From 544b2287965bad184d00308c9264f31aff500f86 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 23 Oct 2024 04:03:19 +0000 Subject: [PATCH] Auto-Update: 2024-10-23T04:00:17.806395+00:00 --- CVE-2024/CVE-2024-318xx/CVE-2024-31880.json | 56 +++++++++++++++++++ CVE-2024/CVE-2024-99xx/CVE-2024-9927.json | 60 +++++++++++++++++++++ README.md | 13 ++--- _state.csv | 4 +- 4 files changed, 126 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-318xx/CVE-2024-31880.json create mode 100644 CVE-2024/CVE-2024-99xx/CVE-2024-9927.json diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json new file mode 100644 index 00000000000..5d7499e07ec --- /dev/null +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-31880", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-10-23T02:15:07.167", + "lastModified": "2024-10-23T02:15:07.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7156851", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json new file mode 100644 index 00000000000..0e3f2e00d7c --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9927", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-23T02:15:07.467", + "lastModified": "2024-10-23T02:15:07.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://wpovernight.com/downloads/woocommerce-order-proposal/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d0a65e8b5ee..221f42ba869 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-23T02:00:29.005992+00:00 +2024-10-23T04:00:17.806395+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-23T01:00:01.443000+00:00 +2024-10-23T02:15:07.467000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266766 +266768 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `2` +- [CVE-2024-31880](CVE-2024/CVE-2024-318xx/CVE-2024-31880.json) (`2024-10-23T02:15:07.167`) +- [CVE-2024-9927](CVE-2024/CVE-2024-99xx/CVE-2024-9927.json) (`2024-10-23T02:15:07.467`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-38094](CVE-2024/CVE-2024-380xx/CVE-2024-38094.json) (`2024-10-23T01:00:01.443`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f5fd7899b76..64a80544d3f 100644 --- a/_state.csv +++ b/_state.csv @@ -251991,6 +251991,7 @@ CVE-2024-31874,0,0,2aaf0dfaa6414e1f138855d0f6d75787313d073eca635397ca103ff7f6449 CVE-2024-31878,0,0,c6557222267c2e9c166ed275e7cc9327cfea0693e0a8976b187deb7865aacef5,2024-06-11T18:23:27.153000 CVE-2024-31879,0,0,3d520028d5f0055139f730dd4a6eb2d11b7ab38a082798764c43108749c5b618,2024-05-20T13:00:34.807000 CVE-2024-3188,0,0,0566f9bb8e826930c137ba20908e573874a3f34d7900cbdeff699f1e3434f595,2024-07-08T14:19:01.160000 +CVE-2024-31880,1,1,32067864538b60bbf3feba7f1c2b7fa82d95990b8fc56c301672ce33521f88bc,2024-10-23T02:15:07.167000 CVE-2024-31881,0,0,b3692d17c2d4f662273dec610556097ee0b8856656ac8f4835c5e840eb8a6228,2024-08-07T16:59:15.627000 CVE-2024-31882,0,0,2166c1d8e88429778073b60eb2a31c41e2b55293434c096888febf101419ae12,2024-09-21T10:15:05.403000 CVE-2024-31883,0,0,c4a2241ac7ebf5ea1afff59f8bf762360ac7a99942ee729cf3d03ae8864dc6f3,2024-08-02T15:06:08.297000 @@ -256431,7 +256432,7 @@ CVE-2024-3809,0,0,e9699ccf97d1a77cdd5a51c26652206ae829b76e33be88373519642da681c2 CVE-2024-38091,0,0,a9751e3868c0a113eedbccdcd34b91f06a8adaf90dbd1405bbcc8c2a2900f94c,2024-07-12T15:35:41.100000 CVE-2024-38092,0,0,fa52aaacdeeea4f553a80268533abc67279c4becb10c86c23506d5aee3ea5aea,2024-07-12T15:05:16.757000 CVE-2024-38093,0,0,075dd9daa56a96b357ca4934063a6c16d1ea30c840caecea5eb303d11b987d24,2024-08-07T16:28:38.140000 -CVE-2024-38094,0,1,ed0ff4e8b61cdbe9e487402b078269876a8adf1ff8b35765f5e118352246c7bd,2024-10-23T01:00:01.443000 +CVE-2024-38094,0,0,ed0ff4e8b61cdbe9e487402b078269876a8adf1ff8b35765f5e118352246c7bd,2024-10-23T01:00:01.443000 CVE-2024-38095,0,0,b0c4146c3c5698cffee7ab10e0a7873691f618c4c7b8c0ade94c4f51d88f93cd,2024-07-11T18:27:00.083000 CVE-2024-38097,0,0,ec0681baade18d94d09b5111a4aef11a06995dddf75e81ac63731ba4f9ee74eb,2024-10-16T19:28:08.227000 CVE-2024-38098,0,0,ec97a6f3d3826e98c4bef4bf966b3f4e3463526409f9c97694a785720fc1ed54,2024-08-16T20:38:02.817000 @@ -266726,6 +266727,7 @@ CVE-2024-9922,0,0,88ad74a9a80ef6250cad160a6da905c26f5539449069265fbdbc38c65f6e69 CVE-2024-9923,0,0,1744d806aab87c1cbef5524d43cf9cad10cdae75dc6a2cfd8b34f2d3877dca94,2024-10-15T12:57:46.880000 CVE-2024-9924,0,0,4d0aa49bc1047e2e0a23ab80e176dbdf70a0af5e82bea53f63a116cd5905286e,2024-10-15T12:57:46.880000 CVE-2024-9925,0,0,d9114846b6ab22497d9820c775f40ff778b3a4311afada5c7a947fe6aafbbadc,2024-10-17T18:09:40.537000 +CVE-2024-9927,1,1,5dded3cf948971c198f725f290262f789bfb61e29a3f6bc3cc4557807d2417de,2024-10-23T02:15:07.467000 CVE-2024-9936,0,0,9b9410743fe1ca2f5a844c24ad20043ec989ced54414fa626e93bdc74b6425ff,2024-10-15T12:57:46.880000 CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d38d,2024-10-16T16:38:14.557000 CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000