Auto-Update: 2024-10-23T04:00:17.806395+00:00

2025-07-11 16:13:34 +00:00 · 2024-10-23 04:03:19 +00:00 · 2024-10-23 04:03:19 +00:00 · 544b228796
commit 544b228796
parent b5c071fbea
4 changed files with 126 additions and 7 deletions
--- a/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json
+++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-31880",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-10-23T02:15:07.167",
+  "lastModified": "2024-10-23T02:15:07.167",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7156851",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9927",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-23T02:15:07.467",
+  "lastModified": "2024-10-23T02:15:07.467",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpovernight.com/downloads/woocommerce-order-proposal/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-23T02:00:29.005992+00:00
+2024-10-23T04:00:17.806395+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-23T01:00:01.443000+00:00
+2024-10-23T02:15:07.467000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-266766
+266768
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2024-31880](CVE-2024/CVE-2024-318xx/CVE-2024-31880.json) (`2024-10-23T02:15:07.167`)
+- [CVE-2024-9927](CVE-2024/CVE-2024-99xx/CVE-2024-9927.json) (`2024-10-23T02:15:07.467`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-38094](CVE-2024/CVE-2024-380xx/CVE-2024-38094.json) (`2024-10-23T01:00:01.443`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -251991,6 +251991,7 @@ CVE-2024-31874,0,0,2aaf0dfaa6414e1f138855d0f6d75787313d073eca635397ca103ff7f6449
 CVE-2024-31878,0,0,c6557222267c2e9c166ed275e7cc9327cfea0693e0a8976b187deb7865aacef5,2024-06-11T18:23:27.153000
 CVE-2024-31879,0,0,3d520028d5f0055139f730dd4a6eb2d11b7ab38a082798764c43108749c5b618,2024-05-20T13:00:34.807000
 CVE-2024-3188,0,0,0566f9bb8e826930c137ba20908e573874a3f34d7900cbdeff699f1e3434f595,2024-07-08T14:19:01.160000
+CVE-2024-31880,1,1,32067864538b60bbf3feba7f1c2b7fa82d95990b8fc56c301672ce33521f88bc,2024-10-23T02:15:07.167000
 CVE-2024-31881,0,0,b3692d17c2d4f662273dec610556097ee0b8856656ac8f4835c5e840eb8a6228,2024-08-07T16:59:15.627000
 CVE-2024-31882,0,0,2166c1d8e88429778073b60eb2a31c41e2b55293434c096888febf101419ae12,2024-09-21T10:15:05.403000
 CVE-2024-31883,0,0,c4a2241ac7ebf5ea1afff59f8bf762360ac7a99942ee729cf3d03ae8864dc6f3,2024-08-02T15:06:08.297000
@ -256431,7 +256432,7 @@ CVE-2024-3809,0,0,e9699ccf97d1a77cdd5a51c26652206ae829b76e33be88373519642da681c2
 CVE-2024-38091,0,0,a9751e3868c0a113eedbccdcd34b91f06a8adaf90dbd1405bbcc8c2a2900f94c,2024-07-12T15:35:41.100000
 CVE-2024-38092,0,0,fa52aaacdeeea4f553a80268533abc67279c4becb10c86c23506d5aee3ea5aea,2024-07-12T15:05:16.757000
 CVE-2024-38093,0,0,075dd9daa56a96b357ca4934063a6c16d1ea30c840caecea5eb303d11b987d24,2024-08-07T16:28:38.140000
-CVE-2024-38094,0,1,ed0ff4e8b61cdbe9e487402b078269876a8adf1ff8b35765f5e118352246c7bd,2024-10-23T01:00:01.443000
+CVE-2024-38094,0,0,ed0ff4e8b61cdbe9e487402b078269876a8adf1ff8b35765f5e118352246c7bd,2024-10-23T01:00:01.443000
 CVE-2024-38095,0,0,b0c4146c3c5698cffee7ab10e0a7873691f618c4c7b8c0ade94c4f51d88f93cd,2024-07-11T18:27:00.083000
 CVE-2024-38097,0,0,ec0681baade18d94d09b5111a4aef11a06995dddf75e81ac63731ba4f9ee74eb,2024-10-16T19:28:08.227000
 CVE-2024-38098,0,0,ec97a6f3d3826e98c4bef4bf966b3f4e3463526409f9c97694a785720fc1ed54,2024-08-16T20:38:02.817000
@ -266726,6 +266727,7 @@ CVE-2024-9922,0,0,88ad74a9a80ef6250cad160a6da905c26f5539449069265fbdbc38c65f6e69
 CVE-2024-9923,0,0,1744d806aab87c1cbef5524d43cf9cad10cdae75dc6a2cfd8b34f2d3877dca94,2024-10-15T12:57:46.880000
 CVE-2024-9924,0,0,4d0aa49bc1047e2e0a23ab80e176dbdf70a0af5e82bea53f63a116cd5905286e,2024-10-15T12:57:46.880000
 CVE-2024-9925,0,0,d9114846b6ab22497d9820c775f40ff778b3a4311afada5c7a947fe6aafbbadc,2024-10-17T18:09:40.537000
+CVE-2024-9927,1,1,5dded3cf948971c198f725f290262f789bfb61e29a3f6bc3cc4557807d2417de,2024-10-23T02:15:07.467000
 CVE-2024-9936,0,0,9b9410743fe1ca2f5a844c24ad20043ec989ced54414fa626e93bdc74b6425ff,2024-10-15T12:57:46.880000
 CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d38d,2024-10-16T16:38:14.557000
 CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000