admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-10T07:00:20.390029+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-10 07:03:43 +00:00
parent 8fe078f820
commit 34d21dfe13
7 changed files with 302 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2023/CVE-2023-69xx/CVE-2023-6947.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-6947",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-10T06:15:19.950",
"lastModified": "2024-12-10T06:15:19.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-25"
}
]
}
],
"references": [
{
"url": "https://github.com/fooplugins/foogallery/pull/263/commits/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68420c5a-4add-4597-bd2a-20dc831e81bd?source=cve",
"source": "security@wordfence.com"
}
]
}

21
CVE-2024/CVE-2024-107xx/CVE-2024-10708.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-10708",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-12-10T06:15:20.737",
"lastModified": "2024-12-10T06:15:20.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/",
"source": "contact@wpscan.com"
}
]
}

21
CVE-2024/CVE-2024-111xx/CVE-2024-11107.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-11107",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-12-10T06:15:20.883",
"lastModified": "2024-12-10T06:15:20.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/a89f1117-8df3-417b-b54f-6587545833ee/",
"source": "contact@wpscan.com"
}
]
}

72
CVE-2024/CVE-2024-112xx/CVE-2024-11205.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-11205",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-10T05:15:05.510",
"lastModified": "2024-12-10T05:15:05.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/includes/functions/checks.php#L191",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L148",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L92",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191229/wpforms-lite#file2128",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66898509-a93c-4dc3-bf01-1743daaa0ff1?source=cve",
"source": "security@wordfence.com"
}
]
}

112
CVE-2024/CVE-2024-215xx/CVE-2024-21542.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2024-21542",
"sourceIdentifier": "report@snyk.io",
"published": "2024-12-10T05:15:07.567",
"lastModified": "2024-12-10T05:15:07.567",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999",
"source": "report@snyk.io"
},
{
"url": "https://github.com/spotify/luigi/issues/3301",
"source": "report@snyk.io"
},
{
"url": "https://github.com/spotify/luigi/releases/tag/v3.6.0",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489",
"source": "report@snyk.io"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-10T05:00:26.603480+00:00
2024-12-10T07:00:20.390029+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-10T03:15:05.730000+00:00
2024-12-10T06:15:20.883000+00:00
```
### Last Data Feed Release
@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
272905
272910
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `5`
- [CVE-2024-37143](CVE-2024/CVE-2024-371xx/CVE-2024-37143.json) (`2024-12-10T03:15:05.573`)
