admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-29T14:00:27.244169+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-29 14:03:20 +00:00
parent 430620e779
commit 4414021e7f
5 changed files with 167 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
CVE-2023/CVE-2023-40xx/CVE-2023-4017.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2023-4017",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T12:15:09.863",
"lastModified": "2024-06-29T12:15:09.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018attra-color\u2019, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://goya.everthemes.com/help-center/changelog/#1-0-8-8-august-7-2023",
"source": "security@wordfence.com"
},
{
"url": "https://themeforest.net/item/goya-modern-woocommerce-theme/25175097",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cce2a10-3d5f-4249-9085-923a1fa76385?source=cve",
"source": "security@wordfence.com"
}
]
}

48
CVE-2024/CVE-2024-23xx/CVE-2024-2386.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-2386",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T13:15:10.740",
"lastModified": "2024-06-29T13:15:10.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3108077/wp-google-map-plugin",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2024/CVE-2024-259xx/CVE-2024-25943.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-25943",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-29T13:15:10.403",
"lastModified": "2024-06-29T13:15:10.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability",
"source": "security_alert@emc.com"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-29T12:00:18.982851+00:00
2024-06-29T14:00:27.244169+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-29T10:15:02.287000+00:00
2024-06-29T13:15:10.740000+00:00
```
### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
255491
255494
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
- [CVE-2024-5819](CVE-2024/CVE-2024-58xx/CVE-2024-5819.json) (`2024-06-29T10:15:02.287`)
- [CVE-2023-4017](CVE-2023/CVE-2023-40xx/CVE-2023-4017.json) (`2024-06-29T12:15:09.863`)
- [CVE-2024-2386](CVE-2024/CVE-2024-23xx/CVE-2024-2386.json) (`2024-06-29T13:15:10.740`)
- [CVE-2024-25943](CVE-2024/CVE-2024-259xx/CVE-2024-25943.json) (`2024-06-29T13:15:10.403`)
### CVEs modified in the last Commit

5
_state.csv
View File

@ -229916,6 +229916,7 @@ CVE-2023-40165,0,0,ab4e5756d11c5c99a14c74b5f2435b3a7ec37a8508fd8d1103ed13f8c2d14
CVE-2023-40166,0,0,e65129dbfd3b7538a0e791950fa4e4949f5750f316e418a4f293a1ace762d2e1,2023-08-31T16:33:53.880000
CVE-2023-40167,0,0,844221061890a9ee782732b03205b8ad71f2deb86a58157baa3044abcbbc84e9,2023-10-13T01:59:32.977000
CVE-2023-40168,0,0,70a509d5b6e44ab39f20bb6f74d7222f2250c3522969cca155350fac49518d8d,2023-08-24T15:04:49.430000
CVE-2023-4017,1,1,ab08b2973994c6bf2cd68ff9ecbe8bed734ce4a5ad4e4382cc501eea7902fd1b,2024-06-29T12:15:09.863000
CVE-2023-40170,0,0,67e9723fa3a370c77f30ddb3e0da340f391c6067a62d196310c2bd52b2255239,2023-09-15T22:15:14.333000
