From 29cd33cfa37803eedf660a9a36e4f52f450faf12 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 18 Jul 2024 10:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-07-18T10:00:18.038246+00:00 --- CVE-2024/CVE-2024-290xx/CVE-2024-29014.json | 33 ++++++++++++ CVE-2024/CVE-2024-32xx/CVE-2024-3242.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-407xx/CVE-2024-40764.json | 33 ++++++++++++ CVE-2024/CVE-2024-55xx/CVE-2024-5554.json | 52 ++++++++++++++++++ CVE-2024/CVE-2024-55xx/CVE-2024-5555.json | 52 ++++++++++++++++++ README.md | 15 +++--- _state.csv | 9 +++- 7 files changed, 246 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-290xx/CVE-2024-29014.json create mode 100644 CVE-2024/CVE-2024-32xx/CVE-2024-3242.json create mode 100644 CVE-2024/CVE-2024-407xx/CVE-2024-40764.json create mode 100644 CVE-2024/CVE-2024-55xx/CVE-2024-5554.json create mode 100644 CVE-2024/CVE-2024-55xx/CVE-2024-5555.json diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29014.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29014.json new file mode 100644 index 00000000000..8fd38254679 --- /dev/null +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29014.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-29014", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-07-18T08:15:02.173", + "lastModified": "2024-07-18T08:15:02.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3242.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3242.json new file mode 100644 index 00000000000..ada01b74f68 --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3242.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3242", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-18T09:15:02.337", + "lastModified": "2024-07-18T09:15:02.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40764.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40764.json new file mode 100644 index 00000000000..30dba6d838e --- /dev/null +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40764.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-40764", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-07-18T08:15:02.340", + "lastModified": "2024-07-18T08:15:02.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5554.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5554.json new file mode 100644 index 00000000000..ec22bb68b64 --- /dev/null +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5554.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-5554", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-18T09:15:02.740", + "lastModified": "2024-07-18T09:15:02.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018onclick_event\u2019 parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/5.6.4/modules/step-flow/widgets/step-flow.php#L2287", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3110404/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/696c379a-c5a4-489f-8363-8aea9a4da814?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5555.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5555.json new file mode 100644 index 00000000000..95b4bc6bf5b --- /dev/null +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5555.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-5555", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-18T09:15:02.980", + "lastModified": "2024-07-18T09:15:02.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018social-link-title\u2019 parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/member/widgets/member.php#L1273", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3096559/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a21cc4048a1..da48c0590df 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-18T08:00:18.706438+00:00 +2024-07-18T10:00:18.038246+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-18T07:15:02.070000+00:00 +2024-07-18T09:15:02.980000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257427 +257432 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -- [CVE-2024-41011](CVE-2024/CVE-2024-410xx/CVE-2024-41011.json) (`2024-07-18T07:15:02.070`) -- [CVE-2024-6164](CVE-2024/CVE-2024-61xx/CVE-2024-6164.json) (`2024-07-18T06:15:02.233`) +- [CVE-2024-29014](CVE-2024/CVE-2024-290xx/CVE-2024-29014.json) (`2024-07-18T08:15:02.173`) +- [CVE-2024-3242](CVE-2024/CVE-2024-32xx/CVE-2024-3242.json) (`2024-07-18T09:15:02.337`) +- [CVE-2024-40764](CVE-2024/CVE-2024-407xx/CVE-2024-40764.json) (`2024-07-18T08:15:02.340`) +- [CVE-2024-5554](CVE-2024/CVE-2024-55xx/CVE-2024-5554.json) (`2024-07-18T09:15:02.740`) +- [CVE-2024-5555](CVE-2024/CVE-2024-55xx/CVE-2024-5555.json) (`2024-07-18T09:15:02.980`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4171cca8c3f..955532c1f5a 100644 --- a/_state.csv +++ b/_state.csv @@ -248638,6 +248638,7 @@ CVE-2024-29010,0,0,a9ff9c65174c33f2e792fcb56ee4004994b28661d6208ebb1e88e717582f6 CVE-2024-29011,0,0,eb92887d9a2ecd248daea80b2641ebf2c57344e5f41ce9050910fcddaf740a0c,2024-05-01T19:50:25.633000 CVE-2024-29012,0,0,9854a7c749ef4b580fb184d07bfa61dd0b58798d25f74e88968772bdc7b97a82,2024-06-20T12:43:25.663000 CVE-2024-29013,0,0,484672126a29689243d7bf576a9922dde1cc94a163178a0a8a32a5a36268d182,2024-06-20T12:43:25.663000 +CVE-2024-29014,1,1,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000 CVE-2024-29018,0,0,0688752b1434844c55e6cd721e2221622ec0094595898dc16074b9d8a9b658da,2024-03-21T12:58:51.093000 CVE-2024-29019,0,0,ad22499f8dda93d004eb62f1b9a36df352f03e492a86d6142b84d27273c03d4d,2024-04-11T12:47:44.137000 CVE-2024-2902,0,0,8f66133d16da6ff672ed0ae058cb886f79d625c60e88da002b56c847ce98f5ef,2024-05-17T02:38:36.520000 @@ -250899,6 +250900,7 @@ CVE-2024-32407,0,0,fbfaf7068ca597095592e38589ff8309655659ac5408bc5050ead219b55bb CVE-2024-32409,0,0,cdbdcb7de47ba32c82cee0bb38b83e5519f96f658f96608562f1e326a9e11332,2024-07-03T01:56:34.063000 CVE-2024-3241,0,0,30b752b6ef5f38382b5d572e3de76b73f3f6fe3c9ee69699b564850e70a0c6b3,2024-05-14T19:17:55.627000 CVE-2024-32418,0,0,8172cdb05b747b2afd259a179cd5212ac2debbeaf77726c784f5b816cfdb0abc,2024-07-03T01:56:34.817000 +CVE-2024-3242,1,1,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000 CVE-2024-32428,0,0,e92a586d0042e2a50a8472dedb0e8a402fc021118b6e178b0be2f35b18ed1a72,2024-04-15T13:15:31.997000 CVE-2024-32429,0,0,08bf59fbf8ca8215ee905eedbc96639cdf782abe560db5472396d2a8508a1db9,2024-04-15T13:15:31.997000 CVE-2024-3243,0,0,b3be2b5736d16e5fdb86721d9ee927a8c62b47b675a9c47320a4673743e48844,2024-04-16T13:24:07.103000 @@ -255356,6 +255358,7 @@ CVE-2024-40741,0,0,ddd0ff9476ed1ff47a6c6ea90383139e3fceeb76685fa77b077d9f9786ebe CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000 +CVE-2024-40764,1,1,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000 CVE-2024-4078,0,0,4f6a573d2d42430a81000704c37318a2f1d7afadf71bcba45d97fec5f925233f,2024-05-16T13:03:05.353000 CVE-2024-4082,0,0,02264cef46dbd3bc30b90eb0e358643df5f32c233cd928965c67d2a95fa3306a,2024-05-14T16:11:39.510000 @@ -255484,7 +255487,7 @@ CVE-2024-41007,0,0,0f7451f1f6e903e68c19bb8e4507bcc8b91d7d8b575b739ec33e4181b2fd0 CVE-2024-41008,0,0,44accff6edd09848f65c4ea30c272c9f4e4cafd7e8013f5ed231ff575ad7b53e,2024-07-16T13:43:58.773000 CVE-2024-41009,0,0,1ef19d3a6350817f09e7f0a1cc785e4d5b3dd9bf898020c5ce3302bfe332d3bc,2024-07-17T13:34:20.520000 CVE-2024-41010,0,0,e1eb457aad4b0999b5327eed57f2f5880ca4c5305725bf0297fea34096691061,2024-07-17T13:34:20.520000 -CVE-2024-41011,1,1,068d54e950f076fa2cd407d43bce96f84782a2e7ad5e745ba2df25a6ad1cdb0e,2024-07-18T07:15:02.070000 +CVE-2024-41011,0,0,068d54e950f076fa2cd407d43bce96f84782a2e7ad5e745ba2df25a6ad1cdb0e,2024-07-18T07:15:02.070000 CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000 CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000 CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000 @@ -256719,6 +256722,8 @@ CVE-2024-5550,0,0,dab352871e5b1599db274fe7ee72f4ef4902afffcd5667b3ef675a3fe452e4 CVE-2024-5551,0,0,ca5e789273b5636b74263243545d1f65c528acd57d0658c81bfbbb492d45e594,2024-06-17T12:42:04.623000 CVE-2024-5552,0,0,7f73b574dd8e83d52dd7f28ecc579b960fbf7de562da98c7e63b5b8e0fd54be8,2024-06-07T14:56:05.647000 CVE-2024-5553,0,0,c4739ca4bfc71591786473d36aff26ccf561ba778e4c902dca863cedff7bba13,2024-06-13T18:36:09.013000 +CVE-2024-5554,1,1,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000 +CVE-2024-5555,1,1,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000 CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be50e,2024-06-13T18:36:09.010000 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000 @@ -257119,7 +257124,7 @@ CVE-2024-6160,0,0,ef1a3b3e7f3366ded429b369db1d335204ba1e5aa345b7b6a0087f8051f247 CVE-2024-6161,0,0,4874ef369326f57ebaead3e865a12df6057ceb7ec30e698c3deb9b52e2b10028,2024-07-09T18:19:14.047000 CVE-2024-6162,0,0,f5d2156bbca4d7bf9c6e06ba6e75479b3156c3c547f548b6a1945ea90ef00a3a,2024-06-20T16:07:50.417000 CVE-2024-6163,0,0,a7111efd9bbca18864edd7eac6469f395d4eb81bc59fa76c3e42cc0c59bc6e2c,2024-07-08T15:49:22.437000 -CVE-2024-6164,1,1,9565ec9e7412962a5117472b901c40763c42cf7938f39945b2f9a351cbb48549,2024-07-18T06:15:02.233000 +CVE-2024-6164,0,0,9565ec9e7412962a5117472b901c40763c42cf7938f39945b2f9a351cbb48549,2024-07-18T06:15:02.233000 CVE-2024-6166,0,0,c93093bf8454afe95675994fb929c06931906789a59088dfba4992e2491ed4c6,2024-07-12T14:23:53.600000 CVE-2024-6167,0,0,53411719c1d4f7c7e0b31dcbc40822727b85ab3cd28b45158c4db6b81cb57664,2024-07-09T18:19:14.047000 CVE-2024-6168,0,0,a9d8b124b0d612b4817eae957707544bf3f1e74cb49f5394cfd698c29b52bb54,2024-07-09T18:19:14.047000