Auto-Update: 2024-06-29T14:00:27.244169+00:00

2025-05-08 19:47:09 +00:00 · 2024-06-29 14:03:20 +00:00 · 2024-06-29 14:03:20 +00:00 · 4414021e7f
commit 4414021e7f
parent 430620e779
5 changed files with 167 additions and 6 deletions
--- a/CVE-2023/CVE-2023-40xx/CVE-2023-4017.json
+++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4017.json
@ -0,0 +1,52 @@
 {
  "id": "CVE-2023-4017",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-06-29T12:15:09.863",
  "lastModified": "2024-06-29T12:15:09.863",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018attra-color\u2019,  'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://goya.everthemes.com/help-center/changelog/#1-0-8-8-august-7-2023",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://themeforest.net/item/goya-modern-woocommerce-theme/25175097",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cce2a10-3d5f-4249-9085-923a1fa76385?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-23xx/CVE-2024-2386.json
+++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2386.json
@ -0,0 +1,48 @@
 {
  "id": "CVE-2024-2386",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-06-29T13:15:10.740",
  "lastModified": "2024-06-29T13:15:10.740",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3108077/wp-google-map-plugin",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-25943",
  "sourceIdentifier": "security_alert@emc.com",
  "published": "2024-06-29T13:15:10.403",
  "lastModified": "2024-06-29T13:15:10.403",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security_alert@emc.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security_alert@emc.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability",
      "source": "security_alert@emc.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-06-29T12:00:18.982851+00:00
+2024-06-29T14:00:27.244169+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-06-29T10:15:02.287000+00:00
+2024-06-29T13:15:10.740000+00:00
 ```
 ### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-255491
+255494
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `1`
+Recently added CVEs: `3`
- [CVE-2024-5819](CVE-2024/CVE-2024-58xx/CVE-2024-5819.json) (`2024-06-29T10:15:02.287`)
+- [CVE-2023-4017](CVE-2023/CVE-2023-40xx/CVE-2023-4017.json) (`2024-06-29T12:15:09.863`)
 - [CVE-2024-2386](CVE-2024/CVE-2024-23xx/CVE-2024-2386.json) (`2024-06-29T13:15:10.740`)
 - [CVE-2024-25943](CVE-2024/CVE-2024-259xx/CVE-2024-25943.json) (`2024-06-29T13:15:10.403`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -229916,6 +229916,7 @@ CVE-2023-40165,0,0,ab4e5756d11c5c99a14c74b5f2435b3a7ec37a8508fd8d1103ed13f8c2d14
 CVE-2023-40166,0,0,e65129dbfd3b7538a0e791950fa4e4949f5750f316e418a4f293a1ace762d2e1,2023-08-31T16:33:53.880000
 CVE-2023-40167,0,0,844221061890a9ee782732b03205b8ad71f2deb86a58157baa3044abcbbc84e9,2023-10-13T01:59:32.977000
 CVE-2023-40168,0,0,70a509d5b6e44ab39f20bb6f74d7222f2250c3522969cca155350fac49518d8d,2023-08-24T15:04:49.430000
 CVE-2023-4017,1,1,ab08b2973994c6bf2cd68ff9ecbe8bed734ce4a5ad4e4382cc501eea7902fd1b,2024-06-29T12:15:09.863000
