Skip to content

Commit cb8ed96

Browse files
Advisory Database Sync
1 parent bef531b commit cb8ed96

54 files changed

Lines changed: 835 additions & 135 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2026/05/GHSA-38r9-g25v-vcvr/GHSA-38r9-g25v-vcvr.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-38r9-g25v-vcvr",
4-
"modified": "2026-05-15T06:30:29Z",
4+
"modified": "2026-05-15T15:30:41Z",
55
"published": "2026-05-15T03:30:36Z",
66
"aliases": [
77
"CVE-2026-8612"
88
],
99
"details": "WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.\n\nWith no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without overriding the backend's documented directory_umask of 000, so the cache root and its subdirectories are created mode 0777 with no sticky bit. Cache entries are named by sha1_hex of the request and read back through Storable::thaw on the next cache hit.\n\nA local attacker with write access to the cache tree can replace a victim's cache entry for a known URL with an arbitrary frozen HTTP::Response blob, causing the victim's next get() of that URL to return attacker controlled response bytes. Because the bytes are passed to Storable::thaw, a victim process that has loaded any class with a side-effectful STORABLE_thaw, DESTROY, or overload hook can be escalated to arbitrary code execution.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -35,7 +40,7 @@
3540
"cwe_ids": [
3641
"CWE-502"
3742
],
38-
"severity": null,
43+
"severity": "MODERATE",
3944
"github_reviewed": false,
4045
"github_reviewed_at": null,
4146
"nvd_published_at": "2026-05-15T02:16:23Z"

advisories/unreviewed/2026/05/GHSA-3fwf-96rh-jr6w/GHSA-3fwf-96rh-jr6w.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3fwf-96rh-jr6w",
4-
"modified": "2026-05-14T21:30:46Z",
4+
"modified": "2026-05-15T15:30:39Z",
55
"published": "2026-05-14T21:30:46Z",
66
"aliases": [
77
"CVE-2026-8572"
88
],
99
"details": "Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-693"
34+
],
35+
"severity": "LOW",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2026-05-14T20:17:19Z"

advisories/unreviewed/2026/05/GHSA-3j3h-g4g8-qvq9/GHSA-3j3h-g4g8-qvq9.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3j3h-g4g8-qvq9",
4-
"modified": "2026-05-14T21:30:46Z",
4+
"modified": "2026-05-15T15:30:39Z",
55
"published": "2026-05-14T21:30:46Z",
66
"aliases": [
77
"CVE-2026-8568"
88
],
99
"details": "Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-693"
34+
],
35+
"severity": "LOW",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2026-05-14T20:17:19Z"

advisories/unreviewed/2026/05/GHSA-3v8x-c22j-hv4q/GHSA-3v8x-c22j-hv4q.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,9 @@
4141
}
4242
],
4343
"database_specific": {
44-
"cwe_ids": [],
44+
"cwe_ids": [
45+
"CWE-416"
46+
],
4547
"severity": "CRITICAL",
4648
"github_reviewed": false,
4749
"github_reviewed_at": null,
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3vmq-hg3m-f8qq",
4+
"modified": "2026-05-15T15:30:45Z",
5+
"published": "2026-05-15T15:30:45Z",
6+
"aliases": [
7+
"CVE-2026-39054"
8+
],
9+
"details": "Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39054"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://github.com/oinone/oinone-pamirs"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://www.oinone.top/changelog"
28+
}
29+
],
30+
"database_specific": {
31+
"cwe_ids": [],
32+
"severity": null,
33+
"github_reviewed": false,
34+
"github_reviewed_at": null,
35+
"nvd_published_at": "2026-05-15T15:16:51Z"
36+
}
37+
}
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-45fh-4474-xc77",
4+
"modified": "2026-05-15T15:30:45Z",
5+
"published": "2026-05-15T15:30:45Z",
6+
"aliases": [
7+
"CVE-2026-34253"
8+
],
9+
"details": "A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34253"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332"
28+
}
29+
],
30+
"database_specific": {
31+
"cwe_ids": [],
32+
"severity": null,
33+
"github_reviewed": false,
34+
"github_reviewed_at": null,
35+
"nvd_published_at": "2026-05-15T15:16:51Z"
36+
}
37+
}

