diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13067.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13067.json new file mode 100644 index 00000000000..d445b559608 --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13067.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13067", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-31T09:15:05.307", + "lastModified": "2024-12-31T09:15:05.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://codeastro.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/shaturo1337/POCs/blob/main/Broken%20Access%20Control%20in%20Online%20Food%20Ordering%20System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289823", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289823", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.472081", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21520.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21520.json index cf83313c122..00ad049f3d6 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21520.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21520.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21520", "sourceIdentifier": "report@snyk.io", "published": "2024-06-26T05:15:50.093", - "lastModified": "2024-11-21T08:54:36.510", + "lastModified": "2024-12-31T10:15:06.317", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], "cvssMetricV31": [ { "source": "report@snyk.io", @@ -56,10 +100,6 @@ "url": "https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642", "source": "report@snyk.io" }, - { - "url": "https://github.com/encode/django-rest-framework/compare/3.15.1...3.15.2", - "source": "report@snyk.io" - }, { "url": "https://github.com/encode/django-rest-framework/pull/9435", "source": "report@snyk.io" diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49422.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49422.json new file mode 100644 index 00000000000..38bf5d164c4 --- /dev/null +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49422.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-49422", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-12-31T09:15:05.740", + "lastModified": "2024-12-31T09:15:05.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.5, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56211.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56211.json new file mode 100644 index 00000000000..a8916f84e3e --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56211.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56211", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:09.390", + "lastModified": "2024-12-31T10:15:09.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-authenticated-arbitrary-user-meta-update-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56212.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56212.json new file mode 100644 index 00000000000..87aaa738694 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56212.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56212", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:09.573", + "lastModified": "2024-12-31T10:15:09.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56213.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56213.json new file mode 100644 index 00000000000..16038ae94e7 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56213.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56213", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:09.727", + "lastModified": "2024-12-31T10:15:09.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-plugin-4-0-7-contributor-limited-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56214.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56214.json new file mode 100644 index 00000000000..7fb2f3635ce --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56214.