Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-cfv9-2rgf-f55c/GHSA-cfv9-2rgf-f55c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cfv9-2rgf-f55c",
-  "modified": "2025-07-15T15:30:30Z",
+  "modified": "2025-07-16T21:30:33Z",
   "published": "2025-05-06T15:31:10Z",
   "aliases": [
     "CVE-2025-4373"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:11140"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:11327"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-4373"

advisories/unreviewed/2025/07/GHSA-2228-gwwf-r96q/GHSA-2228-gwwf-r96q.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-922"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-2237-6m5h-9jw6/GHSA-2237-6m5h-9jw6.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-863"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-2cv2-pmj7-qmcg/GHSA-2cv2-pmj7-qmcg.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-863"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-2vp3-crwq-3fg5/GHSA-2vp3-crwq-3fg5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2vp3-crwq-3fg5",
-  "modified": "2025-07-16T09:31:05Z",
+  "modified": "2025-07-16T21:30:34Z",
   "published": "2025-07-16T09:31:05Z",
   "aliases": [
     "CVE-2025-27465"
   ],
   "details": "Certain instructions need intercepting and emulating by Xen.  In some\ncases Xen emulates the instruction by replaying it, using an executable\nstub.  Some instructions may raise an exception, which is supposed to be\nhandled gracefully.  Certain replayed instructions have additional logic\nto set up and recover the changes to the arithmetic flags.\n\nFor replayed instructions where the flags recovery logic is used, the\nmetadata for exception handling was incorrect, preventing Xen from\nhandling the the exception gracefully, treating it as fatal instead.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-16T09:15:23Z"

advisories/unreviewed/2025/07/GHSA-3r73-v5gv-2jmq/GHSA-3r73-v5gv-2jmq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3r73-v5gv-2jmq",
-  "modified": "2025-07-16T15:32:33Z",
+  "modified": "2025-07-16T21:30:35Z",
   "published": "2025-07-16T15:32:33Z",
   "aliases": [
     "CVE-2024-42912"
   ],
   "details": "A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-16T15:15:24Z"

advisories/unreviewed/2025/07/GHSA-42f3-32q6-x99r/GHSA-42f3-32q6-x99r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-42f3-32q6-x99r",
-  "modified": "2025-07-16T15:32:33Z",
+  "modified": "2025-07-16T21:30:35Z",
   "published": "2025-07-16T15:32:33Z",
   "aliases": [
     "CVE-2025-40919"
   ],
   "details": "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.\n\nThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAccording to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-338"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-16T14:15:25Z"

advisories/unreviewed/2025/07/GHSA-45jj-mm6q-53j7/GHSA-45jj-mm6q-53j7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-45jj-mm6q-53j7",
-  "modified": "2025-07-16T06:30:29Z",
+  "modified": "2025-07-16T21:30:34Z",
   "published": "2025-07-16T06:30:29Z",
   "aliases": [
     "CVE-2025-2800"

advisories/unreviewed/2025/07/GHSA-496q-8ph2-c4fj/GHSA-496q-8ph2-c4fj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-496q-8ph2-c4fj",
-  "modified": "2025-07-16T15:32:32Z",
+  "modified": "2025-07-16T21:30:35Z",
   "published": "2025-07-16T15:32:32Z",
   "aliases": [
     "CVE-2025-40918"
   ],
   "details": "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.\n\nThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAccording to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation\n depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -35,7 +40,7 @@
     "cwe_ids": [
       "CWE-338"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-16T14:15:25Z"

advisories/unreviewed/2025/07/GHSA-4w43-v393-px48/GHSA-4w43-v393-px48.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w43-v393-px48",
+  "modified": "2025-07-16T21:30:36Z",
+  "published": "2025-07-16T21:30:36Z",
+  "aliases": [
+    "CVE-2025-34119"
+  ],
+  "details": "A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/39102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T21:15:26Z"
+  }
+}