From 6b4a5a21d792a1e536709965b132ffbb78bc5fe9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 7 Mar 2024 11:02:23 +0000 Subject: [PATCH] Auto-Update: 2024-03-07T11:02:19.802280+00:00 --- CVE-2022/CVE-2022-460xx/CVE-2022-46091.json | 20 ++++++++ CVE-2022/CVE-2022-464xx/CVE-2022-46497.json | 20 ++++++++ CVE-2022/CVE-2022-464xx/CVE-2022-46498.json | 20 ++++++++ CVE-2022/CVE-2022-464xx/CVE-2022-46499.json | 20 ++++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33676.json | 20 ++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41014.json | 20 ++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41015.json | 20 ++++++++ CVE-2023/CVE-2023-415xx/CVE-2023-41503.json | 20 ++++++++ CVE-2023/CVE-2023-426xx/CVE-2023-42662.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0917.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-13xx/CVE-2024-1382.json | 51 +++++++++++++++++++ CVE-2024/CVE-2024-15xx/CVE-2024-1534.json | 47 ++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1931.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-21xx/CVE-2024-2136.json | 47 ++++++++++++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22256.json | 43 ++++++++++++++++ README.md | 26 +++++++--- 16 files changed, 532 insertions(+), 7 deletions(-) create mode 100644 CVE-2022/CVE-2022-460xx/CVE-2022-46091.json create mode 100644 CVE-2022/CVE-2022-464xx/CVE-2022-46497.json create mode 100644 CVE-2022/CVE-2022-464xx/CVE-2022-46498.json create mode 100644 CVE-2022/CVE-2022-464xx/CVE-2022-46499.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33676.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41014.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41015.json create mode 100644 CVE-2023/CVE-2023-415xx/CVE-2023-41503.json create mode 100644 CVE-2023/CVE-2023-426xx/CVE-2023-42662.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0917.json create mode 100644 CVE-2024/CVE-2024-13xx/CVE-2024-1382.json create mode 100644 CVE-2024/CVE-2024-15xx/CVE-2024-1534.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1931.json create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2136.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22256.json diff --git a/CVE-2022/CVE-2022-460xx/CVE-2022-46091.json b/CVE-2022/CVE-2022-460xx/CVE-2022-46091.json new file mode 100644 index 00000000000..adc6ff590a4 --- /dev/null +++ b/CVE-2022/CVE-2022-460xx/CVE-2022-46091.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46091", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:37.830", + "lastModified": "2024-03-07T09:15:37.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2022-46091/blob/main/CVE-34", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-464xx/CVE-2022-46497.json b/CVE-2022/CVE-2022-464xx/CVE-2022-46497.json new file mode 100644 index 00000000000..27e2a8f9efa --- /dev/null +++ b/CVE-2022/CVE-2022-464xx/CVE-2022-46497.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46497", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:37.970", + "lastModified": "2024-03-07T09:15:37.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2022-46497/blob/main/CVE-33", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-464xx/CVE-2022-46498.json b/CVE-2022/CVE-2022-464xx/CVE-2022-46498.json new file mode 100644 index 00000000000..a295b93a064 --- /dev/null +++ b/CVE-2022/CVE-2022-464xx/CVE-2022-46498.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46498", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.017", + "lastModified": "2024-03-07T09:15:38.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2022-46498/blob/main/CVE-32", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-464xx/CVE-2022-46499.json b/CVE-2022/CVE-2022-464xx/CVE-2022-46499.json new file mode 100644 index 00000000000..ee5b13a4a92 --- /dev/null +++ b/CVE-2022/CVE-2022-464xx/CVE-2022-46499.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46499", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.060", + "lastModified": "2024-03-07T09:15:38.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2022-46499/blob/main/CVE-31", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33676.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33676.json new file mode 100644 index 00000000000..09e573fb06f --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33676.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33676", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.107", + "lastModified": "2024-03-07T09:15:38.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view&id=*\" which can be escalated to the remote command execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2023-33676/blob/main/CVE-30", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41014.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41014.json new file mode 100644 index 00000000000..7bdfcc7edd1 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41014.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41014", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.157", + "lastModified": "2024-03-07T09:15:38.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for \"Employer.\"" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2023-41014/blob/main/CVE-28", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41015.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41015.json new file mode 100644 index 00000000000..26b9222cd29 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41015.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41015", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.200", + "lastModified": "2024-03-07T09:15:38.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2023-41015/blob/main/CVE-27", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41503.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41503.json new file mode 100644 index 00000000000..fc3f78fbcae --- /dev/null +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41503.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41503", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T09:15:38.240", + "lastModified": "2024-03-07T09:15:38.