diff --git a/CVE-2024/CVE-2024-393xx/CVE-2024-39331.json b/CVE-2024/CVE-2024-393xx/CVE-2024-39331.json index 0a1408d9917..e3acc72d3f1 100644 --- a/CVE-2024/CVE-2024-393xx/CVE-2024-39331.json +++ b/CVE-2024/CVE-2024-393xx/CVE-2024-39331.json @@ -2,8 +2,9 @@ "id": "CVE-2024-39331", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-23T22:15:09.370", - "lastModified": "2024-06-24T12:57:36.513", + "lastModified": "2024-06-29T07:15:02.060", "vulnStatus": "Awaiting Analysis", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -28,6 +29,14 @@ "url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5666.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5666.json new file mode 100644 index 00000000000..7301cadd87d --- /dev/null +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5666.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-5666", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-29T07:15:02.657", + "lastModified": "2024-06-29T07:15:02.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/button/widgets/ee-button.php#L88", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3104024/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/extensions-for-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63306df3-4972-426f-bfda-6af75a09971c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5790.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5790.json new file mode 100644 index 00000000000..036088b7524 --- /dev/null +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5790.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-5790", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-29T07:15:03.130", + "lastModified": "2024-06-29T07:15:03.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.11.0/widgets/gradient-heading/widget.php#L260", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3108597/#file575", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/happy-elementor-addons/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6363.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6363.json new file mode 100644 index 00000000000..42707b4a8c4 --- /dev/null +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6363.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-6363", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-29T07:15:03.357", + "lastModified": "2024-06-29T07:15:03.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/stock-ticker/trunk/stock-ticker.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/stock-ticker/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/280a5d6d-192a-43aa-927e-45c50b126463?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 74964261bb3..4cc42fb8d7a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-29T06:00:50.254582+00:00 +2024-06-29T08:00:46.812704+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-29T05:15:03.560000+00:00 +2024-06-29T07:15:03.357000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255487 +255490 