Auto-Update: 2024-07-03T06:00:36.836965+00:00

2025-05-30 18:21:17 +00:00 · 2024-07-03 06:03:31 +00:00 · 2024-07-03 06:03:31 +00:00 · 1319584320
commit 1319584320
parent 19854e81eb
4 changed files with 572 additions and 497 deletions
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39920.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39920.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2024-39920",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-03T04:15:04.267",
+  "lastModified": "2024-07-03T04:15:04.267",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/IAIK/SnailLoad",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://news.ycombinator.com/item?id=40809629",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://twitter.com/tugraz/status/1805272833322299412",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.instagram.com/p/C8wpO1UtExw/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.rfc-editor.org/rfc/rfc9293.txt",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.snailload.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.snailload.com/snailload.pdf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-45xx/CVE-2024-4543.json
+++ b/CVE-2024/CVE-2024-45xx/CVE-2024-4543.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-4543",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-03T05:15:10.697",
+  "lastModified": "2024-07-03T05:15:10.697",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3110951?contextall=1",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-03T04:01:59.096372+00:00
+2024-07-03T06:00:36.836965+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-03T02:15:10.297000+00:00
+2024-07-03T05:15:10.697000+00:00
 ```

 ### Last Data Feed Release
@ -33,45 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255787
+255789
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-32673](CVE-2024/CVE-2024-326xx/CVE-2024-32673.json) (`2024-07-03T02:15:10.297`)
+- [CVE-2024-39920](CVE-2024/CVE-2024-399xx/CVE-2024-39920.json) (`2024-07-03T04:15:04.267`)
+- [CVE-2024-4543](CVE-2024/CVE-2024-45xx/CVE-2024-4543.json) (`2024-07-03T05:15:10.697`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `465`
+Recently modified CVEs: `0`

- [CVE-2024-5830](CVE-2024/CVE-2024-58xx/CVE-2024-5830.json) (`2024-07-03T02:09:17.023`)
- [CVE-2024-5831](CVE-2024/CVE-2024-58xx/CVE-2024-5831.json) (`2024-07-03T02:09:17.847`)
- [CVE-2024-5832](CVE-2024/CVE-2024-58xx/CVE-2024-5832.json) (`2024-07-03T02:09:18.747`)
- [CVE-2024-5833](CVE-2024/CVE-2024-58xx/CVE-2024-5833.json) (`2024-07-03T02:09:19.737`)
- [CVE-2024-5834](CVE-2024/CVE-2024-58xx/CVE-2024-5834.json) (`2024-07-03T02:09:20.643`)
- [CVE-2024-5835](CVE-2024/CVE-2024-58xx/CVE-2024-5835.json) (`2024-07-03T02:09:21.673`)
- [CVE-2024-5837](CVE-2024/CVE-2024-58xx/CVE-2024-5837.json) (`2024-07-03T02:09:22.720`)
- [CVE-2024-5838](CVE-2024/CVE-2024-58xx/CVE-2024-5838.json) (`2024-07-03T02:09:23.820`)
- [CVE-2024-5839](CVE-2024/CVE-2024-58xx/CVE-2024-5839.json) (`2024-07-03T02:09:24.927`)
- [CVE-2024-5841](CVE-2024/CVE-2024-58xx/CVE-2024-5841.json) (`2024-07-03T02:09:26.067`)
- [CVE-2024-5842](CVE-2024/CVE-2024-58xx/CVE-2024-5842.json) (`2024-07-03T02:09:27.080`)
- [CVE-2024-5843](CVE-2024/CVE-2024-58xx/CVE-2024-5843.json) (`2024-07-03T02:09:28.160`)
- [CVE-2024-5844](CVE-2024/CVE-2024-58xx/CVE-2024-5844.json) (`2024-07-03T02:09:29.187`)
- [CVE-2024-5845](CVE-2024/CVE-2024-58xx/CVE-2024-5845.json) (`2024-07-03T02:09:29.493`)
- [CVE-2024-5846](CVE-2024/CVE-2024-58xx/CVE-2024-5846.json) (`2024-07-03T02:09:30.583`)
- [CVE-2024-5847](CVE-2024/CVE-2024-58xx/CVE-2024-5847.json) (`2024-07-03T02:09:31.730`)
- [CVE-2024-6100](CVE-2024/CVE-2024-61xx/CVE-2024-6100.json) (`2024-07-03T02:09:40.497`)
- [CVE-2024-6101](CVE-2024/CVE-2024-61xx/CVE-2024-6101.json) (`2024-07-03T02:09:41.493`)
- [CVE-2024-6102](CVE-2024/CVE-2024-61xx/CVE-2024-6102.json) (`2024-07-03T02:09:42.810`)
- [CVE-2024-6103](CVE-2024/CVE-2024-61xx/CVE-2024-6103.json) (`2024-07-03T02:09:43.923`)
- [CVE-2024-6290](CVE-2024/CVE-2024-62xx/CVE-2024-6290.json) (`2024-07-03T02:09:49.960`)
- [CVE-2024-6291](CVE-2024/CVE-2024-62xx/CVE-2024-6291.json) (`2024-07-03T02:09:50.740`)
- [CVE-2024-6292](CVE-2024/CVE-2024-62xx/CVE-2024-6292.json) (`2024-07-03T02:09:51.530`)
- [CVE-2024-6293](CVE-2024/CVE-2024-62xx/CVE-2024-6293.json) (`2024-07-03T02:09:52.323`)
- [CVE-2024-6354](CVE-2024/CVE-2024-63xx/CVE-2024-6354.json) (`2024-07-03T02:09:53.917`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv