diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12875.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12875.json new file mode 100644 index 00000000000..b4d4bedd713 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12875.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12875", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-21T12:15:20.910", + "lastModified": "2024-12-21T12:15:20.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3131805/easy-digital-downloads/tags/3.3.3/includes/process-download.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec065da7-b8aa-414d-9673-5caf87ad45b5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 47e65f5fe51..61d41d099a6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-21T11:00:19.386802+00:00 +2024-12-21T13:00:19.036634+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-21T10:15:09.177000+00:00 +2024-12-21T12:15:20.910000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274536 +274537 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `1` -- [CVE-2024-10453](CVE-2024/CVE-2024-104xx/CVE-2024-10453.json) (`2024-12-21T10:15:05.740`) -- [CVE-2024-10797](CVE-2024/CVE-2024-107xx/CVE-2024-10797.json) (`2024-12-21T09:15:05.410`) -- [CVE-2024-11688](CVE-2024/CVE-2024-116xx/CVE-2024-11688.json) (`2024-12-21T10:15:06.733`) -- [CVE-2024-11722](CVE-2024/CVE-2024-117xx/CVE-2024-11722.json) (`2024-12-21T10:15:07.367`) -- [CVE-2024-11808](CVE-2024/CVE-2024-118xx/CVE-2024-11808.json) (`2024-12-21T09:15:06.037`) -- [CVE-2024-12408](CVE-2024/CVE-2024-124xx/CVE-2024-12408.json) (`2024-12-21T10:15:08.067`) -- [CVE-2024-12558](CVE-2024/CVE-2024-125xx/CVE-2024-12558.json) (`2024-12-21T10:15:08.600`) -- [CVE-2024-12588](CVE-2024/CVE-2024-125xx/CVE-2024-12588.json) (`2024-12-21T09:15:06.233`) -- [CVE-2024-12591](CVE-2024/CVE-2024-125xx/CVE-2024-12591.json) (`2024-12-21T10:15:09.177`) -- [CVE-2024-9545](CVE-2024/CVE-2024-95xx/CVE-2024-9545.json) (`2024-12-21T09:15:06.460`) +- [CVE-2024-12875](CVE-2024/CVE-2024-128xx/CVE-2024-12875.json) (`2024-12-21T12:15:20.910`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 89323316875..aede5d8a7d1 100644 --- a/_state.csv +++ b/_state.csv @@ -243425,7 +243425,7 @@ CVE-2024-10449,0,0,26fe0c0cefdddfbd3a787b4ec095d43403e0ef1182ed5bf75aa35194df2f7 CVE-2024-10450,0,0,30e0eb15dafd1b43ef1cfa0433b034f6440166e43ae6e23f54a80907f350adaf,2024-11-22T20:16:07.877000 CVE-2024-10451,0,0,86a92264edcb5e78c7c0c5e9d0b6a9a86b95cd21740da19494287599080a1a27,2024-11-25T08:15:07.900000 CVE-2024-10452,0,0,50a2c2c46d9268b0238045581cd7cfcb0ad66b794987abde20b7bcc8309b7e79,2024-11-08T17:59:10.977000 -CVE-2024-10453,1,1,4a48bf6da17bf450f520dd9d95d51916872e8e28ff7a2d745f5b45cc47d8c7da,2024-12-21T10:15:05.740000 +CVE-2024-10453,0,0,4a48bf6da17bf450f520dd9d95d51916872e8e28ff7a2d745f5b45cc47d8c7da,2024-12-21T10:15:05.740000 CVE-2024-10454,0,0,35aa048262143d5764ffcb4acce29d91e2d82776a3e70fbaca6c94998f35b9bd,2024-11-01T12:57:03.417000 CVE-2024-10455,0,0,19172d75975129474a7b62f08802eb96c180eca73db4c0e29350ef75d1546fda,2024-10-29T14:34:50.257000 CVE-2024-10456,0,0,79e422acf24166a030ce60dd9e21d041030b37137936cf930b912a7acbb29883,2024-11-01T12:57:03.417000 @@ -243721,7 +243721,7 @@ CVE-2024-10793,0,0,940aaf88aa98b8bf75aebdb43087ca022ccc2994e4bcc6de46c63761b876f CVE-2024-10794,0,0,6f8ceb4c0f98e6c8bc90c98ad4ecb0f01407f8f33a336410443b0ea0486c520e,2024-11-13T17:01:16.850000 CVE-2024-10795,0,0,5bc2d3f4fb08450344d88a7dfba7a1c7679958fe7d3fce7094a4faa9172305c5,2024-11-18T17:11:17.393000 CVE-2024-10796,0,0,dda2b7fbd241d302e4d7fe3b0cebe9356d590a752fa7379cb5f8f9ccb23ef304,2024-11-21T13:57:24.187000 -CVE-2024-10797,1,1,0d8e44453eb9f1853e229bfa7b3fff9fadaace3c2d84178c8b6dd584ea3df7e2,2024-12-21T09:15:05.410000 +CVE-2024-10797,0,0,0d8e44453eb9f1853e229bfa7b3fff9fadaace3c2d84178c8b6dd584ea3df7e2,2024-12-21T09:15:05.410000 CVE-2024-10798,0,0,6bb543025844e6e786719fcb93bd7359375a99a7aba25367f74ad2552d9a3002,2024-11-28T10:15:05.673000 CVE-2024-1080,0,0,748dd361119650aef9a8b77a3590dfbdc11c715edbf1e0644daaeef3702bc232,2024-11-21T08:49:45.190000 CVE-2024-10800,0,0,7c09a66fe19ec81d72fb3dd0d5d6c10275f9b97966090fbd36ca1fbb77eb71bd,2024-11-19T17:08:44.767000 @@ -244428,7 +244428,7 @@ CVE-2024-11683,0,0,c5c34a549f676b6e4bfb5a3fd3e5626bf20a1dd88602d5be54893cdf8cd9f CVE-2024-11684,0,0,12cb277c9205905669ffa100f303ceaebc405f85837f54097728fa8f404b4d50,2024-11-28T09:15:04.793000 CVE-2024-11685,0,0,ac2887e3bedadf93f8263266da035f2c90903ee2e66a4074483ee4f2d7f8e8dd,2024-11-28T09:15:04.950000 CVE-2024-11687,0,0,5e77fbcd46b583a4f084d8bcc3492702fbc8999eee40cfff605d5263f17d5ba6,2024-12-06T09:15:07.303000 -CVE-2024-11688,1,1,ede244a6ee31efc6ea29b40f84abc82bfd50a7b8a93bab8d8ccbb32b58328b44,2024-12-21T10:15:06.733000 +CVE-2024-11688,0,0,ede244a6ee31efc6ea29b40f84abc82bfd50a7b8a93bab8d8ccbb32b58328b44,2024-12-21T10:15:06.733000 CVE-2024-11689,0,0,083793777007e12786b393e59e70bbd36f5df589b4b26e2949eb5844a08ab45f,2024-12-12T04:15:06.657000 CVE-2024-1169,0,0,7d005e1e32dcb786dc145e0dc1f4f8a0f524691319a7051d5e1a67ddcb23a460,2024-11-21T08:49:57.153000 CVE-2024-11691,0,0,a0fbb9938b3cdd6ffbf2c6fdace41fd43ef413930c7e002abc7f8ab4774ab9a8,2024-12-13T17:15:05.813000 @@ -244461,7 +244461,7 @@ CVE-2024-11715,0,0,c20e59ad84e8801565e48794c692d8184a1df1411032566df29c1cc577ebc CVE-2024-1172,0,0,ab430c7827e21b365e63647ecdb13f518977ed8324330c869795f6d2a42c238e,2024-11-21T08:49:57.517000 CVE-2024-11720,0,0,7b26e95b9a7820fa30a018d9c5a605ec44f18f5e18d78151d6ded3428e73f997,2024-12-14T09:15:05.083000 CVE-2024-11721,0,0,b659aa34ebc06b4e71eaaed476f56e403ca847c59d174e16a16c3817a010f8d8,2024-12-14T09:15:06.383000 -CVE-2024-11722,1,1,75cb60b5eb4ea9d09b52d1e1e4055e2e26017dc0ef3344e31ce543e08644d731,2024-12-21T10:15:07.367000 +CVE-2024-11722,0,0,75cb60b5eb4ea9d09b52d1e1e4055e2e26017dc0ef3344e31ce543e08644d731,2024-12-21T10:15:07.367000 CVE-2024-11723,0,0,d555056e56adae6d2817421636f03f202df11e8bc291dc8225ccc2e718d1c709,2024-12-12T05:15:09.247000 CVE-2024-11724,0,0,05e5e5fa479e9093ec1673d131b2e00f2d4111914ddf22019f00bb0b00e67aae,2024-12-12T07:15:08.600000 CVE-2024-11727,0,0,74ce7fa8cdfe22d5e7361f3d2dc50d23f9504f53bdcf31e2233dafec5ae3422b,2024-12-12T07:15:09.107000 @@ -244535,7 +244535,7 @@ CVE-2024-11804,0,0,f9087d17b26e590b19e8a1c6dd65a13e121078cedf86731b21d1d672c10cb CVE-2024-11805,0,0,a5f68fcc3ec71060a3e1fcbfe1152276ddf9a9708302280ee1d096e56cb69ebb,2024-12-03T08:15:06.553000 CVE-2024-11806,0,0,147dff27e860ef00933a7776022304ba661d66287c508be135dead181fe58fd3,2024-12-20T07:15:11.177000 CVE-2024-11807,0,0,5b0564826b05464c314eefc84d6d7fdc2dbd57c9a7cdeff75f8e6a6bda0d85b9,2024-12-04T03:15:05.083000 -CVE-2024-11808,1,1,ed96625498f5d5803bddfe6e9459583a503ebc3c1ec2b71c750392f3ee96e472,2024-12-21T09:15:06.037000 +CVE-2024-11808,0,0,ed96625498f5d5803bddfe6e9459583a503ebc3c1ec2b71c750392f3ee96e472,2024-12-21T09:15:06.037000 CVE-2024-11809,0,0,1f74a5fd4084e6ffe9713972c542683f1719819d3bb81586e87aada1d25da361,2024-12-13T05:15:07.127000 CVE-2024-1181,0,0,75e84367823a14869b96be5d2a44185a42194134ed6d728c2cc873c3b47fce46,2024-11-21T08:49:58.703000 CVE-2024-11811,0,0,6ce611d6bd52a4392678bccb915b0686796bb8e433589cf7fea80c63ea56e1f0,2024-12-20T23:15:05.590000 @@ -244872,7 +244872,7 @@ CVE-2024-12397,0,0,661288be67552f431f0a0bf144bed2d313b12b592e50cdc78451d7c1272f6 CVE-2024-1240,0,0,28733ede53b96385ee0de4a7c5187b3db0d925b1e4ab6e977522dc277dee75de,2024-11-19T19:04:53.913000 CVE-2024-12401,0,0,ba741c7b51198b95eba245807f65253a1c54ea777ddd918337cd97bd144396fe,2024-12-12T09:15:05.790000 CVE-2024-12406,0,0,3a24bd925fcaee835bc0ee30f7ad38b16626ae1e5c8470fedd28227d3dd60123,2024-12-12T05:15:12.210000 -CVE-2024-12408,1,1,a7096262faf4e55e6cc353ec4119038802550f44cf19552e71e7eca56789ef70,2024-12-21T10:15:08.067000 +CVE-2024-12408,0,0,a7096262faf4e55e6cc353ec4119038802550f44cf19552e71e7eca56789ef70,2024-12-21T10:15:08.067000 CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67ea8,2024-11-21T08:50:08.490000 CVE-2024-12411,0,0,faa57e401cbedaab2f4e5924eb0f23c481682b4036a2a6c473ed5d5855c9b86e,2024-12-14T05:15:10.437000 CVE-2024-12414,0,0,ecf25a2c3f536085b4d44f95471b078e2b7cb6ad454e7c12c9e7d103ff4fa2bb,2024-12-13T09:15:08.070000 @@ -244937,7 +244937,7 @@ CVE-2024-12552,0,0,fb797bda6a7925c8d7543e5704f2ad51014fa3335d6fe6df263bb53aa2925 CVE-2024-12553,0,0,a2255cbe7c81f26e6254fdbc6535a51f1e6a86b8a15e67572b76456e109cd8f4,2024-12-13T23:15:06.310000 CVE-2024-12554,0,0,9c2c5116d478f8a3368d2869fc0d22776c7ca9cea54e725be0c02d64f1e2b79f,2024-12-18T10:15:08.493000 CVE-2024-12555,0,0,0d42d0c8cac624be8352d225c1fedeed93d78abfe4d84ed9171ab1d4e5a1062b,2024-12-14T05:15:11.827000 -CVE-2024-12558,1,1,4c162bbfd4fe5fdb2d9bf8f633cb6cfb9375eb4269430e05966bdd74bbd12bfa,2024-12-21T10:15:08.600000 +CVE-2024-12558,0,0,4c162bbfd4fe5fdb2d9bf8f633cb6cfb9375eb4269430e05966bdd74bbd12bfa,2024-12-21T10:15:08.600000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 CVE-2024-12560,0,0,59d00c885b51c3e9ef9e4160d8c87472751bc46b43573f63258bdfe4a0067aed,2024-12-19T07:15:13.507000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 @@ -244951,9 +244951,9 @@ CVE-2024-12578,0,0,6076f52af563970ec8a3bc8e5f14a4b4d6997e85c1163c0f2b2e584e97943 CVE-2024-12579,0,0,6b066a632ed42755872bfe12897131044e41b00627589546ab36be31d813b6f2,2024-12-13T05:15:07.473000 CVE-2024-1258,0,0,36d421eec5fc7cce6382fad9fd3a9a8780da80fcb6e09fc8e5e480709b2e6caa,2024-11-21T08:50:10.573000 CVE-2024-12581,0,0,899275a869b7c967a158446f680d5b1e6ee7fb8c13fa325a1164dc54186bea7f,2024-12-13T06:15:26.433000 -CVE-2024-12588,1,1,1933918a1bc731b9f2daeac6f15474bd290e2defc9eea3981aaebba99a0dc9b7,2024-12-21T09:15:06.233000 +CVE-2024-12588,0,0,1933918a1bc731b9f2daeac6f15474bd290e2defc9eea3981aaebba99a0dc9b7,2024-12-21T09:15:06.233000 CVE-2024-1259,0,0,1c6bb100fc9cba505c4d696801bfd3102c508e530bb2e36c86a6685675278bd7,2024-11-21T08:50:10.730000 -CVE-2024-12591,1,1,eaf713466d72851d200fb1c2165d3b74352c989b31dbbf0a4a003e2ec790fb1b,2024-12-21T10:15:09.177000 +CVE-2024-12591,0,0,eaf713466d72851d200fb1c2165d3b74352c989b31dbbf0a4a003e2ec790fb1b,2024-12-21T10:15:09.177000 CVE-2024-12596,0,0,e90ded9007b974bbde2cfd1ae98f2588ae4014955a30c3526b941fc61c029c03,2024-12-18T04:15:08.253000 CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f8244,2024-11-21T08:50:10.880000 CVE-2024-12601,0,0,2ca4ea21e5bfaf124d19bbe4bee1a196aca18d8d864e8b042ec1fe94e0d48399,2024-12-17T12:15:20.543000 @@ -245056,6 +245056,7 @@ CVE-2024-1285,0,0,d0ab2f865f2e59a6fecad2e70eefd338b3054451b5a20bdd27d60569b43e4f CVE-2024-1286,0,0,3a37afba636befcbf537a255eb60a76fe80040636283609c3669d2692aee914a,2024-11-21T08:50:14.037000 CVE-2024-12867,0,0,01e49ed64d6e9cd55a7b69c5d48fb82a0f55b6ea873444ea934a92cdc9c1bea1,2024-12-20T20:15:22.740000 CVE-2024-1287,0,0,86cfcf8ed68830eef8991c1cc47e2012e7e4c97ca8a27598ab8fa2741ba6d8b0,2024-11-21T08:50:14.227000 +CVE-2024-12875,1,1,ee4bf98b78016953207e90ab1c1e1367a08d0d85e025d7e25b88e0372fa04581,2024-12-21T12:15:20.910000 CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884fd8,2024-11-21T08:50:14.440000 CVE-2024-1289,0,0,e65e8e4dfe8200c9b56fed0852a43d923fc5ad73370ce2516cb730a4df84b5f1,2024-11-21T08:50:14.563000 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000 @@ -274154,7 +274155,7 @@ CVE-2024-9540,0,0,d758cb49ce3dd0226a2fbe7c6c4f76abf11590889a4c76eb537def5a9bb2e7 CVE-2024-9541,0,0,112d2769f3fac6053209a88d19d4c5788c14efed52bd0cea2b7d81fca23492a2,2024-10-25T21:16:12.447000 CVE-2024-9542,0,0,f2f272a54cf9fc921a70de7d820fc097e3856aed4b12f3bf6c483323a89b629d,2024-11-22T21:17:39.173000 CVE-2024-9543,0,0,9ffb88569aa66ffadb093beac53dfdbfee9ae27ce5e966c822c3a435c94a35f8,2024-10-15T12:58:51.050000 -CVE-2024-9545,1,1,eb213262153b9ee04805f1f3e0408927accf7376b0804d14b0360a8c0a6449ce,2024-12-21T09:15:06.460000 +CVE-2024-9545,0,0,eb213262153b9ee04805f1f3e0408927accf7376b0804d14b0360a8c0a6449ce,2024-12-21T09:15:06.460000 CVE-2024-9546,0,0,0b8dcb50cff5e91e4ec767b11d37eb0c2ee866ae4a2331c1d097d7a8a14dfdcc,2024-10-17T13:34:27.890000 CVE-2024-9548,0,0,8d5aae9f3ea152c47a5c1b60447cdc8ff6b84a456efb42b11fe6bb844fa28b6b,2024-10-17T13:46:07.997000 CVE-2024-9549,0,0,50bf87b528943ee7572f180e947099bc43170c2ee439e1dbaeb8963d75183144,2024-10-10T13:14:51.793000