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -- [CVE-2024-5192](CVE-2024/CVE-2024-51xx/CVE-2024-5192.json) (`2024-06-29T05:15:02.633`) -- [CVE-2024-5598](CVE-2024/CVE-2024-55xx/CVE-2024-5598.json) (`2024-06-29T05:15:02.960`) -- [CVE-2024-5889](CVE-2024/CVE-2024-58xx/CVE-2024-5889.json) (`2024-06-29T05:15:03.163`) -- [CVE-2024-5942](CVE-2024/CVE-2024-59xx/CVE-2024-5942.json) (`2024-06-29T05:15:03.360`) -- [CVE-2024-6265](CVE-2024/CVE-2024-62xx/CVE-2024-6265.json) (`2024-06-29T05:15:03.560`) +- [CVE-2024-5666](CVE-2024/CVE-2024-56xx/CVE-2024-5666.json) (`2024-06-29T07:15:02.657`) +- [CVE-2024-5790](CVE-2024/CVE-2024-57xx/CVE-2024-5790.json) (`2024-06-29T07:15:03.130`) +- [CVE-2024-6363](CVE-2024/CVE-2024-63xx/CVE-2024-6363.json) (`2024-06-29T07:15:03.357`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-39331](CVE-2024/CVE-2024-393xx/CVE-2024-39331.json) (`2024-06-29T07:15:02.060`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d260dc8caa3..ac847fdaf04 100644 --- a/_state.csv +++ b/_state.csv @@ -253800,7 +253800,7 @@ CVE-2024-39307,0,0,05e9bf14558e867bd628ea69c84a9164178632e38f111da57b0b92f168ed1 CVE-2024-3931,0,0,ff26b5a8728d6a7f3e1f8095f9d431d98f0c624577950ceaf4dc1cf9ad688034,2024-06-06T20:15:13.933000 CVE-2024-3932,0,0,371291a71f9c99e371f96e7d7b61e3e11967567047c07fae80310c4772d1c0c7,2024-06-06T20:15:14.030000 CVE-2024-3933,0,0,1d08d4e317596700be65ef5300f76b449794bb2d8b1542a98c34b9cd74fea015,2024-05-28T12:39:28.377000 -CVE-2024-39331,0,0,d1461e039a637b8713f6e32e0beebb2ef4c2e762f105aa6c4f21bab6716eddb8,2024-06-24T12:57:36.513000 +CVE-2024-39331,0,1,c5bb3e665b31aacdbf907c7032da4f6d49d6bc82a59a96e6be39b1d4f66a92fd,2024-06-29T07:15:02.060000 CVE-2024-39334,0,0,7a242c73a28ed17874e43348a26da2104869d7ef8d91c48fe0d8d7e00f57c31d,2024-06-24T12:57:36.513000 CVE-2024-39337,0,0,7c96f97902de4594057b22d7507f3218093cc9f703d055990179db138387110a,2024-06-24T12:57:36.513000 CVE-2024-39347,0,0,f5c35927ca6bc6b01c0289886e48e1c26a8232470e7aa98c1613809c151fa9f4,2024-06-28T10:27:00.920000 @@ -254834,7 +254834,7 @@ CVE-2024-5188,0,0,f341cd733a67fef7a36812a8f7aa63c3db307a7b91bf1e7665add6435f1983 CVE-2024-5189,0,0,cd3bb13050c91870eb5838446a9e82835db405d95874bd44f6318a59b19e235d,2024-06-13T18:36:45.417000 CVE-2024-5190,0,0,e11755e15485ad7d65ed59ac9abe5cac7f4b4c3e2591d1a6c69b4386ed9dea65,2024-05-22T03:15:08.273000 CVE-2024-5191,0,0,db26f7ce160c714e95bc5c218e0073766ff2ed099b5e6969334cbfc827ce4bc3,2024-06-24T19:25:23.943000 -CVE-2024-5192,1,1,3c230b3cf3fe47e3d1f4926ac3672564b60cfa39d9ae8d2b56d3ca83ded8367e,2024-06-29T05:15:02.633000 +CVE-2024-5192,0,0,3c230b3cf3fe47e3d1f4926ac3672564b60cfa39d9ae8d2b56d3ca83ded8367e,2024-06-29T05:15:02.633000 CVE-2024-5193,0,0,4619a3332fd1de828c7e949279cabe4a2b063d71a4e227126d8bf6d303fb6eb4,2024-06-04T19:21:01.867000 CVE-2024-5194,0,0,2277a7390d0159b3dc2e5dfd100175220ffc5f5725f8c88a7a9344e62a79d516,2024-06-04T19:21:01.977000 CVE-2024-5195,0,0,f6d192ea152622e2514b6c95ac0c9e8770ec516eb328b6bc7a2579d1133e54f5,2024-06-04T19:21:02.077000 @@ -255118,7 +255118,7 @@ CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047 CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000 CVE-2024-5596,0,0,c69cbcadf0a7f1e5940d842c2c9e90907cbda728581a745e7acd494576e03c9c,2024-06-24T12:57:36.513000 