Auto-Update: 2024-06-25T10:00:21.347936+00:00

2025-07-11 16:13:34 +00:00 · 2024-06-25 10:03:16 +00:00 · 2024-06-25 10:03:16 +00:00 · 29a41ab1cd
commit 29a41ab1cd
parent f2301c6373
6 changed files with 247 additions and 18 deletions
--- a/CVE-2024/CVE-2024-341xx/CVE-2024-34141.json
+++ b/CVE-2024/CVE-2024-341xx/CVE-2024-34141.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-34141",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-06-25T09:15:56.807",
+  "lastModified": "2024-06-25T09:15:56.807",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-341xx/CVE-2024-34142.json
+++ b/CVE-2024/CVE-2024-341xx/CVE-2024-34142.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-34142",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-06-25T09:15:57.130",
+  "lastModified": "2024-06-25T09:15:57.130",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-46xx/CVE-2024-4638.json
+++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4638.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-4638",
+  "sourceIdentifier": "psirt@moxa.com",
+  "published": "2024-06-25T09:15:57.413",
+  "lastModified": "2024-06-25T09:15:57.413",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@moxa.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@moxa.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities",
+      "source": "psirt@moxa.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-60xx/CVE-2024-6028.json
+++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6028.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-6028",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-25T09:15:57.760",
+  "lastModified": "2024-06-25T09:15:57.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/quiz-maker/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-25T08:00:19.359495+00:00
+2024-06-25T10:00:21.347936+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-25T07:15:45.323000+00:00
+2024-06-25T09:15:57.760000+00:00
 ```

 ### Last Data Feed Release
@ -33,26 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255101
+255105
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `4`

- [CVE-2024-3249](CVE-2024/CVE-2024-32xx/CVE-2024-3249.json) (`2024-06-25T07:15:45.323`)
- [CVE-2024-4757](CVE-2024/CVE-2024-47xx/CVE-2024-4757.json) (`2024-06-25T06:15:11.607`)
- [CVE-2024-4759](CVE-2024/CVE-2024-47xx/CVE-2024-4759.json) (`2024-06-25T06:15:11.727`)
- [CVE-2024-5431](CVE-2024/CVE-2024-54xx/CVE-2024-5431.json) (`2024-06-25T06:15:11.800`)
+- [CVE-2024-34141](CVE-2024/CVE-2024-341xx/CVE-2024-34141.json) (`2024-06-25T09:15:56.807`)
+- [CVE-2024-34142](CVE-2024/CVE-2024-341xx/CVE-2024-34142.json) (`2024-06-25T09:15:57.130`)
+- [CVE-2024-4638](CVE-2024/CVE-2024-46xx/CVE-2024-4638.json) (`2024-06-25T09:15:57.413`)
+- [CVE-2024-6028](CVE-2024/CVE-2024-60xx/CVE-2024-6028.json) (`2024-06-25T09:15:57.760`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `0`

- [CVE-2024-36495](CVE-2024/CVE-2024-364xx/CVE-2024-36495.json) (`2024-06-25T06:15:10.057`)
- [CVE-2024-36496](CVE-2024/CVE-2024-364xx/CVE-2024-36496.json) (`2024-06-25T06:15:11.413`)
- [CVE-2024-36497](CVE-2024/CVE-2024-364xx/CVE-2024-36497.json) (`2024-06-25T06:15:11.513`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -250281,7 +250281,7 @@ CVE-2024-32482,0,0,e0309808bf3b2543b39750b9d9b0b794ac723e1476b62ac8f4870801d35fc
 CVE-2024-32487,0,0,3964df55462d4b69b3a47831a0425ebab17556f2b889b4db15caceabcb50c1e8,2024-06-10T18:15:33.640000
 CVE-2024-32488,0,0,6ce6bcee8af0a677e98d2bf7a3efd66cf8a3e580423515387116f39d710ba974,2024-04-15T13:15:31.997000
