Auto-Update: 2024-08-28T06:00:18.112106+00:00

CVE-2023/CVE-2023-458xx/CVE-2023-45896.json

@@ -0,0 +1,40 @@
+{
+  "id": "CVE-2023-45896",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-08-28T05:15:13.657",
+  "lastModified": "2024-08-28T05:15:13.657",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cve@mitre.org",
+      "tags": [
+        "disputed"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-64xx/CVE-2024-6448.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-6448",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-08-28T04:15:11.320",
+  "lastModified": "2024-08-28T04:15:11.320",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/mollie-payments-for-woocommerce/tags/7.5.5/vendor/mollie/mollie-api-php/examples/initialize.php#L5",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142176%40mollie-payments-for-woocommerce&new=3142176%40mollie-payments-for-woocommerce&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-08-28T04:00:16.958401+00:00
+2024-08-28T06:00:18.112106+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-08-28T03:15:04.040000+00:00
+2024-08-28T05:15:13.657000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-261342
+261344
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `2`
 
-- [CVE-2024-7573](CVE-2024/CVE-2024-75xx/CVE-2024-7573.json) (`2024-08-28T03:15:03.803`)
-- [CVE-2024-8030](CVE-2024/CVE-2024-80xx/CVE-2024-8030.json) (`2024-08-28T03:15:04.040`)
-- [CVE-2024-8230](CVE-2024/CVE-2024-82xx/CVE-2024-8230.json) (`2024-08-28T02:15:03.850`)
-- [CVE-2024-8231](CVE-2024/CVE-2024-82xx/CVE-2024-8231.json) (`2024-08-28T02:15:04.160`)
+- [CVE-2023-45896](CVE-2023/CVE-2023-458xx/CVE-2023-45896.json) (`2024-08-28T05:15:13.657`)
+- [CVE-2024-6448](CVE-2024/CVE-2024-64xx/CVE-2024-6448.json) (`2024-08-28T04:15:11.320`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -234267,6 +234267,7 @@ CVE-2023-4589,0,0,5823a1bbdcd3fd3dad6a9d361ad6771c5169f34ce23ef9e39b305d1aaf66a9
 CVE-2023-45892,0,0,31ea99a81b63e5dc5404654e4231556ec48f5c4f723835f37c58ea694f43c518,2024-01-08T19:31:03.043000
 CVE-2023-45893,0,0,012ce31fe6e07df7e806e0f22cab292b188d57d4fcd77a1edd037ec55ea25c2a,2024-01-08T19:30:51.917000
 CVE-2023-45894,0,0,acbbd0369c677d90271e9d43ae921ffda1b227f19a0c24cf767e01f00c88765f,2023-12-20T16:44:29.960000
+CVE-2023-45896,1,1,5120d4320fcff238bb667d4630420f341125c9428bf28faa9c409e59748c5e45,2024-08-28T05:15:13.657000
 CVE-2023-45897,0,0,734daadcbcf83a77d0375bea2b59862190723c5d109c64b97c90f46f832ac6a4,2023-11-21T16:33:02.183000
 CVE-2023-45898,0,0,f3261a8736c0c34cdaa65c9211bd18854b9e3c8fbb8c9c8e0fd98bdbf7fab3eb,2024-08-26T16:07:21.753000
 CVE-2023-45899,0,0,8ea5b9ddd2874024b78e9d2dcda12439e81d1dbfe77d0f8413dab38e7cc66b6f,2023-11-08T16:54:12.307000
@@ -260268,6 +260269,7 @@ CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a0
 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000
 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000
 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000
+CVE-2024-6448,1,1,ab80189f89a1d6fd27932b4b105aa1c2dc711489862970e9723405c05b0a5264,2024-08-28T04:15:11.320000
