Sync EUVD catalog: Wed May 27 00:54:11 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2021/06/EUVD-2021-8907.json

@@ -0,0 +1,32 @@
+{
+  "id": "EUVD-2021-8907",
+  "enisaUuid": "8778008d-d8d1-388f-b8ee-6b94343db0b9",
+  "description": "A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.",
+  "datePublished": "Jun 10, 2021, 11:18:23 AM",
+  "dateUpdated": "May 26, 2026, 5:20:48 AM",
+  "baseScore": null,
+  "references": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924\n",
+  "aliases": "CVE-2021-21735\nGHSA-j3rv-rh4f-4rf6\n",
+  "assigner": "zte",
+  "epss": 0.15,
+  "enisaIdProduct": [
+    {
+      "id": "6f97bd42-b65b-3b72-85fa-7594678df839",
+      "product": {
+        "name": "ZXHN H168N",
+        "vendor": {
+          "name": "ZTE"
+        }
+      },
+      "product_version": "All versions up to V3.5.0_EG1T4_TE"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "1bb9ff34-9f4d-34e5-be98-5450931b2e27",
+      "vendor": {
+        "name": "n/a"
+      }
+    }
+  ]
+}

advisories/2023/08/EUVD-2023-54377.json

@@ -1,21 +1,24 @@
 {
   "id": "EUVD-2023-54377",
   "enisaUuid": "7b571156-a6f4-3ba7-836d-56beaab5392b",
-  "description": "An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit",
-  "datePublished": "Aug 30, 2023, 9:30:15 AM",
-  "dateUpdated": "Mar 13, 2024, 3:31:05 AM",
+  "description": "An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.",
+  "datePublished": "Aug 30, 2023, 7:01:19 AM",
+  "dateUpdated": "May 26, 2026, 4:04:53 AM",
   "baseScore": 4.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/406817\nhttps://hackerone.com/reports/1937213\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4522\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/406817\nhttps://hackerone.com/reports/1937213\n",
   "aliases": "GHSA-3cw2-66px-r367\nCVE-2023-4522\n",
   "assigner": "GitLab",
-  "epss": 0.1,
+  "epss": 0.12,
   "enisaIdProduct": [
     {
       "id": "9df6214d-b45d-3b05-962c-7e6312ac09be",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "0 <16.2.0"
     }

advisories/2024/01/EUVD-2023-59219.json

@@ -3,68 +3,92 @@
   "enisaUuid": "db43ee28-9f29-3309-836a-7fad7a447e59",
   "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.",
   "datePublished": "Jan 12, 2024, 1:56:41 PM",
-  "dateUpdated": "Oct 21, 2025, 11:05:28 PM",
+  "dateUpdated": "May 26, 2026, 4:05:15 AM",
   "baseScore": 10.0,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084\nhttps://hackerone.com/reports/2293343\nhttps://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-7028\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028\nhttps://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084\nhttps://hackerone.com/reports/2293343\n",
   "aliases": "GHSA-mgg5-84cv-fc3c\nCVE-2023-7028\n",
   "assigner": "GitLab",
-  "epss": 93.54,
+  "epss": 93.82,
   "exploitedSince": "May 1, 2024, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "002427ed-dcf9-37e8-baba-d3977a6a199f",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.7 <16.7.2"
     },
     {
       "id": "35387f48-5f13-3d1c-a356-fff0baf9c25d",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       }
     },
     {
       "id": "6a7da0f3-c1d7-38ff-b308-7d154964422f",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.3 <16.3.7"
     },
     {
       "id": "80de2489-6376-3abf-a46e-ef0a61d6c8bc",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.1 <16.1.6"
     },
     {
       "id": "85ef09d8-05e3-3c08-a108-242e9f6a22e2",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.2 <16.2.9"
     },
     {
       "id": "c23d84fc-8801-37c2-94df-0f6f45cf3cde",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.5 <16.5.6"
     },
     {
       "id": "f071382f-fd29-3a5c-b1c3-21658e5a7b11",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.4 <16.4.5"
     },
     {
       "id": "fa215699-1117-3488-90db-338d395875a7",
       "product": {
-        "name": "GitLab"
+        "name": "GitLab",
+        "vendor": {
+          "name": "GitLab"
+        }
       },
       "product_version": "16.6 <16.6.4"
     }

