admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-22T06:00:51.497030+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-22 06:03:51 +00:00
parent 0810c54a41
commit 4fd0da6098
4 changed files with 165 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CVE-2024/CVE-2024-100xx/CVE-2024-10002.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-10002",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-22T05:15:03.513",
"lastModified": "2024-10-22T05:15:03.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve",
"source": "security@wordfence.com"
}
]
}

88
CVE-2024/CVE-2024-100xx/CVE-2024-10003.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-10003",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-22T05:15:05.163",
"lastModified": "2024-10-22T05:15:05.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L120",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L199",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L225",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L240",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L270",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L76",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3171681/rover-idx",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve",
"source": "security@wordfence.com"
}
]
}

11
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-10-22T04:00:49.716535+00:00 2024-10-22T06:00:51.497030+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-10-22T02:15:04.380000+00:00 2024-10-22T05:15:05.163000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
266685 266687
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `1` Recently added CVEs: `2`
- [CVE-2024-9677](CVE-2024/CVE-2024-96xx/CVE-2024-9677.json) (`2024-10-22T02:15:04.380`) - [CVE-2024-10002](CVE-2024/CVE-2024-100xx/CVE-2024-10002.json) (`2024-10-22T05:15:03.513`)
- [CVE-2024-10003](CVE-2024/CVE-2024-100xx/CVE-2024-10003.json) (`2024-10-22T05:15:05.163`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit

4
_state.csv
View File

@ -242313,6 +242313,8 @@ CVE-2024-0997,0,0,40cbe7d07647cf304a8bc3bc11787b58a8f50582e3e8b65316a7ae7fa59c2b
CVE-2024-0998,0,0,f7933578d5dbeb3f77563ebf1f5420d4cf36180b38c1c7cf760eedcdac974d39,2024-05-17T02:35:08.490000 CVE-2024-0998,0,0,f7933578d5dbeb3f77563ebf1f5420d4cf36180b38c1c7cf760eedcdac974d39,2024-05-17T02:35:08.490000
CVE-2024-0999,0,0,84034800a287889c8e66f3ba01c1d930a06538aadfe1b375cfd8893390aed6f7,2024-05-17T02:35:08.593000 CVE-2024-0999,0,0,84034800a287889c8e66f3ba01c1d930a06538aadfe1b375cfd8893390aed6f7,2024-05-17T02:35:08.593000
CVE-2024-1000,0,0,60c836cbd4d96144c97b06caa16452d33dc82172b5cc2c653a7406010f53b5df,2024-05-17T02:35:08.790000 CVE-2024-1000,0,0,60c836cbd4d96144c97b06caa16452d33dc82172b5cc2c653a7406010f53b5df,2024-05-17T02:35:08.790000
CVE-2024-10002,1,1,d9e6d9c3dadfeee65af18c96f3354f0e28813a6d08ae2b1ad0584b6cf7f1e0bf,2024-10-22T05:15:03.513000
CVE-2024-10003,1,1,64b23dc1f174419c9d8c99f8734c8d02061ba723f84ef2d2f2fefc86eed2ca40,2024-10-22T05:15:05.163000
CVE-2024-10004,0,0,2b01ad1fe33b0387cc6ecf8ca605118100ba1eac830a494972582a4b13530ed3,2024-10-16T20:35:08.850000 CVE-2024-10004,0,0,2b01ad1fe33b0387cc6ecf8ca605118100ba1eac830a494972582a4b13530ed3,2024-10-16T20:35:08.850000
CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000
CVE-2024-10014,0,0,1395463dc1e29fd6db71d83f72260a8cd3462c205364f301260cc7f7b129af31,2024-10-18T12:52:33.507000 CVE-2024-10014,0,0,1395463dc1e29fd6db71d83f72260a8cd3462c205364f301260cc7f7b129af31,2024-10-18T12:52:33.507000
@ -266552,7 +266554,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f
CVE-2024-9674,0,0,89e1ab6ae89b3b97a86c7a47307fb1b6ebb25204b28d62965547335f936977dd,2024-10-18T12:52:33.507000 CVE-2024-9674,0,0,89e1ab6ae89b3b97a86c7a47307fb1b6ebb25204b28d62965547335f936977dd,2024-10-18T12:52:33.507000
CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000 CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000
CVE-2024-9676,0,0,d31717e3bcb8586d94edf5a821882c847af5c510cf5d1e8e5ea8ab53ee1286ab,2024-10-16T16:38:43.170000 CVE-2024-9676,0,0,d31717e3bcb8586d94edf5a821882c847af5c510cf5d1e8e5ea8ab53ee1286ab,2024-10-16T16:38:43.170000
CVE-2024-9677,1,1,7cf8d43d57c2900d9443e482797783848d861069497504cccb5159525ba63cae,2024-10-22T02:15:04.380000 CVE-2024-9677,0,0,7cf8d43d57c2900d9443e482797783848d861069497504cccb5159525ba63cae,2024-10-22T02:15:04.380000
CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000 CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000
CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000 CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000
CVE-2024-9685,0,0,a93c724a8b2ee6ce4a46c54a35028c939ad55b1fb441a5b479f473edc57de420,2024-10-15T14:30:00.483000 CVE-2024-9685,0,0,a93c724a8b2ee6ce4a46c54a35028c939ad55b1fb441a5b479f473edc57de420,2024-10-15T14:30:00.483000

Can't render this file because it is too large.