diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45896.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45896.json new file mode 100644 index 00000000000..c0b1bead68b --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45896.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-45896", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-28T05:15:13.657", + "lastModified": "2024-08-28T05:15:13.657", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11", + "source": "cve@mitre.org" + }, + { + "url": "https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/", + "source": "cve@mitre.org" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6448.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6448.json new file mode 100644 index 00000000000..dd7e2f2dd99 --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6448.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6448", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-08-28T04:15:11.320", + "lastModified": "2024-08-28T04:15:11.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mollie-payments-for-woocommerce/tags/7.5.5/vendor/mollie/mollie-api-php/examples/initialize.php#L5", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142176%40mollie-payments-for-woocommerce&new=3142176%40mollie-payments-for-woocommerce&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f8509160905..3bcd2775b21 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-28T04:00:16.958401+00:00 +2024-08-28T06:00:18.112106+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-28T03:15:04.040000+00:00 +2024-08-28T05:15:13.657000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261342 +261344 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-7573](CVE-2024/CVE-2024-75xx/CVE-2024-7573.json) (`2024-08-28T03:15:03.803`) -- [CVE-2024-8030](CVE-2024/CVE-2024-80xx/CVE-2024-8030.json) (`2024-08-28T03:15:04.040`) -- [CVE-2024-8230](CVE-2024/CVE-2024-82xx/CVE-2024-8230.json) (`2024-08-28T02:15:03.850`) -- [CVE-2024-8231](CVE-2024/CVE-2024-82xx/CVE-2024-8231.json) (`2024-08-28T02:15:04.160`) +- [CVE-2023-45896](CVE-2023/CVE-2023-458xx/CVE-2023-45896.json) (`2024-08-28T05:15:13.657`) +- [CVE-2024-6448](CVE-2024/CVE-2024-64xx/CVE-2024-6448.json) (`2024-08-28T04:15:11.320`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 56fb55e0a21..a930fd714b8 100644 --- a/_state.csv +++ b/_state.csv @@ -234267,6 +234267,7 @@ CVE-2023-4589,0,0,5823a1bbdcd3fd3dad6a9d361ad6771c5169f34ce23ef9e39b305d1aaf66a9 CVE-2023-45892,0,0,31ea99a81b63e5dc5404654e4231556ec48f5c4f723835f37c58ea694f43c518,2024-01-08T19:31:03.043000 CVE-2023-45893,0,0,012ce31fe6e07df7e806e0f22cab292b188d57d4fcd77a1edd037ec55ea25c2a,2024-01-08T19:30:51.917000 CVE-2023-45894,0,0,acbbd0369c677d90271e9d43ae921ffda1b227f19a0c24cf767e01f00c88765f,2023-12-20T16:44:29.960000 +CVE-2023-45896,1,1,5120d4320fcff238bb667d4630420f341125c9428bf28faa9c409e59748c5e45,2024-08-28T05:15:13.657000 CVE-2023-45897,0,0,734daadcbcf83a77d0375bea2b59862190723c5d109c64b97c90f46f832ac6a4,2023-11-21T16:33:02.183000 CVE-2023-45898,0,0,f3261a8736c0c34cdaa65c9211bd18854b9e3c8fbb8c9c8e0fd98bdbf7fab3eb,2024-08-26T16:07:21.753000 CVE-2023-45899,0,0,8ea5b9ddd2874024b78e9d2dcda12439e81d1dbfe77d0f8413dab38e7cc66b6f,2023-11-08T16:54:12.307000 @@ -260268,6 +260269,7 @@ CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a0 