admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-05T19:00:25.615578+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-05 19:00:29 +00:00
parent 84933a5016
commit ba465ed385
19 changed files with 834 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-460xx/CVE-2022-46088.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46088",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T16:15:49.190",
"lastModified": "2024-03-05T16:15:49.190",
"vulnStatus": "Received",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-437xx/CVE-2023-43787.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43787",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:22.083",
"lastModified": "2024-01-24T21:15:08.493",
"lastModified": "2024-03-05T18:15:47.453",
"vulnStatus": "Modified",
"descriptions": [
{
@ -153,6 +153,10 @@
"Third Party Advisory"
]
},
{
"url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0006/",
"source": "secalert@redhat.com"

97
CVE-2024/CVE-2024-13xx/CVE-2024-1369.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1369",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-02-13T19:15:10.023",
"lastModified": "2024-02-13T19:45:42.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T17:42:45.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd\u00a0configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo al configurar el nombre de usuario y la contrase\u00f1a para las configuraciones recopiladas. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -46,22 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.15",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.7",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.5",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
}
]
}

97
CVE-2024/CVE-2024-13xx/CVE-2024-1372.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1372",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-02-13T19:15:10.217",
"lastModified": "2024-02-13T19:45:42.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T17:12:04.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo al configurar los ajustes de SAML. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -46,22 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.15",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.7",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.5",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
}
]
}

130
CVE-2024/CVE-2024-213xx/CVE-2024-21352.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21352",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:51.517",
"lastModified": "2024-02-13T18:22:58.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T18:54:26.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"metrics": {
@ -34,10 +38,130 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20469",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4046",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4046",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2777",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3155",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2322",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.709",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21352",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

131
CVE-2024/CVE-2024-213xx/CVE-2024-21358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21358",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:52.533",
"lastModified": "2024-02-13T18:22:58.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T17:46:08.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"metrics": {
@ -34,10 +38,131 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20469",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4046",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4046",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2777",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3155",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.9200.24710",
"matchCriteriaId": "3B15A766-B6CC-4638-B6E6-BF0F338A059A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2322",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.709",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21358",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22252.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22252",
"sourceIdentifier": "security@vmware.com",
"published": "2024-03-05T18:15:47.713",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22253.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22253",
"sourceIdentifier": "security@vmware.com",
"published": "2024-03-05T18:15:47.920",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22254.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22254",
"sourceIdentifier": "security@vmware.com",
"published": "2024-03-05T18:15:48.100",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi contains an out-of-bounds write vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22255.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22255",
"sourceIdentifier": "security@vmware.com",
"published": "2024-03-05T18:15:48.277",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.\u00a0A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u00a0\u00a0\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html",
"source": "security@vmware.com"
}
]
}

6
CVE-2024/CVE-2024-225xx/CVE-2024-22545.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-22545",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T08:15:42.480",
"lastModified": "2024-02-02T20:38:53.190",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T18:15:48.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows local unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function."
"value": "An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-240xx/CVE-2024-24098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24098",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T16:15:49.290",
"lastModified": "2024-03-05T16:15:49.290",
"vulnStatus": "Received",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-275xx/CVE-2024-27561.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27561",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.887",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27563.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27563",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.947",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27564.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27564",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.997",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dirk1983/chatgpt/issues/114",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27565.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27565",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:07.050",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-279xx/CVE-2024-27929.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27929",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-05T17:15:07.097",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in version 3.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-279xx/CVE-2024-27931.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27931",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-05T17:15:07.310",
"lastModified": "2024-03-05T18:50:18.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh",
"source": "security-advisories@github.com"
}
]
}

30
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-05T17:00:27.092116+00:00
2024-03-05T19:00:25.615578+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-05T16:15:49.290000+00:00
2024-03-05T18:54:26.843000+00:00
```
### Last Data Feed Release
@ -29,21 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240566
240576
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `10`
* [CVE-2022-46088](CVE-2022/CVE-2022-460xx/CVE-2022-46088.json) (`2024-03-05T16:15:49.190`)
* [CVE-2024-24098](CVE-2024/CVE-2024-240xx/CVE-2024-24098.json) (`2024-03-05T16:15:49.290`)
* [CVE-2024-27561](CVE-2024/CVE-2024-275xx/CVE-2024-27561.json) (`2024-03-05T17:15:06.887`)
* [CVE-2024-27563](CVE-2024/CVE-2024-275xx/CVE-2024-27563.json) (`2024-03-05T17:15:06.947`)
* [CVE-2024-27564](CVE-2024/CVE-2024-275xx/CVE-2024-27564.json) (`2024-03-05T17:15:06.997`)
* [CVE-2024-27565](CVE-2024/CVE-2024-275xx/CVE-2024-27565.json) (`2024-03-05T17:15:07.050`)
* [CVE-2024-27929](CVE-2024/CVE-2024-279xx/CVE-2024-27929.json) (`2024-03-05T17:15:07.097`)
* [CVE-2024-27931](CVE-2024/CVE-2024-279xx/CVE-2024-27931.json) (`2024-03-05T17:15:07.310`)
* [CVE-2024-22252](CVE-2024/CVE-2024-222xx/CVE-2024-22252.json) (`2024-03-05T18:15:47.713`)
* [CVE-2024-22253](CVE-2024/CVE-2024-222xx/CVE-2024-22253.json) (`2024-03-05T18:15:47.920`)
* [CVE-2024-22254](CVE-2024/CVE-2024-222xx/CVE-2024-22254.json) (`2024-03-05T18:15:48.100`)
* [CVE-2024-22255](CVE-2024/CVE-2024-222xx/CVE-2024-22255.json) (`2024-03-05T18:15:48.277`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `8`
* [CVE-2022-46088](CVE-2022/CVE-2022-460xx/CVE-2022-46088.json) (`2024-03-05T18:50:18.333`)
* [CVE-2023-43787](CVE-2023/CVE-2023-437xx/CVE-2023-43787.json) (`2024-03-05T18:15:47.453`)
* [CVE-2024-1372](CVE-2024/CVE-2024-13xx/CVE-2024-1372.json) (`2024-03-05T17:12:04.487`)
* [CVE-2024-1369](CVE-2024/CVE-2024-13xx/CVE-2024-1369.json) (`2024-03-05T17:42:45.630`)
* [CVE-2024-21358](CVE-2024/CVE-2024-213xx/CVE-2024-21358.json) (`2024-03-05T17:46:08.140`)
* [CVE-2024-22545](CVE-2024/CVE-2024-225xx/CVE-2024-22545.json) (`2024-03-05T18:15:48.443`)
* [CVE-2024-24098](CVE-2024/CVE-2024-240xx/CVE-2024-24098.json) (`2024-03-05T18:50:18.333`)
* [CVE-2024-21352](CVE-2024/CVE-2024-213xx/CVE-2024-21352.json) (`2024-03-05T18:54:26.843`)
## Download and Usage