From 642fbc6baa79fe2f3206c2bd4d94fdccf9e2bd9f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 27 May 2024 23:58:24 +0000 Subject: [PATCH] Auto-Update: 2024-05-27T23:55:30.229868+00:00 --- CVE-2024/CVE-2024-364xx/CVE-2024-36426.json | 24 +++++++++++++++++++++ CVE-2024/CVE-2024-364xx/CVE-2024-36428.json | 24 +++++++++++++++++++++ README.md | 10 ++++----- _state.csv | 6 ++++-- 4 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-364xx/CVE-2024-36426.json create mode 100644 CVE-2024/CVE-2024-364xx/CVE-2024-36428.json diff --git a/CVE-2024/CVE-2024-364xx/CVE-2024-36426.json b/CVE-2024/CVE-2024-364xx/CVE-2024-36426.json new file mode 100644 index 00000000000..0a354d9880f --- /dev/null +++ b/CVE-2024/CVE-2024-364xx/CVE-2024-36426.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36426", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-27T22:15:08.507", + "lastModified": "2024-05-27T22:15:08.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/DMCERTCE/DecisionSuite_Token_in_Url", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json b/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json new file mode 100644 index 00000000000..a692c40b7e5 --- /dev/null +++ b/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36428", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-27T23:15:13.120", + "lastModified": "2024-05-27T23:15:13.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 27905123c28..296ff9b1300 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-27T22:00:37.924069+00:00 +2024-05-27T23:55:30.229868+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-27T20:15:09.060000+00:00 +2024-05-27T23:15:13.120000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251883 +251885 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-29415](CVE-2024/CVE-2024-294xx/CVE-2024-29415.json) (`2024-05-27T20:15:08.970`) -- [CVE-2024-34923](CVE-2024/CVE-2024-349xx/CVE-2024-34923.json) (`2024-05-27T20:15:09.060`) +- [CVE-2024-36426](CVE-2024/CVE-2024-364xx/CVE-2024-36426.json) (`2024-05-27T22:15:08.507`) +- [CVE-2024-36428](CVE-2024/CVE-2024-364xx/CVE-2024-36428.json) (`2024-05-27T23:15:13.120`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e88920ef910..a03d4ddb82c 100644 --- a/_state.csv +++ b/_state.csv @@ -247386,7 +247386,7 @@ CVE-2024-29401,0,0,679ee7eb07f94632974ee3a3d5e9f1f36658f780199e198816f5b2401b4ea CVE-2024-29402,0,0,fda5605a49d434b54f664af40772780310034556d5d1866a088f676172e81755,2024-04-17T12:48:07.510000 CVE-2024-2941,0,0,6f2f6134f947aa41f2aefc33410d7cbe9590eb8960b4800ff78298df311745af,2024-05-17T02:38:38.410000 CVE-2024-29413,0,0,a58c13bdf67afd8b98d238166eefb90262a9870531d3d5f182e9810c30b452cd,2024-04-04T12:48:41.700000 -CVE-2024-29415,1,1,5fc3a1756908b9e94744404b65167fcee76f6cfaf6f0a7c94cd668cf1f450907,2024-05-27T20:15:08.970000 +CVE-2024-29415,0,0,5fc3a1756908b9e94744404b65167fcee76f6cfaf6f0a7c94cd668cf1f450907,2024-05-27T20:15:08.970000 CVE-2024-29417,0,0,89d07e3eb8e147d93c431f357bf92973ead1b3854c21888d1e99630fdc9218d4,2024-05-03T15:32:19.637000 CVE-2024-29419,0,0,2f1c2a30167616ce2f7264d13a2e39c4e307caf2a0fab8a1d39f77c0f2b7d31b,2024-03-20T17:18:21.343000 CVE-2024-2942,0,0,441f0a67703a8db7af5d599581bb10078cc400b1f49682a90a1d996555281551,2024-05-17T02:38:38.500000 @@ -250337,7 +250337,7 @@ CVE-2024-34913,0,0,482ab417b16d36cac885da18c13005f6c4dcc004509b2b573a33dd2947f7d CVE-2024-34914,0,0,70a7c11501909b39ef53f8b81e0474e671bd02725d09e7751be6f86dc2b4f270,2024-05-14T19:17:55.627000 CVE-2024-34919,0,0,76beccc7ee306fce0aae029e497d6e83a0c5a3aea6f0c11ac1da266396722275,2024-05-17T18:35:35.070000 CVE-2024-34921,0,0,dbf53dbc9b81b9221c12f4c1ada0297cc361fc3675871ab0069ddf8fe9b53895,2024-05-14T16:12:23.490000 -CVE-2024-34923,1,1,b2833e04d3815a5b8e3572d8ea818bf6f05096f416d160f6fd259d301fa093dc,2024-05-27T20:15:09.060000 +CVE-2024-34923,0,0,b2833e04d3815a5b8e3572d8ea818bf6f05096f416d160f6fd259d301fa093dc,2024-05-27T20:15:09.060000 CVE-2024-34927,0,0,f64d4b3fa2d75a498f29da3e6338e873aaa7fe95b7d4cb54fa8a5234118d8251,2024-05-24T01:15:30.977000 CVE-2024-34928,0,0,43cd769ec4fdb33239ced280adaf59383cf7b652fcf6735a7ca67fa759cc6693,2024-05-24T01:15:30.977000 CVE-2024-34929,0,0,ef37f14987963fad9ab35b4d2ebf05a2e84c97cdb2ecbc61ba0c98ed773a4ba4,2024-05-24T01:15:30.977000 @@ -250844,6 +250844,8 @@ CVE-2024-36384,0,0,a0d79da3fdcabd7b9bb7cff9348fa87578adddb020086454394ad176d2bb3 CVE-2024-3640,0,0,abbf5a33cbca708fe19710dda7a796491ae1d1614e9cd03f43d6cddef8b09500,2024-05-17T18:36:31.297000 CVE-2024-3641,0,0,c281de95cce057acff2793609e8f843aad579a2f0257c0c2e0b6442733e87b14,2024-05-16T13:03:05.353000 CVE-2024-3642,0,0,bbed1ee941355da6f32a6eba37e95a843dd7913c7dd227d8da7f65dcb683674b,2024-05-16T13:03:05.353000 +CVE-2024-36426,1,1,2ba75340c0210bb8004d8d51594bd16fe0890e2daaa89efea2abaf2de430698e,2024-05-27T22:15:08.507000 +CVE-2024-36428,1,1,3e75b809ab1020fb15243e78f62cd833777fcf19f9a1e8d806b8526ebae7763a,2024-05-27T23:15:13.120000 CVE-2024-3643,0,0,52bab63bfc91b1f0b9d75e6e14dccb142e0861ecbf55c57479143676f8644d3b,2024-05-16T13:03:05.353000 CVE-2024-3644,0,0,4e49052df3e8a0f31e3394cce710c4ef728e2bd6bf109b57603d53a5d48d8bab,2024-05-16T13:03:05.353000 CVE-2024-3645,0,0,9bfaa42192c6fa49951fba1d7645fb7975d3a2b4cd9bcc55a7dd9ceef33e077c,2024-04-22T19:24:12.920000