CVE-2024-5597,0,0,652827ff26b80eabae5b3eddf519a61b0da7de181ce61fd257911ec48c45cdb0,2024-06-12T18:10:47.080000 -CVE-2024-5598,1,1,e13a2fe84ae10d8311262597dd4e191e606f9d3516d698c1f81e020875524ff5,2024-06-29T05:15:02.960000 +CVE-2024-5598,0,0,e13a2fe84ae10d8311262597dd4e191e606f9d3516d698c1f81e020875524ff5,2024-06-29T05:15:02.960000 CVE-2024-5599,0,0,e4d8d3217ca804a33354b51b54e1f3f41ce0e1fc1f554dedfe90ad1a46a87370,2024-06-11T18:24:39.057000 CVE-2024-5601,0,0,e22064ef868b7763ab6a035a66dc94fbf47f776f059b7b471d5873c49e582f7a,2024-06-28T13:25:40.677000 CVE-2024-5605,0,0,4bb70fac398eb5e1fc6a3b8761dcfee9993510711b196c5d9f90dc1e34c785a3,2024-06-20T12:43:25.663000 @@ -255151,6 +255151,7 @@ CVE-2024-5661,0,0,e5f9f024a347e2b9638122ecde70323a03d416b3bde93f8e4f604cfeef08f4 CVE-2024-5662,0,0,c30bff5b2d503274ccfb42c77a6a2f90af33779b4134c5919fad644e092eec26,2024-06-28T10:27:00.920000 CVE-2024-5663,0,0,e65ed9bd668d6456ce5b39954ddd0ae3860f1cde2bd069c4d43e4b5601627808,2024-06-10T02:52:08.267000 CVE-2024-5665,0,0,cf98b8118d31a45b868938fcf4b0239a4be77d7cb3995f06e552251067a9cecd,2024-06-11T17:47:45.033000 +CVE-2024-5666,1,1,216f6c3c676318b1a01a4cbe684273cb5693f89e561491e3438b8a8902cec499,2024-06-29T07:15:02.657000 CVE-2024-5671,0,0,b302da9933b51baa02aebe638443397fc8a4c366af898c1301a8da6525832546,2024-06-17T12:42:04.623000 CVE-2024-5673,0,0,f6db27a8b7c99bb0a58922425d96edcb461eeb527f78adfd8d9aed9c99330140,2024-06-11T18:17:10.037000 CVE-2024-5674,0,0,69b0f5cdcc6414c1b3093ac76e322fc42e17eb869b8f1b328084f458395232cf,2024-06-13T18:36:09.010000 @@ -255224,6 +255225,7 @@ CVE-2024-5785,0,0,b8e4d96c063df13aad53416cef79463db3c390621a0b569b6ab0f4db2568be CVE-2024-5786,0,0,ed5396800d42f59a8cc5d452fd1faa0265b1965bb10ec68fd437a404a4a909e1,2024-06-10T18:06:22.600000 CVE-2024-5787,0,0,a3d405a0f4e66faab3a863affeada58e47a227c5d73cf2b53ea525af4385d342,2024-06-13T18:36:09.010000 CVE-2024-5788,0,0,b8c011e09345f8c438c15d748dc7ecb5f2eb62164ea0c1da7169d985a2f9f593,2024-06-28T10:27:00.920000 +CVE-2024-5790,1,1,9c5672e7c8447f1c23a1162576a1988a6667325985072690c0490fecebaca8d3,2024-06-29T07:15:03.130000 CVE-2024-5791,0,0,424014ca254e257c8c57009775e061d0dd2abf87fc81691a50ea6d1a360bb310,2024-06-24T20:00:46.390000 CVE-2024-5796,0,0,ee9ea77d6816c67e871ce0ce39c4d235af8efb4db7bec50166a494d6f8b7e47e,2024-06-28T10:27:00.920000 CVE-2024-5798,0,0,f6c60b5ac812e7711b355fdc9c4ea7ca1c381d5fa9189e95b5ac079c15b31d9c,2024-06-13T18:36:09.010000 @@ -255269,7 +255271,7 @@ CVE-2024-5871,0,0,83e6d3ea3d7363cdcbcb485d9161ada2b3d6bba887290fa58ab89820983d40 CVE-2024-5873,0,0,4affe4b1f71505ca05298a33c7e23c3ae147869580237755bed2d180fbea1b8e,2024-06-12T08:15:51.550000 CVE-2024-5885,0,0,3a664b64c018213b23c270dac1c0f4e2c55b9d60dc4c41c7b81af3f039474644,2024-06-27T19:25:12.067000 CVE-2024-5886,0,0,0c13c4ee009af0d9946120b2238809bd0a7459b4e90701a2a72b91121b1d711b,2024-06-20T11:15:56.580000 -CVE-2024-5889,1,1,7e47d1cc1487a1c728e02e89ddc97c090aaa466e38de6f396d9fcc1fa4a41e2e,2024-06-29T05:15:03.163000 +CVE-2024-5889,0,0,7e47d1cc1487a1c728e02e89ddc97c090aaa466e38de6f396d9fcc1fa4a41e2e,2024-06-29T05:15:03.163000 CVE-2024-5891,0,0,da4ba5748ecb097f5befd86d4787f2c76143132bf594110b21f16b774e08e15d,2024-06-13T18:36:09.010000 