admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-15T11:00:20.193184+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-15 11:03:22 +00:00
parent 736a25f047
commit 415fcd6116
7 changed files with 245 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-103xx/CVE-2024-10311.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10311",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T10:15:03.980",
"lastModified": "2024-11-15T10:15:03.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/external-database-based-actions/trunk/lib/edba-admin-ajax-controller.php?rev=1785239#L8",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve",
"source": "security@wordfence.com"
}
]
}

4
CVE-2024/CVE-2024-112xx/CVE-2024-11211.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-11211",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T15:15:08.077",
"lastModified": "2024-11-14T15:15:08.077",
"lastModified": "2024-11-15T09:15:14.600",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in EyouCMS 1.5.6. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {

37
CVE-2024/CVE-2024-457xx/CVE-2024-45784.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-45784",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-15T09:15:14.897",
"lastModified": "2024-11-15T09:15:14.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability.\u00a0If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1295"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/airflow/pull/43040",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h",
"source": "security@apache.org"
}
]
}

64
CVE-2024/CVE-2024-89xx/CVE-2024-8978.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8978",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T10:15:04.873",
"lastModified": "2024-11-15T10:15:04.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Login_Register.php#L2220",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3188634/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/baae8fb9-b87c-4f61-88da-871c4c83615b?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-89xx/CVE-2024-8979.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8979",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T10:15:05.310",
"lastModified": "2024-11-15T10:15:05.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Login_Register.php#L2440",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3188634/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34d09086-be33-40cf-b5bf-d6c03cf0b68a?source=cve",
"source": "security@wordfence.com"
}
]
}

17
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-15T09:00:21.540865+00:00
2024-11-15T11:00:20.193184+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-15T07:15:17.900000+00:00
2024-11-15T10:15:05.310000+00:00
```
### Last Data Feed Release
@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
269803
269807
```
### CVEs added in the last Commit
Recently added CVEs: `4`
- [CVE-2024-10104](CVE-2024/CVE-2024-101xx/CVE-2024-10104.json) (`2024-11-15T07:15:17.063`)
- [CVE-2024-10825](CVE-2024/CVE-2024-108xx/CVE-2024-10825.json) (`2024-11-15T07:15:17.237`)
- [CVE-2024-8961](CVE-2024/CVE-2024-89xx/CVE-2024-8961.json) (`2024-11-15T07:15:17.587`)
- [CVE-2024-9529](CVE-2024/CVE-2024-95xx/CVE-2024-9529.json) (`2024-11-15T07:15:17.900`)
- [CVE-2024-10311](CVE-2024/CVE-2024-103xx/CVE-2024-10311.json) (`2024-11-15T10:15:03.980`)
- [CVE-2024-45784](CVE-2024/CVE-2024-457xx/CVE-2024-45784.json) (`2024-11-15T09:15:14.897`)
- [CVE-2024-8978](CVE-2024/CVE-2024-89xx/CVE-2024-8978.json) (`2024-11-15T10:15:04.873`)
- [CVE-2024-8979](CVE-2024/CVE-2024-89xx/CVE-2024-8979.json) (`2024-11-15T10:15:05.310`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-11211](CVE-2024/CVE-2024-112xx/CVE-2024-11211.json) (`2024-11-15T09:15:14.600`)
## Download and Usage