 CVE-2024-6451,0,0,6a9c0fb65fad3a5f99e557f5250ddd026fdc81cb51b281650e16075ca1a8cd9e,2024-08-19T17:35:23.417000
 CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef3263,2024-07-03T12:53:24.977000
 CVE-2024-6453,0,0,997e33861988fe67139dbc94cb45099acca0539b377b12d39324c5c718a66e9d,2024-08-21T14:37:10.103000
@@ -261003,7 +261005,7 @@ CVE-2024-7567,0,0,8d84928fabcffd92f0ffc65ee27fdbbaa4428b293e351afb4071fd1cdbd8df
 CVE-2024-7568,0,0,d240e1c33af9e03c75feb4937b0ddf33906a854d9c30167cff3fa79482350e46,2024-08-26T12:47:20.187000
 CVE-2024-7569,0,0,07c556a0d4f236c73af8fac785c7f2963a3da01e4fc90b977a8fbdbb98959074,2024-08-14T02:07:05.410000
 CVE-2024-7570,0,0,5fffab459f0b197c9cc8f01b0f615f787054152c65ebadc4d4a680afc4fd51fa,2024-08-14T02:07:05.410000
-CVE-2024-7573,1,1,4edfde06b0634739083f1674936b312b790c04557e93c50bad49775f6fbe4b07,2024-08-28T03:15:03.803000
+CVE-2024-7573,0,0,4edfde06b0634739083f1674936b312b790c04557e93c50bad49775f6fbe4b07,2024-08-28T03:15:03.803000
 CVE-2024-7574,0,0,20d9970481b83bc1831e248b5fd88e17f245f697fcf3310f9ca87d287eec943e,2024-08-12T13:41:36.517000
 CVE-2024-7578,0,0,6775b71bfb147f33ac75e26864dff0d49501fe87846b04dfe823255ec77604d5,2024-08-07T15:17:46.717000
 CVE-2024-7579,0,0,889817c5384ba36003787d6aa90c4889164dbbf7f4fbfe5c6f0287e20d3cf6ed,2024-08-07T15:17:46.717000
@@ -261244,7 +261246,7 @@ CVE-2024-8007,0,0,52ca9c0e82e8a1b579386af92379a7290d3dc66a84196be21e42591213ed68
 CVE-2024-8011,0,0,b9eccdb873cdee0aa4aaf727a8d55e87a8f1a6dcd35fe88e6cae24de39ee4994,2024-08-26T12:47:20.187000
 CVE-2024-8022,0,0,469d074c70ed4d6e1b7ca7023005d3bb3e3f23419b5a39b3540fd69e34fadcaa,2024-08-21T12:30:33.697000
 CVE-2024-8023,0,0,7f1c10536d9d4e1a728f09b10c1ff35f77d0bba503a7c61c411fbfd5f6584d46,2024-08-21T12:30:33.697000
-CVE-2024-8030,1,1,00ce7c9221bbac0883b6d46c5dc8aba46eda56f29140def501e8da2ff55616a3,2024-08-28T03:15:04.040000
+CVE-2024-8030,0,0,00ce7c9221bbac0883b6d46c5dc8aba46eda56f29140def501e8da2ff55616a3,2024-08-28T03:15:04.040000
 CVE-2024-8033,0,0,bc1d961345030012faa7942ae80f05081f947cf441680ad49c3fcb3512e2fcdc,2024-08-27T19:39:04.953000
 CVE-2024-8034,0,0,990fb53670bf6f787a3d54c0392722fc0a67a939e8056c22142bc6f2bee92a38,2024-08-22T17:35:30.003000
 CVE-2024-8035,0,0,e11fe8c378f080395f404658baee2e1c5cd70ef826bdf0b13fe46f85c653ad4a,2024-08-22T17:33:37.407000
@@ -261339,5 +261341,5 @@ CVE-2024-8226,0,0,cbf3e6b4ecb22d791af519216cb74fcbbc4675f6578fc71e665cf18ff769fb
 CVE-2024-8227,0,0,a036a7f97a355b868f01141cc25f285783295937f6676075846a401b1d9db578,2024-08-28T00:15:04.550000
 CVE-2024-8228,0,0,5719f117108fdb054512e608abc92c258925393788847819dabc02b4916c814c,2024-08-28T00:15:04.807000
 CVE-2024-8229,0,0,28ccc44a317b55190aff96c74708939b911208b845cddaf380e938baf9975c94,2024-08-28T01:15:03.353000
-CVE-2024-8230,1,1,03136ea8b2fa697ab09a986a8a488853f579389bbcc62375546cca953b719802,2024-08-28T02:15:03.850000
-CVE-2024-8231,1,1,7c8bbf401d9aa7b68100511198a1f39b35671adfe785c423facd19368e5a4fbc,2024-08-28T02:15:04.160000
+CVE-2024-8230,0,0,03136ea8b2fa697ab09a986a8a488853f579389bbcc62375546cca953b719802,2024-08-28T02:15:03.850000
+CVE-2024-8231,0,0,7c8bbf401d9aa7b68100511198a1f39b35671adfe785c423facd19368e5a4fbc,2024-08-28T02:15:04.160000