Auto-Update: 2024-10-05T10:00:17.262097+00:00

2025-05-08 19:47:09 +00:00 · 2024-10-05 10:03:17 +00:00 · 2024-10-05 10:03:17 +00:00 · 3cd4cc59c9
commit 3cd4cc59c9
parent 3d04dba1fb
4 changed files with 222 additions and 6 deletions
--- a/CVE-2024/CVE-2024-84xx/CVE-2024-8486.json
+++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8486.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-8486",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-05T08:15:02.417",
+  "lastModified": "2024-10-05T08:15:02.417",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/heading-modern.php#L1168",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/heading-modern.php#L1205",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/elementor/widgets/icon.php#L397",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3161415/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09316a23-3a99-47f2-9c3f-795dc0a4a792?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-95xx/CVE-2024-9532.json
+++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9532.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2024-9532",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-10-05T08:15:02.653",
+  "lastModified": "2024-10-05T08:15:02.653",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formAdvanceSetup.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.279238",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.279238",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.413880",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.dlink.com/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-05T08:00:17.239853+00:00
+2024-10-05T10:00:17.262097+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-05T07:15:12.297000+00:00
+2024-10-05T08:15:02.653000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-264535
+264537
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-8743](CVE-2024/CVE-2024-87xx/CVE-2024-8743.json) (`2024-10-05T07:15:12.297`)
+- [CVE-2024-8486](CVE-2024/CVE-2024-84xx/CVE-2024-8486.json) (`2024-10-05T08:15:02.417`)
+- [CVE-2024-9532](CVE-2024/CVE-2024-95xx/CVE-2024-9532.json) (`2024-10-05T08:15:02.653`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -264076,6 +264076,7 @@ CVE-2024-8481,0,0,f7ded0bc8510c8370341acc7cc1290a608973497f13c998f4c94b53ba9c9ee
 CVE-2024-8483,0,0,7b9d62ad2c15cc912981452040d1345e4ce933202d5b94754bb2f4a4c6c39a92,2024-10-02T16:42:30.347000
 CVE-2024-8484,0,0,f455d9eda6cfa730254e6d1c54e42895291597af75d213a155b8f2778e2c53b8,2024-10-02T17:44:13.687000
 CVE-2024-8485,0,0,a23363c7e119dcd66690422c5888ab97f710d472d308cfeb1e931d4e39313163,2024-10-02T16:19:15.993000
+CVE-2024-8486,1,1,cf38ab1dda22d588e08077d835261e9202d49eb8c300457144a8cea51f4bc8ae,2024-10-05T08:15:02.417000
 CVE-2024-8490,0,0,5ff62dababbd8edfb72d0a97e4807df424b78f87491e2373479d6c84fbd14d32,2024-09-27T18:36:00.053000
 CVE-2024-8497,0,0,903ccc83158de7417bc6f3ffdca83d1bf1fc40ad14228b01a3e1e063e242f9a9,2024-09-26T13:32:02.803000
 CVE-2024-8499,0,0,551fc12eb8cb4caa4e9bbd5dc03a7956334337857e6a71f0d5ccb7ec4fa77572,2024-10-04T13:50:43.727000
@ -264228,7 +264229,7 @@ CVE-2024-8737,0,0,a8f5a9ac08b3915d238b7b0f4fdae19f4d9de463f7b6e5257b850817c52f34
 CVE-2024-8738,0,0,8d7254f4f1af2919bab9c4b9c8e7ac85cdc1b41f46ed454e2ea854234d64d13d,2024-09-26T16:48:19.490000
 CVE-2024-8741,0,0,b4e1d7f7dfc20b3d40ed40689f6d2a74196871e98895f038c49cf39f3f685863,2024-10-02T16:37:16.407000
 CVE-2024-8742,0,0,22ad08a64cc55234113e83ee811bd639e6d0a7f5c2878d141833012213ce6335,2024-09-27T16:28:07.827000
-CVE-2024-8743,1,1,59b2b24ac341db38092f7dd2a074edcfffa9c8083c75b055ad0bfe96a8f73499,2024-10-05T07:15:12.297000
+CVE-2024-8743,0,0,59b2b24ac341db38092f7dd2a074edcfffa9c8083c75b055ad0bfe96a8f73499,2024-10-05T07:15:12.297000
 CVE-2024-8747,0,0,c8071dd8d89406610db13dc6a04dbbb98461ebd7257641ae31a11de6b1ad5c9f,2024-09-26T19:23:12.477000
 CVE-2024-8749,0,0,dc7dd50ec6adedb45c385a82f706a7ab45f55e506e70a64a626b0d8f521f6289,2024-09-18T18:53:54.860000
 CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b5620,2024-09-18T20:38:42.123000
@ -264534,3 +264535,4 @@ CVE-2024-9513,0,0,10f22e26d94cea8688c054ad49deba44171c8b07bc6c0d1de3fa45dd9ff56e
 CVE-2024-9514,0,0,a53f44accfe30910c541c9413b06e85ad70baafde1404ed3bbfe26f781762e2e,2024-10-04T14:15:05.910000
 CVE-2024-9515,0,0,61876f9f404131a68b50426992d9bacb784e56537f2a34f2232f3fbcd09a799e,2024-10-04T14:15:06.210000
 CVE-2024-9528,0,0,a67033828dc64ab8097f9cad1507ec37a96a1d18a16a5e9dfac7c1b08408a02f,2024-10-05T03:15:02.447000
+CVE-2024-9532,1,1,a815b2d2d40154bda523e1414a48d6370dcd762c40c31672f1130eb3adb44524,2024-10-05T08:15:02.653000