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56214", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:09.890", + "lastModified": "2024-12-31T10:15:09.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56216.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56216.json new file mode 100644 index 00000000000..2c63bea6443 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56216.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56216", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.060", + "lastModified": "2024-12-31T10:15:10.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56218.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56218.json new file mode 100644 index 00000000000..ecd5c02d870 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56218.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56218", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.233", + "lastModified": "2024-12-31T10:15:10.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-dynamic-text-extension/vulnerability/wordpress-contact-form-7-dynamic-text-extension-plugin-5-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56220.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56220.json new file mode 100644 index 00000000000..44387294c20 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56220.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56220", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.403", + "lastModified": "2024-12-31T10:15:10.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ssl-wireless-sms-notification/vulnerability/wordpress-ssl-wireless-sms-notification-plugin-3-5-0-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56222.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56222.json new file mode 100644 index 00000000000..8a4aaa0d39e --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56222.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56222", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.583", + "lastModified": "2024-12-31T10:15:10.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/codebard-help-desk/vulnerability/wordpress-codebard-help-desk-plugin-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56229.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56229.json new file mode 100644 index 00000000000..e0c0166405e --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56229.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56229", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.760", + "lastModified": "2024-12-31T10:15:10.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-6-cross-site-requst-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56230.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56230.json new file mode 100644 index 00000000000..2574acc2f36 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56230.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56230", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:10.930", + "lastModified": "2024-12-31T10:15:10.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dynamic-product-categories-design/vulnerability/wordpress-dynamic-product-category-grid-slider-for-woocommerce-plugin-1-1-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56232.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56232.json new file mode 100644 index 00000000000..3c6f429c66c --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56232.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56232", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-31T10:15:11.140", + "lastModified": "2024-12-31T10:15:11.