Auto-Update: 2024-11-14T07:00:22.506832+00:00

CVE-2023/CVE-2023-340xx/CVE-2023-34049.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2023-34049",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2024-11-14T05:15:28.260",
+  "lastModified": "2024-11-14T05:15:28.260",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://saltproject.io/security-announcements/2023-10-27-advisory/",
+      "source": "security@vmware.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-101xx/CVE-2024-10146.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10146",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-11-14T06:15:07.080",
+  "lastModified": "2024-11-14T06:15:07.080",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-91xx/CVE-2024-9186.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-9186",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-11-14T06:15:07.223",
+  "lastModified": "2024-11-14T06:15:07.223",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id  parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/fab29b59-7e87-4289-88dd-ed5520260c26/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-11-14T05:00:19.968430+00:00
+2024-11-14T07:00:22.506832+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-11-14T03:15:03.533000+00:00
+2024-11-14T06:15:07.223000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-269643
+269646
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-5082](CVE-2024/CVE-2024-50xx/CVE-2024-5082.json) (`2024-11-14T03:15:03.533`)
+- [CVE-2023-34049](CVE-2023/CVE-2023-340xx/CVE-2023-34049.json) (`2024-11-14T05:15:28.260`)
+- [CVE-2024-10146](CVE-2024/CVE-2024-101xx/CVE-2024-10146.json) (`2024-11-14T06:15:07.080`)
+- [CVE-2024-9186](CVE-2024/CVE-2024-91xx/CVE-2024-9186.json) (`2024-11-14T06:15:07.223`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -226004,6 +226004,7 @@ CVE-2023-34045,0,0,efcc90e9c554373a3c46862e56f008ba7488a75ec1d99629fde063d424a27
 CVE-2023-34046,0,0,940c9fc1e6b0b0f75909505dcbc5c54324caa725c2f9e799f85d164cca40c6c7,2023-10-28T03:34:15.293000
 CVE-2023-34047,0,0,2deed76b81cbbd710c03198ed7fba5a7406f65771b7a4bafc40dc468b5019e48,2023-10-18T18:04:30.410000
 CVE-2023-34048,0,0,85fcdc74e66ac70590bd0779c468437a4b104548eae3fa739b3fa5514e6d1617,2024-08-14T20:02:35.353000
+CVE-2023-34049,1,1,9e49f84bec0aed0fbe1d84eb321de10205bc49c3ff0c5a1d57cf8d25a6565df7,2024-11-14T05:15:28.260000
 CVE-2023-3405,0,0,0c266b7d3570c3d94ac19eb248b9b0c3ec6e185e0d327fcad7aa0c292964fb70,2024-08-28T09:15:08.677000
 CVE-2023-34050,0,0,6bf9fe5de1088502db285c6eaa05c1aab935be0e9bec211546bfc1be5b5afd5f,2023-10-25T16:54:31.770000
 CVE-2023-34051,0,0,e6048bd7bc8ae549228fa0e7507cc168b790322ae0a61fef62c26cd3f513b2c1,2023-10-30T15:28:40.420000
@@ -242502,6 +242503,7 @@ CVE-2024-1014,0,0,8e546db835ee0e62e0f6ed5b95e90d5586231fc78746cbbfef7db3d61b3c5f
 CVE-2024-10140,0,0,ec9d51c2fc14eea2e4cdb7aa8f8bd180db2ec005ceca8608d4d081404a2e210c,2024-10-22T14:19:08.420000
 CVE-2024-10141,0,0,1a2024f75553982bce647b93dbf2bff672eefec5950fa457467c64b98f6e45c7,2024-10-23T20:27:09.370000
 CVE-2024-10142,0,0,f8d897c68f0699e753bf4964aa75eec3baa1d06414695c8d5256c262c45a3b84,2024-10-22T18:11:20.450000
+CVE-2024-10146,1,1,5c8d93b22b0d392814df49f4ec3c42fba34f1e8a22bc1ba34d61b8cdb061b7c7,2024-11-14T06:15:07.080000
 CVE-2024-10148,0,0,83c51017fcaad8303b49e241d62740cf9ee14ff3b98ac6e60e27203bec158551,2024-11-06T16:02:22.120000
 CVE-2024-1015,0,0,5516b1d1af5a9d3814b8a6e102d3692fcdb9c463b2e2645787afdcb157946f20,2024-02-02T02:04:13.267000
 CVE-2024-10150,0,0,980e5c556ba92cfe6f78a7c5edf14225adf63d1f935caa703239c8f6c3933115,2024-11-05T17:47:35.353000
@@ -265397,7 +265399,7 @@ CVE-2024-50809,0,0,0543ed682b74f6a15eb703e6e2e2cbff22bee156f875bd21c519fc7274b92
 CVE-2024-5081,0,0,0bebffdc717b25462ccb5a198cb29076c0fa0475011c795b0df7ab25d1acf197,2024-08-05T15:35:16.180000
 CVE-2024-50810,0,0,7da23b2ab88a2657cb76543548549613aa1f561df30582c648f7520bf514f0d4,2024-11-12T13:56:54.483000
 CVE-2024-50811,0,0,d8ef1ac40dcb898d28bb949cb8cb9a8ce73f83d8e224524d33d6a2ba92df335a,2024-11-12T13:56:54.483000
-CVE-2024-5082,1,1,88d35d1f63348d7d5073812c2929addf217861521e7371c84faac3ce9d6635ba,2024-11-14T03:15:03.533000
+CVE-2024-5082,0,0,88d35d1f63348d7d5073812c2929addf217861521e7371c84faac3ce9d6635ba,2024-11-14T03:15:03.533000
 CVE-2024-5083,0,0,28231bc1dc7fd1698d4099c899be955dc9eaf735ad397658c272181fd96fa897,2024-11-14T02:15:17.257000
 CVE-2024-5084,0,0,79705ce3d53f6e7c72da00fccc935c6da44be9bf4354c31cd8528afb5e0a643e,2024-05-24T01:15:30.977000
 CVE-2024-5085,0,0,6942e3068671e85a9578eddbb7240c8706dd53cd6ec5670c5d4ddd91c950a30a,2024-05-24T01:15:30.977000
@@ -269142,6 +269144,7 @@ CVE-2024-9177,0,0,c4277901c0a37ba57d19438c33c0231133f774b6681a96af5a3a31a338af68
 CVE-2024-9178,0,0,eca5aa915b955e4e0d7be79d1a2a855f18f7873a33fd6eb6846d12ead9d5fc40,2024-11-08T16:03:26.157000
 CVE-2024-9180,0,0,43a25f270cfb7cd861387fae3760598de599a33ae7c6d1aa6e3f1a95d5d03b2a,2024-10-18T20:15:03.393000
 CVE-2024-9184,0,0,a3ba82d979bc8561ae674a4ec58c26ce5e04750eca08a1e8b1f42f6ecf9aa161,2024-10-18T12:52:33.507000
+CVE-2024-9186,1,1,4e6e56d390fd35384d0a877e85dcf65e1e19dffda20ee75abb60b60dd436dd24,2024-11-14T06:15:07.223000
 CVE-2024-9187,0,0,ec7d5f1d630d180582cea6b34ef03e6ee8cc268d8686e0a61f71186e80a87f38,2024-10-15T12:57:46.880000
 CVE-2024-9189,0,0,589dc859bd1b4dfe4aefe62d286159acb6f430185a125dd81b1568310ee1bb88,2024-10-03T17:26:19.397000
 CVE-2024-9191,0,0,ee6dfe1b0c94de0c4973c32fd9b929e1fce6c45c7ed6900711a578d548548d42,2024-11-05T17:06:41.363000