From 411f6cdce1ced78fe470d4ce3c2c5886b40bba54 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 25 Dec 2024 09:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-12-25T09:00:19.585256+00:00 --- CVE-2024/CVE-2024-108xx/CVE-2024-10862.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-112xx/CVE-2024-11281.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12335.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-127xx/CVE-2024-12782.json | 17 ++++-- README.md | 15 +++--- _state.csv | 11 ++-- 6 files changed, 207 insertions(+), 16 deletions(-) create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10862.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11281.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12335.json diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10862.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10862.json new file mode 100644 index 00000000000..4306b56eeec --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10862.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10862", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-25T07:15:11.190", + "lastModified": "2024-12-25T07:15:11.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L3065", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab807beb-0e20-47e4-be3e-9e8f50b84c7b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11281.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11281.json new file mode 100644 index 00000000000..db2a710a250 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11281.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11281", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-25T07:15:11.777", + "lastModified": "2024-12-25T07:15:11.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/wordpress-woocommerce-pos-system-point-of-sale/21254976", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0671b1-1414-4315-8a2d-bd1aabe091a4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12335.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12335.json new file mode 100644 index 00000000000..8da40cabde3 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12335.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12335", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-25T07:15:11.980", + "lastModified": "2024-12-25T07:15:11.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://avada.com", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4181dcad-b5bd-46db-b47c-3cdee427123c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json index 4c1f82d2eac..18def8b2baf 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json @@ -2,13 +2,20 @@ "id": "CVE-2024-12782", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-19T13:15:05.900", - "lastModified": "2024-12-19T13:15:05.900", - "vulnStatus": "Received", - "cveTags": [], + "lastModified": "2024-12-25T08:15:05.410", + "vulnStatus": "Awaiting Analysis", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "es", @@ -111,7 +118,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/README.md b/README.md index 5a2de8bac89..02ce77a2431 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-25T07:00:19.831715+00:00 +2024-12-25T09:00:19.585256+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-25T06:15:23.407000+00:00 +2024-12-25T08:15:05.410000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274654 +274657 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2024-10858](CVE-2024/CVE-2024-108xx/CVE-2024-10858.json) (`2024-12-25T06:15:23.407`) -- [CVE-2024-12428](CVE-2024/CVE-2024-124xx/CVE-2024-12428.json) (`2024-12-25T05:15:06.920`) -- [CVE-2024-12636](CVE-2024/CVE-2024-126xx/CVE-2024-12636.json) (`2024-12-25T05:15:08.067`) +- [CVE-2024-10862](CVE-2024/CVE-2024-108xx/CVE-2024-10862.json) (`2024-12-25T07:15:11.190`) +- [CVE-2024-11281](CVE-2024/CVE-2024-112xx/CVE-2024-11281.json) (`2024-12-25T07:15:11.777`) +- [CVE-2024-12335](CVE-2024/CVE-2024-123xx/CVE-2024-12335.json) (`2024-12-25T07:15:11.980`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-12782](CVE-2024/CVE-2024-127xx/CVE-2024-12782.json) (`2024-12-25T08:15:05.410`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 7350a621f4c..eb41794811a 100644 --- a/_state.csv +++ b/_state.csv @@ -243771,9 +243771,10 @@ CVE-2024-10854,0,0,afc7bc69a1b6288540bb663e3abfd7c0b6a784132b70b7f35e98f7b2cc506 CVE-2024-10855,0,0,ae24b9251832889f0ab5093466f5bbce4d7ad6d8dd4bf7a8321d2155c2606591,2024-11-26T20:34:02.857000 CVE-2024-10856,0,0,251c7531c17b6f3b0ed919ef9a67ac2f96c713f0018b87cf93ecb45c7c80519e,2024-12-24T11:15:07.260000 CVE-2024-10857,0,0,957ae8afb2b021b5a39096260dcb79ccdc7e257258c659d883b9a23a31df5c0b,2024-11-26T07:15:05.003000 -CVE-2024-10858,1,1,c3d2dbeef5be79a26f33d51cb92151a2aad8e75fda9541a4a310c56924cd1970,2024-12-25T06:15:23.407000 +CVE-2024-10858,0,0,c3d2dbeef5be79a26f33d51cb92151a2aad8e75fda9541a4a310c56924cd1970,2024-12-25T06:15:23.407000 CVE-2024-1086,0,0,688e2fb2892801c230e1dfe45afd0a98166e64f80974b1a593d490f3471fc0dd,2024-11-21T08:49:46.013000 CVE-2024-10861,0,0,a0a9ed450f8163c1435b46341b966a17dde352d3f4e975547d6d20959f88110b,2024-11-18T17:11:17.393000 +CVE-2024-10862,1,1,47c3525e7600e4dc4aa8796ba01fd2047eb691201667cb5b589f2f6c1a826e5b,2024-12-25T07:15:11.190000 CVE-2024-10863,0,0,b5b227485fbe2ef5029ee042bb93b4e86d4e47bdafc29c909ac7a75d6e0d47a4,2024-11-22T16:15:21.257000 CVE-2024-10868,0,0,ed5c74cd38793a3786fe1a207774b7d893f356dc5b7738c219f7d841c4557dd6,2024-11-23T04:15:07.930000 CVE-2024-10869,0,0,24e83078acb589a8bf17812dbc3140ca72ecc1dc51859fe588758bfcf79e45ac,2024-11-23T04:15:08.073000 @@ -244105,6 +244106,7 @@ CVE-2024-11278,0,0,3f323ea4c088ae11099db65ea7e4647c3e5f880422ea2bf5351a2656e281a CVE-2024-11279,0,0,b2556a8750e158a7be1dc7b8c7e9a28d5376397dde30d88838c627e7fc39e344,2024-12-12T04:15:04.970000 CVE-2024-1128,0,0,b5697d53bd1cc8361103858a196325f5d64208a9e9a1888a08b3143838ba1702,2024-11-21T08:49:51.657000 CVE-2024-11280,0,0,55a96727b2485e04cc5b6b8add864215b2cd1aa8bc4bdf75a3cee41a9da85d1e,2024-12-17T12:15:19.343000 +CVE-2024-11281,1,1,c7426666803fe99955d578fc3958dce2b5ae0781c1e0b13c829c8e4325d838eb,2024-12-25T07:15:11.777000 CVE-2024-11287,0,0,5e28cd1733331b85e0ad445b1086ed0ec9b451694b2573b6315e5610a8d849ee,2024-12-21T07:15:08.053000 CVE-2024-11289,0,0,1d2443a1a9242c04e29818ad13875ac1c58e80e7866f1501dec4b2d1a8559f61,2024-12-06T10:15:05.450000 CVE-2024-1129,0,0,cbf5818dce2e4cd60590d30546d905436cb36b8ec16eeb56ee9382ffddfc0bc3,2024-11-21T08:49:51.773000 @@ -244853,6 +244855,7 @@ CVE-2024-12329,0,0,66dd2e3f2af8b0b1aca8274acaafc22644d93ff908c884984769d59605f22 CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000 CVE-2024-12331,0,0,1e9ca237392e514d67f31de618028f277c648eba4946fb0ca223d049863f158a,2024-12-19T12:15:05.330000 CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000 +CVE-2024-12335,1,1,55358ce877e746c8c3bee6ac5ee688e77219acf04f4575809586a1e99b3370a0,2024-12-25T07:15:11.980000 CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000 CVE-2024-1234,0,0,6b4d1ae0b8159c98fb379447cf95a21f71a7514cfa9af5f48616ab89e3a52cca,2024-11-21T08:50:07.567000 CVE-2024-12340,0,0,e64d9154ce721e0cef963ec962023bf662e8b1885905905ffc386c61964f035d,2024-12-18T10:15:07.827000 @@ -244905,7 +244908,7 @@ CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc13140 CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247bfd,2024-12-13T09:15:08.627000 CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000 CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d55292dc,2024-12-14T06:15:19.357000 -CVE-2024-12428,1,1,32f56e83775907d43fa99115492053c7951ff57ca9b528b984e1e2fcfea13b3f,2024-12-25T05:15:06.920000 +CVE-2024-12428,0,0,32f56e83775907d43fa99115492053c7951ff57ca9b528b984e1e2fcfea13b3f,2024-12-25T05:15:06.920000 CVE-2024-12432,0,0,3d67b932349f6253a91fa970f1501aba586896a462aba17731bbe90a2499433d,2024-12-18T04:15:07.947000 CVE-2024-12441,0,0,60177bfa0d9dcd79729d5ab6a51352067dd3b55deb7861fd956eb7f2cdfb3058,2024-12-12T05:15:12.703000 CVE-2024-12443,0,0,f07c0805b285e00ba917c2d7fc7d6d01900a808064fd2463aaf6cc786dd6eda1,2024-12-16T23:15:06.097000 @@ -244997,7 +245000,7 @@ CVE-2024-12628,0,0,f48463b1ecdc4a2ff76d188b8ae44a2e0e32ef1e929dc806ea33e24839d14 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000 CVE-2024-12635,0,0,99a228890bd43a8042fc5a059ac9a5dbbb198a1f556a6f74c7eecbd9945e18c8,2024-12-21T07:15:09.380000 -CVE-2024-12636,1,1,6cd5df7c0ec0b69dee8c268b93582a1e0f0a1ba755b4e8e67a5be6cd3d9ecf4c,2024-12-25T05:15:08.067000 +CVE-2024-12636,0,0,6cd5df7c0ec0b69dee8c268b93582a1e0f0a1ba755b4e8e67a5be6cd3d9ecf4c,2024-12-25T05:15:08.067000 CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000 CVE-2024-12641,0,0,6e6b1aa53bd8553222049d57d01527b85aa1b46f94f8dd550c03e6967ee19a5d,2024-12-16T07:15:05.787000 CVE-2024-12642,0,0,a401d76248880d01d3fa48196afb4bda331b127bc27a94608f221d11c2863778,2024-12-16T07:15:06.023000 @@ -245059,7 +245062,7 @@ CVE-2024-1276,0,0,342e07ea1475f57185158b84be14279572eebbc1b91e4c07c491730599e670 CVE-2024-1277,0,0,fdccc6e1d66b4b759fea691d8a9a7ad4f8cc0afd5b2fb224e654b3bd9de12942,2024-11-21T08:50:13.170000 CVE-2024-12771,0,0,00670c9ba4110d7f81f7077a284116c4904de555b874badf83d924edcbc78377,2024-12-21T07:15:09.997000 CVE-2024-1278,0,0,304f88731c9c2e93f283a152f19a1ac852d3cf0fda0d38c9b82c242ac4604519,2024-11-21T08:50:13.287000 -CVE-2024-12782,0,0,d84c709a203c2b6e1eb6e82eaa62e3ee92b3b125eeb872c11ceb89fb44b775c6,2024-12-19T13:15:05.900000 +CVE-2024-12782,0,1,5b7b2e2ac02e7efc39bf5d7b73d597a9d89fda1b95cd7026fb4052ada3469843,2024-12-25T08:15:05.410000 CVE-2024-12783,0,0,07d3b17e3d5d11707b74236da78c46b61df9436573adf7dc03baf418873a64fa,2024-12-19T13:15:06.217000 CVE-2024-12784,0,0,394d09478b3fc884ce151ab4d804d3c0c2c79402a7d52b4c191775044a9438d1,2024-12-19T14:15:05.943000 CVE-2024-12785,0,0,d1f5f24bf39cff8aec921e50b5018d4192a1029426c5f823f7cbb6630b28eed4,2024-12-19T15:15:05.980000