advisories/unreviewed/2026/05/GHSA-4gvv-jqvc-49j6/GHSA-4gvv-jqvc-49j6.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,9 @@
3737
}
3838
],
3939
"database_specific": {
40-
"cwe_ids": [],
40+
"cwe_ids": [
41+
"CWE-416"
42+
],
4143
"severity": "HIGH",
4244
"github_reviewed": false,
4345
"github_reviewed_at": null,

advisories/unreviewed/2026/05/GHSA-4j3q-g7jx-6rw4/GHSA-4j3q-g7jx-6rw4.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
],
2727
"database_specific": {
2828
"cwe_ids": [
29+
"CWE-610",
2930
"CWE-73"
3031
],
3132
"severity": "HIGH",

advisories/unreviewed/2026/05/GHSA-53cc-xh3p-4x9v/GHSA-53cc-xh3p-4x9v.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-53cc-xh3p-4x9v",
4-
"modified": "2026-05-08T15:31:26Z",
4+
"modified": "2026-05-15T15:30:34Z",
55
"published": "2026-05-08T15:31:26Z",
66
"aliases": [
77
"CVE-2026-43371"
88
],
99
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: Shuffle the tx ring before enabling tx\n\nQuanyang observed that when using an NFS rootfs on an AMD ZynqMp board,\nthe rootfs may take an extended time to recover after a suspend.\nUpon investigation, it was determined that the issue originates from a\nproblem in the macb driver.\n\nAccording to the Zynq UltraScale TRM [1], when transmit is disabled,\nthe transmit buffer queue pointer resets to point to the address\nspecified by the transmit buffer queue base address register.\n\nIn the current implementation, the code merely resets `queue->tx_head`\nand `queue->tx_tail` to '0'. This approach presents several issues:\n\n- Packets already queued in the tx ring are silently lost,\n leading to memory leaks since the associated skbs cannot be released.\n\n- Concurrent write access to `queue->tx_head` and `queue->tx_tail` may\n occur from `macb_tx_poll()` or `macb_start_xmit()` when these values\n are reset to '0'.\n\n- The transmission may become stuck on a packet that has already been sent\n out, with its 'TX_USED' bit set, but has not yet been processed. However,\n due to the manipulation of 'queue->tx_head' and 'queue->tx_tail',\n `macb_tx_poll()` incorrectly assumes there are no packets to handle\n because `queue->tx_head == queue->tx_tail`. This issue is only resolved\n when a new packet is placed at this position. This is the root cause of\n the prolonged recovery time observed for the NFS root filesystem.\n\nTo resolve this issue, shuffle the tx ring and tx skb array so that\nthe first unsent packet is positioned at the start of the tx ring.\nAdditionally, ensure that updates to `queue->tx_head` and\n`queue->tx_tail` are properly protected with the appropriate lock.\n\n[1] https://docs.amd.com/v/u/en-US/ug1085-zynq-ultrascale-trm",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -40,8 +45,10 @@
4045
}
4146
],
4247
"database_specific": {
43-
"cwe_ids": [],
44-
"severity": null,
48+
"cwe_ids": [
49+
"CWE-401"
50+
],
51+
"severity": "MODERATE",
4552
"github_reviewed": false,
4653
"github_reviewed_at": null,
4754
"nvd_published_at": "2026-05-08T15:16:48Z"

advisories/unreviewed/2026/05/GHSA-5pg5-5cwg-mr85/GHSA-5pg5-5cwg-mr85.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5pg5-5cwg-mr85",
4-
"modified": "2026-05-14T21:30:46Z",
4+
"modified": "2026-05-15T15:30:39Z",
55
"published": "2026-05-14T21:30:46Z",
66
"aliases": [
77
"CVE-2026-8556"
88
],
99
"details": "Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-119"
34+
],
35+
"severity": "LOW",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2026-05-14T20:17:17Z"

0 commit comments

Comments
 (0)