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2023-41503/blob/main/CVE-26", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42662.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42662.json new file mode 100644 index 00000000000..281b8371105 --- /dev/null +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42662.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42662", + "sourceIdentifier": "reefs@jfrog.com", + "published": "2024-03-07T09:15:38.290", + "lastModified": "2024-03-07T09:15:38.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "reefs@jfrog.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "reefs@jfrog.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories", + "source": "reefs@jfrog.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0917.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0917.json new file mode 100644 index 00000000000..570a5bcbc09 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0917.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0917", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-03-07T09:15:38.527", + "lastModified": "2024-03-07T09:15:38.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "confirmed" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1382.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1382.json new file mode 100644 index 00000000000..0389bbbaca9 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1382.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1382", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-07T09:15:38.723", + "lastModified": "2024-03-07T09:15:38.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1534.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1534.json new file mode 100644 index 00000000000..8abfd65a055 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1534.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1534", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-07T10:15:06.857", + "lastModified": "2024-03-07T10:15:06.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046146%40woocommerce-jetpack%2Ftrunk&old=3034358%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56dc5138-c864-4e36-8b7d-38ac49589c06?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1931.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1931.json new file mode 100644 index 00000000000..a5cbdd0bae1 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1931.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1931", + "sourceIdentifier": "sep@nlnetlabs.nl", + "published": "2024-03-07T10:15:07.037", + "lastModified": "2024-03-07T10:15:07.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sep@nlnetlabs.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sep@nlnetlabs.nl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt", + "source": "sep@nlnetlabs.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2136.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2136.json new file mode 100644 index 00000000000..dff6d434d73 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2136.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2136", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-07T09:15:38.910", + "lastModified": "2024-03-07T09:15:38.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3046089/wpkoi-templates-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22256.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22256.json new file mode 100644 index 00000000000..8913414300d --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22256.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22256", + "sourceIdentifier": "security@vmware.com", + "published": "2024-03-07T10:15:07.260", + "lastModified": "2024-03-07T10:15:07.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "VMware Cloud Director contains a partial information disclosure vulnerability.\u00a0A malicious actor can potentially gather information about organization names based on the behavior of the instance.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0007.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b65de038b75..a6726030aa6 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-07T09:01:11.309870+00:00 +2024-03-07T11:02:19.802280+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-07T07:15:08.377000+00:00 +2024-03-07T10:15:07.260000+00:00 ``` ### Last Data Feed Release @@ -29,16 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240752 +240767 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `15` -* [CVE-2024-1419](CVE-2024/CVE-2024-14xx/CVE-2024-1419.json) (`2024-03-07T07:15:07.733`) -* [CVE-2024-1506](CVE-2024/CVE-2024-15xx/CVE-2024-1506.json) (`2024-03-07T07:15:08.110`) -* [CVE-2024-28222](CVE-2024/CVE-2024-282xx/CVE-2024-28222.json) (`2024-03-07T07:15:08.377`) +* [CVE-2022-46091](CVE-2022/CVE-2022-460xx/CVE-2022-46091.json) (`2024-03-07T09:15:37.830`) +* [CVE-2022-46497](CVE-2022/CVE-2022-464xx/CVE-2022-46497.json) (`2024-03-07T09:15:37.970`) +* [CVE-2022-46498](CVE-2022/CVE-2022-464xx/CVE-2022-46498.json) (`2024-03-07T09:15:38.017`) +* [CVE-2022-46499](CVE-2022/CVE-2022-464xx/CVE-2022-46499.json) (`2024-03-07T09:15:38.060`) +* [CVE-2023-33676](CVE-2023/CVE-2023-336xx/CVE-2023-33676.json) (`2024-03-07T09:15:38.107`) +* [CVE-2023-41014](CVE-2023/CVE-2023-410xx/CVE-2023-41014.json) (`2024-03-07T09:15:38.157`) +* [CVE-2023-41015](CVE-2023/CVE-2023-410xx/CVE-2023-41015.json) (`2024-03-07T09:15:38.200`) +* [CVE-2023-41503](CVE-2023/CVE-2023-415xx/CVE-2023-41503.json) (`2024-03-07T09:15:38.240`) +* [CVE-2023-42662](CVE-2023/CVE-2023-426xx/CVE-2023-42662.json) (`2024-03-07T09:15:38.290`) +* [CVE-2024-0917](CVE-2024/CVE-2024-09xx/CVE-2024-0917.json) (`2024-03-07T09:15:38.527`) +* [CVE-2024-1382](CVE-2024/CVE-2024-13xx/CVE-2024-1382.json) (`2024-03-07T09:15:38.723`) +* [CVE-2024-2136](CVE-2024/CVE-2024-21xx/CVE-2024-2136.json) (`2024-03-07T09:15:38.910`) +* [CVE-2024-1534](CVE-2024/CVE-2024-15xx/CVE-2024-1534.json) (`2024-03-07T10:15:06.857`) +* [CVE-2024-1931](CVE-2024/CVE-2024-19xx/CVE-2024-1931.json) (`2024-03-07T10:15:07.037`) +* [CVE-2024-22256](CVE-2024/CVE-2024-222xx/CVE-2024-22256.json) (`2024-03-07T10:15:07.260`) ### CVEs modified in the last Commit