From 34d21dfe13b5758692bf65884cc1e59c2ae3d9c4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 10 Dec 2024 07:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-12-10T07:00:20.390029+00:00 --- CVE-2023/CVE-2023-69xx/CVE-2023-6947.json | 60 +++++++++++ CVE-2024/CVE-2024-107xx/CVE-2024-10708.json | 21 ++++ CVE-2024/CVE-2024-111xx/CVE-2024-11107.json | 21 ++++ CVE-2024/CVE-2024-112xx/CVE-2024-11205.json | 72 +++++++++++++ CVE-2024/CVE-2024-215xx/CVE-2024-21542.json | 112 ++++++++++++++++++++ README.md | 15 +-- _state.csv | 9 +- 7 files changed, 302 insertions(+), 8 deletions(-) create mode 100644 CVE-2023/CVE-2023-69xx/CVE-2023-6947.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10708.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11107.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11205.json create mode 100644 CVE-2024/CVE-2024-215xx/CVE-2024-21542.json diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6947.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6947.json new file mode 100644 index 00000000000..3d2021d36bb --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6947.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-6947", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-10T06:15:19.950", + "lastModified": "2024-12-10T06:15:19.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-25" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fooplugins/foogallery/pull/263/commits/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68420c5a-4add-4597-bd2a-20dc831e81bd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10708.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10708.json new file mode 100644 index 00000000000..a130f8308cc --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10708.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10708", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-10T06:15:20.737", + "lastModified": "2024-12-10T06:15:20.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11107.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11107.json new file mode 100644 index 00000000000..288987e9f7f --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11107.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-11107", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-10T06:15:20.883", + "lastModified": "2024-12-10T06:15:20.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/a89f1117-8df3-417b-b54f-6587545833ee/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11205.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11205.json new file mode 100644 index 00000000000..345923ba0cd --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11205.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-11205", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-10T05:15:05.510", + "lastModified": "2024-12-10T05:15:05.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/includes/functions/checks.php#L191", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L148", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L92", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3191229/wpforms-lite#file2128", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66898509-a93c-4dc3-bf01-1743daaa0ff1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21542.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21542.json new file mode 100644 index 00000000000..8023b2513b1 --- /dev/null +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21542.json @@ -0,0 +1,112 @@ +{ + "id": "CVE-2024-21542", + "sourceIdentifier": "report@snyk.io", + "published": "2024-12-10T05:15:07.567", + "lastModified": "2024-12-10T05:15:07.