- [CVE-2024-37144](CVE-2024/CVE-2024-371xx/CVE-2024-37144.json) (`2024-12-10T03:15:05.730`)
- [CVE-2023-6947](CVE-2023/CVE-2023-69xx/CVE-2023-6947.json) (`2024-12-10T06:15:19.950`)
- [CVE-2024-10708](CVE-2024/CVE-2024-107xx/CVE-2024-10708.json) (`2024-12-10T06:15:20.737`)
- [CVE-2024-11107](CVE-2024/CVE-2024-111xx/CVE-2024-11107.json) (`2024-12-10T06:15:20.883`)
- [CVE-2024-11205](CVE-2024/CVE-2024-112xx/CVE-2024-11205.json) (`2024-12-10T05:15:05.510`)
- [CVE-2024-21542](CVE-2024/CVE-2024-215xx/CVE-2024-21542.json) (`2024-12-10T05:15:07.567`)
### CVEs modified in the last Commit

9
_state.csv
View File

@ -241659,6 +241659,7 @@ CVE-2023-6943,0,0,089d337a8ecf415142a8459096aefe6b0ccb59116eef8afca750cc59e44d1b
CVE-2023-6944,0,0,df2b7229c517209019fce35466d5ffbbde525fb676023ff8b16393577f2b89f6,2024-11-21T08:44:53.520000
CVE-2023-6945,0,0,479c9fda5ccba9693dcf388278c19a19fda669c289a4366c0f6291cccf514bd4,2024-11-21T08:44:53.660000
CVE-2023-6946,0,0,d11da4da13dc038beb075b5af1213743f8b40d251e7b7ea3b52df4c6657ce74d,2024-11-21T08:44:53.810000
CVE-2023-6947,1,1,f9ceb9c69f9af7bc35cb22ae00cc89fe49c6a238e31c37cb849eeeceb76f4da3,2024-12-10T06:15:19.950000
CVE-2023-6948,0,0,fe5733c12b0ee41b32ac32792a9499fb1c2fbb29abf274a6083757f7f49e4eea,2024-11-21T08:44:53.957000
CVE-2023-6949,0,0,078850d39f1204331fbc98d392a0469ded8443843d8a5c473dc39bd1460bfcd6,2024-11-21T08:44:54.107000
CVE-2023-6950,0,0,abe9e2e0d7383949fcddc1e9a1bdb75c1a66b8207ce4e95629fab56a059c4d2f,2024-11-21T08:44:54.263000
@ -243426,6 +243427,7 @@ CVE-2024-10700,0,0,47463adc515feae701fdd6df43b426f169c9e406b10e3ad8dd4832a0c6070
CVE-2024-10701,0,0,641858d6153e165cc2c7dd6027743f3ae6b69eef2b92c96e3594e0be239333fa,2024-11-05T16:52:44.937000
CVE-2024-10702,0,0,694400dab46a9218fb3a1006ad113a17ad1c8c5f4f2232220945883eb4081eae,2024-11-05T16:52:11.193000
CVE-2024-10704,0,0,ba32dc9400bcf601c7de3ed1f96e389b9876b8709121dc8baeae8e0502050909,2024-11-29T15:15:15.777000
CVE-2024-10708,1,1,915fc94c6de0496c38791426a8b6a993429b200041b827298838cab8bee39149,2024-12-10T06:15:20.737000
CVE-2024-10709,0,0,41eadf98fd4f942149bd2d66f39b1d32e2fbc20d0415ec457a4d209de40f95b0,2024-11-25T21:15:08.837000
CVE-2024-1071,0,0,511789b6fa5ad5f82a1b86953aeffe2ca3b5c7e6b5a99f94e7636c9edfe8a8b3,2024-11-21T08:49:43.920000
CVE-2024-10710,0,0,e03984cb3009dc782d788c1b806be248c0ef7aa6de922ac24071c55d616e1630,2024-11-25T17:15:11.747000
@ -243733,6 +243735,7 @@ CVE-2024-11101,0,0,dd5f01c6c10626fada5843d26d25ecc9c303026b11e1f85af9563bdd8086a
CVE-2024-11102,0,0,ec70fa86628f0582db7e97e83cef58a9123c92079aa9ea3641e1de155f8fc492,2024-11-18T20:00:09.120000
CVE-2024-11103,0,0,525c56d7b3f8fec3123e98bad3867c199a9a90e84f6b6962f9d506a460e4664c,2024-11-28T10:15:06.197000
CVE-2024-11104,0,0,b75d8ded53ff668230e72c743fffcbea02289181c30609ae66856a5e9653031c,2024-11-22T06:15:19.093000
CVE-2024-11107,1,1,c5956665d8c7ce6fcd0a182467a15d9156b0276ffd181b7a1b3ebd79cb232eaf,2024-12-10T06:15:20.883000
CVE-2024-1111,0,0,1e2a4c53f023bbf8c3b556fe6d8a896ca169d10bbf6dcef8f8f730e5e086694a,2024-11-21T08:49:49.257000