14
_state.csv
View File

@ -242483,7 +242483,7 @@ CVE-2024-10099,0,0,f14bdb99d2ca7956ea9400330266332303014dc510bc6e629dc22733e615a
CVE-2024-1010,0,0,b9c2292e551f86bb732084025c958f6307d4b05614efbc31206ace678efe61b8,2024-05-17T02:35:09.883000
CVE-2024-10100,0,0,f9d8653b0b809755807a27c91859fa59733e823c9baf33fbd9ba6460baccb9d4,2024-11-04T19:15:05.297000
CVE-2024-10101,0,0,e3896c5d7db68c5b786b00b58edff142c65dff97c0f85c49d64d1701e59c4a4a,2024-11-04T19:15:05.527000
CVE-2024-10104,1,1,c97f19eaf00df3c99ff94596b84e8a46da9f6e8d6dcd1a384f83ea84f7168f15,2024-11-15T07:15:17.063000
CVE-2024-10104,0,0,c97f19eaf00df3c99ff94596b84e8a46da9f6e8d6dcd1a384f83ea84f7168f15,2024-11-15T07:15:17.063000
CVE-2024-10108,0,0,f3f4ad009417795f18debc95373d890db3250e635fff4006fa4ef1bc9580626c,2024-11-01T12:57:03.417000
CVE-2024-1011,0,0,a83b664837c33e7f0f4cec42868f7bdd93765cacc9e6b97b43804e8b07af65f2,2024-05-17T02:35:09.987000
CVE-2024-10112,0,0,3a01d2baa33f19e143abe5aabe181ccab32faac99effca8d7325142fe7220a64,2024-10-25T12:56:07.750000
@ -242626,6 +242626,7 @@ CVE-2024-10300,0,0,ca0242a4c58ba5eb41987558653c1fad0eefdb856c34de56d3278680f413c
CVE-2024-10301,0,0,43e47cf56bc671ed7b90e0f04f420138e8362a6d949261d9acbcdf888c921aa2,2024-10-25T18:47:54.033000
CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700d4,2024-05-17T02:35:11.843000
CVE-2024-10310,0,0,3b0decb54117e1f6369f0c8a49822eb1c6d4be5cb40b8b5a9079fd842cd0c653,2024-11-04T13:06:20.190000
CVE-2024-10311,1,1,ff823e385531d022dff247aff5d10a6d888caf3f614cd8f33de094ad8e6d1020,2024-11-15T10:15:03.980000
CVE-2024-10312,0,0,d10f0012149342545ee317e492eeaf284c6b634b254526457f270c7ce4937a16,2024-10-29T14:34:04.427000
CVE-2024-10313,0,0,0a692e743da8a6f5929e9a5e61a16c962249b9fbffffedea4a154098bf7390c0,2024-10-25T12:56:07.750000
CVE-2024-10314,0,0,4ff424a08f54d46f95f43c7d51534e0e6342cc7a5b817ec1e4e580680bb1c702,2024-11-12T13:55:21.227000
@ -242952,7 +242953,7 @@ CVE-2024-10816,0,0,e858f5d61a9a9365d35b4f1632e08232437088d807fd2da2fd482099073bf
CVE-2024-1082,0,0,1a3a3ef85a9a06621291f657b27812f6a6be683bc843b0137ba9e53485eee330,2024-10-17T15:46:44.327000
CVE-2024-10820,0,0,53fb78c5ab1cb50fbe971478c44681256823c1d2118b9f5fa84f30fb209fb38c,2024-11-13T17:01:16.850000
CVE-2024-10824,0,0,6eb650dcc5948040831c411456d27fae52cd783d32ad30faaf04938565b810b8,2024-11-08T19:01:03.880000
CVE-2024-10825,1,1,03b9274c1d272f478175d5325ea2089b55ebb60dbe5177acb7e6bb15edb175a7,2024-11-15T07:15:17.237000
CVE-2024-10825,0,0,03b9274c1d272f478175d5325ea2089b55ebb60dbe5177acb7e6bb15edb175a7,2024-11-15T07:15:17.237000