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000 +CVE-2024-6448,1,1,ab80189f89a1d6fd27932b4b105aa1c2dc711489862970e9723405c05b0a5264,2024-08-28T04:15:11.320000 CVE-2024-6451,0,0,6a9c0fb65fad3a5f99e557f5250ddd026fdc81cb51b281650e16075ca1a8cd9e,2024-08-19T17:35:23.417000 CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef3263,2024-07-03T12:53:24.977000 CVE-2024-6453,0,0,997e33861988fe67139dbc94cb45099acca0539b377b12d39324c5c718a66e9d,2024-08-21T14:37:10.103000 @@ -261003,7 +261005,7 @@ CVE-2024-7567,0,0,8d84928fabcffd92f0ffc65ee27fdbbaa4428b293e351afb4071fd1cdbd8df CVE-2024-7568,0,0,d240e1c33af9e03c75feb4937b0ddf33906a854d9c30167cff3fa79482350e46,2024-08-26T12:47:20.187000 CVE-2024-7569,0,0,07c556a0d4f236c73af8fac785c7f2963a3da01e4fc90b977a8fbdbb98959074,2024-08-14T02:07:05.410000 CVE-2024-7570,0,0,5fffab459f0b197c9cc8f01b0f615f787054152c65ebadc4d4a680afc4fd51fa,2024-08-14T02:07:05.410000 -CVE-2024-7573,1,1,4edfde06b0634739083f1674936b312b790c04557e93c50bad49775f6fbe4b07,2024-08-28T03:15:03.803000 +CVE-2024-7573,0,0,4edfde06b0634739083f1674936b312b790c04557e93c50bad49775f6fbe4b07,2024-08-28T03:15:03.803000 CVE-2024-7574,0,0,20d9970481b83bc1831e248b5fd88e17f245f697fcf3310f9ca87d287eec943e,2024-08-12T13:41:36.517000 CVE-2024-7578,0,0,6775b71bfb147f33ac75e26864dff0d49501fe87846b04dfe823255ec77604d5,2024-08-07T15:17:46.717000 CVE-2024-7579,0,0,889817c5384ba36003787d6aa90c4889164dbbf7f4fbfe5c6f0287e20d3cf6ed,2024-08-07T15:17:46.717000 @@ -261244,7 +261246,7 @@ CVE-2024-8007,0,0,52ca9c0e82e8a1b579386af92379a7290d3dc66a84196be21e42591213ed68 CVE-2024-8011,0,0,b9eccdb873cdee0aa4aaf727a8d55e87a8f1a6dcd35fe88e6cae24de39ee4994,2024-08-26T12:47:20.187000 CVE-2024-8022,0,0,469d074c70ed4d6e1b7ca7023005d3bb3e3f23419b5a39b3540fd69e34fadcaa,2024-08-21T12:30:33.697000 CVE-2024-8023,0,0,7f1c10536d9d4e1a728f09b10c1ff35f77d0bba503a7c61c411fbfd5f6584d46,2024-08-21T12:30:33.697000 -CVE-2024-8030,1,1,00ce7c9221bbac0883b6d46c5dc8aba46eda56f29140def501e8da2ff55616a3,2024-08-28T03:15:04.040000 +CVE-2024-8030,0,0,00ce7c9221bbac0883b6d46c5dc8aba46eda56f29140def501e8da2ff55616a3,2024-08-28T03:15:04.040000 CVE-2024-8033,0,0,bc1d961345030012faa7942ae80f05081f947cf441680ad49c3fcb3512e2fcdc,2024-08-27T19:39:04.953000 CVE-2024-8034,0,0,990fb53670bf6f787a3d54c0392722fc0a67a939e8056c22142bc6f2bee92a38,2024-08-22T17:35:30.003000 CVE-2024-8035,0,0,e11fe8c378f080395f404658baee2e1c5cd70ef826bdf0b13fe46f85c653ad4a,2024-08-22T17:33:37.407000 @@ -261339,5 +261341,5 @@ CVE-2024-8226,0,0,cbf3e6b4ecb22d791af519216cb74fcbbc4675f6578fc71e665cf18ff769fb CVE-2024-8227,0,0,a036a7f97a355b868f01141cc25f285783295937f6676075846a401b1d9db578,2024-08-28T00:15:04.550000 CVE-2024-8228,0,0,5719f117108fdb054512e608abc92c258925393788847819dabc02b4916c814c,2024-08-28T00:15:04.807000 CVE-2024-8229,0,0,28ccc44a317b55190aff96c74708939b911208b845cddaf380e938baf9975c94,2024-08-28T01:15:03.353000 -CVE-2024-8230,1,1,03136ea8b2fa697ab09a986a8a488853f579389bbcc62375546cca953b719802,2024-08-28T02:15:03.850000 -CVE-2024-8231,1,1,7c8bbf401d9aa7b68100511198a1f39b35671adfe785c423facd19368e5a4fbc,2024-08-28T02:15:04.160000 +CVE-2024-8230,0,0,03136ea8b2fa697ab09a986a8a488853f579389bbcc62375546cca953b719802,2024-08-28T02:15:03.850000 +CVE-2024-8231,0,0,7c8bbf401d9aa7b68100511198a1f39b35671adfe785c423facd19368e5a4fbc,2024-08-28T02:15:04.160000