CVE-2024-11110,0,0,d490bd60a369a1b46dbdb1050197f0676234294cb261b9f35d39066213c16bbc,2024-11-13T17:01:16.850000
CVE-2024-11111,0,0,da9ee8d75f19a39df28c4985a5537997054eaf20345ca454e34c488f64fe6a62,2024-11-13T17:01:16.850000
@ -243797,6 +243800,7 @@ CVE-2024-11201,0,0,2400a3fff7c4756286421f46f94ce219c368f9dae4da912926dc56c7db0d6
CVE-2024-11202,0,0,1c4fa16dc439f105ac28005f4d485fd2d81fcbfbfe746e38e05c1690388ba0cf,2024-11-26T08:15:03.710000
CVE-2024-11203,0,0,89d9b670ca6e709dbc000e307eb68d5ac4e965c1f4c84f129e9430d049a2c78f,2024-11-28T09:15:04.007000
CVE-2024-11204,0,0,1b902872d8d56ac838bb30e32deaa2c5385b128a323037f02bc4a73a9bc76977,2024-12-06T09:15:05.667000
CVE-2024-11205,1,1,d46b7e976805c156b42bb00f93b285a4c7f33ed907e6a277b077e49fc4a8600b,2024-12-10T05:15:05.510000
CVE-2024-11206,0,0,6963a23aa18d59f7f19667610c66a14f0573301879dfe182d608b9677a2a6c4e,2024-11-15T13:58:08.913000
CVE-2024-11207,0,0,d5124d43b027ffc76512a295e16e94e98be02da33ee04487c126007b70c98e32,2024-11-15T13:58:08.913000
CVE-2024-11208,0,0,1f38b0ac0ea75542119613bff44f8a5a87d53bc938d1d19c87e8fa8f533ca20f,2024-11-19T19:38:51.637000
@ -246505,6 +246509,7 @@ CVE-2024-21539,0,0,5b71b48f136ea0a133f42f5e9ff41239f19728230b6ea876d025e715b63e9
CVE-2024-2154,0,0,0457c00e24736b547ac4f7f247e75fccaa09d13ea0de83ed7c8761e6cfd867ea,2024-11-21T09:09:08.927000
CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000
CVE-2024-21541,0,0,5334d81827b035e812e898c211255fb4104fa0827d052caba8f8153293e7f7ad,2024-11-19T16:20:37.887000
CVE-2024-21542,1,1,71d7ac2f297762d496c833f12b77f71c133bcff4cded6f12936512da06dfadcb,2024-12-10T05:15:07.567000
CVE-2024-21545,0,0,12417d057214273e4a76243ffeaf97d513746844d668a1420616fa022f5af746,2024-09-26T13:32:02.803000
CVE-2024-2155,0,0,1def2d989b10107bcc4deca9404884628c1ba17bdc1993a4df13bb309b4ac8eb,2024-11-21T09:09:09.070000
CVE-2024-21550,0,0,6b574e14ae55a92be9fd93a1bb9ebb56cb79876aa6e47f41fbbb48bbd5163e82,2024-08-13T17:33:13.537000
@ -258035,8 +258040,8 @@ CVE-2024-3714,0,0,f676f6aa3ea80163642b838ffc97366c6fd524d90413d89a27ae0fc5ef93d7
CVE-2024-37140,0,0,e700dd8384686d59dc63698202c3202f899bcb254f2d0eb9c74ca4033afecdba,2024-11-21T09:23:17.183000
CVE-2024-37141,0,0,ae07fdaf87c77dab376805804e1ae07d27c9caece9a648abb6d885d50da32cfd,2024-11-21T09:23:17.330000
CVE-2024-37142,0,0,ddd4b85467c476513b25ea1c7c51f99cf08d5897ed43ab32a6a1b6b42be3ce3f,2024-08-08T21:17:18.647000
CVE-2024-37143,1,1,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000
CVE-2024-37144,1,1,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000
CVE-2024-37143,0,0,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000
CVE-2024-37144,0,0,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000
CVE-2024-37145,0,0,603e250630d8db36a65f2b32fc29bd909465783da4a4b9d605a69590653a4715,2024-11-21T09:23:17.597000
CVE-2024-37146,0,0,e821fd740200ae8a142c50ef5c7f6d74765fdc916fffef75517e92f79dcfc790,2024-11-21T09:23:17.743000
CVE-2024-37147,0,0,e8fb4db1994b2c8bec137eabef82837caa49013082af624f15b2d9e32283c316,2024-11-21T09:23:17.880000

Can't render this file because it is too large.