Auto-Update: 2024-03-01T11:00:24.301840+00:00

CVE-2024/CVE-2024-06xx/CVE-2024-0692.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0692",
+  "sourceIdentifier": "psirt@solarwinds.com",
+  "published": "2024-03-01T09:15:09.600",
+  "lastModified": "2024-03-01T09:15:09.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds\u2019 service, resulting in remote code execution."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@solarwinds.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@solarwinds.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm",
+      "source": "psirt@solarwinds.com"
+    },
+    {
+      "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692",
+      "source": "psirt@solarwinds.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-11xx/CVE-2024-1120.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1120",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-03-01T10:15:07.173",
+  "lastModified": "2024-03-01T10:15:07.173",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The NextMove Lite \u2013 Thank You Page for WooCommerce and Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-250xx/CVE-2024-25091.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25091",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-03-01T09:15:09.820",
+  "lastModified": "2024-03-01T09:15:09.820",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature).  If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jscom.jp/news-20240229/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN35928117/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-259xx/CVE-2024-25972.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-25972",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-03-01T10:15:07.413",
+  "lastModified": "2024-03-01T10:15:07.413",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN77203800/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.atsumi.co.jp/info-20240229.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.atsumi.co.jp/pdf/oet-213h-bts1.pdf",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-01T09:00:30.039604+00:00
+2024-03-01T11:00:24.301840+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-01T08:15:38.437000+00:00
+2024-03-01T10:15:07.413000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,27 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-240178
+240182
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `7`
+Recently added CVEs: `4`
 
-* [CVE-2023-52555](CVE-2023/CVE-2023-525xx/CVE-2023-52555.json) (`2024-03-01T08:15:37.290`)
-* [CVE-2024-1859](CVE-2024/CVE-2024-18xx/CVE-2024-1859.json) (`2024-03-01T07:15:06.133`)
-* [CVE-2024-25552](CVE-2024/CVE-2024-255xx/CVE-2024-25552.json) (`2024-03-01T08:15:37.660`)
-* [CVE-2024-25553](CVE-2024/CVE-2024-255xx/CVE-2024-25553.json) (`2024-03-01T08:15:37.950`)
-* [CVE-2024-25554](CVE-2024/CVE-2024-255xx/CVE-2024-25554.json) (`2024-03-01T08:15:38.107`)
-* [CVE-2024-27949](CVE-2024/CVE-2024-279xx/CVE-2024-27949.json) (`2024-03-01T08:15:38.153`)
-* [CVE-2024-27950](CVE-2024/CVE-2024-279xx/CVE-2024-27950.json) (`2024-03-01T08:15:38.437`)
+* [CVE-2024-0692](CVE-2024/CVE-2024-06xx/CVE-2024-0692.json) (`2024-03-01T09:15:09.600`)
+* [CVE-2024-25091](CVE-2024/CVE-2024-250xx/CVE-2024-25091.json) (`2024-03-01T09:15:09.820`)
+* [CVE-2024-1120](CVE-2024/CVE-2024-11xx/CVE-2024-1120.json) (`2024-03-01T10:15:07.173`)
+* [CVE-2024-25972](CVE-2024/CVE-2024-259xx/CVE-2024-25972.json) (`2024-03-01T10:15:07.413`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-* [CVE-2024-23742](CVE-2024/CVE-2024-237xx/CVE-2024-23742.json) (`2024-03-01T08:15:37.507`)
 
 
 ## Download and Usage