Auto-Update: 2024-03-01T09:00:30.039604+00:00

2025-05-30 10:10:41 +00:00 · 2024-03-01 09:00:33 +00:00 · 2024-03-01 09:00:33 +00:00 · 39804e6883
commit 39804e6883
parent b9f38cb9d3
9 changed files with 277 additions and 13 deletions
--- a/CVE-2023/CVE-2023-525xx/CVE-2023-52555.json
+++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52555.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-52555",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-01T08:15:37.290",
+  "lastModified": "2024-03-01T08:15:37.290",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/mongo-express/mongo-express/issues/1338",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-18xx/CVE-2024-1859.json
+++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1859.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1859",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-03-01T07:15:06.133",
+  "lastModified": "2024-03-01T07:15:06.133",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json
+++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-23742",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-28T03:15:08.390",
-  "lastModified": "2024-02-16T16:15:58.047",
+  "lastModified": "2024-03-01T08:15:37.507",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
+      "value": "An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-255xx/CVE-2024-25552.json
+++ b/CVE-2024/CVE-2024-255xx/CVE-2024-25552.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25552",
+  "sourceIdentifier": "info@cert.vde.com",
+  "published": "2024-03-01T08:15:37.660",
+  "lastModified": "2024-03-01T08:15:37.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@cert.vde.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@cert.vde.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-428"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.vde.com/en/advisories/VDE-2024-018",
+      "source": "info@cert.vde.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-255xx/CVE-2024-25553.json
+++ b/CVE-2024/CVE-2024-255xx/CVE-2024-25553.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-25553",
+  "sourceIdentifier": "info@cert.vde.com",
+  "published": "2024-03-01T08:15:37.950",
+  "lastModified": "2024-03-01T08:15:37.950",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-255xx/CVE-2024-25554.json
+++ b/CVE-2024/CVE-2024-255xx/CVE-2024-25554.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-25554",
+  "sourceIdentifier": "info@cert.vde.com",
+  "published": "2024-03-01T08:15:38.107",
+  "lastModified": "2024-03-01T08:15:38.107",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-279xx/CVE-2024-27949.json
+++ b/CVE-2024/CVE-2024-279xx/CVE-2024-27949.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-27949",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-03-01T08:15:38.153",
+  "lastModified": "2024-03-01T08:15:38.153",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN \u2013 Sirv.This issue affects Image Optimizer, Resizer and CDN \u2013 Sirv: from n/a through 7.2.0.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-279xx/CVE-2024-27950.json
+++ b/CVE-2024/CVE-2024-279xx/CVE-2024-27950.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-27950",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-03-01T08:15:38.437",
+  "lastModified": "2024-03-01T08:15:38.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN \u2013 Sirv.This issue affects Image Optimizer, Resizer and CDN \u2013 Sirv: from n/a through 7.2.0.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-broken-access-control-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-01T07:00:25.595145+00:00
+2024-03-01T09:00:30.039604+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-01T06:15:48.390000+00:00
+2024-03-01T08:15:38.437000+00:00
 ```

 ### Last Data Feed Release
@ -29,25 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-240171
+240178
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `7`

-* [CVE-2024-22891](CVE-2024/CVE-2024-228xx/CVE-2024-22891.json) (`2024-03-01T06:15:48.280`)
-* [CVE-2024-25293](CVE-2024/CVE-2024-252xx/CVE-2024-25293.json) (`2024-03-01T06:15:48.347`)
-* [CVE-2024-25386](CVE-2024/CVE-2024-253xx/CVE-2024-25386.json) (`2024-03-01T06:15:48.390`)
+* [CVE-2023-52555](CVE-2023/CVE-2023-525xx/CVE-2023-52555.json) (`2024-03-01T08:15:37.290`)
+* [CVE-2024-1859](CVE-2024/CVE-2024-18xx/CVE-2024-1859.json) (`2024-03-01T07:15:06.133`)
+* [CVE-2024-25552](CVE-2024/CVE-2024-255xx/CVE-2024-25552.json) (`2024-03-01T08:15:37.660`)
+* [CVE-2024-25553](CVE-2024/CVE-2024-255xx/CVE-2024-25553.json) (`2024-03-01T08:15:37.950`)
+* [CVE-2024-25554](CVE-2024/CVE-2024-255xx/CVE-2024-25554.json) (`2024-03-01T08:15:38.107`)
+* [CVE-2024-27949](CVE-2024/CVE-2024-279xx/CVE-2024-27949.json) (`2024-03-01T08:15:38.153`)
+* [CVE-2024-27950](CVE-2024/CVE-2024-279xx/CVE-2024-27950.json) (`2024-03-01T08:15:38.437`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `1`

-* [CVE-2023-44821](CVE-2023/CVE-2023-448xx/CVE-2023-44821.json) (`2024-03-01T06:15:48.007`)
-* [CVE-2023-46009](CVE-2023/CVE-2023-460xx/CVE-2023-46009.json) (`2024-03-01T06:15:48.187`)
-* [CVE-2024-0446](CVE-2024/CVE-2024-04xx/CVE-2024-0446.json) (`2024-03-01T05:15:08.440`)
+* [CVE-2024-23742](CVE-2024/CVE-2024-237xx/CVE-2024-23742.json) (`2024-03-01T08:15:37.507`)


 ## Download and Usage