diff --git a/2024/22xxx/CVE-2024-22405.json b/2024/22xxx/CVE-2024-22405.json index b19881a7f2b..6e775947597 100644 --- a/2024/22xxx/CVE-2024-22405.json +++ b/2024/22xxx/CVE-2024-22405.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281: Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MacPaw", + "product": { + "product_data": [ + { + "product_name": "XADMaster", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.10.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2", + "refsource": "MISC", + "name": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2" + }, + { + "url": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c", + "refsource": "MISC", + "name": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c" + } + ] + }, + "source": { + "advisory": "GHSA-xg3c-r7w5-7xw2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30203.json b/2024/30xxx/CVE-2024-30203.json index f9b8efdbfc3..0593e9796e5 100644 --- a/2024/30xxx/CVE-2024-30203.json +++ b/2024/30xxx/CVE-2024-30203.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html" } ] } diff --git a/2024/30xxx/CVE-2024-30204.json b/2024/30xxx/CVE-2024-30204.json index 631970934de..7a3fd3cd0ff 100644 --- a/2024/30xxx/CVE-2024-30204.json +++ b/2024/30xxx/CVE-2024-30204.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html" } ] } diff --git a/2024/30xxx/CVE-2024-30205.json b/2024/30xxx/CVE-2024-30205.json index 6f7112d0712..cc1c86f9c6f 100644 --- a/2024/30xxx/CVE-2024-30205.json +++ b/2024/30xxx/CVE-2024-30205.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20240429 [SECURITY] [DLA 3801-1] emacs security update", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3802-1] org-mode security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html" } ] } diff --git a/2024/4xxx/CVE-2024-4339.json b/2024/4xxx/CVE-2024-4339.json new file mode 100644 index 00000000000..af5436e5b92 --- /dev/null +++ b/2024/4xxx/CVE-2024-4339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file