自动数据同步 2025-11-12

Author: github-actions[bot]

data/all_vuln/ALSA-2025:19403.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19403","published":"2025-11-03T00:00:00Z","modified":"2025-11-07T12:04:59Z","related":["CVE-2025-59375"],"summary":"Important: expat security update","details":"Expat is a C library for parsing XML documents.  \n\nSecurity Fix(es):  \n\n  * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"expat","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/expat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.1-1.el10_0.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19403.json"}},{"package":{"name":"expat-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/expat-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.1-1.el10_0.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19403.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19403"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-59375"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2395108"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19403.html"}]}

data/all_vuln/ALSA-2025:19435.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19435","published":"2025-11-03T00:00:00Z","modified":"2025-11-07T11:12:17Z","related":["CVE-2025-62229","CVE-2025-62230","CVE-2025-62231"],"summary":"Moderate: xorg-x11-server-Xwayland security update","details":"Xwayland is an X server for running X clients under Wayland.  \n\nSecurity Fix(es):  \n\n  * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)\n  * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)\n  * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"xorg-x11-server-Xwayland","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/xorg-x11-server-Xwayland"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.5-5.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19435.json"}},{"package":{"name":"xorg-x11-server-Xwayland-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/xorg-x11-server-Xwayland-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.5-5.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19435.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19435"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-62229"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-62230"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-62231"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2402649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2402653"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2402660"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19435.html"}]}

data/all_vuln/ALSA-2025:19469.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19566","published":"2025-11-04T00:00:00Z","modified":"2025-11-07T10:05:01Z","related":["CVE-2025-27144"],"summary":"Moderate: osbuild-composer security update","details":"A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  \n\nSecurity Fix(es):  \n\n  * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"osbuild-composer","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/osbuild-composer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"134.1-3.el10_0.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19566.json"}},{"package":{"name":"osbuild-composer-core","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/osbuild-composer-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"134.1-3.el10_0.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19566.json"}},{"package":{"name":"osbuild-composer-worker","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/osbuild-composer-worker"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"134.1-3.el10_0.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19566.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19566"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-27144"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2347423"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19566.html"}]}

data/all_vuln/ALSA-2025:19566.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19675","published":"2025-11-04T00:00:00Z","modified":"2025-11-07T08:40:54Z","related":["CVE-2025-46817","CVE-2025-46818","CVE-2025-46819","CVE-2025-49844"],"summary":"Important: valkey security update","details":"Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also.  \n\nSecurity Fix(es):  \n\n  * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n  * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n  * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n  * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"valkey","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/valkey"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.6-1.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19675.json"}},{"package":{"name":"valkey-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/valkey-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.6-1.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19675.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19675"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-46817"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-46818"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-46819"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49844"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2401258"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2401292"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2401322"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2401324"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19675.html"}]}

data/all_vuln/ALSA-2025:19675.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19772","published":"2025-11-05T00:00:00Z","modified":"2025-11-07T08:19:22Z","related":["CVE-2025-10729"],"summary":"Important: qt6-qtsvg security update","details":"Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.  \n\nSecurity Fix(es):  \n\n  * qtsvg: Use-after-free vulnerability in Qt SVG (CVE-2025-10729)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"qt6-qtsvg","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/qt6-qtsvg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.8.1-1.el10_0.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19772.json"}},{"package":{"name":"qt6-qtsvg-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/qt6-qtsvg-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.8.1-1.el10_0.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19772.json"}},{"package":{"name":"qt6-qtsvg-examples","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/qt6-qtsvg-examples"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.8.1-1.el10_0.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19772.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19772"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10729"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2401241"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19772.html"}]}

data/all_vuln/ALSA-2025:19772.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19912","published":"2025-11-06T00:00:00Z","modified":"2025-11-10T13:14:12Z","related":["CVE-2025-40778","CVE-2025-40780","CVE-2025-8677"],"summary":"Important: bind security update","details":"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.  \n\nSecurity Fix(es):  \n\n  * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n  * bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n  * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"bind","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-chroot","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-chroot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-dnssec-utils","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-dnssec-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-doc","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-libs","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-license","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-license"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}},{"package":{"name":"bind-utils","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/bind-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32:9.18.33-4.el10_0.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19912"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-40778"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-40780"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8677"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2405827"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2405829"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2405830"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-19912.html"}]}

data/all_vuln/ALSA-2025:19912.json

@@ -0,0 +1 @@
+{"schema_version":"1.7.3","id":"ALSA-2025:19927","published":"2025-11-07T00:00:00Z","modified":"2025-11-10T12:59:59Z","related":["CVE-2025-31133","CVE-2025-52565","CVE-2025-52881"],"summary":"Important: runc security update","details":"The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.  \n\nSecurity Fix(es):  \n\n  * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)\n  * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)\n  * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","affected":[{"package":{"name":"runc","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/runc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:1.2.5-3.el9_6"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:19927.json"}}],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19927"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-31133"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-52565"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-52881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2404705"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2404708"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2404715"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2025-19927.html"}]}