepare_fb+0x26/0x30 [drm_vram_helper]\n drm_simple_kms_plane_prepare_fb+0x4d/0xe0 [drm_kms_helper]\n drm_atomic_helper_prepare_planes+0xda/0x210 [drm_kms_helper]\n drm_atomic_helper_commit+0xc3/0x1e0 [drm_kms_helper]\n drm_atomic_commit+0x9c/0x160 [drm]\n drm_client_modeset_commit_atomic+0x33a/0x380 [drm]\n drm_client_modeset_commit_locked+0x77/0x220 [drm]\n drm_client_modeset_commit+0x31/0x60 [drm]\n __drm_fb_helper_restore_fbdev_mode_unlocked+0xa7/0x170 [drm_kms_helper]\n drm_fb_helper_set_par+0x51/0x90 [drm_kms_helper]\n fbcon_init+0x316/0x790\n visual_init+0x113/0x1d0\n do_bind_con_driver+0x2a3/0x5c0\n do_take_over_console+0xa9/0x270\n do_fbcon_takeover+0xa1/0x170\n do_fb_registered+0x2a8/0x340\n fbcon_fb_registered+0x47/0xe0\n register_framebuffer+0x294/0x4a0\n __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper]\n drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper]\n drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper]\n drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper]\n bochs_pci_probe+0x6ca/0x772 [bochs]\n local_pci_probe+0x4d/0xb0\n pci_device_probe+0x119/0x320\n really_probe+0x181/0x550\n __driver_probe_device+0xc6/0x220\n driver_probe_device+0x32/0x100\n __driver_attach+0x195/0x200\n bus_for_each_dev+0xbb/0x120\n driver_attach+0x27/0x30\n bus_add_driver+0x22e/0x2f0\n driver_register+0xa9/0x190\n __pci_register_driver+0x90/0xa0\n bochs_pci_driver_init+0x52/0x1000 [bochs]\n do_one_initcall+0x76/0x430\n do_init_module+0x61/0x28a\n load_module+0x1f82/0x2e50\n __do_sys_finit_module+0xf8/0x190\n __x64_sys_finit_module+0x23/0x30\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n </TASK>",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -29,7 +34,7 @@
2934
],
3035
"database_specific": {
3136
"cwe_ids": [],
32-
"severity": null,
37+
"severity": "MODERATE",
3338
"github_reviewed": false,
3439
"github_reviewed_at": null,
3540
"nvd_published_at": "2025-09-18T14:15:37Z"

advisories/unreviewed/2025/12/GHSA-23vf-m99m-mvr7/GHSA-23vf-m99m-mvr7.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-23vf-m99m-mvr7",
4+
"modified": "2025-12-12T15:30:41Z",
5+
"published": "2025-12-12T15:30:41Z",
6+
"aliases": [
7+
"CVE-2025-36745"
8+
],
9+
"details": "SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36745"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://csirt.divd.nl/CVE-2025-36745"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://csirt.divd.nl/DIVD-2025-00022"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [],
33+
"severity": "HIGH",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2025-12-12T15:15:53Z"
37+
}
38+
}

advisories/unreviewed/2025/12/GHSA-2853-mpq7-6f9j/GHSA-2853-mpq7-6f9j.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2853-mpq7-6f9j",
4-
"modified": "2025-12-06T15:30:16Z",
4+
"modified": "2025-12-12T15:30:26Z",
55
"published": "2025-12-06T15:30:16Z",
66
"aliases": [
77
"CVE-2025-14139"
@@ -46,7 +46,8 @@
4646
],
4747
"database_specific": {
4848
"cwe_ids": [
49-
"CWE-119"
49+
"CWE-119",
50+
"CWE-120"
5051
],
5152
"severity": "MODERATE",
5253
"github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-37qv-3hw5-x3ph/GHSA-37qv-3hw5-x3ph.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-37qv-3hw5-x3ph",
4+
"modified": "2025-12-12T15:30:41Z",
5+
"published": "2025-12-12T15:30:41Z",
6+
"aliases": [
7+
"CVE-2025-36746"
8+
],
9+
"details": "SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36746"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://csirt.divd.nl/CVE-2025-36746"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://csirt.divd.nl/DIVD-2025-00022"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [],
33+
"severity": "MODERATE",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2025-12-12T15:15:53Z"
37+
}
38+
}

advisories/unreviewed/2025/12/GHSA-3v8j-7v8f-5qp2/GHSA-3v8j-7v8f-5qp2.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3v8j-7v8f-5qp2",
4+
"modified": "2025-12-12T15:30:41Z",
5+
"published": "2025-12-12T15:30:41Z",
6+
"aliases": [
7+
"CVE-2025-36743"
8+
],
9+
"details": "SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36743"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://csirt.divd.nl/CVE-2025-36743"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://csirt.divd.nl/DIVD-2025-00022"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [],
33+
"severity": "HIGH",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2025-12-12T15:15:52Z"
37+
}
38+
}

advisories/unreviewed/2025/12/GHSA-5gw4-7cfm-h82q/GHSA-5gw4-7cfm-h82q.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5gw4-7cfm-h82q",
4+
"modified": "2025-12-12T15:30:42Z",
5+
"published": "2025-12-12T15:30:42Z",
6+
"aliases": [
7+
"CVE-2025-58770"
8+
],
9+
"details": "APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58770"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025009.pdf"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-280"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-12T15:15:53Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-749j-2hp6-8cxm/GHSA-749j-2hp6-8cxm.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-749j-2hp6-8cxm",
4+
"modified": "2025-12-12T15:30:42Z",
5+
"published": "2025-12-12T15:30:42Z",
6+
"aliases": [
7+
"CVE-2025-54981"
8+
],
9+
"details": "Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54981"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://lists.apache.org/thread/9rbvdvwg5fdhzjdgyrholgso53r26998"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [
24+
"CWE-327"
25+
],
26+
"severity": null,
27+
"github_reviewed": false,
28+
"github_reviewed_at": null,
29+
"nvd_published_at": "2025-12-12T15:15:53Z"
30+
}
31+
}

advisories/unreviewed/2025/12/GHSA-74jr-8vhj-2c3f/GHSA-74jr-8vhj-2c3f.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-74jr-8vhj-2c3f",
4-
"modified": "2025-12-03T18:30:25Z",
4+
"modified": "2025-12-12T15:30:26Z",
55
"published": "2025-12-03T18:30:25Z",
66
"aliases": [
77
"CVE-2025-13751"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://www.mail-archive.com/[email protected]/msg00153.html"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.mail-archive.com/[email protected]/msg00154.html"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://www.mail-archive.com/[email protected]/msg00154.htmlhttps:"

0 commit comments

Comments
 (0)