Auto-Update: 2024-01-11T09:00:25.054623+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-11 09:00:28 +00:00 · 2024-01-11 09:00:28 +00:00 · 4ae607d182
commit 4ae607d182
parent 97eceb0f5d
10 changed files with 376 additions and 9 deletions
--- a/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json
+++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-37644",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-11T08:15:35.737",
+  "lastModified": "2024-01-11T08:15:35.737",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/matthiaskramm/swftools/issues/202",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-42941",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2024-01-10T22:15:50.543",
-  "lastModified": "2024-01-10T22:15:50.543",
+  "lastModified": "2024-01-11T07:15:07.880",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets."
+    },
+    {
+      "lang": "es",
+      "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.2 y iPadOS 17.2. Un atacante en una posici\u00f3n privilegiada en la red puede realizar un ataque de denegaci\u00f3n de servicio utilizando paquetes Bluetooth manipulados."
    }
  ],
  "metrics": {},
@ -15,6 +19,10 @@
    {
      "url": "https://support.apple.com/en-us/HT214035",
      "source": "product-security@apple.com"
+    },
+    {
+      "url": "https://support.apple.com/kb/HT214035",
+      "source": "product-security@apple.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json
+++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6223",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:08.220",
+  "lastModified": "2024-01-11T07:15:08.220",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3013957/learnpress",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/215d5d9e-dabb-462d-8c51-952f8c497b78?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json
+++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6446",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:08.540",
+  "lastModified": "2024-01-11T07:15:08.540",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3005354/calculated-fields-form",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json
+++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-6506",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:08.810",
+  "lastModified": "2024-01-11T07:15:08.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json
+++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-6520",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:09.070",
+  "lastModified": "2024-01-11T07:15:09.070",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0af451be-2477-453c-a230-7f3fb804398b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6699",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:09.357",
+  "lastModified": "2024-01-11T07:15:09.357",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6883",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-11T07:15:09.620",
+  "lastModified": "2024-01-11T07:15:09.620",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3012165/easy-facebook-likebox",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2024-0252",
+  "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
+  "published": "2024-01-11T08:15:35.933",
+  "lastModified": "2024-01-11T08:15:35.933",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "0fc0942c-577d-436f-ae8e-945763c79b02",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html",
+      "source": "0fc0942c-577d-436f-ae8e-945763c79b02"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-11T07:00:24.807164+00:00
+2024-01-11T09:00:25.054623+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-11T06:15:44.067000+00:00
+2024-01-11T08:15:35.933000+00:00
 ```

 ### Last Data Feed Release
@ -29,22 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-235561
+235569
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `8`

-* [CVE-2023-6630](CVE-2023/CVE-2023-66xx/CVE-2023-6630.json) (`2024-01-11T05:15:09.010`)
-* [CVE-2024-21637](CVE-2024/CVE-2024-216xx/CVE-2024-21637.json) (`2024-01-11T06:15:43.787`)
-* [CVE-2024-21669](CVE-2024/CVE-2024-216xx/CVE-2024-21669.json) (`2024-01-11T06:15:44.067`)
+* [CVE-2023-6223](CVE-2023/CVE-2023-62xx/CVE-2023-6223.json) (`2024-01-11T07:15:08.220`)
+* [CVE-2023-6446](CVE-2023/CVE-2023-64xx/CVE-2023-6446.json) (`2024-01-11T07:15:08.540`)
+* [CVE-2023-6506](CVE-2023/CVE-2023-65xx/CVE-2023-6506.json) (`2024-01-11T07:15:08.810`)
+* [CVE-2023-6520](CVE-2023/CVE-2023-65xx/CVE-2023-6520.json) (`2024-01-11T07:15:09.070`)
+* [CVE-2023-6699](CVE-2023/CVE-2023-66xx/CVE-2023-6699.json) (`2024-01-11T07:15:09.357`)
+* [CVE-2023-6883](CVE-2023/CVE-2023-68xx/CVE-2023-6883.json) (`2024-01-11T07:15:09.620`)
+* [CVE-2023-37644](CVE-2023/CVE-2023-376xx/CVE-2023-37644.json) (`2024-01-11T08:15:35.737`)
+* [CVE-2024-0252](CVE-2024/CVE-2024-02xx/CVE-2024-0252.json) (`2024-01-11T08:15:35.933`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2023-42941](CVE-2023/CVE-2023-429xx/CVE-2023-42941.json) (`2024-01-11T07:15:07.880`)


 ## Download and Usage