-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-01-24T03:00:24.562439+00:00
- Loading branch information
1 parent
7348f8f
commit 847abb5
Showing
6 changed files
with
148 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| { | ||
| "id": "CVE-2022-4964", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-24T01:15:07.977", | ||
| "lastModified": "2024-01-24T01:15:07.977", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", | ||
| "attackVector": "LOCAL", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 5.5, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 1.8, | ||
| "impactScore": 3.6 | ||
| } | ||
| ] | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| { | ||
| "id": "CVE-2024-21765", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-24T02:15:07.110", | ||
| "lastModified": "2024-01-24T02:15:07.110", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "http://www.cals-ed.go.jp/checksys-release-20231130/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://jvn.jp/en/jp/JVN77736613/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.ysk.nilim.go.jp/cals/", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "id": "CVE-2024-21796", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-24T02:15:07.180", | ||
| "lastModified": "2024-01-24T02:15:07.180", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://jvn.jp/en/jp/JVN40049211/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "id": "CVE-2024-22380", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-24T02:15:07.233", | ||
| "lastModified": "2024-01-24T02:15:07.233", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://jvn.jp/en/jp/JVN01434915/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,8 +2,12 @@ | |
| "id": "CVE-2024-23222", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-23T01:15:11.500", | ||
| "lastModified": "2024-01-23T13:44:00.593", | ||
| "lastModified": "2024-01-24T02:00:01.397", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "cisaExploitAdd": "2024-01-23", | ||
| "cisaActionDue": "2024-02-13", | ||
| "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", | ||
| "cisaVulnerabilityName": "Apple Multiple Products Type Confusion Vulnerability", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters