Auto-Update: 2024-07-18T10:00:18.038246+00:00

2025-07-09 16:05:11 +00:00 · 2024-07-18 10:03:12 +00:00 · 2024-07-18 10:03:12 +00:00 · 29cd33cfa3
commit 29cd33cfa3
parent d71af2449c
7 changed files with 246 additions and 8 deletions
--- a/CVE-2024/CVE-2024-290xx/CVE-2024-29014.json
+++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29014.json
@ -0,0 +1,33 @@
 {
  "id": "CVE-2024-29014",
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "published": "2024-07-18T08:15:02.173",
  "lastModified": "2024-07-18T08:15:02.173",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update."
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "PSIRT@sonicwall.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011",
      "source": "PSIRT@sonicwall.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-32xx/CVE-2024-3242.json
+++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3242.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-3242",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-07-18T09:15:02.337",
  "lastModified": "2024-07-18T09:15:02.337",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-407xx/CVE-2024-40764.json
+++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40764.json
@ -0,0 +1,33 @@
 {
  "id": "CVE-2024-40764",
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "published": "2024-07-18T08:15:02.340",
  "lastModified": "2024-07-18T08:15:02.340",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)."
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "PSIRT@sonicwall.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012",
      "source": "PSIRT@sonicwall.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-55xx/CVE-2024-5554.json
+++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5554.json
@ -0,0 +1,52 @@
 {
  "id": "CVE-2024-5554",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-07-18T09:15:02.740",
  "lastModified": "2024-07-18T09:15:02.740",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018onclick_event\u2019 parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/5.6.4/modules/step-flow/widgets/step-flow.php#L2287",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3110404/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/696c379a-c5a4-489f-8363-8aea9a4da814?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-55xx/CVE-2024-5555.json
+++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5555.json
@ -0,0 +1,52 @@
 {
  "id": "CVE-2024-5555",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-07-18T09:15:02.980",
  "lastModified": "2024-07-18T09:15:02.980",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018social-link-title\u2019 parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/member/widgets/member.php#L1273",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3096559/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-07-18T08:00:18.706438+00:00
+2024-07-18T10:00:18.038246+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-07-18T07:15:02.070000+00:00
+2024-07-18T09:15:02.980000+00:00
 ```
 ### Last Data Feed Release
@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-257427
+257432
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `5`
- [CVE-2024-41011](CVE-2024/CVE-2024-410xx/CVE-2024-41011.json) (`2024-07-18T07:15:02.070`)
+- [CVE-2024-29014](CVE-2024/CVE-2024-290xx/CVE-2024-29014.json) (`2024-07-18T08:15:02.173`)
- [CVE-2024-6164](CVE-2024/CVE-2024-61xx/CVE-2024-6164.json) (`2024-07-18T06:15:02.233`)
+- [CVE-2024-3242](CVE-2024/CVE-2024-32xx/CVE-2024-3242.json) (`2024-07-18T09:15:02.337`)
 - [CVE-2024-40764](CVE-2024/CVE-2024-407xx/CVE-2024-40764.json) (`2024-07-18T08:15:02.340`)
 - [CVE-2024-5554](CVE-2024/CVE-2024-55xx/CVE-2024-5554.json) (`2024-07-18T09:15:02.740`)
 - [CVE-2024-5555](CVE-2024/CVE-2024-55xx/CVE-2024-5555.json) (`2024-07-18T09:15:02.980`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -248638,6 +248638,7 @@ CVE-2024-29010,0,0,a9ff9c65174c33f2e792fcb56ee4004994b28661d6208ebb1e88e717582f6
 CVE-2024-29011,0,0,eb92887d9a2ecd248daea80b2641ebf2c57344e5f41ce9050910fcddaf740a0c,2024-05-01T19:50:25.633000
 CVE-2024-29012,0,0,9854a7c749ef4b580fb184d07bfa61dd0b58798d25f74e88968772bdc7b97a82,2024-06-20T12:43:25.663000
 CVE-2024-29013,0,0,484672126a29689243d7bf576a9922dde1cc94a163178a0a8a32a5a36268d182,2024-06-20T12:43:25.663000
 CVE-2024-29014,1,1,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000
 CVE-2024-29018,0,0,0688752b1434844c55e6cd721e2221622ec0094595898dc16074b9d8a9b658da,2024-03-21T12:58:51.093000
 CVE-2024-29019,0,0,ad22499f8dda93d004eb62f1b9a36df352f03e492a86d6142b84d27273c03d4d,2024-04-11T12:47:44.137000
 CVE-2024-2902,0,0,8f66133d16da6ff672ed0ae058cb886f79d625c60e88da002b56c847ce98f5ef,2024-05-17T02:38:36.520000
@ -250899,6 +250900,7 @@ CVE-2024-32407,0,0,fbfaf7068ca597095592e38589ff8309655659ac5408bc5050ead219b55bb
 CVE-2024-32409,0,0,cdbdcb7de47ba32c82cee0bb38b83e5519f96f658f96608562f1e326a9e11332,2024-07-03T01:56:34.063000
 CVE-2024-3241,0,0,30b752b6ef5f38382b5d572e3de76b73f3f6fe3c9ee69699b564850e70a0c6b3,2024-05-14T19:17:55.627000
 CVE-2024-32418,0,0,8172cdb05b747b2afd259a179cd5212ac2debbeaf77726c784f5b816cfdb0abc,2024-07-03T01:56:34.817000
 CVE-2024-3242,1,1,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000
 CVE-2024-32428,0,0,e92a586d0042e2a50a8472dedb0e8a402fc021118b6e178b0be2f35b18ed1a72,2024-04-15T13:15:31.997000
 CVE-2024-32429,0,0,08bf59fbf8ca8215ee905eedbc96639cdf782abe560db5472396d2a8508a1db9,2024-04-15T13:15:31.997000
 CVE-2024-3243,0,0,b3be2b5736d16e5fdb86721d9ee927a8c62b47b675a9c47320a4673743e48844,2024-04-16T13:24:07.103000
@ -255356,6 +255358,7 @@ CVE-2024-40741,0,0,ddd0ff9476ed1ff47a6c6ea90383139e3fceeb76685fa77b077d9f9786ebe
 CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000
 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000
 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000
 CVE-2024-40764,1,1,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000
 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000
 CVE-2024-4078,0,0,4f6a573d2d42430a81000704c37318a2f1d7afadf71bcba45d97fec5f925233f,2024-05-16T13:03:05.353000
 CVE-2024-4082,0,0,02264cef46dbd3bc30b90eb0e358643df5f32c233cd928965c67d2a95fa3306a,2024-05-14T16:11:39.510000
@ -255484,7 +255487,7 @@ CVE-2024-41007,0,0,0f7451f1f6e903e68c19bb8e4507bcc8b91d7d8b575b739ec33e4181b2fd0
 CVE-2024-41008,0,0,44accff6edd09848f65c4ea30c272c9f4e4cafd7e8013f5ed231ff575ad7b53e,2024-07-16T13:43:58.773000
 CVE-2024-41009,0,0,1ef19d3a6350817f09e7f0a1cc785e4d5b3dd9bf898020c5ce3302bfe332d3bc,2024-07-17T13:34:20.520000
 CVE-2024-41010,0,0,e1eb457aad4b0999b5327eed57f2f5880ca4c5305725bf0297fea34096691061,2024-07-17T13:34:20.520000
-CVE-2024-41011,1,1,068d54e950f076fa2cd407d43bce96f84782a2e7ad5e745ba2df25a6ad1cdb0e,2024-07-18T07:15:02.070000
+CVE-2024-41011,0,0,068d54e950f076fa2cd407d43bce96f84782a2e7ad5e745ba2df25a6ad1cdb0e,2024-07-18T07:15:02.070000
 CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000
 CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000
 CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000
@ -256719,6 +256722,8 @@ CVE-2024-5550,0,0,dab352871e5b1599db274fe7ee72f4ef4902afffcd5667b3ef675a3fe452e4
 CVE-2024-5551,0,0,ca5e789273b5636b74263243545d1f65c528acd57d0658c81bfbbb492d45e594,2024-06-17T12:42:04.623000
 CVE-2024-5552,0,0,7f73b574dd8e83d52dd7f28ecc579b960fbf7de562da98c7e63b5b8e0fd54be8,2024-06-07T14:56:05.647000
 CVE-2024-5553,0,0,c4739ca4bfc71591786473d36aff26ccf561ba778e4c902dca863cedff7bba13,2024-06-13T18:36:09.013000
 CVE-2024-5554,1,1,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000
 CVE-2024-5555,1,1,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000
 CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be50e,2024-06-13T18:36:09.010000
 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000
 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000
@ -257119,7 +257124,7 @@ CVE-2024-6160,0,0,ef1a3b3e7f3366ded429b369db1d335204ba1e5aa345b7b6a0087f8051f247
 CVE-2024-6161,0,0,4874ef369326f57ebaead3e865a12df6057ceb7ec30e698c3deb9b52e2b10028,2024-07-09T18:19:14.047000
 CVE-2024-6162,0,0,f5d2156bbca4d7bf9c6e06ba6e75479b3156c3c547f548b6a1945ea90ef00a3a,2024-06-20T16:07:50.417000
 CVE-2024-6163,0,0,a7111efd9bbca18864edd7eac6469f395d4eb81bc59fa76c3e42cc0c59bc6e2c,2024-07-08T15:49:22.437000
-CVE-2024-6164,1,1,9565ec9e7412962a5117472b901c40763c42cf7938f39945b2f9a351cbb48549,2024-07-18T06:15:02.233000
+CVE-2024-6164,0,0,9565ec9e7412962a5117472b901c40763c42cf7938f39945b2f9a351cbb48549,2024-07-18T06:15:02.233000
 CVE-2024-6166,0,0,c93093bf8454afe95675994fb929c06931906789a59088dfba4992e2491ed4c6,2024-07-12T14:23:53.600000
 CVE-2024-6167,0,0,53411719c1d4f7c7e0b31dcbc40822727b85ab3cd28b45158c4db6b81cb57664,2024-07-09T18:19:14.047000
 CVE-2024-6168,0,0,a9d8b124b0d612b4817eae957707544bf3f1e74cb49f5394cfd698c29b52bb54,2024-07-09T18:19:14.047000