 CVE-2023-40170,0,0,67e9723fa3a370c77f30ddb3e0da340f391c6067a62d196310c2bd52b2255239,2023-09-15T22:15:14.333000
 CVE-2023-40171,0,0,71a7846ed38ba22c187618c817ebcfbd338daee7a019f556400a1c9e3f3a5897,2023-08-24T15:11:33.620000
 CVE-2023-40172,0,0,faffa6093066f944ecdc507879750b0d605e40ed8b67b25cd587316c3781dacc,2023-08-23T19:55:36.697000
@ -244729,6 +244730,7 @@ CVE-2024-23856,0,0,7a070de7fdd5d74cea0874cc007ef2bf0f323d01fd662c9716c69691cbccd
 CVE-2024-23857,0,0,7eaf19807291540ffb4ed0aaeba2203c48dbce97eb1c38b6829b99f69bea7f4d,2024-02-15T10:15:09.737000
 CVE-2024-23858,0,0,179fd096cc74dd5cbbf876bea6a8488b0885e1edc4fe71fbcee8079358c39150,2024-02-15T10:15:09.977000
 CVE-2024-23859,0,0,63d22f89061de591ebb6f50f4326d532f8fce7994f1fbe1f5617c0b66052cbc5,2024-02-15T10:15:10.320000
 CVE-2024-2386,1,1,c1197c4c049f0c6abe569dfc67e50b5762d8e7ad3d6f178da7765562b737bfdf,2024-06-29T13:15:10.740000
 CVE-2024-23860,0,0,6632cbbf88be694b99a54a9686f448c6c76767ee921ebba92af7b1d8dcf41923,2024-02-15T10:15:10.567000
 CVE-2024-23861,0,0,1e0a03b0e05ef6048d2c622678e2eb6612c0b797636e9b5ad09792d3e7721feb,2024-02-15T10:15:10.917000
 CVE-2024-23862,0,0,857cda3f242d87fabecd43e75af37484c6e5f8b7cb4875ca14d61eda019d5ca8,2024-02-15T10:15:11.193000
@ -245932,6 +245934,7 @@ CVE-2024-2594,0,0,bde31fdaab09a079b8da0d26da3ff2fd7469b156a031f2e67457f19c614e87
 CVE-2024-25940,0,0,0f284eb6797ffd015c122aeeb19f68755aac0aac9d9f404601b2b09d1a1b9b82,2024-04-19T07:15:09.657000
 CVE-2024-25941,0,0,0620596476a272ab01a4a766ab6af38a519cd30d123423fbbdbdd109f3a89b18,2024-06-10T19:15:53.077000
 CVE-2024-25942,0,0,f61fbc9a4d226989af6c7dbccbce6eac1bf08e9ecba7753f027f3c66eedf16fc,2024-03-19T13:26:46
 CVE-2024-25943,1,1,2cd2494a6189013ae5084d872f402f2e24aa3e3aea211462934a745d4c23a01d,2024-06-29T13:15:10.403000
 CVE-2024-25944,0,0,0c942868260e254f0ec88d12c198d84ea5267c121ead95446b5b00550e047e17,2024-04-01T01:12:59.077000
 CVE-2024-25946,0,0,6f496894c0996dd20db51bddadbb7b8f4613518a0a22790fcd21a192873f3411,2024-03-28T20:53:20.813000
 CVE-2024-25949,0,0,28dd1d310f71410ca26db9f24ad82830e2205559dd220b22f64be17580b64f1f,2024-06-13T18:36:09.010000
@ -255233,7 +255236,7 @@ CVE-2024-5805,0,0,d5f814a63108fa76cde55a23a7ee4c9d4c1228e8f74ac6f24226e1e9997c15
 CVE-2024-5806,0,0,05eca3ac8c1d3a60beb467559e1d11b02293b85393edfc15424ba5e922097af5,2024-06-26T00:15:11.293000
 CVE-2024-5812,0,0,b231b6b4b2edc3b100956cc90803ec880aa99de51e5a0f50bc4b9e381c5722ed,2024-06-13T18:36:45.417000
 CVE-2024-5813,0,0,d695683c807a1777a11ef158e495934f31ab7056ebdb25d58f5f11112f2d1965,2024-06-13T18:36:45.417000
-CVE-2024-5819,1,1,e3281694be9ef72aa48d45323b37d616d4af1a9c82965591ca687661159a772f,2024-06-29T10:15:02.287000
+CVE-2024-5819,0,0,e3281694be9ef72aa48d45323b37d616d4af1a9c82965591ca687661159a772f,2024-06-29T10:15:02.287000
 CVE-2024-5820,0,0,40e5523c17b003adbda0efbab055fe88c8ffe6387f321010b47ba3ba7dc113ac,2024-06-27T19:25:12.067000
 CVE-2024-5822,0,0,56a6bfde1d559870c5646a0b76a29e939be7faac2a950947fe32abc1f4907e47,2024-06-27T19:25:12.067000
 CVE-2024-5824,0,0,71b3b99a3563d3bd6941378b1fc516ea3658f7355f6e899285275a2e97c693cb,2024-06-27T19:25:12.067000