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-29" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/spotify/luigi/issues/3301", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/spotify/luigi/releases/tag/v3.6.0", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0d62b643464..b0c9c283222 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-10T05:00:26.603480+00:00 +2024-12-10T07:00:20.390029+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-10T03:15:05.730000+00:00 +2024-12-10T06:15:20.883000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -272905 +272910 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -- [CVE-2024-37143](CVE-2024/CVE-2024-371xx/CVE-2024-37143.json) (`2024-12-10T03:15:05.573`) -- [CVE-2024-37144](CVE-2024/CVE-2024-371xx/CVE-2024-37144.json) (`2024-12-10T03:15:05.730`) +- [CVE-2023-6947](CVE-2023/CVE-2023-69xx/CVE-2023-6947.json) (`2024-12-10T06:15:19.950`) +- [CVE-2024-10708](CVE-2024/CVE-2024-107xx/CVE-2024-10708.json) (`2024-12-10T06:15:20.737`) +- [CVE-2024-11107](CVE-2024/CVE-2024-111xx/CVE-2024-11107.json) (`2024-12-10T06:15:20.883`) +- [CVE-2024-11205](CVE-2024/CVE-2024-112xx/CVE-2024-11205.json) (`2024-12-10T05:15:05.510`) +- [CVE-2024-21542](CVE-2024/CVE-2024-215xx/CVE-2024-21542.json) (`2024-12-10T05:15:07.567`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 82720ad868b..e56c14dc053 100644 --- a/_state.csv +++ b/_state.csv @@ -241659,6 +241659,7 @@ CVE-2023-6943,0,0,089d337a8ecf415142a8459096aefe6b0ccb59116eef8afca750cc59e44d1b CVE-2023-6944,0,0,df2b7229c517209019fce35466d5ffbbde525fb676023ff8b16393577f2b89f6,2024-11-21T08:44:53.520000 CVE-2023-6945,0,0,479c9fda5ccba9693dcf388278c19a19fda669c289a4366c0f6291cccf514bd4,2024-11-21T08:44:53.660000 CVE-2023-6946,0,0,d11da4da13dc038beb075b5af1213743f8b40d251e7b7ea3b52df4c6657ce74d,2024-11-21T08:44:53.810000 +CVE-2023-6947,1,1,f9ceb9c69f9af7bc35cb22ae00cc89fe49c6a238e31c37cb849eeeceb76f4da3,2024-12-10T06:15:19.950000 CVE-2023-6948,0,0,fe5733c12b0ee41b32ac32792a9499fb1c2fbb29abf274a6083757f7f49e4eea,2024-11-21T08:44:53.957000 CVE-2023-6949,0,0,078850d39f1204331fbc98d392a0469ded8443843d8a5c473dc39bd1460bfcd6,2024-11-21T08:44:54.107000 CVE-2023-6950,0,0,abe9e2e0d7383949fcddc1e9a1bdb75c1a66b8207ce4e95629fab56a059c4d2f,2024-11-21T08:44:54.263000 @@ -243426,6 +243427,7 @@ CVE-2024-10700,0,0,47463adc515feae701fdd6df43b426f169c9e406b10e3ad8dd4832a0c6070 CVE-2024-10701,0,0,641858d6153e165cc2c7dd6027743f3ae6b69eef2b92c96e3594e0be239333fa,2024-11-05T16:52:44.937000 CVE-2024-10702,0,0,694400dab46a9218fb3a1006ad113a17ad1c8c5f4f2232220945883eb4081eae,2024-11-05T16:52:11.193000 CVE-2024-10704,0,0,ba32dc9400bcf601c7de3ed1f96e389b9876b8709121dc8baeae8e0502050909,2024-11-29T15:15:15.777000 +CVE-2024-10708,1,1,915fc94c6de0496c38791426a8b6a993429b200041b827298838cab8bee39149,2024-12-10T06:15:20.737000 CVE-2024-10709,0,0,41eadf98fd4f942149bd2d66f39b1d32e2fbc20d0415ec457a4d209de40f95b0,2024-11-25T21:15:08.837000 CVE-2024-1071,0,0,511789b6fa5ad5f82a1b86953aeffe2ca3b5c7e6b5a99f94e7636c9edfe8a8b3,2024-11-21T08:49:43.920000 CVE-2024-10710,0,0,e03984cb3009dc782d788c1b806be248c0ef7aa6de922ac24071c55d616e1630,2024-11-25T17:15:11.747000 @@ -243733,6 +243735,7 @@ CVE-2024-11101,0,0,dd5f01c6c10626fada5843d26d25ecc9c303026b11e1f85af9563bdd8086a CVE-2024-11102,0,0,ec70fa86628f0582db7e97e83cef58a9123c92079aa9ea3641e1de155f8fc492,2024-11-18T20:00:09.120000 