Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/12/GHSA-q495-wf8m-qxcf/GHSA-q495-wf8m-qxcf.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-94"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/06/GHSA-pc68-4m2q-7jqf/GHSA-pc68-4m2q-7jqf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pc68-4m2q-7jqf",
-  "modified": "2025-06-17T03:31:45Z",
+  "modified": "2025-07-15T21:31:24Z",
   "published": "2025-06-17T03:31:45Z",
   "aliases": [
     "CVE-2025-6151"
@@ -42,6 +42,10 @@
     {
       "type": "WEB",
       "url": "https://www.tp-link.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tp-link.com/us/support/faq/4536"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/07/GHSA-2237-6m5h-9jw6/GHSA-2237-6m5h-9jw6.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2237-6m5h-9jw6",
+  "modified": "2025-07-15T21:31:41Z",
+  "published": "2025-07-15T21:31:41Z",
+  "aliases": [
+    "CVE-2025-50084"
+  ],
+  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and  9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50084"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:44Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-24f3-rr2c-6cx6/GHSA-24f3-rr2c-6cx6.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24f3-rr2c-6cx6",
+  "modified": "2025-07-15T21:31:40Z",
+  "published": "2025-07-15T21:31:40Z",
+  "aliases": [
+    "CVE-2025-50062"
+  ],
+  "details": "Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core).  Supported versions that are affected are 9.2.51 and  9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50062"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:40Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-24p2-4542-7rxf/GHSA-24p2-4542-7rxf.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24p2-4542-7rxf",
+  "modified": "2025-07-15T21:31:40Z",
+  "published": "2025-07-15T21:31:40Z",
+  "aliases": [
+    "CVE-2025-30758"
+  ],
+  "details": "Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface).  Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:30Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-25r2-9vcc-j43c/GHSA-25r2-9vcc-j43c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25r2-9vcc-j43c",
-  "modified": "2025-07-15T18:31:26Z",
+  "modified": "2025-07-15T21:31:39Z",
   "published": "2025-07-15T18:31:26Z",
   "aliases": [
     "CVE-2025-52080"
   ],
   "details": "In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-15T16:15:37Z"

advisories/unreviewed/2025/07/GHSA-27j5-7vqc-pjcg/GHSA-27j5-7vqc-pjcg.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27j5-7vqc-pjcg",
+  "modified": "2025-07-15T21:31:39Z",
+  "published": "2025-07-15T21:31:39Z",
+  "aliases": [
+    "CVE-2025-30746"
+  ],
+  "details": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).  Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as  unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30746"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:28Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-2cv2-pmj7-qmcg/GHSA-2cv2-pmj7-qmcg.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cv2-pmj7-qmcg",
+  "modified": "2025-07-15T21:31:39Z",
+  "published": "2025-07-15T21:31:39Z",
+  "aliases": [
+    "CVE-2025-30747"
+  ],
+  "details": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).  Supported versions that are affected are 8.60, 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30747"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:28Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-2jr8-f8fj-4r8r/GHSA-2jr8-f8fj-4r8r.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2jr8-f8fj-4r8r",
+  "modified": "2025-07-15T21:31:42Z",
+  "published": "2025-07-15T21:31:42Z",
+  "aliases": [
+    "CVE-2025-50099"
+  ],
+  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and  9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50099"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-15T20:15:46Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-2mcx-3xj5-wg86/GHSA-2mcx-3xj5-wg86.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2mcx-3xj5-wg86",
-  "modified": "2025-07-10T18:31:29Z",
+  "modified": "2025-07-15T21:31:26Z",
   "published": "2025-07-10T18:31:29Z",
   "aliases": [
     "CVE-2025-49812"
   ],
   "details": "In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.\n\nOnly configurations using \"SSLEngine optional\" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-287"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T17:15:48Z"