CVE-2024-10826,0,0,6aa37fdb16b5853a7b5472e25a8ac0220ff66e617581e203df39439d12ed70ca,2024-11-06T18:17:17.287000
CVE-2024-10827,0,0,6577ad366fcac00efbf959f7905ba60a1d9c696b896b68d8b10d38d71dfd5e3b,2024-11-06T18:17:17.287000
CVE-2024-10828,0,0,6d13ed488cefed03e92f75350a2f29132e810389942ee7924deafa370427db35,2024-11-13T17:01:16.850000
@ -243135,7 +243136,7 @@ CVE-2024-11208,0,0,7acfc0d5ed23c52da09f59a7646b9c68ba6eb5051d4ac6d41bbd6289d3dca
CVE-2024-11209,0,0,c160f1217e298cfc2b4ea4c66bd7fff6bc5de06dc33ddcb58badda8b6cd0450a,2024-11-14T14:15:18.090000
CVE-2024-1121,0,0,19a454e1b0b19f003a8998da71d81afc60a591ff2c6ec5f42743662bb8a72434,2024-02-13T19:42:57.107000
CVE-2024-11210,0,0,12da7228515f229535c7fc4b9759273057c94d0101b79ad3990f20080e45a07d,2024-11-14T15:15:07.800000
CVE-2024-11211,0,0,b9c7fb9662e5721943ba1fc1e4f36e3cfae11a83d8100feb8339d89977889160,2024-11-14T15:15:08.077000
CVE-2024-11211,0,1,3886c776e3040976f2d9d483fe55782570fe2f7d343ab982e6a1ff369b159942,2024-11-15T09:15:14.600000
CVE-2024-11212,0,0,7736079fe4badb5fe2ea2d1c57eef7d38e804fef27e3d434bde972654548323a,2024-11-14T15:15:08.360000
CVE-2024-11213,0,0,6310690398aef42147c21046e139b47a34bc0077fad5bc3ed389a644e6432516,2024-11-14T16:15:18.450000
CVE-2024-11214,0,0,ccb4f12fd6859941f79db491e8820bb2f8c1cbacb38f9854647bd5e4e95dace1,2024-11-14T16:15:18.707000
@ -262608,6 +262609,7 @@ CVE-2024-45771,0,0,754a0f27219aa2eb6179ec627ac31099e8e2882043a643cfa7921ddb03dbb
CVE-2024-45772,0,0,d4fcff511ac9c702d11d2981d4f53f578a5b533222a07c5c21d8a62a8451fded,2024-10-04T13:20:58.327000
CVE-2024-45773,0,0,fa80a32ca25578799d772108a6e7f2b87164fbdfd3820c41dab7e96e6c83084e,2024-09-30T12:45:57.823000
CVE-2024-4578,0,0,de2bf1ab8b65cf8119579f63d8e64a9383c9519828d1fae8ddac21d6dcb5605a,2024-06-27T19:25:12.067000
CVE-2024-45784,1,1,7df02e48fd20d4891516a0ad23c130e8093c5cabebef12010ed53de3713bf60d,2024-11-15T09:15:14.897000
CVE-2024-45785,0,0,edaf655206685301bfa1d23b3961ca90e190821a2f1da23140bfad50572d7731,2024-11-06T17:08:40.507000
CVE-2024-45786,0,0,1027a4a71b54e4ed926e7c4d82608ed7bf7290e7e8486a1ac94d8f7e4edfad02,2024-09-18T20:12:47.337000
CVE-2024-45787,0,0,46f8564066b3f70e712610c0aca9059d9bda6862d53c941af56b2ef72737a51d,2024-09-18T18:15:07.650000
@ -269147,7 +269149,7 @@ CVE-2024-8956,0,0,1cb756cbfed7cce32103cd61ea4e7225af7cf46acb1dafb383d10ad8a9c01d
CVE-2024-8957,0,0,0308f2f5a0567b3e01401fcc5a35dd0d4903c31a6d3992c47cfe16c6bc21eadc,2024-11-05T02:00:01.697000
CVE-2024-8959,0,0,0dc3502ed244ae66bafd80efba15dddd0bb76667e6d8b2d3ee7e3d6fc71e6baf,2024-10-25T12:56:07.750000
