Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-3g22-36vj-437q/GHSA-3g22-36vj-437q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3g22-36vj-437q",
-  "modified": "2022-05-24T17:34:45Z",
+  "modified": "2026-05-29T18:31:12Z",
   "published": "2022-05-24T17:34:45Z",
   "aliases": [
     "CVE-2020-7567"
   ],
   "details": "A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-45cc-9wgf-p2qq/GHSA-45cc-9wgf-p2qq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-45cc-9wgf-p2qq",
-  "modified": "2022-05-24T17:34:45Z",
+  "modified": "2026-05-29T18:31:13Z",
   "published": "2022-05-24T17:34:45Z",
   "aliases": [
     "CVE-2020-7568"
   ],
   "details": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-5pqg-qmmw-g6j5/GHSA-5pqg-qmmw-g6j5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pqg-qmmw-g6j5",
-  "modified": "2022-10-19T19:00:24Z",
+  "modified": "2026-05-29T18:31:13Z",
   "published": "2022-05-24T17:34:39Z",
   "aliases": [
     "CVE-2020-28941"
@@ -35,6 +35,14 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T"

advisories/unreviewed/2022/05/GHSA-84j4-ccmw-hwpg/GHSA-84j4-ccmw-hwpg.json

@@ -53,7 +53,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-203"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-95m7-f345-m9h8/GHSA-95m7-f345-m9h8.json

@@ -30,6 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-400",
       "CWE-770"
     ],
     "severity": "HIGH",

advisories/unreviewed/2022/05/GHSA-9cvx-7r58-v2x4/GHSA-9cvx-7r58-v2x4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9cvx-7r58-v2x4",
-  "modified": "2022-05-14T02:01:21Z",
+  "modified": "2026-05-29T18:31:11Z",
   "published": "2022-05-14T02:01:21Z",
   "aliases": [
     "CVE-2018-7795"

advisories/unreviewed/2022/05/GHSA-w2fw-m3gj-2pvm/GHSA-w2fw-m3gj-2pvm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w2fw-m3gj-2pvm",
-  "modified": "2022-10-06T18:52:05Z",
+  "modified": "2026-05-29T18:31:13Z",
   "published": "2022-05-24T17:35:04Z",
   "aliases": [
     "CVE-2020-29372"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0c4d1e176eeb614dc8734fc3ace34292771f11"
     },
+    {
+      "type": "WEB",
+      "url": "https://project-zero.issues.chromium.org/issues/42451131"
+    },
     {
       "type": "WEB",
       "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"

advisories/unreviewed/2026/03/GHSA-6rj2-xg9p-3jj4/GHSA-6rj2-xg9p-3jj4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6rj2-xg9p-3jj4",
-  "modified": "2026-04-18T09:30:17Z",
+  "modified": "2026-05-29T18:31:13Z",
   "published": "2026-03-25T12:30:21Z",
   "aliases": [
     "CVE-2026-23286"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: lec: fix null-ptr-deref in lec_arp_clear_vccs\n\nsyzkaller reported a null-ptr-deref in lec_arp_clear_vccs().\nThis issue can be easily reproduced using the syzkaller reproducer.\n\nIn the ATM LANE (LAN Emulation) module, the same atm_vcc can be shared by\nmultiple lec_arp_table entries (e.g., via entry->vcc or entry->recv_vcc).\nWhen the underlying VCC is closed, lec_vcc_close() iterates over all\nARP entries and calls lec_arp_clear_vccs() for each matched entry.\n\nFor example, when lec_vcc_close() iterates through the hlists in\npriv->lec_arp_empty_ones or other ARP tables:\n\n1. In the first iteration, for the first matched ARP entry sharing the VCC,\nlec_arp_clear_vccs() frees the associated vpriv (which is vcc->user_back)\nand sets vcc->user_back to NULL.\n2. In the second iteration, for the next matched ARP entry sharing the same\nVCC, lec_arp_clear_vccs() is called again. It obtains a NULL vpriv from\nvcc->user_back (via LEC_VCC_PRIV(vcc)) and then attempts to dereference it\nvia `vcc->pop = vpriv->old_pop`, leading to a null-ptr-deref crash.\n\nFix this by adding a null check for vpriv before dereferencing\nit. If vpriv is already NULL, it means the VCC has been cleared\nby a previous call, so we can safely skip the cleanup and just\nclear the entry's vcc/recv_vcc pointers.\n\nThe entire cleanup block (including vcc_release_async()) is placed inside\nthe vpriv guard because a NULL vpriv indicates the VCC has already been\nfully released by a prior iteration — repeating the teardown would\nredundantly set flags and trigger callbacks on an already-closing socket.\n\nThe Fixes tag points to the initial commit because the entry->vcc path has\nbeen vulnerable since the original code. The entry->recv_vcc path was later\nadded by commit 8d9f73c0ad2f (\"atm: fix a memory leak of vcc->user_back\")\nwith the same pattern, and both paths are fixed here.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T11:16:23Z"

advisories/unreviewed/2026/03/GHSA-73mm-44q3-cmm6/GHSA-73mm-44q3-cmm6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-73mm-44q3-cmm6",
-  "modified": "2026-03-25T12:30:21Z",
+  "modified": "2026-05-29T18:31:13Z",
   "published": "2026-03-25T12:30:21Z",
   "aliases": [
     "CVE-2026-23287"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n    The PLIC signals it has completed executing an interrupt handler by\n    writing the interrupt ID it received from the claim to the\n    claim/complete register. The PLIC does not check whether the completion\n    ID is the same as the last claim ID for that target. If the completion\n    ID does not match an interrupt source that is currently enabled for\n    the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T11:16:23Z"

advisories/unreviewed/2026/03/GHSA-cq3w-r62m-5jvq/GHSA-cq3w-r62m-5jvq.json

@@ -57,7 +57,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,