Publish Advisories

GHSA-g5fw-9pgg-xvqg GHSA-gp6r-24h3-qcjv GHSA-hwxf-wjq7-j3hm GHSA-7vrx-mj2w-52mf GHSA-8549-4c5j-x7g2 GHSA-c67q-c83x-f549 GHSA-c74w-77jp-9c48 GHSA-fg7j-3vp4-4qpg GHSA-j48h-6x68-4fc5 GHSA-p626-3xpc-x4f6
2024-01-24 03:32:43 +00:00 · 2024-01-24 03:32:43 +00:00 · 1483d46243
--- a/advisories/unreviewed/2023/08/GHSA-g5fw-9pgg-xvqg/GHSA-g5fw-9pgg-xvqg.json
+++ b/advisories/unreviewed/2023/08/GHSA-g5fw-9pgg-xvqg/GHSA-g5fw-9pgg-xvqg.json
@ -28,6 +28,10 @@
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
    }
  ],
  "database_specific": {
--- a/advisories/unreviewed/2023/11/GHSA-gp6r-24h3-qcjv/GHSA-gp6r-24h3-qcjv.json
+++ b/advisories/unreviewed/2023/11/GHSA-gp6r-24h3-qcjv/GHSA-gp6r-24h3-qcjv.json
@ -36,6 +36,10 @@
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
    }
  ],
  "database_specific": {
--- a/advisories/unreviewed/2023/12/GHSA-hwxf-wjq7-j3hm/GHSA-hwxf-wjq7-j3hm.json
+++ b/advisories/unreviewed/2023/12/GHSA-hwxf-wjq7-j3hm/GHSA-hwxf-wjq7-j3hm.json
@ -36,6 +36,10 @@
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/"
    }
  ],
  "database_specific": {
--- a/advisories/unreviewed/2024/01/GHSA-7vrx-mj2w-52mf/GHSA-7vrx-mj2w-52mf.json
+++ b/advisories/unreviewed/2024/01/GHSA-7vrx-mj2w-52mf/GHSA-7vrx-mj2w-52mf.json
@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vrx-mj2w-52mf",
+  "modified": "2024-01-24T03:31:25Z",
+  "published": "2024-01-24T03:31:25Z",
+  "aliases": [
+    "CVE-2023-31037"
+  ],
+  "details": "\nNVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.\n\n",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31037"
+    },
+    {
+      "type": "WEB",
+      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5511"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-01-24T03:15:08Z"
+  }
+}
--- a/advisories/unreviewed/2024/01/GHSA-8549-4c5j-x7g2/GHSA-8549-4c5j-x7g2.json
+++ b/advisories/unreviewed/2024/01/GHSA-8549-4c5j-x7g2/GHSA-8549-4c5j-x7g2.json
@ -1,7 +1,7 @@
 {
  "schema_version": "1.4.0",
  "id": "GHSA-8549-4c5j-x7g2",
-  "modified": "2024-01-18T21:30:31Z",
+  "modified": "2024-01-24T03:31:25Z",
  "published": "2024-01-12T15:30:31Z",
  "aliases": [
    "CVE-2023-0437"
@ -24,6 +24,10 @@
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/CDRIVER-4747"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P/"
    }
  ],
  "database_specific": {
--- a/advisories/unreviewed/2024/01/GHSA-c67q-c83x-f549/GHSA-c67q-c83x-f549.json
+++ b/advisories/unreviewed/2024/01/GHSA-c67q-c83x-f549/GHSA-c67q-c83x-f549.json
@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c67q-c83x-f549",
+  "modified": "2024-01-24T03:31:25Z",
+  "published": "2024-01-24T03:31:25Z",
+  "aliases": [
+    "CVE-2024-21796"
+  ],
+  "details": "Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN40049211/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-01-24T02:15:07Z"
+  }
+}
--- a/advisories/unreviewed/2024/01/GHSA-c74w-77jp-9c48/GHSA-c74w-77jp-9c48.json
+++ b/advisories/unreviewed/2024/01/GHSA-c74w-77jp-9c48/GHSA-c74w-77jp-9c48.json
@ -24,6 +24,14 @@
    {
      "type": "WEB",
      "url": "https://github.com/jasper-software/jasper/issues/367"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/"
    }
  ],
  "database_specific": {
--- a/advisories/unreviewed/2024/01/GHSA-fg7j-3vp4-4qpg/GHSA-fg7j-3vp4-4qpg.json
+++ b/advisories/unreviewed/2024/01/GHSA-fg7j-3vp4-4qpg/GHSA-fg7j-3vp4-4qpg.json
@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fg7j-3vp4-4qpg",
+  "modified": "2024-01-24T03:31:25Z",
+  "published": "2024-01-24T03:31:25Z",
+  "aliases": [
+    "CVE-2024-22380"
+  ],
+  "details": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22380"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN01434915/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-01-24T02:15:07Z"
+  }
+}
--- a/advisories/unreviewed/2024/01/GHSA-j48h-6x68-4fc5/GHSA-j48h-6x68-4fc5.json
+++ b/advisories/unreviewed/2024/01/GHSA-j48h-6x68-4fc5/GHSA-j48h-6x68-4fc5.json
@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j48h-6x68-4fc5",
+  "modified": "2024-01-24T03:31:25Z",
+  "published": "2024-01-24T03:31:25Z",
+  "aliases": [
+    "CVE-2024-21765"
+  ],
+  "details": "Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21765"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN77736613/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ysk.nilim.go.jp/cals/"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.cals-ed.go.jp/checksys-release-20231130/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-01-24T02:15:07Z"
+  }
+}
--- a/advisories/unreviewed/2024/01/GHSA-p626-3xpc-x4f6/GHSA-p626-3xpc-x4f6.json
+++ b/advisories/unreviewed/2024/01/GHSA-p626-3xpc-x4f6/GHSA-p626-3xpc-x4f6.json
@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p626-3xpc-x4f6",
+  "modified": "2024-01-24T03:31:25Z",
+  "published": "2024-01-24T03:31:25Z",
+  "aliases": [
+    "CVE-2022-4964"
+  ],
+  "details": "Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4964"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-01-24T01:15:07Z"
+  }
+}