advisories/2025/01/EUVD-2024-50582.json

@@ -3,15 +3,46 @@
   "enisaUuid": "f23ef2a8-52fc-30d6-aa67-e0faeff05bb6",
   "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
   "datePublished": "Jan 14, 2025, 5:37:54 PM",
-  "dateUpdated": "Jan 28, 2026, 6:57:37 PM",
+  "dateUpdated": "May 26, 2026, 5:40:03 AM",
   "baseScore": 6.1,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
-  "references": "https://access.redhat.com/security/cve/CVE-2024-12086\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2330577\nhttps://kb.cert.org/vuls/id/952657\nhttps://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12086\nhttps://security.netapp.com/advisory/ntap-20250131-0002\nhttps://lists.debian.org/debian-lts-announce/2025/01/msg00008.html\nhttps://www.kb.cert.org/vuls/id/952657\n",
+  "references": "https://access.redhat.com/errata/RHBA-2025:6470\nhttps://access.redhat.com/errata/RHSA-2026:19368\nhttps://access.redhat.com/errata/RHSA-2026:20603\nhttps://access.redhat.com/security/cve/CVE-2024-12086\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2330577\nhttps://kb.cert.org/vuls/id/952657\n",
   "aliases": "CVE-2024-12086\nGHSA-82c6-8mfc-c23h\n",
   "assigner": "redhat",
-  "epss": 0.64,
-  "enisaIdProduct": [],
+  "epss": 1.22,
+  "enisaIdProduct": [
+    {
+      "id": "1fcd13ee-16cd-3210-8f29-70770e6f069b",
+      "product": {
+        "name": "Red Hat Enterprise Linux 10",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:3.4.1-2.el10"
+    },
+    {
+      "id": "a3e20f0b-b915-32d5-b20e-843a53975915",
+      "product": {
+        "name": "Red Hat Enterprise Linux 9.6 Extended Update Support",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:3.2.5-3.el9_6.1"
+    },
+    {
+      "id": "c757cdcd-7ca8-325b-9e59-e239efb97649",
+      "product": {
+        "name": "Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:3.2.5-7.el9_8"
+    }
+  ],
   "enisaIdVendor": [
     {
       "id": "dc2d8ab2-1ec0-3ef0-89a8-c23bccd356fc",

advisories/2025/07/EUVD-2025-19931.json

@@ -3,33 +3,62 @@
   "enisaUuid": "5faa3beb-f4f6-33a5-9aa5-764de25e8b26",
   "description": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success\u2014the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.",
   "datePublished": "Jul 4, 2025, 6:01:27 AM",
-  "dateUpdated": "Dec 19, 2025, 9:46:09 PM",
+  "dateUpdated": "May 26, 2026, 5:33:20 AM",
   "baseScore": 5.0,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
-  "references": "https://access.redhat.com/security/cve/CVE-2025-5372\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2369388\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5372\nhttps://access.redhat.com/errata/RHSA-2025:21977\nhttps://access.redhat.com/errata/RHSA-2025:23024\n",
+  "references": "https://access.redhat.com/errata/RHSA-2025:21977\nhttps://access.redhat.com/errata/RHSA-2025:23024\nhttps://access.redhat.com/errata/RHSA-2026:20610\nhttps://access.redhat.com/security/cve/CVE-2025-5372\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2369388\n",
   "aliases": "GHSA-59w5-j22f-h3rv\nCVE-2025-5372\n",
   "assigner": "redhat",
-  "epss": 0.1,
+  "epss": 0.22,
   "enisaIdProduct": [
     {
       "id": "80ae3b9e-7bd7-3cb0-b42f-58e54b89539e",
       "product": {
-        "name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions"
+        "name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
+        "vendor": {
+          "name": "Red Hat"
+        }
       },
       "product_version": "patch: 0:0.9.6-3.el9_0.2"
     },
+    {
+      "id": "82defb67-931a-3b82-840a-3c548ef428a0",
+      "product": {
+        "name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:0.9.6-13.el8_8.2"
+    },
     {
       "id": "d0e70440-2df7-3873-98de-7959b4c77714",
       "product": {
-        "name": "Red Hat Enterprise Linux 8"
+        "name": "Red Hat Enterprise Linux 8",
+        "vendor": {
+          "name": "Red Hat"
+        }
       },
       "product_version": "patch: 0:0.9.6-16.el8_10"
     },
+    {
+      "id": "edb23f4f-be2e-3bdb-b86e-2c2edece3d33",
+      "product": {
+        "name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:0.9.6-13.el8_8.2"
+    },
     {
       "id": "f37276ea-814c-3ad8-ac0b-c2e8d22d0c8a",
       "product": {
-        "name": "libssh"
+        "name": "libssh",
+        "vendor": {
+          "name": "n/a"
+        }
       },
       "product_version": "0 <0.11.2"
     }