Skip to content

Commit 8d7ccfd

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent f4574b4 commit 8d7ccfd

File tree

41 files changed

+1481
-15
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+1481
-15
lines changed

advisories/unreviewed/2025/04/GHSA-m92c-q898-572x/GHSA-m92c-q898-572x.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-m92c-q898-572x",
4-
"modified": "2025-04-17T18:31:22Z",
4+
"modified": "2025-07-17T21:32:04Z",
55
"published": "2025-04-17T18:31:22Z",
66
"aliases": [
77
"CVE-2025-2947"

advisories/unreviewed/2025/04/GHSA-wpfj-mj4c-x9cf/GHSA-wpfj-mj4c-x9cf.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-wpfj-mj4c-x9cf",
4-
"modified": "2025-04-14T21:32:25Z",
4+
"modified": "2025-07-17T21:32:04Z",
55
"published": "2025-04-14T21:32:25Z",
66
"aliases": [
77
"CVE-2023-27272"

advisories/unreviewed/2025/07/GHSA-32wx-j5gv-pmfp/GHSA-32wx-j5gv-pmfp.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-32wx-j5gv-pmfp",
4-
"modified": "2025-07-17T15:32:15Z",
4+
"modified": "2025-07-17T21:32:11Z",
55
"published": "2025-07-17T15:32:15Z",
66
"aliases": [
77
"CVE-2025-40924"
88
],
99
"details": "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.\n\nThe session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -31,7 +36,7 @@
3136
"cwe_ids": [
3237
"CWE-338"
3338
],
34-
"severity": null,
39+
"severity": "MODERATE",
3540
"github_reviewed": false,
3641
"github_reviewed_at": null,
3742
"nvd_published_at": "2025-07-17T14:15:31Z"

advisories/unreviewed/2025/07/GHSA-4599-7962-c7jc/GHSA-4599-7962-c7jc.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4599-7962-c7jc",
4+
"modified": "2025-07-17T21:32:15Z",
5+
"published": "2025-07-17T21:32:15Z",
6+
"aliases": [
7+
"CVE-2025-0886"
8+
],
9+
"details": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0886"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://support.lenovo.com/us/en/product_security/LEN-182738"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-276"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-07-17T20:15:28Z"
39+
}
40+
}

advisories/unreviewed/2025/07/GHSA-57mg-3phx-fchw/GHSA-57mg-3phx-fchw.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-57mg-3phx-fchw",
4+
"modified": "2025-07-17T21:32:16Z",
5+
"published": "2025-07-17T21:32:16Z",
6+
"aliases": [
7+
"CVE-2025-23269"
8+
],
9+
"details": "NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23269"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "MODERATE",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2025-07-17T21:15:25Z"
33+
}
34+
}

advisories/unreviewed/2025/07/GHSA-5w92-73jc-m2vr/GHSA-5w92-73jc-m2vr.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5w92-73jc-m2vr",
4+
"modified": "2025-07-17T21:32:15Z",
5+
"published": "2025-07-17T21:32:15Z",
6+
"aliases": [
7+
"CVE-2025-1700"
8+
],
9+
"details": "A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1700"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://support.lenovo.com/us/en/product_security/LEN-194483"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-427"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-07-17T20:15:28Z"
43+
}
44+
}

advisories/unreviewed/2025/07/GHSA-627q-xcr8-8qpc/GHSA-627q-xcr8-8qpc.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-627q-xcr8-8qpc",
4+
"modified": "2025-07-17T21:32:14Z",
5+
"published": "2025-07-17T21:32:14Z",
6+
"aliases": [
7+
"CVE-2024-39835"
8+
],
9+
"details": "A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39835"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ros.org/blog/noetic-eol"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-94"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-17T20:15:27Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-67jc-hmvg-q4c7/GHSA-67jc-hmvg-q4c7.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-67jc-hmvg-q4c7",
4+
"modified": "2025-07-17T21:32:15Z",
5+
"published": "2025-07-17T21:32:15Z",
6+
"aliases": [
7+
"CVE-2025-23267"
8+
],
9+
"details": "NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23267"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5659"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-59"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-17T20:15:28Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-7mg9-54m6-qh35/GHSA-7mg9-54m6-qh35.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7mg9-54m6-qh35",
4+
"modified": "2025-07-17T21:32:15Z",
5+
"published": "2025-07-17T21:32:15Z",
6+
"aliases": [
7+
"CVE-2024-41921"
8+
],
9+
"details": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41921"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ros.org/blog/noetic-eol"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-94"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-17T20:15:27Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-7wq6-wxf9-cp78/GHSA-7wq6-wxf9-cp78.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7wq6-wxf9-cp78",
4+
"modified": "2025-07-17T21:32:16Z",
5+
"published": "2025-07-17T21:32:16Z",
6+
"aliases": [
7+
"CVE-2025-6232"
8+
],
9+
"details": "An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6232"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://support.lenovo.com/us/en/product_security/LEN-196648"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-88"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-07-17T20:15:31Z"
39+
}
40+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy