Auto-Update: 2024-09-20T10:00:25.352138+00:00

2025-06-21 17:41:05 +00:00 · 2024-09-20 10:03:24 +00:00 · 2024-09-20 10:03:24 +00:00 · 57bd7c2160
commit 57bd7c2160
parent eaa399310d
5 changed files with 121 additions and 56 deletions
--- a/CVE-2023/CVE-2023-362xx/CVE-2023-36268.json
+++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36268.json
@ -2,59 +2,15 @@
  "id": "CVE-2023-36268",
  "sourceIdentifier": "security@documentfoundation.org",
  "published": "2024-04-30T18:15:19.730",
-  "lastModified": "2024-07-03T01:40:25.423",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-09-20T09:15:02.363",
+  "vulnStatus": "Rejected",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file."
-    },
-    {
-      "lang": "es",
-      "value": "Un problema en The Document Foundation Libreoffice v.7.4.7 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de un archivo .ppt manipulado."
+      "value": "Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities."
    }
  ],
-  "metrics": {
-    "cvssMetricV31": [
-      {
-        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-        "type": "Secondary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
-          "attackVector": "NETWORK",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "REQUIRED",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
-          "integrityImpact": "NONE",
-          "availabilityImpact": "HIGH",
-          "baseScore": 5.7,
-          "baseSeverity": "MEDIUM"
-        },
-        "exploitabilityScore": 2.1,
-        "impactScore": 3.6
-      }
-    ]
-  },
-  "weaknesses": [
-    {
-      "source": "security@documentfoundation.org",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-405"
-        }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "url": "https://github.com/kfx-N/test1",
-      "source": "security@documentfoundation.org"
-    }
-  ]
+  "metrics": {},
+  "references": []
 }
--- a/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json
+++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json
@ -0,0 +1,37 @@
+{
+  "id": "CVE-2024-41721",
+  "sourceIdentifier": "secteam@freebsd.org",
+  "published": "2024-09-20T08:15:11.323",
+  "lastModified": "2024-09-20T08:15:11.323",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution."
+    },
+    {
+      "lang": "es",
+      "value": "Una validaci\u00f3n de los l\u00edmites insuficiente en el c\u00f3digo USB podr\u00eda provocar una lectura fuera de los l\u00edmites en el mont\u00f3n, lo que potencialmente podr\u00eda generar una escritura arbitraria y la ejecuci\u00f3n remota de c\u00f3digo."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secteam@freebsd.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc",
+      "source": "secteam@freebsd.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json
+++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8853.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-8853",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-20T08:15:11.493",
+  "lastModified": "2024-09-20T08:15:11.493",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Webo-facto para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 1.40 incluida debido a una restricci\u00f3n insuficiente en la funci\u00f3n 'doSsoAuthentification'. Esto hace posible que atacantes no autenticados se conviertan en administradores registr\u00e1ndose con un nombre de usuario que contenga '-wfuser'."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/webo-facto-connector/tags/1.40/WeboFacto/Sso.php#L78",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3153062/webo-facto-connector",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-20T04:00:17.021810+00:00
+2024-09-20T10:00:25.352138+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-20T03:15:02.197000+00:00
+2024-09-20T09:15:02.363000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-263482
+263484
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2024-41721](CVE-2024/CVE-2024-417xx/CVE-2024-41721.json) (`2024-09-20T08:15:11.323`)
+- [CVE-2024-8853](CVE-2024/CVE-2024-88xx/CVE-2024-8853.json) (`2024-09-20T08:15:11.493`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2024-25699](CVE-2024/CVE-2024-256xx/CVE-2024-25699.json) (`2024-09-20T03:15:02.197`)
+- [CVE-2023-36268](CVE-2023/CVE-2023-362xx/CVE-2023-36268.json) (`2024-09-20T09:15:02.363`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -227228,7 +227228,7 @@ CVE-2023-36260,0,0,d91b3f2df1f07bb3d30f5175114e7ff10cf2983876f42068fd4e8dd27cbdc
 CVE-2023-36262,0,0,7c84450336c4990e953dce7f54829dc2d1c7e2f75088550f331d29067052f2ae,2023-11-07T04:16:25.310000
 CVE-2023-36263,0,0,b1242ace1d95cf1012522f675dbb699d27209303b5ae9e0cf837454186858e60,2024-09-06T18:35:03.833000
 CVE-2023-36266,0,0,aebe7aeee850e04c73221b72dc4edaeb825715c758ae43df23e46e458b69eb85,2024-08-02T17:16:00.130000
-CVE-2023-36268,0,0,d00f4421ac8c751a524ef03b6b6a569cb1bb32c956c895cb4d33f7ebf0e71616,2024-07-03T01:40:25.423000
+CVE-2023-36268,0,1,0d36957fbc7e5c71861a4d41ac1aa9c2b2b9fdb7a1080f5312f94994107e995a,2024-09-20T09:15:02.363000
 CVE-2023-3627,0,0,4ace1272386b5faa006e0f4e34aebe17762337fac3ef2a63c17791c405fa06d3,2023-07-18T19:58:32.613000
 CVE-2023-36271,0,0,003efbeef2bd5a83160f4c75c748ebebf68aae3263994871e0ae346b564ea886,2023-06-27T12:18:30.333000
 CVE-2023-36272,0,0,b40f5b0a455b9096df3ff383271d067f7a04c5792cad2e87f448c1960a80da86,2023-06-27T12:18:19.927000
@ -246852,7 +246852,7 @@ CVE-2024-25695,0,0,ae0f9f8b4640bad4ef7d98bcee5a49c1f9e646c53c1fb5af299b3d59dbeec
 CVE-2024-25696,0,0,b9ac53149f8eb62bad5c1e7fe3f9f0b5771bd4ade8a07c59c93d14f596dac225,2024-04-19T23:15:09.930000
 CVE-2024-25697,0,0,c5fc3bc25d1e4faa00aaa8e1bf09aa0f27faccc7403bf65bb6683bb0fb18ce4e,2024-04-19T23:15:10.003000
 CVE-2024-25698,0,0,2e4c293fce5511a49d5e47901a449b88216e166f1733cf134304a504814cc36f,2024-04-19T23:15:10.093000
-CVE-2024-25699,0,1,3e9dc1ca7d7ef12af3ee3d1aaaf483e4da1216e3ad0038a8cd17a84a35540eaf,2024-09-20T03:15:02.197000
+CVE-2024-25699,0,0,3e9dc1ca7d7ef12af3ee3d1aaaf483e4da1216e3ad0038a8cd17a84a35540eaf,2024-09-20T03:15:02.197000
 CVE-2024-2570,0,0,62ba08b313dad98b50886ef335be346def1e9e22dc58f4ebc2c3039b966f349e,2024-05-17T02:38:20.170000
 CVE-2024-25700,0,0,9f93306ac6edcebea165bf5bf6cc8e9e96960ebf6d995fdefa65259eb1d6db09,2024-04-25T18:15:07.817000
 CVE-2024-25703,0,0,1afe4ca1ce005dadbbbe3861ac31e3fa775711912585fe3575d9e4d068c0830c,2024-04-25T19:15:49.520000
@ -257927,6 +257927,7 @@ CVE-2024-41718,0,0,7651686104923551937c1bf922db9a37da5f3ad1631e564fe3c0dca9a6e79
 CVE-2024-41719,0,0,9153c34983715c653b1c300082bd1504f28f779a4622f52f1934f7c462bf8faf,2024-08-19T18:40:35.203000
 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000
 CVE-2024-41720,0,0,2d7bee1f981165f1c9cbab9643ce597269a916a15ed0d381724ec0dadf39a971,2024-08-30T17:49:42.047000
+CVE-2024-41721,1,1,fbe947beac5451084e31ee7ef479c810f14ce86ff43bb34bde8771ee906b776f,2024-09-20T08:15:11.323000
 CVE-2024-41723,0,0,2fd6c172462641b542f047f7ff3bf2247bdc5b8b5f34ce988c43b2bfe1795c68,2024-08-20T19:26:24.033000
 CVE-2024-41726,0,0,e325c72cd77b10fa79a0c73cd0bce9d67f9472d40dd3ab04f6437f9f2b06b815,2024-08-01T13:59:09.707000
 CVE-2024-41727,0,0,f64de623c1f3cae418235db50af8da33c1315446224a7b8505bd8fc5343d1bad,2024-08-20T19:25:12.490000
@ -263434,6 +263435,7 @@ CVE-2024-8784,0,0,7bc5ed86fd42122481efd27561493828acec6a50cb9d34c0b1c40453c94343
 CVE-2024-8796,0,0,94e01fa2394b7e3cc5729adcbe04212056eb704ee3dccdfd860de0e7129048a2,2024-09-17T18:15:05.443000
 CVE-2024-8797,0,0,b7273f8d72c4c7b82a815cc8357933cfcef5a0b838634eab59479c200615300b,2024-09-14T11:47:14.677000
 CVE-2024-8850,0,0,93c3effab202541418248ca686b83b93e9ac19fd90a1ab3c2b19a3b5c06db2e1,2024-09-19T04:15:06.557000
+CVE-2024-8853,1,1,5aa5f44c2d0058c33afc2b050a9e181c9b858d177768260824607f55817a7dba,2024-09-20T08:15:11.493000
 CVE-2024-8862,0,0,3c0cefe3796a3067716726cae64fd2b6a2a71c4947999e21da2abde8a533c886,2024-09-16T15:30:28.733000
 CVE-2024-8863,0,0,c201c0a73f6e94fc800a591d431c13570689b06531fa3fd890390312a87785df,2024-09-16T15:30:28.733000
 CVE-2024-8864,0,0,3bc8b301985cc40353022de4e4744e73398cd0188f617195b9d24ac6f8e8e30d,2024-09-17T10:38:13.410000