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-nice-loader/vulnerability/wordpress-wp-nice-loader-plugin-0-1-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d63cfd2359e..976c9bda67f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-31T09:00:19.716421+00:00 +2024-12-31T11:00:19.367074+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-31T07:15:11.307000+00:00 +2024-12-31T10:15:11.140000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275207 +275220 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `13` +- [CVE-2024-13067](CVE-2024/CVE-2024-130xx/CVE-2024-13067.json) (`2024-12-31T09:15:05.307`) +- [CVE-2024-49422](CVE-2024/CVE-2024-494xx/CVE-2024-49422.json) (`2024-12-31T09:15:05.740`) +- [CVE-2024-56211](CVE-2024/CVE-2024-562xx/CVE-2024-56211.json) (`2024-12-31T10:15:09.390`) +- [CVE-2024-56212](CVE-2024/CVE-2024-562xx/CVE-2024-56212.json) (`2024-12-31T10:15:09.573`) +- [CVE-2024-56213](CVE-2024/CVE-2024-562xx/CVE-2024-56213.json) (`2024-12-31T10:15:09.727`) +- [CVE-2024-56214](CVE-2024/CVE-2024-562xx/CVE-2024-56214.json) (`2024-12-31T10:15:09.890`) +- [CVE-2024-56216](CVE-2024/CVE-2024-562xx/CVE-2024-56216.json) (`2024-12-31T10:15:10.060`) +- [CVE-2024-56218](CVE-2024/CVE-2024-562xx/CVE-2024-56218.json) (`2024-12-31T10:15:10.233`) +- [CVE-2024-56220](CVE-2024/CVE-2024-562xx/CVE-2024-56220.json) (`2024-12-31T10:15:10.403`) +- [CVE-2024-56222](CVE-2024/CVE-2024-562xx/CVE-2024-56222.json) (`2024-12-31T10:15:10.583`) +- [CVE-2024-56229](CVE-2024/CVE-2024-562xx/CVE-2024-56229.json) (`2024-12-31T10:15:10.760`) +- [CVE-2024-56230](CVE-2024/CVE-2024-562xx/CVE-2024-56230.json) (`2024-12-31T10:15:10.930`) +- [CVE-2024-56232](CVE-2024/CVE-2024-562xx/CVE-2024-56232.json) (`2024-12-31T10:15:11.140`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-51464](CVE-2024/CVE-2024-514xx/CVE-2024-51464.json) (`2024-12-31T07:15:11.307`) +- [CVE-2024-21520](CVE-2024/CVE-2024-215xx/CVE-2024-21520.json) (`2024-12-31T10:15:06.317`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 6c730f5e851..205405ac92c 100644 --- a/_state.csv +++ b/_state.csv @@ -245299,6 +245299,7 @@ CVE-2024-13050,0,0,84109de165147e4a5232ee1fdc9c6d22162f7758c34e8757df3c209c53af5 CVE-2024-13051,0,0,1be1ae94a61dba469e5e49f0e3a210eb507d631c9c82589acffd3c63211509af,2024-12-30T21:15:07.717000 CVE-2024-13058,0,0,91396049ed5baf4a6f156f57d5990485463c9e52e997b4c7fdc31249002c7bf7,2024-12-30T22:15:05.957000 CVE-2024-1306,0,0,0542247252f536db3d3f5f372f6b06cf8f9322e7de2b3d2f5040c13d3f80547b,2024-11-21T08:50:17.053000 +CVE-2024-13067,1,1,dac89381ddeb2bd239b81d96b3005b135a2a8c3e5a25d9e952411ecf22b373e9,2024-12-31T09:15:05.307000 CVE-2024-1307,0,0,791d403fd6ce043b636953425f5891ef42986249387c4cd3003ec2c058fbc715,2024-11-21T08:50:17.233000 CVE-2024-1308,0,0,b2bb733c7402260f9ace902e9d676967e691f690d52b513a8afbdef713b7d4c5,2024-11-21T08:50:17.413000 CVE-2024-1309,0,0,46059633232401d149997e4f4dfdb966bb51f1c7d1649dc6d177fd25783e7c4a,2024-11-22T20:03:02.910000 @@ -247315,7 +247316,7 @@ CVE-2024-21517,0,0,71e12b43226e2a3b487e6ff6fb65bd8c154254848a0a34c039dd34c5fa8f3 CVE-2024-21518,0,0,d147bbbdb00d33e9919b4e00455fd4d118ef1b58e469f947369c25e12ebd2500,2024-11-21T08:54:36.223000 CVE-2024-21519,0,0,847e1cd4eb3a390981cb70fcaa8a9f794d31a430107ae76bd7b814306d528c12,2024-11-21T08:54:36.377000 CVE-2024-2152,0,0,c1376433b3da8765c2809fe086daca92323bdf8c0d0c7833abccd0e9fbc0df64,2024-12-20T19:37:50.807000 -CVE-2024-21520,0,0,9fe0eb627307afa98a7e700e94dd795cf9b826574227036cecd2dad2b9c451d1,2024-11-21T08:54:36.510000 +CVE-2024-21520,0,1,5e547b18267dcaae317db1ad1de87bfb370e8f29e785a6fe54608475471cda4e,2024-12-31T10:15:06.317000 CVE-2024-21521,0,0,dd4dbc6b6caa697a204d1f25a03cccd69d475e8249033ed79cb42c5ca4571633,2024-11-21T08:54:36.637000 CVE-2024-21522,0,0,ab99178ca7bf4d5693b2b017e36fa9c863c7d75c2a02fd0b4b775f31c0f098fa,2024-11-21T08:54:36.760000 CVE-2024-21523,0,0,899e1723b3d4ef8dc9531de2159de1a5a2bf71bfd9781b579d36649995048d02,2024-11-21T08:54:36.877000 @@ -267428,6 +267429,7 @@ CVE-2024-49419,0,0,a5a819bfe5a9799735b4e639f835a9c23b57c3f1fc4456607d48faf2f5774 CVE-2024-4942,0,0,fa20ab38a1078a726b9a100f42578147d69df08621b5e1a638f41b48603f8405,2024-11-21T09:43:55.063000 