admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-26T10:00:18.357508+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-26 10:03:19 +00:00
parent 7c0eb3e5ea
commit 43bf6bfffc
16 changed files with 866 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2024/CVE-2024-01xx/CVE-2024-0117.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0117",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:02.520",
"lastModified": "2024-10-26T08:15:02.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0118.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0118",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:02.880",
"lastModified": "2024-10-26T08:15:02.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0119.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0119",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:03.083",
"lastModified": "2024-10-26T08:15:03.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0120.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0120",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:03.280",
"lastModified": "2024-10-26T08:15:03.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0121.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0121",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:03.487",
"lastModified": "2024-10-26T08:15:03.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0126.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0126",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T08:15:03.690",
"lastModified": "2024-10-26T08:15:03.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0127.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0127",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T09:15:02.957",
"lastModified": "2024-10-26T09:15:02.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0128.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0128",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-26T09:15:03.800",
"lastModified": "2024-10-26T09:15:03.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586",
"source": "psirt@nvidia.com"
}
]
}

64
CVE-2024/CVE-2024-100xx/CVE-2024-10092.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10092",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T08:15:03.893",
"lastModified": "2024-10-26T08:15:03.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.12/src/KeyGeneration/class-dlm-key-generation.php#L299",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173614/download-monitor/trunk/src/KeyGeneration/class-dlm-key-generation.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-83xx/CVE-2024-8392.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8392",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T09:15:04.383",
"lastModified": "2024-10-26T09:15:04.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Post Grid Layouts with Pagination \u2013 Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This can also be exploited via CSRF techniques."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sogrid/trunk/src/admin-panel/views/panel.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62d81e01-9b6e-48e9-b9da-85444a3694e7?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-96xx/CVE-2024-9637.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9637",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T09:15:04.900",
"lastModified": "2024-10-26T09:15:04.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.9/lib/wpsp-ajaxworks-teacher.php#L598",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-96xx/CVE-2024-9642.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9642",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T09:15:05.303",
