Auto-Update: 2024-01-24T03:00:24.562439+00:00

2025-05-09 03:57:14 +00:00 · 2024-01-24 03:00:28 +00:00 · 2024-01-24 03:00:28 +00:00 · 847abb598a
commit 847abb598a
parent 7348f8f507
6 changed files with 147 additions and 30 deletions
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2022-4964",
+  "sourceIdentifier": "security@ubuntu.com",
+  "published": "2024-01-24T01:15:07.977",
+  "lastModified": "2024-01-24T01:15:07.977",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@ubuntu.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/",
+      "source": "security@ubuntu.com"
+    },
+    {
+      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964",
+      "source": "security@ubuntu.com"
+    },
+    {
+      "url": "https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779",
+      "source": "security@ubuntu.com"
+    },
+    {
+      "url": "https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567",
+      "source": "security@ubuntu.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json
+++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-21765",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-24T02:15:07.110",
+  "lastModified": "2024-01-24T02:15:07.110",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://www.cals-ed.go.jp/checksys-release-20231130/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN77736613/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.ysk.nilim.go.jp/cals/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-217xx/CVE-2024-21796.json
+++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21796.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-21796",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-24T02:15:07.180",
+  "lastModified": "2024-01-24T02:15:07.180",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN40049211/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-223xx/CVE-2024-22380.json
+++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22380.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-22380",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-24T02:15:07.233",
+  "lastModified": "2024-01-24T02:15:07.233",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN01434915/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
+++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
@ -2,8 +2,12 @@
  "id": "CVE-2024-23222",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2024-01-23T01:15:11.500",
-  "lastModified": "2024-01-23T13:44:00.593",
+  "lastModified": "2024-01-24T02:00:01.397",
  "vulnStatus": "Awaiting Analysis",
+  "cisaExploitAdd": "2024-01-23",
+  "cisaActionDue": "2024-02-13",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "Apple Multiple Products Type Confusion Vulnerability",
  "descriptions": [
    {
      "lang": "en",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-24T00:55:24.693980+00:00
+2024-01-24T03:00:24.562439+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-24T00:15:08.573000+00:00
+2024-01-24T02:15:07.233000+00:00
 ```

 ### Last Data Feed Release
@ -23,48 +23,30 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-01-23T01:00:28.263841+00:00
+2024-01-24T01:00:28.264689+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-236694
+236698
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `18`
+Recently added CVEs: `4`

-* [CVE-2023-35835](CVE-2023/CVE-2023-358xx/CVE-2023-35835.json) (`2024-01-23T23:15:07.947`)
-* [CVE-2023-35836](CVE-2023/CVE-2023-358xx/CVE-2023-35836.json) (`2024-01-23T23:15:08.000`)
-* [CVE-2023-35837](CVE-2023/CVE-2023-358xx/CVE-2023-35837.json) (`2024-01-23T23:15:08.050`)
-* [CVE-2023-47115](CVE-2023/CVE-2023-471xx/CVE-2023-47115.json) (`2024-01-23T23:15:08.100`)
-* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-24T00:15:07.720`)
-* [CVE-2024-0805](CVE-2024/CVE-2024-08xx/CVE-2024-0805.json) (`2024-01-24T00:15:07.787`)
-* [CVE-2024-0806](CVE-2024/CVE-2024-08xx/CVE-2024-0806.json) (`2024-01-24T00:15:07.847`)
-* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-24T00:15:07.897`)
-* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-24T00:15:07.950`)
-* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-24T00:15:08.003`)
-* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-24T00:15:08.063`)
-* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-24T00:15:08.117`)
-* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-24T00:15:08.167`)
-* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-24T00:15:08.223`)
-* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-24T00:15:08.273`)
-* [CVE-2024-23453](CVE-2024/CVE-2024-234xx/CVE-2024-23453.json) (`2024-01-24T00:15:08.327`)
-* [CVE-2024-23633](CVE-2024/CVE-2024-236xx/CVE-2024-23633.json) (`2024-01-24T00:15:08.373`)
-* [CVE-2024-23638](CVE-2024/CVE-2024-236xx/CVE-2024-23638.json) (`2024-01-24T00:15:08.573`)
+* [CVE-2022-4964](CVE-2022/CVE-2022-49xx/CVE-2022-4964.json) (`2024-01-24T01:15:07.977`)
+* [CVE-2024-21765](CVE-2024/CVE-2024-217xx/CVE-2024-21765.json) (`2024-01-24T02:15:07.110`)
+* [CVE-2024-21796](CVE-2024/CVE-2024-217xx/CVE-2024-21796.json) (`2024-01-24T02:15:07.180`)
+* [CVE-2024-22380](CVE-2024/CVE-2024-223xx/CVE-2024-22380.json) (`2024-01-24T02:15:07.233`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `5`
+Recently modified CVEs: `1`

-* [CVE-2023-33295](CVE-2023/CVE-2023-332xx/CVE-2023-33295.json) (`2024-01-23T23:15:07.890`)
-* [CVE-2023-5646](CVE-2023/CVE-2023-56xx/CVE-2023-5646.json) (`2024-01-23T23:15:08.317`)
-* [CVE-2023-5647](CVE-2023/CVE-2023-56xx/CVE-2023-5647.json) (`2024-01-23T23:15:08.373`)
-* [CVE-2023-5655](CVE-2023/CVE-2023-56xx/CVE-2023-5655.json) (`2024-01-23T23:15:08.403`)
-* [CVE-2023-5656](CVE-2023/CVE-2023-56xx/CVE-2023-5656.json) (`2024-01-23T23:15:08.440`)
+* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-24T02:00:01.397`)


 ## Download and Usage