CVE-2024-49420,0,0,97029bba266be94c493b393755bc15c85ed7da79c235f00baf1a98d893a5bd80,2024-12-03T06:15:10.253000 CVE-2024-49421,0,0,16e0a57305b9d5bb74efae9fe2470ed3315349d30a3f738565603fde91a637ce,2024-12-03T06:15:10.393000 +CVE-2024-49422,1,1,34932e0ca9c7a34733fa3277557fa3dbbd58948cdf152bed38a1c8911c39654b,2024-12-31T09:15:05.740000 CVE-2024-4943,0,0,90b9ef9fb616c7eac2dd8fd3f589a71055cfcb2bdae44cccbc0c6aa4988e9e62,2024-11-21T09:43:55.193000 CVE-2024-4944,0,0,09398dee46be5f9be62ece5ee06ab5c9bc55e44daea49d24602cf09b051c68ba,2024-11-21T09:43:55.310000 CVE-2024-4945,0,0,0c472cf3594efbe18607e870522e0a7b06d6a229b03f8639830c411ab0f637e0,2024-11-21T09:43:55.460000 @@ -268766,7 +268768,7 @@ CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8 CVE-2024-5145,0,0,1ce6a725d120216d833ed23f25099d9f4810ecb9d4c63ffcf11012cbf68534d1,2024-11-21T09:47:03.920000 CVE-2024-51460,0,0,0d1d0884deead80ce10e102d7fe3745fd378c1bb1816cc36f4177c2f9263fd37,2024-12-11T13:15:06.510000 CVE-2024-51463,0,0,c0364c05afe1e0b2d0890e7f96c1b512b7afe4d3c2862d4a930e0585099ce1e6,2024-12-21T14:15:21.453000 -CVE-2024-51464,0,1,1b2031370218977af474f39ea7b9c6eb15448100f9427860fc8d10cdd981ce8b,2024-12-31T07:15:11.307000 +CVE-2024-51464,0,0,1b2031370218977af474f39ea7b9c6eb15448100f9427860fc8d10cdd981ce8b,2024-12-31T07:15:11.307000 CVE-2024-51465,0,0,b984a1f47331a027471db6ecd22c9db67a7b4679236a111706732d4e42cb3082,2024-12-04T14:15:20.223000 CVE-2024-51466,0,0,1b90c245992e2f466d154423146cea90d99df5f3b80547b5f6626d10019e0238,2024-12-20T14:15:24.250000 CVE-2024-5147,0,0,b4fda03873bf91b8aee1014c1d03851aae8f0afeab0edb3aed7529ff221065c3,2024-11-21T09:47:04.057000 @@ -271214,8 +271216,19 @@ CVE-2024-5619,0,0,847b29035ced8b12638c0c9edc7633e1fcbe758edecd5717d697d3abb49553 CVE-2024-5620,0,0,240638ef58a29a459ed1037710fcf1b7e875e31a78e263978233bb4c4a8442da,2024-11-21T09:48:01.930000 CVE-2024-56200,0,0,3879bcf029467f661c4f86f22f421720527f4e18cebe03faa8ac0ac24cb0d998,2024-12-19T19:15:08.280000 CVE-2024-56201,0,0,8a150a16c59122912c829dcd4ae74581ec42a93463074adfa3bf7e42e1708846,2024-12-24T02:15:06.580000 +CVE-2024-56211,1,1,2561ac63bcd02a4c3d6e2563fe50f290b21325c58f8548dae7eb232bdf996af3,2024-12-31T10:15:09.390000 +CVE-2024-56212,1,1,faae60261349dc3edb80fb398c429b73a210473a2c9693a314eada91472fb263,2024-12-31T10:15:09.573000 +CVE-2024-56213,1,1,7972b71001bbc96c25bc75a0b90aab41342cf8b8507f9782df8baed82fd4b7a8,2024-12-31T10:15:09.727000 +CVE-2024-56214,1,1,537314a9b1e6270ee651f360e23d6f9f7f5ecd99a83c3b546c1ec39938adf6a5,2024-12-31T10:15:09.890000 +CVE-2024-56216,1,1,6d10a1f2eedc777cff745866582314493bedb336702653baf4173bdc458fc7b1,2024-12-31T10:15:10.060000 +CVE-2024-56218,1,1,04936fc1a90e38a6ad3a7c732c0117a555fb64a22f7d6cc3b697674fc52c766c,2024-12-31T10:15:10.233000 CVE-2024-5622,0,0,48dd50139cd0fb0b9e32ff1d34b4004b39a7c87dde414648422613d43b5d51e5,2024-09-13T20:21:38.610000 +CVE-2024-56220,1,1,fa8c17176c6a7385721ca51b743f1e1e3db77dc75e585bef828b7711bc20a817,2024-12-31T10:15:10.403000 +CVE-2024-56222,1,1,caabc5f3fbffe8317d5c373a8d57fc45e1f9c1e294c2218748a9283876145b1f,2024-12-31T10:15:10.583000 +CVE-2024-56229,1,1,780291cf9257aeb905df3026fd98d748aa407f4154387d50cbe21d7f39417330,2024-12-31T10:15:10.760000 CVE-2024-5623,0,0,7a27a8a8bb2e29efe02be8c957247e288b25a39c8598c86d8533218d73dc7a15,2024-09-13T20:19:53.477000 +CVE-2024-56230,1,1,78c6f283efec144cf5d356e25ccaff84a0966acc7cda3708fbe4f6dca25e40c8,2024-12-31T10:15:10.930000 +CVE-2024-56232,1,1,3d1c538ec528db125916594384d3faf9ca5d73c65a614223f5b640922dbb5427,2024-12-31T10:15:11.140000 CVE-2024-5624,0,0,7f93c754c9c6e0a4611cd66d82be3519ca19fdbb2803818bcf7cbddb963f07b6,2024-09-13T20:23:28.787000 CVE-2024-5625,0,0,d3de3914e71e24c0640febb528961abd09321cf732dc235d08627199bf00a95c,2024-11-21T09:48:02.390000 CVE-2024-5626,0,0,93ceb7b86ba8ddeb56f02be4839062ac9cafc2abafa79ca42f7d116eca5e4c5a,2024-11-21T09:48:02.503000