 CVE-2024-32489,0,0,cbc8895e7f5e99c09f7bd505220fcc5514b4573939580e3f381a933acf3c9ef0,2024-04-15T13:15:31.997000
-CVE-2024-3249,1,1,5638efcc141ab4aef64cfb6bebc45a348c47a87f15d7844788c58f08000cde43,2024-06-25T07:15:45.323000
+CVE-2024-3249,0,0,5638efcc141ab4aef64cfb6bebc45a348c47a87f15d7844788c58f08000cde43,2024-06-25T07:15:45.323000
 CVE-2024-32491,0,0,0ef1d844738414cdd89361991aa89a441a6f02a4affed1e8b95f4fdb3144ccd8,2024-04-30T13:11:16.690000
 CVE-2024-32492,0,0,fbdbe605158ebb859c2c70df9471eb17e0db1ec1e36b709d629be4fcd2dc71e5,2024-04-30T13:11:16.690000
 CVE-2024-32493,0,0,99ad93b821b9120b3f9479fdbc637b6bf229eed0c91d108f68192b4be876e696,2024-04-30T13:11:16.690000
@ -251331,6 +251331,8 @@ CVE-2024-34129,0,0,d3dc43049d80f783794d9399825be80ea683040539452e8a7be93120bda8c
 CVE-2024-3413,0,0,8bf7e231eaef8a1fb270998ee982f12463c5a7d17ff17eb8735dbc8fc584bd57,2024-05-17T02:39:54.073000
 CVE-2024-34130,0,0,89584332f9dd3125064424fac4aabed722eb075df05ba25c9a02617aa8a6856c,2024-06-13T18:35:19.777000
 CVE-2024-3414,0,0,69231815197d8c759df4a79a39950c8d4f6258471ea32f1c29be1a7038b6ec47,2024-05-17T02:39:54.160000
+CVE-2024-34141,1,1,9349c88755a55bfc99e3c9d5d7bab8c900684df9c21d3a497a2767cd4d1cc6f9,2024-06-25T09:15:56.807000
+CVE-2024-34142,1,1,83181d63877d25698e74c438beea417f8ba42c60dbb9f319c96e2d17db1e92a4,2024-06-25T09:15:57.130000
 CVE-2024-34144,0,0,161e418bd2efea8731bcf0c84ef4939748aabfddbc9f310a20f204f2b5cb4158,2024-05-02T18:00:37.360000
 CVE-2024-34145,0,0,8976018515653d9edfc24ef743cee1c2f455c68450e5a16824609e8151c9f246,2024-05-02T18:00:37.360000
 CVE-2024-34146,0,0,57b55472d7ef8f36d24d72d33ce2a7a08770dabb111aaf45da4e0803162f240d,2024-05-02T18:00:37.360000
@ -252757,9 +252759,9 @@ CVE-2024-36481,0,0,6ec2572e4978fa540ba8e430693df93c6d8e466561b6c8823bd56108e65c4
 CVE-2024-36484,0,0,d8980b6175f97dcbe3120732bdd3f5c4554f0bf6402d98cdd4a7efe1e2dc7659,2024-06-21T11:22:01.687000
 CVE-2024-36489,0,0,706602251538409bdd6d4f26c7d5b5f5da3d2d56202958896118ef2720f4e680,2024-06-21T11:22:01.687000
 CVE-2024-3649,0,0,969867829e20da4acc88ade671a27808c021dddbe3e27e051d2004e683670e61,2024-05-02T18:00:37.360000
-CVE-2024-36495,0,1,8c9396310106fc0ed472fdfac70b04def80f0697a214373feab7064d38e55057,2024-06-25T06:15:10.057000
-CVE-2024-36496,0,1,96ab23d9f31071e7647863395db620479f7d27a83452811dca7994cfd61d5c7b,2024-06-25T06:15:11.413000
-CVE-2024-36497,0,1,737894768aed23bd88754653f442468575f9190f8878a367c837720ad55227e3,2024-06-25T06:15:11.513000
+CVE-2024-36495,0,0,8c9396310106fc0ed472fdfac70b04def80f0697a214373feab7064d38e55057,2024-06-25T06:15:10.057000
+CVE-2024-36496,0,0,96ab23d9f31071e7647863395db620479f7d27a83452811dca7994cfd61d5c7b,2024-06-25T06:15:11.413000
+CVE-2024-36497,0,0,737894768aed23bd88754653f442468575f9190f8878a367c837720ad55227e3,2024-06-25T06:15:11.513000
 CVE-2024-36499,0,0,077c5caf8d301ff2d1947e18a01670bc02e5c0dd9fda48352816e5be2251d0eb,2024-06-17T12:42:04.623000
 CVE-2024-3650,0,0,e078ac649d7d0d133fe9598e10336739bc9d365236ed72d408805e3868c3d439,2024-05-02T18:00:37.360000
 CVE-2024-36500,0,0,257fd399a14a7141c50c9e2046f94aaac781c0de172f7af5b46d8dab39ba2a83,2024-06-17T12:42:04.623000
@ -254152,6 +254154,7 @@ CVE-2024-4634,0,0,26305cc83de7193b57243a5cab6ca5caf74694a0d7bbca15218a554118aa8e
 CVE-2024-4635,0,0,39b2c6bf6977107b11329776563f920ebcfe13f250d063c0984d8282a28a8353,2024-05-16T13:03:05.353000
 CVE-2024-4636,0,0,408131d6e6f7a1de019141a0a08ced7ddc9316cec6084c2dbfd44b2d5b664bc5,2024-05-15T16:40:19.330000
