Publish Advisories

GHSA-cmjx-92rg-pwqx
GHSA-f6jh-8r5x-7hmm
GHSA-mrq3-267c-9c65
GHSA-q3gx-79gc-hv4g
GHSA-q4pq-qx89-48vq
GHSA-qq62-42pv-vwvh
GHSA-r85c-395r-g559

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-cmjx-92rg-pwqx/GHSA-cmjx-92rg-pwqx.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cmjx-92rg-pwqx",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2022-49418"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix free of uninitialized nfs4_label on referral lookup.\n\nSend along the already-allocated fattr along with nfs4_fs_locations, and\ndrop the memcpy of fattr.  We end up growing two more allocations, but this\nfixes up a crash as:\n\nPID: 790    TASK: ffff88811b43c000  CPU: 0   COMMAND: \"ls\"\n #0 [ffffc90000857920] panic at ffffffff81b9bfde\n #1 [ffffc900008579c0] do_trap at ffffffff81023a9b\n #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78\n #3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45\n #4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de\n #5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs]\n #6 [ffffc90000857b70] __lookup_slow at ffffffff813a4a5f\n #7 [ffffc90000857c60] walk_component at ffffffff813a86c4\n #8 [ffffc90000857cb8] path_lookupat at ffffffff813a9553\n #9 [ffffc90000857cf0] filename_lookup at ffffffff813ab86b",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49418"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6015292653d95ba9f72906e2b65e536aa5807d64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c3ed222745d9ad7b69299b349a64ba533c64a34f"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:18Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-f6jh-8r5x-7hmm/GHSA-f6jh-8r5x-7hmm.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f6jh-8r5x-7hmm",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2025-6268"
+  ],
+  "details": "A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6268"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.313272"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.313272"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.592218"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-19T15:15:20Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-mrq3-267c-9c65/GHSA-mrq3-267c-9c65.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mrq3-267c-9c65",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2025-4738"
+  ],
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0132"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-19T13:15:51Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-q3gx-79gc-hv4g/GHSA-q3gx-79gc-hv4g.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q3gx-79gc-hv4g",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2025-6267"
+  ],
+  "details": "A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6267"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.313271"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.313271"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.586697"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-19T14:15:55Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-q4pq-qx89-48vq/GHSA-q4pq-qx89-48vq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q4pq-qx89-48vq",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2024-24916"
+  ],
+  "details": "Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24916"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.checkpoint.com/results/sk/sk183342"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-19T14:15:44Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-qq62-42pv-vwvh/GHSA-qq62-42pv-vwvh.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qq62-42pv-vwvh",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2022-49352"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in ext4_handle_inode_extension\n\nWe got issue as follows:\nEXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory\nEXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error\nEXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory\nEXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220\nModules linked in:\nCPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1\nRIP: 0010:ext4_file_write_iter+0x11c9/0x1220\nRSP: 0018:ffff924d80b27c00 EFLAGS: 00010282\nRAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000\nRDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd\nRBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f\nR10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a\nR13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b\nFS:  00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n do_iter_readv_writev+0x2e5/0x360\n do_iter_write+0x112/0x4c0\n do_pwritev+0x1e5/0x390\n __x64_sys_pwritev2+0x7e/0xa0\n do_syscall_64+0x37/0x50\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAbove issue may happen as follows:\nAssume\ninode.i_size=4096\nEXT4_I(inode)->i_disksize=4096\n\nstep 1: set inode->i_isize = 8192\next4_setattr\n  if (attr->ia_size != inode->i_size)\n    EXT4_I(inode)->i_disksize = attr->ia_size;\n    rc = ext4_mark_inode_dirty\n       ext4_reserve_inode_write\n          ext4_get_inode_loc\n            __ext4_get_inode_loc\n              sb_getblk --> return -ENOMEM\n   ...\n   if (!error)  ->will not update i_size\n     i_size_write(inode, attr->ia_size);\nNow:\ninode.i_size=4096\nEXT4_I(inode)->i_disksize=8192\n\nstep 2: Direct write 4096 bytes\next4_file_write_iter\n ext4_dio_write_iter\n   iomap_dio_rw ->return error\n if (extend)\n   ext4_handle_inode_extension\n     WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);\n->Then trigger warning.\n\nTo solve above issue, if mark inode dirty failed in ext4_setattr just\nset 'EXT4_I(inode)->i_disksize' with old value.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1bcce88da60eccc946c0f4ed942b0f08cd565778"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/adf490083ca52ebfb0b2fe64ff1ead00c0452dd7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b81d2ff6885e38fc745eeaf9565775055778fc0b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e383c2aa5f02ab571530dc5c5696479672478c25"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f4534c9fc94d22383f187b9409abb3f9df2e3db3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:11Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-r85c-395r-g559/GHSA-r85c-395r-g559.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r85c-395r-g559",
+  "modified": "2025-06-19T15:30:30Z",
+  "published": "2025-06-19T15:30:30Z",
+  "aliases": [
+    "CVE-2022-49558"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: double hook unregistration in netns path\n\n__nft_release_hooks() is called from pre_netns exit path which\nunregisters the hooks, then the NETDEV_UNREGISTER event is triggered\nwhich unregisters the hooks again.\n\n[  565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270\n[...]\n[  565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G            E     5.18.0-rc7+ #27\n[  565.253682] Workqueue: netns cleanup_net\n[  565.257059] RIP: 0010:__nf_unregister_net_hook+0x247/0x270\n[...]\n[  565.297120] Call Trace:\n[  565.300900]  <TASK>\n[  565.304683]  nf_tables_flowtable_event+0x16a/0x220 [nf_tables]\n[  565.308518]  raw_notifier_call_chain+0x63/0x80\n[  565.312386]  unregister_netdevice_many+0x54f/0xb50\n\nUnregister and destroy netdev hook from netns pre_exit via kfree_rcu\nso the NETDEV_UNREGISTER path see unregistered hooks.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3fac8ce48fa9fd61ee9056d3ed48b2edefca8b82"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/86c0154f4c3a56c5db8b9dd09e3ce885382c2c19"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9c413a8c8bb49cc16796371805ecb260e885bb2b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a3940dcf552f2393d1e8f263b386593f98abe829"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b09e6ccf0d12f9356e8e3508d3e3dce126298538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f9a43007d3f7ba76d5e7f9421094f00f2ef202f8"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:31Z"
+  }
+}