"lastModified": "2024-10-26T09:15:05.303",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/editor-custom-color-palette/tags/3.3.6/asset/eccp-custom-back-office.php#L1685",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/editor-custom-color-palette/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7f858c-945c-4d12-a2a6-113449ad890a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-98xx/CVE-2024-9853.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9853",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T09:15:05.780",
"lastModified": "2024-10-26T09:15:05.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/idsk-toolkit/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/001b452e-3f8a-4605-b77a-ba8fbd0d79d7?source=cve",
"source": "security@wordfence.com"
}
]
}

76
CVE-2024/CVE-2024-99xx/CVE-2024-9967.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-9967",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-26T09:15:06.283",
"lastModified": "2024-10-26T09:15:06.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_more shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-show-more/trunk/wp-show-more.php#L16",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-show-more/trunk/wp-show-more.php#L23",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-show-more/trunk/wp-show-more.php#L27",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-show-more/trunk/wp-show-more.php#L31",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wp-show-more/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de269b5-7262-45c8-8819-00982f196597?source=cve",
"source": "security@wordfence.com"
}
]
}

24
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-26T06:00:17.765322+00:00
2024-10-26T10:00:18.357508+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-26T05:15:17.773000+00:00
2024-10-26T09:15:06.283000+00:00
```
### Last Data Feed Release
@ -33,15 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
267140
267154
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `14`
- [CVE-2024-8870](CVE-2024/CVE-2024-88xx/CVE-2024-8870.json) (`2024-10-26T04:15:05.273`)
- [CVE-2024-9456](CVE-2024/CVE-2024-94xx/CVE-2024-9456.json) (`2024-10-26T05:15:17.773`)
- [CVE-2024-0117](CVE-2024/CVE-2024-01xx/CVE-2024-0117.json) (`2024-10-26T08:15:02.520`)
- [CVE-2024-0118](CVE-2024/CVE-2024-01xx/CVE-2024-0118.json) (`2024-10-26T08:15:02.880`)
- [CVE-2024-0119](CVE-2024/CVE-2024-01xx/CVE-2024-0119.json) (`2024-10-26T08:15:03.083`)
- [CVE-2024-0120](CVE-2024/CVE-2024-01xx/CVE-2024-0120.json) (`2024-10-26T08:15:03.280`)
- [CVE-2024-0121](CVE-2024/CVE-2024-01xx/CVE-2024-0121.json) (`2024-10-26T08:15:03.487`)
- [CVE-2024-0126](CVE-2024/CVE-2024-01xx/CVE-2024-0126.json) (`2024-10-26T08:15:03.690`)
- [CVE-2024-0127](CVE-2024/CVE-2024-01xx/CVE-2024-0127.json) (`2024-10-26T09:15:02.957`)
- [CVE-2024-0128](CVE-2024/CVE-2024-01xx/CVE-2024-0128.json) (`2024-10-26T09:15:03.800`)
- [CVE-2024-10092](CVE-2024/CVE-2024-100xx/CVE-2024-10092.json) (`2024-10-26T08:15:03.893`)
- [CVE-2024-8392](CVE-2024/CVE-2024-83xx/CVE-2024-8392.json) (`2024-10-26T09:15:04.383`)
- [CVE-2024-9637](CVE-2024/CVE-2024-96xx/CVE-2024-9637.json) (`2024-10-26T09:15:04.900`)
- [CVE-2024-9642](CVE-2024/CVE-2024-96xx/CVE-2024-9642.json) (`2024-10-26T09:15:05.303`)
- [CVE-2024-9853](CVE-2024/CVE-2024-98xx/CVE-2024-9853.json) (`2024-10-26T09:15:05.780`)
- [CVE-2024-9967](CVE-2024/CVE-2024-99xx/CVE-2024-9967.json) (`2024-10-26T09:15:06.283`)
### CVEs modified in the last Commit

18
_state.csv
View File

@ -241536,9 +241536,17 @@ CVE-2024-0111,0,0,745fe4fa8ac2297a871814d16ec0cf5bf56a98c3501448d82308b7dc75a74f
CVE-2024-0113,0,0,30ea5d78769c707d77ab5e88a1087a3bf4be86e316909498095d743b94b19e08,2024-09-11T17:34:37.667000
CVE-2024-0115,0,0,90525cb6d1df6f268f81b58c98763d2a78ce3017a9779cdc04eec9f2dd2bca4d,2024-09-11T17:24:27.393000
CVE-2024-0116,0,0,a6cbe3db55579100922047f237b056c0420ed7fe26ca2d3a7e613c461d344341,2024-10-04T13:51:25.567000
CVE-2024-0117,1,1,c9be4bfc9a9f6b90361c40b5f196c0a9f7198a95fea664eca163a072abef1029,2024-10-26T08:15:02.520000