CVE-2023-40171,0,0,71a7846ed38ba22c187618c817ebcfbd338daee7a019f556400a1c9e3f3a5897,2023-08-24T15:11:33.620000
CVE-2023-40172,0,0,faffa6093066f944ecdc507879750b0d605e40ed8b67b25cd587316c3781dacc,2023-08-23T19:55:36.697000
@ -244729,6 +244730,7 @@ CVE-2024-23856,0,0,7a070de7fdd5d74cea0874cc007ef2bf0f323d01fd662c9716c69691cbccd
CVE-2024-23857,0,0,7eaf19807291540ffb4ed0aaeba2203c48dbce97eb1c38b6829b99f69bea7f4d,2024-02-15T10:15:09.737000
CVE-2024-23858,0,0,179fd096cc74dd5cbbf876bea6a8488b0885e1edc4fe71fbcee8079358c39150,2024-02-15T10:15:09.977000
CVE-2024-23859,0,0,63d22f89061de591ebb6f50f4326d532f8fce7994f1fbe1f5617c0b66052cbc5,2024-02-15T10:15:10.320000
CVE-2024-2386,1,1,c1197c4c049f0c6abe569dfc67e50b5762d8e7ad3d6f178da7765562b737bfdf,2024-06-29T13:15:10.740000
CVE-2024-23860,0,0,6632cbbf88be694b99a54a9686f448c6c76767ee921ebba92af7b1d8dcf41923,2024-02-15T10:15:10.567000
CVE-2024-23861,0,0,1e0a03b0e05ef6048d2c622678e2eb6612c0b797636e9b5ad09792d3e7721feb,2024-02-15T10:15:10.917000
CVE-2024-23862,0,0,857cda3f242d87fabecd43e75af37484c6e5f8b7cb4875ca14d61eda019d5ca8,2024-02-15T10:15:11.193000
@ -245932,6 +245934,7 @@ CVE-2024-2594,0,0,bde31fdaab09a079b8da0d26da3ff2fd7469b156a031f2e67457f19c614e87
CVE-2024-25940,0,0,0f284eb6797ffd015c122aeeb19f68755aac0aac9d9f404601b2b09d1a1b9b82,2024-04-19T07:15:09.657000
CVE-2024-25941,0,0,0620596476a272ab01a4a766ab6af38a519cd30d123423fbbdbdd109f3a89b18,2024-06-10T19:15:53.077000
CVE-2024-25942,0,0,f61fbc9a4d226989af6c7dbccbce6eac1bf08e9ecba7753f027f3c66eedf16fc,2024-03-19T13:26:46
CVE-2024-25943,1,1,2cd2494a6189013ae5084d872f402f2e24aa3e3aea211462934a745d4c23a01d,2024-06-29T13:15:10.403000
CVE-2024-25944,0,0,0c942868260e254f0ec88d12c198d84ea5267c121ead95446b5b00550e047e17,2024-04-01T01:12:59.077000
CVE-2024-25946,0,0,6f496894c0996dd20db51bddadbb7b8f4613518a0a22790fcd21a192873f3411,2024-03-28T20:53:20.813000
CVE-2024-25949,0,0,28dd1d310f71410ca26db9f24ad82830e2205559dd220b22f64be17580b64f1f,2024-06-13T18:36:09.010000
@ -255233,7 +255236,7 @@ CVE-2024-5805,0,0,d5f814a63108fa76cde55a23a7ee4c9d4c1228e8f74ac6f24226e1e9997c15
CVE-2024-5806,0,0,05eca3ac8c1d3a60beb467559e1d11b02293b85393edfc15424ba5e922097af5,2024-06-26T00:15:11.293000
CVE-2024-5812,0,0,b231b6b4b2edc3b100956cc90803ec880aa99de51e5a0f50bc4b9e381c5722ed,2024-06-13T18:36:45.417000
CVE-2024-5813,0,0,d695683c807a1777a11ef158e495934f31ab7056ebdb25d58f5f11112f2d1965,2024-06-13T18:36:45.417000
CVE-2024-5819,1,1,e3281694be9ef72aa48d45323b37d616d4af1a9c82965591ca687661159a772f,2024-06-29T10:15:02.287000
CVE-2024-5819,0,0,e3281694be9ef72aa48d45323b37d616d4af1a9c82965591ca687661159a772f,2024-06-29T10:15:02.287000
CVE-2024-5820,0,0,40e5523c17b003adbda0efbab055fe88c8ffe6387f321010b47ba3ba7dc113ac,2024-06-27T19:25:12.067000
CVE-2024-5822,0,0,56a6bfde1d559870c5646a0b76a29e939be7faac2a950947fe32abc1f4907e47,2024-06-27T19:25:12.067000
CVE-2024-5824,0,0,71b3b99a3563d3bd6941378b1fc516ea3658f7355f6e899285275a2e97c693cb,2024-06-27T19:25:12.067000

Can't render this file because it is too large.