From 0ee3e145078be5672bbf4db1a612e568233a7b97 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 20 Feb 2024 05:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-20T05:00:24.601044+00:00 --- CVE-2023/CVE-2023-63xx/CVE-2023-6398.json | 4 +- CVE-2023/CVE-2023-66xx/CVE-2023-6693.json | 6 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6764.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-15xx/CVE-2024-1510.json | 51 +++++++++++++++++++ CVE-2024/CVE-2024-15xx/CVE-2024-1559.json | 47 ++++++++++++++++++ CVE-2024/CVE-2024-242xx/CVE-2024-24258.json | 6 ++- CVE-2024/CVE-2024-242xx/CVE-2024-24259.json | 6 ++- CVE-2024/CVE-2024-245xx/CVE-2024-24575.json | 6 ++- CVE-2024/CVE-2024-245xx/CVE-2024-24577.json | 6 ++- README.md | 35 ++++++------- 10 files changed, 194 insertions(+), 28 deletions(-) create mode 100644 CVE-2023/CVE-2023-67xx/CVE-2023-6764.json create mode 100644 CVE-2024/CVE-2024-15xx/CVE-2024-1510.json create mode 100644 CVE-2024/CVE-2024-15xx/CVE-2024-1559.json diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json index 7030c04f8ab..b277031098b 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6398", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-02-20T02:15:49.110", - "lastModified": "2024-02-20T02:15:49.110", + "lastModified": "2024-02-20T03:15:07.650", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP." + "value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json index 401362c3726..2659c8c53fb 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6693", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T10:15:08.930", - "lastModified": "2024-02-08T10:15:11.967", + "lastModified": "2024-02-20T03:15:07.750", "vulnStatus": "Modified", "descriptions": [ { @@ -138,6 +138,10 @@ "Patch" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20240208-0004/", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json new file mode 100644 index 00000000000..4cb7c87f68f --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6764", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2024-02-20T03:15:07.870", + "lastModified": "2024-02-20T03:15:07.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json new file mode 100644 index 00000000000..781ae8cec69 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1510", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-20T03:15:08.077", + "lastModified": "2024-02-20T03:15:08.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json new file mode 100644 index 00000000000..78c15d9b652 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1559", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-20T04:15:07.330", + "lastModified": "2024-02-20T04:15:07.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24258.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24258.json index 484185453c1..6be1fba90cf 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24258.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24258.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24258", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T18:15:52.083", - "lastModified": "2024-02-12T17:15:08.140", + "lastModified": "2024-02-20T03:15:08.257", "vulnStatus": "Modified", "descriptions": [ { @@ -79,6 +79,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24259.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24259.json index 05ec8f36e31..ac79d378642 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24259.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24259.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24259", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T18:15:52.133", - "lastModified": "2024-02-12T17:15:08.220", + "lastModified": "2024-02-20T03:15:08.330", "vulnStatus": "Modified", "descriptions": [ { @@ -79,6 +79,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24575.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24575.json index 78fffc055c0..c2917141cab 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24575.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24575.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24575", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-06T22:16:15.057", - "lastModified": "2024-02-17T02:15:52.507", + "lastModified": "2024-02-20T03:15:08.397", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24577.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24577.json index e7cad50a223..3c88720edfe 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24577.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24577.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24577", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-06T22:16:15.270", - "lastModified": "2024-02-17T02:15:52.607", + "lastModified": "2024-02-20T03:15:08.520", "vulnStatus": "Modified", "descriptions": [ { @@ -138,6 +138,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 1ace1d86eed..ac75c93e1f0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-20T03:00:23.866707+00:00 +2024-02-20T05:00:24.601044+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-20T02:15:51.470000+00:00 +2024-02-20T04:15:07.330000+00:00 ``` ### Last Data Feed Release @@ -29,35 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238916 +238919 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `3` -* [CVE-2023-6397](CVE-2023/CVE-2023-63xx/CVE-2023-6397.json) (`2024-02-20T02:15:48.793`) -* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T02:15:49.110`) -* [CVE-2023-6399](CVE-2023/CVE-2023-63xx/CVE-2023-6399.json) (`2024-02-20T02:15:49.407`) -* [CVE-2024-1647](CVE-2024/CVE-2024-16xx/CVE-2024-1647.json) (`2024-02-20T01:15:07.717`) -* [CVE-2024-1648](CVE-2024/CVE-2024-16xx/CVE-2024-1648.json) (`2024-02-20T01:15:07.943`) -* [CVE-2024-0715](CVE-2024/CVE-2024-07xx/CVE-2024-0715.json) (`2024-02-20T02:15:49.720`) -* [CVE-2024-21890](CVE-2024/CVE-2024-218xx/CVE-2024-21890.json) (`2024-02-20T02:15:50.120`) -* [CVE-2024-21891](CVE-2024/CVE-2024-218xx/CVE-2024-21891.json) (`2024-02-20T02:15:50.347`) -* [CVE-2024-21892](CVE-2024/CVE-2024-218xx/CVE-2024-21892.json) (`2024-02-20T02:15:50.567`) -* [CVE-2024-21896](CVE-2024/CVE-2024-218xx/CVE-2024-21896.json) (`2024-02-20T02:15:50.770`) -* [CVE-2024-22019](CVE-2024/CVE-2024-220xx/CVE-2024-22019.json) (`2024-02-20T02:15:50.983`) +* [CVE-2023-6764](CVE-2023/CVE-2023-67xx/CVE-2023-6764.json) (`2024-02-20T03:15:07.870`) +* [CVE-2024-1510](CVE-2024/CVE-2024-15xx/CVE-2024-1510.json) (`2024-02-20T03:15:08.077`) +* [CVE-2024-1559](CVE-2024/CVE-2024-15xx/CVE-2024-1559.json) (`2024-02-20T04:15:07.330`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `6` -* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-02-20T02:15:49.973`) -* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-20T02:15:51.217`) -* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-20T02:15:51.313`) -* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-20T02:15:51.397`) -* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-20T02:15:51.470`) +* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T03:15:07.650`) +* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-20T03:15:07.750`) +* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-20T03:15:08.257`) +* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-20T03:15:08.330`) +* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-20T03:15:08.397`) +* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-20T03:15:08.520`) ## Download and Usage