From 0d6080d5fd6c6fecf7537e2cc34570d5febd6194 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 19 Jun 2024 04:03:10 +0000 Subject: [PATCH] Auto-Update: 2024-06-19T04:00:18.946701+00:00 --- CVE-2024/CVE-2024-247xx/CVE-2024-24789.json | 8 +++- CVE-2024/CVE-2024-278xx/CVE-2024-27834.json | 6 ++- CVE-2024/CVE-2024-61xx/CVE-2024-6125.json | 47 +++++++++++++++++++++ README.md | 18 ++++---- _state.csv | 15 ++++--- 5 files changed, 74 insertions(+), 20 deletions(-) create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6125.json diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24789.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24789.json index d7a7be07034..c70231891a3 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24789.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24789.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24789", "sourceIdentifier": "security@golang.org", "published": "2024-06-05T16:15:10.470", - "lastModified": "2024-06-18T17:58:22.417", - "vulnStatus": "Analyzed", + "lastModified": "2024-06-19T03:15:09.183", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -105,6 +105,10 @@ "Release Notes" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2024-2888", "source": "security@golang.org", diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27834.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27834.json index e0041bf86bf..59e7af489f2 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27834.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27834.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27834", "sourceIdentifier": "product-security@apple.com", "published": "2024-05-14T15:13:06.953", - "lastModified": "2024-06-10T18:15:29.430", + "lastModified": "2024-06-19T03:15:09.317", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -40,6 +40,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1", "source": "product-security@apple.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214101", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6125.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6125.json new file mode 100644 index 00000000000..a45fbd3000e --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6125.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-6125", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-19T02:15:09.873", + "lastModified": "2024-06-19T02:15:09.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a66c2d8d637..89b2d6f71b0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-19T02:00:18.270712+00:00 +2024-06-19T04:00:18.946701+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-19T00:15:50.703000+00:00 +2024-06-19T03:15:09.317000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254389 +254390 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -- [CVE-2024-6142](CVE-2024/CVE-2024-61xx/CVE-2024-6142.json) (`2024-06-19T00:15:49.580`) -- [CVE-2024-6143](CVE-2024/CVE-2024-61xx/CVE-2024-6143.json) (`2024-06-19T00:15:49.847`) -- [CVE-2024-6144](CVE-2024/CVE-2024-61xx/CVE-2024-6144.json) (`2024-06-19T00:15:50.133`) -- [CVE-2024-6145](CVE-2024/CVE-2024-61xx/CVE-2024-6145.json) (`2024-06-19T00:15:50.413`) -- [CVE-2024-6146](CVE-2024/CVE-2024-61xx/CVE-2024-6146.json) (`2024-06-19T00:15:50.703`) +- [CVE-2024-6125](CVE-2024/CVE-2024-61xx/CVE-2024-6125.json) (`2024-06-19T02:15:09.873`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2024-24789](CVE-2024/CVE-2024-247xx/CVE-2024-24789.json) (`2024-06-19T03:15:09.183`) +- [CVE-2024-27834](CVE-2024/CVE-2024-278xx/CVE-2024-27834.json) (`2024-06-19T03:15:09.317`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 5b414d51ff6..6a565ee8284 100644 --- a/_state.csv +++ b/_state.csv @@ -244896,7 +244896,7 @@ CVE-2024-24785,0,0,cc84396d420fdc7cd1eec42a211ce9d46ae1b3fd12a46276acc97b91955cf