CVE-2024-0118,1,1,c201b93d2c1558c58ceb893045a27def7e029d3a70138a6a98a76dccae224f98,2024-10-26T08:15:02.880000
CVE-2024-0119,1,1,a0373bd9251ad654bb6f9b3e0e8e58678d6c37c8b77156c13fa9a1609ac0937c,2024-10-26T08:15:03.083000
CVE-2024-0120,1,1,52525761368a28d846feb3db889de98a2492a5abffd45c0fb1eab23cc1a3bee5,2024-10-26T08:15:03.280000
CVE-2024-0121,1,1,f1c5b313816640f2af3d17fe11ca32b676ce382b5919b871d8e6ade8bc5671ec,2024-10-26T08:15:03.487000
CVE-2024-0123,0,0,b5d565031402caa204bf1a28725c0c192ecd3daa1b8bc8f4d37470664175216b,2024-10-04T13:50:43.727000
CVE-2024-0124,0,0,65a7ca3fa08b021f3ead82c3260c63de7cee799b77a5f239ccc73202de671521,2024-10-04T13:50:43.727000
CVE-2024-0125,0,0,4cf16bcca0b2fb9dbeaeffe86943f72316182719c400fbcdf4c939215efb61c9,2024-10-04T13:50:43.727000
CVE-2024-0126,1,1,fb455e6e3054b9a65c68693956c227fb79539f137bf4fcc373304ae93dca78ee,2024-10-26T08:15:03.690000
CVE-2024-0127,1,1,1eace612a6b77968791543a19ec3098fcaa1e7cc247b7929ce60f427b205529c,2024-10-26T09:15:02.957000
CVE-2024-0128,1,1,71f2149cea4c87aaa44278d3b54347636b41d0a597d784a35c3e314606fca4e1,2024-10-26T09:15:03.800000
CVE-2024-0129,0,0,6ed61392ba79f5db5fcce1c9578b2019ba40cb0d76cd37c2f6f179769672e354,2024-10-15T12:57:46.880000
CVE-2024-0132,0,0,f1d27ee91d38f95f18265c56576359c7b74449c09c2448ac9270cfde0a145c24,2024-10-02T14:45:36.160000
CVE-2024-0133,0,0,1869d101f5a07bee8a308ca6354c7bbc691223866612cf3986da3052ed18f6e1,2024-10-02T14:43:22.433000
@ -242367,6 +242375,7 @@ CVE-2024-1008,0,0,a9b7d9e2e828ed74dc3f97aef993fcfdb7b13561fd219152455ff7524c8067
CVE-2024-10080,0,0,e70a3cc8d8ca25d9e3db818c04f9b2eeee833bf342884de7579048a734fce30e,2024-10-22T16:27:38.840000
CVE-2024-1009,0,0,97af4237278897e4de60a52c929ac5642d8b709167b278dc1af6a70d4d177e3b,2024-05-17T02:35:09.780000
CVE-2024-10091,0,0,4989545c6fb9d60129e3750b17dd7cc3c5d2bbe44d790f8d9004c10d092d0bed,2024-10-26T03:15:02.903000
CVE-2024-10092,1,1,686d95a5022d3cde9f71cc3f17faf7dca941f482cf6d45c48c2c674386b25929,2024-10-26T08:15:03.893000
CVE-2024-10093,0,0,655dbc008c9c21b76c775eaa92108777c983716e956bf10f0085a4f9c49fc737,2024-10-18T12:52:33.507000
CVE-2024-10099,0,0,f14bdb99d2ca7956ea9400330266332303014dc510bc6e629dc22733e615abb6,2024-10-21T21:03:53.647000
CVE-2024-1010,0,0,b9c2292e551f86bb732084025c958f6307d4b05614efbc31206ace678efe61b8,2024-05-17T02:35:09.883000
@ -266220,6 +266229,7 @@ CVE-2024-8387,0,0,0236f6236e30b259f0ad5d7ef58b73e88f9716952aaecf201cfb31f83aed0c
CVE-2024-8388,0,0,c9864eb6d3c315590c52d0b0a1a482222ad75576dc8d176a33dcc59976d2f97c,2024-09-04T15:49:19.170000
CVE-2024-8389,0,0,b86f9dffcb24008ea2fc4581b98019930f23a761524133d12e1b7b2aa1f8008a,2024-09-04T15:50:02.933000
CVE-2024-8391,0,0,e4a53876b2b078fcdc3ea9cb2dcdd9122c87a07a74293148b584a5df448e0076,2024-09-12T16:44:01.247000
CVE-2024-8392,1,1,de0c4c4d3360cbd189cf5655e291d7f23ba3a9462208d27655dbaa2fb67769ee,2024-10-26T09:15:04.383000
CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000
CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000
CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000
@ -266517,7 +266527,7 @@ CVE-2024-8866,0,0,8e10905107e65798915532a0fd7237746a2479c311a608a0e275edbccb2c74
CVE-2024-8867,0,0,379e34cf940a9b1358241a2155237c1f9d3d38d48143e1ed89b8af75caf7d4cf,2024-09-17T10:55:05.913000
CVE-2024-8868,0,0,90fb6fa23c2a5505d69614ac49fd1c537f25b76ba9e82d49d07e437e4df1c667,2024-09-17T10:59:28.233000
CVE-2024-8869,0,0,eaa7c70f03f38bcd808caaf5c9917ef912247cecdfb7f5fef4110fc2bf4de330,2024-09-20T16:59:22.560000
CVE-2024-8870,1,1,19faaf450e9f72e7b04118c5eaa198d3bf526d986a4f2f32ed76010a5cf7fb67,2024-10-26T04:15:05.273000
CVE-2024-8870,0,0,19faaf450e9f72e7b04118c5eaa198d3bf526d986a4f2f32ed76010a5cf7fb67,2024-10-26T04:15:05.273000
CVE-2024-8872,0,0,a59fbf98e5a02680c9463d07c5c7731b213fd42229816cc8689de00fdc1cc0eb,2024-10-01T13:42:57.860000
