Skip to content

Commit c002f3f

Browse files
Advisory Database Sync
1 parent de7f3dd commit c002f3f

83 files changed

Lines changed: 1376 additions & 125 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2026/04/GHSA-3rqj-4qqw-jgwr/GHSA-3rqj-4qqw-jgwr.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3rqj-4qqw-jgwr",
4-
"modified": "2026-06-01T21:30:32Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-04-30T18:30:33Z",
66
"aliases": [
77
"CVE-2026-3832"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://access.redhat.com/errata/RHSA-2026:20613"

advisories/unreviewed/2026/04/GHSA-4vrr-6f8v-98rf/GHSA-4vrr-6f8v-98rf.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4vrr-6f8v-98rf",
4-
"modified": "2026-04-18T00:31:03Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-04-18T00:31:03Z",
66
"aliases": [
77
"CVE-2026-29013"
88
],
99
"details": "libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-6rgh-57xm-37v8/GHSA-6rgh-57xm-37v8.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6rgh-57xm-37v8",
4-
"modified": "2026-06-01T21:30:33Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-04-30T18:30:33Z",
66
"aliases": [
77
"CVE-2026-3833"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://access.redhat.com/errata/RHSA-2026:20613"

advisories/unreviewed/2026/04/GHSA-7fjh-cgxv-cjc6/GHSA-7fjh-cgxv-cjc6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-7fjh-cgxv-cjc6",
4-
"modified": "2026-05-28T03:31:15Z",
4+
"modified": "2026-06-02T18:31:23Z",
55
"published": "2026-04-08T18:34:08Z",
66
"aliases": [
77
"CVE-2026-32589"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"

advisories/unreviewed/2026/04/GHSA-cmj5-x3xf-69wq/GHSA-cmj5-x3xf-69wq.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-cmj5-x3xf-69wq",
4-
"modified": "2026-06-01T21:30:32Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-04-30T18:30:32Z",
66
"aliases": [
77
"CVE-2026-33845"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://access.redhat.com/errata/RHSA-2026:20613"

advisories/unreviewed/2026/04/GHSA-mvqc-wfv6-7764/GHSA-mvqc-wfv6-7764.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-mvqc-wfv6-7764",
4-
"modified": "2026-05-28T03:31:15Z",
4+
"modified": "2026-06-02T18:31:23Z",
55
"published": "2026-04-08T18:34:08Z",
66
"aliases": [
77
"CVE-2026-32590"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"

advisories/unreviewed/2026/04/GHSA-rj7j-w6j6-856v/GHSA-rj7j-w6j6-856v.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rj7j-w6j6-856v",
4-
"modified": "2026-04-13T03:30:28Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-04-13T03:30:28Z",
66
"aliases": [
77
"CVE-2026-25204"

advisories/unreviewed/2026/05/GHSA-2hpj-h2fj-2jg5/GHSA-2hpj-h2fj-2jg5.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2hpj-h2fj-2jg5",
4-
"modified": "2026-05-15T12:30:30Z",
4+
"modified": "2026-06-02T18:31:24Z",
55
"published": "2026-05-12T03:31:26Z",
66
"aliases": [
77
"CVE-2026-45393"
@@ -11,6 +11,10 @@
1111
{
1212
"type": "CVSS_V3",
1313
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
1418
}
1519
],
1620
"affected": [],
@@ -30,7 +34,8 @@
3034
],
3135
"database_specific": {
3236
"cwe_ids": [
33-
"CWE-20"
37+
"CWE-20",
38+
"CWE-78"
3439
],
3540
"severity": "CRITICAL",
3641
"github_reviewed": false,

advisories/unreviewed/2026/05/GHSA-2pw7-g86g-76q7/GHSA-2pw7-g86g-76q7.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2pw7-g86g-76q7",
4-
"modified": "2026-06-01T21:30:35Z",
4+
"modified": "2026-06-02T18:31:25Z",
55
"published": "2026-05-27T00:31:27Z",
66
"aliases": [
77
"CVE-2026-42013"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://access.redhat.com/errata/RHSA-2026:20613"

advisories/unreviewed/2026/05/GHSA-339w-3hqm-9pjc/GHSA-339w-3hqm-9pjc.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-339w-3hqm-9pjc",
4-
"modified": "2026-05-28T18:30:32Z",
4+
"modified": "2026-06-02T18:31:26Z",
55
"published": "2026-05-28T18:30:32Z",
66
"aliases": [
77
"CVE-2026-9097"
88
],
99
"details": "Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revoked or invalidated. Because the revocation check is entirely absent, administrators are unable to terminate active sessions or revoke compromised tokens.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -21,7 +26,7 @@
2126
],
2227
"database_specific": {
2328
"cwe_ids": [],
24-
"severity": null,
29+
"severity": "CRITICAL",
2530
"github_reviewed": false,
2631
"github_reviewed_at": null,
2732
"nvd_published_at": "2026-05-28T17:16:34Z"

0 commit comments

Comments
 (0)