CVE-2024-24786,0,0,0112d36d75e12362b0246061d23e3880906a29463bfdcb239d077b99ff2f9c0b,2024-06-10T18:15:26.830000 CVE-2024-24787,0,0,b3bcd0df2f6c744ccf50ca5da0f1801b01a261f7e49cf2f9e75dcde0c510eeda,2024-06-10T17:16:20.237000 CVE-2024-24788,0,0,ec3a0e2bb85b04f6091132ce0b358d8c88079508c68a38db8ec47a1c1ba68f35,2024-06-14T13:15:50.670000 -CVE-2024-24789,0,0,3fbbb52c307fb13d9d19a2eee6dec21b31637026c2b3085862df10730c1913ec,2024-06-18T17:58:22.417000 +CVE-2024-24789,0,1,43ea651f3b7312a155a6d6c3aa916c2fcdbd8bd472319341c3d7874a3e55bb9b,2024-06-19T03:15:09.183000 CVE-2024-2479,0,0,62ab2572f43d54e062a6ec9f07869b63a0bdfad1924b8c09404f39717bdfbd77,2024-05-17T02:38:14.640000 CVE-2024-24790,0,0,eea6958e81d73afbece6bae935d256b81d43a28af6bfcc689fa474522b0325d6,2024-06-18T17:59:12.547000 CVE-2024-24793,0,0,c02d48f5d574325816298b4b1d2848ca92f5dc7aa67a2fd30978e3885630bc1b,2024-02-20T19:50:53.960000 @@ -247127,7 +247127,7 @@ CVE-2024-27830,0,0,717b3ee72b31f02e41119efea5f35822a1efa548278881e1425afb0d78eb2 CVE-2024-27831,0,0,ca216bc5721077968a6d2a1f89ea202c751376303f2ab60e3e9660283fa6f023,2024-06-12T04:15:11.857000 CVE-2024-27832,0,0,2334e6a1d5eaa1494e8cbbaecc65a9a00dab1b896df110deba8ca97ab4050020,2024-06-12T04:15:11.957000 CVE-2024-27833,0,0,6bff5968eec0bf8ae50bd7fca5c52c266596a452b7b2728012915f3b8f981972,2024-06-12T04:15:12.053000 -CVE-2024-27834,0,0,2d4186f2cb5cbe4f2f8f3e55a2545b1878bf5a77624083576b159f1d995ce82a,2024-06-10T18:15:29.430000 +CVE-2024-27834,0,1,eabfe0fdaf9b8330cd1557b0f84fe6857b5c97fc3f3d0ef71095c0ac3720b463,2024-06-19T03:15:09.317000 CVE-2024-27835,0,0,c3d25dd6cfd2f797e5af53adbf0373a3dd203d6ad6e8d11af15dc203eb2402ab,2024-06-10T18:15:29.497000 CVE-2024-27836,0,0,94804c3b4c63dbfc22e6899865a39975a715f2a285ca1ed8d65dfe50b63b25bb,2024-06-12T04:15:12.133000 CVE-2024-27837,0,0,901f3c3a397896b090baa01f5e16b0462e9f3677320c7d083f0561d63284135d,2024-06-10T18:15:29.550000 @@ -254381,10 +254381,11 @@ CVE-2024-6112,0,0,3793178079993987ba7bf7b37db89ff5b23660048ce424d2f0351839dfc7b7 CVE-2024-6114,0,0,b861f686c72ead40271b9e15f5d48ada8c079a2c4c9ea1405ca71da7d3acf766,2024-06-18T13:15:52.897000 CVE-2024-6115,0,0,8370727144c08f52daee8853cdc1c595dffde958a895699c94efac517eada338,2024-06-18T13:15:53.267000 CVE-2024-6116,0,0,9c214becff49a599c0981aa0de917221cc0b2f05b538da5ededc03f464bf8356,2024-06-18T16:15:10.983000 +CVE-2024-6125,1,1,fa267cc2485605b04afb41f92061ceba58b846de96eed178a247c22981f2edf8,2024-06-19T02:15:09.873000 CVE-2024-6128,0,0,55dd86526ffc64aa22b4ae50ac75f79328093ce905e507fd46907528cb0d85a5,2024-06-18T21:15:56.877000 CVE-2024-6129,0,0,2988cb8a677c36eeb9291aae9a3963f084f044e15211a677c78cefdb57c80496,2024-06-18T21:15:57.217000 -CVE-2024-6142,1,1,b72e1389b74690e00d255349d35caab25cc2db5a4c7637f27b1d47463c0fc348,2024-06-19T00:15:49.580000 -CVE-2024-6143,1,1,9532ba45db565215853ddf49c1a0164531f9356075191c1044d52df46080533d,2024-06-19T00:15:49.847000 -CVE-2024-6144,1,1,7cec310494d62a62033523df063be2341004a6dea8160cb5bd0d55e2f0065cc2,2024-06-19T00:15:50.133000 -CVE-2024-6145,1,1,16e7e12932fe3f6cc4edd6cd1b11782632ac16fbbec9fab4c39f453507b11bae,2024-06-19T00:15:50.413000 -CVE-2024-6146,1,1,b20add1bacc42bc316876ff3352b5fc3b113cf054bc134b5a4212df29f6f9ae6,2024-06-19T00:15:50.703000 +CVE-2024-6142,0,0,b72e1389b74690e00d255349d35caab25cc2db5a4c7637f27b1d47463c0fc348,2024-06-19T00:15:49.580000 +CVE-2024-6143,0,0,9532ba45db565215853ddf49c1a0164531f9356075191c1044d52df46080533d,2024-06-19T00:15:49.847000 +CVE-2024-6144,0,0,7cec310494d62a62033523df063be2341004a6dea8160cb5bd0d55e2f0065cc2,2024-06-19T00:15:50.133000 +CVE-2024-6145,0,0,16e7e12932fe3f6cc4edd6cd1b11782632ac16fbbec9fab4c39f453507b11bae,2024-06-19T00:15:50.413000 +CVE-2024-6146,0,0,b20add1bacc42bc316876ff3352b5fc3b113cf054bc134b5a4212df29f6f9ae6,2024-06-19T00:15:50.703000