CVE-2024-8875,0,0,285b537766851a72a752adea85efa81abdeba3e4c5af2afdcf8485ecb658237e,2024-09-20T22:44:16.077000
CVE-2024-8876,0,0,adf401fb4b8b2c24f06ac7d28fd2360497bd835317abc655be39e3ccb04a97b8,2024-09-20T16:58:24.333000
@ -266871,7 +266881,7 @@ CVE-2024-9451,0,0,bfba756188c29e076bb119887d9bdf6d3874c705a9d59100000802c164b86c
CVE-2024-9452,0,0,7eb2217e5eb4f5560cd9b75a09c78b5c11eea85f09a819264a7f744adf0ba17a,2024-10-22T16:23:59.420000
CVE-2024-9454,0,0,2749e55557fdc5936dfc3c57195e522d0fd89ea969894a96b3846432af13d845,2024-10-26T03:15:03.303000
CVE-2024-9455,0,0,70bc73495623b6fab8931499505a6be70a8937392cffccc260a57663b280a262,2024-10-07T17:48:28.117000
CVE-2024-9456,1,1,fa1dbe3990e5e68e15792132128b96c626eb27c0d22ab79854eedd7768ace796,2024-10-26T05:15:17.773000
CVE-2024-9456,0,0,fa1dbe3990e5e68e15792132128b96c626eb27c0d22ab79854eedd7768ace796,2024-10-26T05:15:17.773000
CVE-2024-9457,0,0,9e423d4cda70891a0b74c4852459db88bd5163f875d32e19ac8dac4b758e8eeb,2024-10-15T14:23:57.307000
CVE-2024-9460,0,0,d6ff22c922d7573d861145a9f9c7a3aa2a44b6806bef76282f2615732b02479a,2024-10-08T14:33:42.703000
CVE-2024-9462,0,0,d26aea6dd448a87b3c9882d71053cb4f28a09b0253e3e1a4755db6fd1458737d,2024-10-26T03:15:03.523000
@ -266980,6 +266990,8 @@ CVE-2024-9627,0,0,2b255751ca76c819864c389a91dcfc3f65321be83e43cc5abce958b149b5f5
CVE-2024-9628,0,0,61a27472b9da741357728e2747c61581a42641370f854cfe14defa2dd6861d0b,2024-10-25T16:15:10.160000
CVE-2024-9630,0,0,95cf42fc9d833aab63558caaeb38c94fd9570f2d1a1e45300ec7feb07db9cd04,2024-10-25T12:56:07.750000
CVE-2024-9634,0,0,d64c376a2cd176bba19f7a8121026bf8ac88c7cb95243ab4e56bfc5d5fa1c1d3,2024-10-16T16:38:14.557000
CVE-2024-9637,1,1,bc7515b8e5d5ace11f6605028051101e5707480c7780781fcacacde8e6e8d339,2024-10-26T09:15:04.900000
CVE-2024-9642,1,1,26c5bc85b8e11e5a7c4304ee918cdf08a29682ce52e6b9626057fc4fcc678aef,2024-10-26T09:15:05.303000
CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615f9,2024-10-16T16:38:14.557000
CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000
CVE-2024-9650,0,0,c785e5c8b40ec3a7d0b9a0e25f6978363c5dcc2fc6507b9c6a2c03a208ac34e9,2024-10-25T12:56:07.750000
@ -267047,6 +267059,7 @@ CVE-2024-9824,0,0,0b6b46e52b34b071e6f48e5304d76a541526a4368e490338503476fca42489
CVE-2024-9829,0,0,ea980a1e481fc86407edeb6f0040d6f4a6ff2d17edcbe8d18dd95381292ad49b,2024-10-25T16:30:44.520000
CVE-2024-9837,0,0,bb6af129df538114e71c369a037f26903d10504dcd81ada4fc7f4b05786c12dd,2024-10-15T12:57:46.880000
CVE-2024-9848,0,0,b402d34d635014e43cf3d9b875728458bb9e45308a715285ac01e2036b42d252,2024-10-22T16:42:25.867000
CVE-2024-9853,1,1,393a5c455938a585e9768428fe797f9941a1bdeafbeb4eb53ada28016b69fb15,2024-10-26T09:15:05.780000
CVE-2024-9855,0,0,f4067d5f9739a4a46f27ed071acd023bca1d9a27db9968d98f329af2e8d70e8b,2024-10-15T12:58:51.050000
CVE-2024-9856,0,0,531963d8959dcaa0b68edaa5a63ce972541a941d9ad2303b1c288946d989ee89,2024-10-15T12:58:51.050000
CVE-2024-9858,0,0,bef02c0d9ed07a4afa527340189d49e60d5c238f08809a01d4eade734c583a54,2024-10-16T17:35:08.130000
@ -267119,6 +267132,7 @@ CVE-2024-9963,0,0,76f1ef86546c72f52eb95898dccb27d5e3933f511652b8100540834dfe298d
CVE-2024-9964,0,0,435bbe2551dc259461f6e970d1b300d6d47a8658cefa7b957f2b134a9ceffb0e,2024-10-17T20:30:09.627000
CVE-2024-9965,0,0,ca4b913c2f59c0caf10d8705859da18d5742dcac6da1897e21b1894bc7d383f9,2024-10-17T20:06:01.680000
CVE-2024-9966,0,0,16c2f178953c4393f8940436aad84007ae6c91aa058d27aac550ab3276ce4c9f,2024-10-17T20:12:09.447000
CVE-2024-9967,1,1,6c32203e9857042c1977adc0e02037143deac8c8df24e503e211b14e2be976dd,2024-10-26T09:15:06.283000
CVE-2024-9968,0,0,27c4c5baf3e90e0fa17da71c9c0ad07121664aa1282c8fc373fe41ccee1aa031,2024-10-19T00:42:13.957000
CVE-2024-9969,0,0,19b96a796919a02a1f37b80d1518be802de7d87a5daeb912cc35f95bde681abb,2024-10-19T00:51:02.383000
CVE-2024-9970,0,0,c1594975fad63b39e2f1f96006d973fcf8b9604faca5774b3f8bf4c0518291c8,2024-10-17T20:33:59.873000

Can't render this file because it is too large.