CVE-2024-11103,0,0,525c56d7b3f8fec3123e98bad3867c199a9a90e84f6b6962f9d506a460e4664c,2024-11-28T10:15:06.197000 CVE-2024-11104,0,0,b75d8ded53ff668230e72c743fffcbea02289181c30609ae66856a5e9653031c,2024-11-22T06:15:19.093000 +CVE-2024-11107,1,1,c5956665d8c7ce6fcd0a182467a15d9156b0276ffd181b7a1b3ebd79cb232eaf,2024-12-10T06:15:20.883000 CVE-2024-1111,0,0,1e2a4c53f023bbf8c3b556fe6d8a896ca169d10bbf6dcef8f8f730e5e086694a,2024-11-21T08:49:49.257000 CVE-2024-11110,0,0,d490bd60a369a1b46dbdb1050197f0676234294cb261b9f35d39066213c16bbc,2024-11-13T17:01:16.850000 CVE-2024-11111,0,0,da9ee8d75f19a39df28c4985a5537997054eaf20345ca454e34c488f64fe6a62,2024-11-13T17:01:16.850000 @@ -243797,6 +243800,7 @@ CVE-2024-11201,0,0,2400a3fff7c4756286421f46f94ce219c368f9dae4da912926dc56c7db0d6 CVE-2024-11202,0,0,1c4fa16dc439f105ac28005f4d485fd2d81fcbfbfe746e38e05c1690388ba0cf,2024-11-26T08:15:03.710000 CVE-2024-11203,0,0,89d9b670ca6e709dbc000e307eb68d5ac4e965c1f4c84f129e9430d049a2c78f,2024-11-28T09:15:04.007000 CVE-2024-11204,0,0,1b902872d8d56ac838bb30e32deaa2c5385b128a323037f02bc4a73a9bc76977,2024-12-06T09:15:05.667000 +CVE-2024-11205,1,1,d46b7e976805c156b42bb00f93b285a4c7f33ed907e6a277b077e49fc4a8600b,2024-12-10T05:15:05.510000 CVE-2024-11206,0,0,6963a23aa18d59f7f19667610c66a14f0573301879dfe182d608b9677a2a6c4e,2024-11-15T13:58:08.913000 CVE-2024-11207,0,0,d5124d43b027ffc76512a295e16e94e98be02da33ee04487c126007b70c98e32,2024-11-15T13:58:08.913000 CVE-2024-11208,0,0,1f38b0ac0ea75542119613bff44f8a5a87d53bc938d1d19c87e8fa8f533ca20f,2024-11-19T19:38:51.637000 @@ -246505,6 +246509,7 @@ CVE-2024-21539,0,0,5b71b48f136ea0a133f42f5e9ff41239f19728230b6ea876d025e715b63e9 CVE-2024-2154,0,0,0457c00e24736b547ac4f7f247e75fccaa09d13ea0de83ed7c8761e6cfd867ea,2024-11-21T09:09:08.927000 CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000 CVE-2024-21541,0,0,5334d81827b035e812e898c211255fb4104fa0827d052caba8f8153293e7f7ad,2024-11-19T16:20:37.887000 +CVE-2024-21542,1,1,71d7ac2f297762d496c833f12b77f71c133bcff4cded6f12936512da06dfadcb,2024-12-10T05:15:07.567000 CVE-2024-21545,0,0,12417d057214273e4a76243ffeaf97d513746844d668a1420616fa022f5af746,2024-09-26T13:32:02.803000 CVE-2024-2155,0,0,1def2d989b10107bcc4deca9404884628c1ba17bdc1993a4df13bb309b4ac8eb,2024-11-21T09:09:09.070000 CVE-2024-21550,0,0,6b574e14ae55a92be9fd93a1bb9ebb56cb79876aa6e47f41fbbb48bbd5163e82,2024-08-13T17:33:13.537000 @@ -258035,8 +258040,8 @@ CVE-2024-3714,0,0,f676f6aa3ea80163642b838ffc97366c6fd524d90413d89a27ae0fc5ef93d7 CVE-2024-37140,0,0,e700dd8384686d59dc63698202c3202f899bcb254f2d0eb9c74ca4033afecdba,2024-11-21T09:23:17.183000 CVE-2024-37141,0,0,ae07fdaf87c77dab376805804e1ae07d27c9caece9a648abb6d885d50da32cfd,2024-11-21T09:23:17.330000 CVE-2024-37142,0,0,ddd4b85467c476513b25ea1c7c51f99cf08d5897ed43ab32a6a1b6b42be3ce3f,2024-08-08T21:17:18.647000 -CVE-2024-37143,1,1,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000 -CVE-2024-37144,1,1,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000 +CVE-2024-37143,0,0,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000 +CVE-2024-37144,0,0,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000 CVE-2024-37145,0,0,603e250630d8db36a65f2b32fc29bd909465783da4a4b9d605a69590653a4715,2024-11-21T09:23:17.597000 CVE-2024-37146,0,0,e821fd740200ae8a142c50ef5c7f6d74765fdc916fffef75517e92f79dcfc790,2024-11-21T09:23:17.743000 CVE-2024-37147,0,0,e8fb4db1994b2c8bec137eabef82837caa49013082af624f15b2d9e32283c316,2024-11-21T09:23:17.880000