Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-x3rh-6g9g-gp22/GHSA-x3rh-6g9g-gp22.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x3rh-6g9g-gp22",
-  "modified": "2022-05-24T16:51:52Z",
+  "modified": "2026-02-10T18:30:30Z",
   "published": "2022-05-24T16:51:52Z",
   "aliases": [
     "CVE-2019-14193"
   ],
   "details": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,10 +26,16 @@
     {
       "type": "WEB",
       "url": "https://gitlab.com/u-boot/u-boot"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20191130052117/https://blog.semmle.com/uboot-rce-nfs-vulnerability"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-787"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-m92w-x6j2-5gc5/GHSA-m92w-x6j2-5gc5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m92w-x6j2-5gc5",
-  "modified": "2025-11-04T00:32:21Z",
+  "modified": "2026-02-10T18:30:30Z",
   "published": "2025-03-01T00:31:55Z",
   "aliases": [
     "CVE-2025-26466"
@@ -59,6 +59,14 @@
       "type": "WEB",
       "url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-openssh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-openssh"
+    },
     {
       "type": "WEB",
       "url": "http://seclists.org/fulldisclosure/2025/Feb/18"

advisories/unreviewed/2025/10/GHSA-2g3v-rq5j-m37f/GHSA-2g3v-rq5j-m37f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2g3v-rq5j-m37f",
-  "modified": "2025-10-14T18:30:36Z",
+  "modified": "2026-02-10T18:30:32Z",
   "published": "2025-10-14T18:30:36Z",
   "aliases": [
     "CVE-2025-59282"
@@ -22,6 +22,14 @@
     {
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-59282-detection-script-race-condition-in-microsoft-inbox-com-objects"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-59282-mitigation-script-race-condition-in-microsoft-inbox-com-objects"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-fpq4-r87v-g246/GHSA-fpq4-r87v-g246.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fpq4-r87v-g246",
-  "modified": "2025-12-16T12:30:27Z",
+  "modified": "2026-02-10T18:30:32Z",
   "published": "2025-10-17T21:31:17Z",
   "aliases": [
     "CVE-2025-34281"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://advisory.checkmarx.net/advisory/CVE-2025-3261"
     },
+    {
+      "type": "WEB",
+      "url": "https://advisory.checkmarx.net/advisory/CVE-2025-34281"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/thingsboard/thingsboard/releases/tag/v4.2.1"

advisories/unreviewed/2025/10/GHSA-x7f8-7938-4jm9/GHSA-x7f8-7938-4jm9.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-120"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-r879-mf96-p9qf/GHSA-r879-mf96-p9qf.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r879-mf96-p9qf",
-  "modified": "2025-11-05T00:31:33Z",
+  "modified": "2026-02-10T18:30:32Z",
   "published": "2025-11-05T00:31:33Z",
   "aliases": [
     "CVE-2025-59596"
   ],
   "details": "CVE-2025-59596 is a denial-of-service vulnerability in Secure Access \nWindows client versions 12.0 to 14.10 that is addressed in version \n14.12. If a local networking policy is active, attackers on an adjacent \nnetwork may be able to send a crafted packet and cause the client system\n to crash.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-5qvx-3gp5-6m7q/GHSA-5qvx-3gp5-6m7q.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-7v6v-gxc3-52qv/GHSA-7v6v-gxc3-52qv.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-8prm-7g9f-q54x/GHSA-8prm-7g9f-q54x.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8prm-7g9f-q54x",
-  "modified": "2026-01-21T00:31:42Z",
+  "modified": "2026-02-10T18:30:33Z",
   "published": "2026-01-21T00:31:42Z",
   "aliases": [
     "CVE-2025-58743"
   ],
   "details": "Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability \n\nin the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-9259-996q-pvq8/GHSA-9259-996q-pvq8.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9259-996q-pvq8",
-  "modified": "2026-01-21T00:31:42Z",
+  "modified": "2026-02-10T18:30:33Z",
   "published": "2026-01-21T00:31:42Z",
   "aliases": [
     "CVE-2025-58744"
   ],
   "details": "Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"