CVE-2024-8960,0,0,cb9c3666b1d5630b31aed515dc84bc6b9317ac9454d917c6e7a599d8d75d0609,2024-11-12T13:56:24.513000
CVE-2024-8961,1,1,ef2de16a9c200ebb5c080448e86705e492f45cad59fd204acd651b5bb9a562a8,2024-11-15T07:15:17.587000
CVE-2024-8961,0,0,ef2de16a9c200ebb5c080448e86705e492f45cad59fd204acd651b5bb9a562a8,2024-11-15T07:15:17.587000
CVE-2024-8963,0,0,67fe8ea90f3163df4929d6782956d377bcadef461d17352cf475deabaa8fd4ad,2024-09-20T16:32:02.563000
CVE-2024-8964,0,0,c8fc4fc0d8f6e4149ea3cd0239ed4708c78c8d6f77eb0df4938d6649d94bf7d7,2024-10-10T12:56:30.817000
CVE-2024-8965,0,0,fcd9a7faf9aba17ebbc93d83d1389f5891b9c0797caaf85615a1a91da1ce5a78,2024-10-04T19:04:03.157000
@ -269157,6 +269159,8 @@ CVE-2024-8970,0,0,ac6a340d484c123a9130b7a8da1b91e0090b1836f7865857c5a2324dbb60a4
CVE-2024-8974,0,0,47fcb9de64a47ab7d6fd39981189c5f91c3407e2aae34c6aae2197da9ba195e7,2024-10-04T17:30:18.803000
CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000
CVE-2024-8977,0,0,5252c9de61b84aeddd3ec48f8829f82be03db26645b8f09321099ae149149381,2024-10-16T17:10:13.220000
CVE-2024-8978,1,1,6fe35329c6e39a1c98f2e36c7371e3dfbe04fa7b1debe5f3e7fafd8f309095f4,2024-11-15T10:15:04.873000
CVE-2024-8979,1,1,3ea26375d0d3f8c3384c0db604d953a89857ef51881446650efc105ce8490e3b,2024-11-15T10:15:05.310000
CVE-2024-8980,0,0,34622dfc36a70206b20752d1026a226663789c42eaaff2958041a445f566dbba,2024-10-30T14:46:14.127000
CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000
CVE-2024-8983,0,0,a5894726a3c72e301955e62952254bf05f92543b19c3d4bf59f7d30236266e8c,2024-10-10T12:57:21.987000
@ -269512,7 +269516,7 @@ CVE-2024-9520,0,0,043b00f2bf4932488b29ee05bd55762d90704159cb97bf4c710160da6d1296
CVE-2024-9521,0,0,09a594ea849fc5009e458f6cc46742d3176f440810ef4457104bfe2103f1d0c7,2024-10-16T16:38:14.557000
CVE-2024-9522,0,0,884c9004d667a145fae3b3526c4cb56c9d9a1365bd2a57b2af580c0e3b9c19a1,2024-10-15T14:27:41.553000
CVE-2024-9528,0,0,ad76266403ba94311c1f58d7258b765d914c39ddcd1148706c2e05f82ca92e87,2024-10-07T17:48:28.117000
CVE-2024-9529,1,1,7b206f56f8791182bae9a95280730e12f0a15b3370466754cfd7515a2ac4dede,2024-11-15T07:15:17.900000
CVE-2024-9529,0,0,7b206f56f8791182bae9a95280730e12f0a15b3370466754cfd7515a2ac4dede,2024-11-15T07:15:17.900000
CVE-2024-9530,0,0,a4f4ec0ca4c538513c522bc25437bdee95aa200ea2c8ddaeaa2d301c3f668205,2024-10-25T18:52:10.810000
CVE-2024-9531,0,0,2d32cff16aa07ef9767a12c3b335b7a483cb4a13b1ba87080414d4508df82841,2024-10-25T12:56:07.750000
CVE-2024-9532,0,0,b7f2aba05edad35ecf41f43ec9640effe332d3189a3ed38d97f2bf49866ac50d,2024-10-09T11:18:49.027000

Can't render this file because it is too large.