CVE-2024-5892,0,0,890747e3858b777381fac245c58cda030faeadae1530ec4012d9670fde261a4e,2024-06-13T18:36:09.013000 CVE-2024-5893,0,0,8bbdd4fceee6f55f46acaf4e2e772cd5b071a8548251271838818c6acd356beb,2024-06-13T18:36:09.010000 @@ -255292,7 +255294,7 @@ CVE-2024-5933,0,0,43c62c8c7b78a3986e6c8a8e384c2c83973a07919e7ff71c58e74be82b63ae CVE-2024-5934,0,0,688a30e1a6237b69634d3ab7eb078a5b0fdbb09f93730eb6244fa568165f0ccc,2024-06-14T16:15:14.647000 CVE-2024-5935,0,0,21662e5830e79e4b40d11ee8d4ca61a28a55ce393198f32f5a0fb22a492448a1,2024-06-27T19:25:12.067000 CVE-2024-5936,0,0,dab5c088e03544c88b5524610f0cab10458f16230a50e10902868220b9e1d9db,2024-06-27T19:25:12.067000 -CVE-2024-5942,1,1,6c80720c7f6bd9221067ffb9049ae40638208143a0c09422dec3a112025682dc,2024-06-29T05:15:03.360000 +CVE-2024-5942,0,0,6c80720c7f6bd9221067ffb9049ae40638208143a0c09422dec3a112025682dc,2024-06-29T05:15:03.360000 CVE-2024-5945,0,0,16d17edcf79dde7bc004547e40419569c5bdcb3c9d1fafd4da124c600699d701,2024-06-24T19:24:00.433000 CVE-2024-5947,0,0,7906fe5496c2633ac624599b4fcbe00d50eb988a8b518b82e602f8ca90719dc3,2024-06-17T12:43:31.090000 CVE-2024-5948,0,0,b50c023e3e038877d6c3f637d61b3c39fec4c81c008590663dc7a0096fec685c,2024-06-17T12:43:31.090000 @@ -255435,7 +255437,7 @@ CVE-2024-6252,0,0,468e259f2025efbae92579ad89a45c9f2c8b2e33c6f209272de57a1e66debc CVE-2024-6253,0,0,a6e4514e5a27665a5cb6260b36ae56e5c2da14fd9a2d1da643a44ff2f3f2cb21,2024-06-25T18:15:12 CVE-2024-6257,0,0,2981da6c17c705bcf0d80e44b1fa14b0c6655b2077fb275b971c6bc5c7c2b720,2024-06-25T18:50:42.040000 CVE-2024-6262,0,0,f703f7a7fbd3e1fe9efa1e5946752e209a081bf36124182aca731e3f05a363a4,2024-06-27T12:47:19.847000 -CVE-2024-6265,1,1,96348ec2c6d9dc31030876ca82de9102405c4d596533b9d110ab32d0dabb7540,2024-06-29T05:15:03.560000 +CVE-2024-6265,0,0,96348ec2c6d9dc31030876ca82de9102405c4d596533b9d110ab32d0dabb7540,2024-06-29T05:15:03.560000 CVE-2024-6266,0,0,f14331da5cd861226d53e015f2a1f08c9e1d5e7f7b1b843a3feb7cb151cc145a,2024-06-24T12:57:36.513000 CVE-2024-6267,0,0,d0d81696a0fe56042eb20b9f0c7d606c3ec4ab44f43adaf7633e08749cae8d6a,2024-06-24T15:15:12.093000 CVE-2024-6268,0,0,f6b5ab227c5a0cba5e0d9764b3a65d1dea83e5d9d7e49ede9770a3daceae2872,2024-06-26T20:15:16.893000 @@ -255474,6 +255476,7 @@ CVE-2024-6344,0,0,f8fe072181ab91a453822e0b523eb31f74817bc4efb68c7d2134a2d41a8e35 CVE-2024-6349,0,0,f01d61e3475192c945ec3639c2eda3b231a23d2f279c2f15b4719385fb2bd065,2024-06-26T15:15:20.690000 CVE-2024-6354,0,0,b70a2915a44ee7e7e6c00925c9a92ab9e6b070beaff28ea6d89d1a4dcb2a10e6,2024-06-27T12:47:19.847000 CVE-2024-6355,0,0,ae01fd3dff3a0136dc0dcda0f0c62bd72a4c84afe63740fbe5ae0aaceef04f3e,2024-06-27T14:15:16.753000 +CVE-2024-6363,1,1,e30e8346126e4db25622d7bfa0069b0e508a00cde2d6a89673dad355bdfc62a0,2024-06-29T07:15:03.357000 CVE-2024-6367,0,0,7207995286cd77894417e443ceec13186f4617a3d835dc70f545e6022e4f6dc9,2024-06-27T12:47:19.847000 CVE-2024-6368,0,0,15233ad7ff1f989e7bdf86db89d9527b042f90cc8844e61c0b9d2d12d522b414,2024-06-27T18:15:21.083000 CVE-2024-6369,0,0,c793378edfea0b2a8c32a50d08899943167a983433e0948af5044c43e0a7ad33,2024-06-27T12:47:19.847000