admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-05T10:00:17.262097+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-05 10:03:17 +00:00
parent 3d04dba1fb
commit 3cd4cc59c9
4 changed files with 222 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2024/CVE-2024-84xx/CVE-2024-8486.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-8486",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-05T08:15:02.417",
"lastModified": "2024-10-05T08:15:02.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/heading-modern.php#L1168",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/heading-modern.php#L1205",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/icon.php#L397",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161415/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09316a23-3a99-47f2-9c3f-795dc0a4a792?source=cve",
"source": "security@wordfence.com"
}
]
}

141
CVE-2024/CVE-2024-95xx/CVE-2024-9532.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-9532",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-05T08:15:02.653",
"lastModified": "2024-10-05T08:15:02.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formAdvanceSetup.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.279238",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.279238",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.413880",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

11
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-10-05T08:00:17.239853+00:00 2024-10-05T10:00:17.262097+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-10-05T07:15:12.297000+00:00 2024-10-05T08:15:02.653000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
264535 264537
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `1` Recently added CVEs: `2`
- [CVE-2024-8743](CVE-2024/CVE-2024-87xx/CVE-2024-8743.json) (`2024-10-05T07:15:12.297`) - [CVE-2024-8486](CVE-2024/CVE-2024-84xx/CVE-2024-8486.json) (`2024-10-05T08:15:02.417`)
- [CVE-2024-9532](CVE-2024/CVE-2024-95xx/CVE-2024-9532.json) (`2024-10-05T08:15:02.653`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit

4
_state.csv
View File

@ -264076,6 +264076,7 @@ CVE-2024-8481,0,0,f7ded0bc8510c8370341acc7cc1290a608973497f13c998f4c94b53ba9c9ee
CVE-2024-8483,0,0,7b9d62ad2c15cc912981452040d1345e4ce933202d5b94754bb2f4a4c6c39a92,2024-10-02T16:42:30.347000 CVE-2024-8483,0,0,7b9d62ad2c15cc912981452040d1345e4ce933202d5b94754bb2f4a4c6c39a92,2024-10-02T16:42:30.347000
CVE-2024-8484,0,0,f455d9eda6cfa730254e6d1c54e42895291597af75d213a155b8f2778e2c53b8,2024-10-02T17:44:13.687000 CVE-2024-8484,0,0,f455d9eda6cfa730254e6d1c54e42895291597af75d213a155b8f2778e2c53b8,2024-10-02T17:44:13.687000
CVE-2024-8485,0,0,a23363c7e119dcd66690422c5888ab97f710d472d308cfeb1e931d4e39313163,2024-10-02T16:19:15.993000 CVE-2024-8485,0,0,a23363c7e119dcd66690422c5888ab97f710d472d308cfeb1e931d4e39313163,2024-10-02T16:19:15.993000
CVE-2024-8486,1,1,cf38ab1dda22d588e08077d835261e9202d49eb8c300457144a8cea51f4bc8ae,2024-10-05T08:15:02.417000
CVE-2024-8490,0,0,5ff62dababbd8edfb72d0a97e4807df424b78f87491e2373479d6c84fbd14d32,2024-09-27T18:36:00.053000 CVE-2024-8490,0,0,5ff62dababbd8edfb72d0a97e4807df424b78f87491e2373479d6c84fbd14d32,2024-09-27T18:36:00.053000
CVE-2024-8497,0,0,903ccc83158de7417bc6f3ffdca83d1bf1fc40ad14228b01a3e1e063e242f9a9,2024-09-26T13:32:02.803000 CVE-2024-8497,0,0,903ccc83158de7417bc6f3ffdca83d1bf1fc40ad14228b01a3e1e063e242f9a9,2024-09-26T13:32:02.803000
CVE-2024-8499,0,0,551fc12eb8cb4caa4e9bbd5dc03a7956334337857e6a71f0d5ccb7ec4fa77572,2024-10-04T13:50:43.727000 CVE-2024-8499,0,0,551fc12eb8cb4caa4e9bbd5dc03a7956334337857e6a71f0d5ccb7ec4fa77572,2024-10-04T13:50:43.727000
@ -264228,7 +264229,7 @@ CVE-2024-8737,0,0,a8f5a9ac08b3915d238b7b0f4fdae19f4d9de463f7b6e5257b850817c52f34
CVE-2024-8738,0,0,8d7254f4f1af2919bab9c4b9c8e7ac85cdc1b41f46ed454e2ea854234d64d13d,2024-09-26T16:48:19.490000 CVE-2024-8738,0,0,8d7254f4f1af2919bab9c4b9c8e7ac85cdc1b41f46ed454e2ea854234d64d13d,2024-09-26T16:48:19.490000
CVE-2024-8741,0,0,b4e1d7f7dfc20b3d40ed40689f6d2a74196871e98895f038c49cf39f3f685863,2024-10-02T16:37:16.407000 CVE-2024-8741,0,0,b4e1d7f7dfc20b3d40ed40689f6d2a74196871e98895f038c49cf39f3f685863,2024-10-02T16:37:16.407000
CVE-2024-8742,0,0,22ad08a64cc55234113e83ee811bd639e6d0a7f5c2878d141833012213ce6335,2024-09-27T16:28:07.827000 CVE-2024-8742,0,0,22ad08a64cc55234113e83ee811bd639e6d0a7f5c2878d141833012213ce6335,2024-09-27T16:28:07.827000
CVE-2024-8743,1,1,59b2b24ac341db38092f7dd2a074edcfffa9c8083c75b055ad0bfe96a8f73499,2024-10-05T07:15:12.297000 CVE-2024-8743,0,0,59b2b24ac341db38092f7dd2a074edcfffa9c8083c75b055ad0bfe96a8f73499,2024-10-05T07:15:12.297000
CVE-2024-8747,0,0,c8071dd8d89406610db13dc6a04dbbb98461ebd7257641ae31a11de6b1ad5c9f,2024-09-26T19:23:12.477000 CVE-2024-8747,0,0,c8071dd8d89406610db13dc6a04dbbb98461ebd7257641ae31a11de6b1ad5c9f,2024-09-26T19:23:12.477000
CVE-2024-8749,0,0,dc7dd50ec6adedb45c385a82f706a7ab45f55e506e70a64a626b0d8f521f6289,2024-09-18T18:53:54.860000 CVE-2024-8749,0,0,dc7dd50ec6adedb45c385a82f706a7ab45f55e506e70a64a626b0d8f521f6289,2024-09-18T18:53:54.860000
CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b5620,2024-09-18T20:38:42.123000 CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b5620,2024-09-18T20:38:42.123000
@ -264534,3 +264535,4 @@ CVE-2024-9513,0,0,10f22e26d94cea8688c054ad49deba44171c8b07bc6c0d1de3fa45dd9ff56e
CVE-2024-9514,0,0,a53f44accfe30910c541c9413b06e85ad70baafde1404ed3bbfe26f781762e2e,2024-10-04T14:15:05.910000 CVE-2024-9514,0,0,a53f44accfe30910c541c9413b06e85ad70baafde1404ed3bbfe26f781762e2e,2024-10-04T14:15:05.910000
CVE-2024-9515,0,0,61876f9f404131a68b50426992d9bacb784e56537f2a34f2232f3fbcd09a799e,2024-10-04T14:15:06.210000 CVE-2024-9515,0,0,61876f9f404131a68b50426992d9bacb784e56537f2a34f2232f3fbcd09a799e,2024-10-04T14:15:06.210000
CVE-2024-9528,0,0,a67033828dc64ab8097f9cad1507ec37a96a1d18a16a5e9dfac7c1b08408a02f,2024-10-05T03:15:02.447000 CVE-2024-9528,0,0,a67033828dc64ab8097f9cad1507ec37a96a1d18a16a5e9dfac7c1b08408a02f,2024-10-05T03:15:02.447000
CVE-2024-9532,1,1,a815b2d2d40154bda523e1414a48d6370dcd762c40c31672f1130eb3adb44524,2024-10-05T08:15:02.653000

Can't render this file because it is too large.