 CVE-2024-4637,0,0,21c5b691b799fa0ad4b2a54783a02d470d1ce61487f2f97641252b6306511e58,2024-06-04T16:57:41.053000
+CVE-2024-4638,1,1,08167ff53b9f0160e5193543e64b1e71cd296bf83d39b069e11c32210db54019,2024-06-25T09:15:57.413000
 CVE-2024-4642,0,0,af413e9c39a7a95f4fad15629993388538023a0a54f7d3f1141388f9a4b404f9,2024-05-20T17:15:09.667000
 CVE-2024-4644,0,0,5d38890bfca86b13a178b6ea41ebf3343b04f0eb53943a12f40545b93c47b88a,2024-06-04T19:20:44.287000
 CVE-2024-4645,0,0,029fc657c20e99e63c4a0896df7eaed00c7e95079c841983238fcd27dbc9082f,2024-05-29T20:15:13.240000
@ -254246,8 +254249,8 @@ CVE-2024-4751,0,0,980cee331660133759599aaa98eeae384de48fe7bcc98af4a2333b20d054b0
 CVE-2024-4754,0,0,65f7d30a77e8c92b9ac1114b7ed7f43c32a5bfb34fe46cea0e558e1fff1e464e,2024-06-24T12:57:36.513000
 CVE-2024-4755,0,0,8a7a71d94c74cb52dec815eae51a85f655e8bbdb14fb2727ec4857b0eeba2dfa,2024-06-24T19:31:03.263000
 CVE-2024-4756,0,0,b303493fc627eee25a3b39c986ea25472e7aab1866612b83c9a7c14522d2c360,2024-06-07T14:56:05.647000
-CVE-2024-4757,1,1,2d1c6487a917e158e0e637b59ff980cbcc212e394af97bc36eb5b677c8976f96,2024-06-25T06:15:11.607000
-CVE-2024-4759,1,1,94225b96d30518a4c1d9570649f49c2780d23977da6226d597a2bf9c12876afa,2024-06-25T06:15:11.727000
+CVE-2024-4757,0,0,2d1c6487a917e158e0e637b59ff980cbcc212e394af97bc36eb5b677c8976f96,2024-06-25T06:15:11.607000
+CVE-2024-4759,0,0,94225b96d30518a4c1d9570649f49c2780d23977da6226d597a2bf9c12876afa,2024-06-25T06:15:11.727000
 CVE-2024-4760,0,0,8b9593f0d88cbd24a061db082c8cd5c20f19b8a61431542d1ce576639ef3bdc0,2024-05-16T15:44:44.683000
 CVE-2024-4761,0,0,1a5c101148c08794fbcc9293bdcf48ea45ef131413b853bd53bee7bfdc7d1522,2024-06-10T18:15:36.997000
 CVE-2024-4764,0,0,9a13ff0309ce1e5420716f8085db95df94fd2bab38dc643251ec74d75f275fe3,2024-05-14T19:17:55.627000
@ -254731,7 +254734,7 @@ CVE-2024-5425,0,0,198a56668ec12904be81f8cc7c88bdb7cf556c1b42bf2a53d8f10dc0d316d5
 CVE-2024-5426,0,0,463afa72e5ec754a0d270917d456b87514b8458a939d0b61aeddc71dea0e191e,2024-06-11T18:03:58.213000
 CVE-2024-5427,0,0,e86cc201b7d64d377c97e091606dc3804ebb54017d6aedd32a3c8a9e9f3ee33f,2024-05-31T13:01:46.727000
 CVE-2024-5428,0,0,febfd9b4f977de4c3dc04e5fc8e71b9454e3ad809e74595cd325ad9561a295a7,2024-05-28T14:59:09.827000
-CVE-2024-5431,1,1,07533879e44c238230f069ccf4c1897b3dc33c3a29a2e59b27b7195206b16efe,2024-06-25T06:15:11.800000
+CVE-2024-5431,0,0,07533879e44c238230f069ccf4c1897b3dc33c3a29a2e59b27b7195206b16efe,2024-06-25T06:15:11.800000
 CVE-2024-5432,0,0,ab9a775fb9b6438a5280e4ab8778e43fe4811f4ee641a114adeb9e5317236c9d,2024-06-20T12:43:25.663000
 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000
 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000
@ -254991,6 +254994,7 @@ CVE-2024-6014,0,0,6f42b027c41cbc2bef7f3eccd4ed3d2b0646bd4a1028da377690698f146442
 CVE-2024-6015,0,0,b5dd732698ac918c4f9a100a042e5587c72b21ba3272e6fc136fa01311e31fdc,2024-06-17T15:15:52.830000
 CVE-2024-6016,0,0,c54c9dea249da6152524c81283c2e2c500a502b8999814b114c6434b99c2c3ed,2024-06-17T14:15:12.487000
 CVE-2024-6027,0,0,b2fd57616c7b740fff1978bda2368fdc3959192a2c78f320629b1920784145fa,2024-06-24T19:17:50.240000
+CVE-2024-6028,1,1,a0bf8ff0724e360ddef8160bbcb8bc5f9abbbad84911b5bb364e1e4c3cf19c2b,2024-06-25T09:15:57.760000
 CVE-2024-6039,0,0,266923799676f8be01eee28d4a84714045ee9a927bc992eaf897cc5b748105d7,2024-06-17T14:15:12.620000
 CVE-2024-6041,0,0,a295768a83c71f46593370532a5a859cd3d130f4e3527299fc42bdf02397e4d4,2024-06-17T14:15:12.733000
 CVE-2024-6042,0,0,6d196e9da9a08d79a22225e118daa7f0e4c238306b694dbe66ba5d1dac9a15e7,2024-06-17T12:42:04.623000