From 6716aabeb2a885c342c2d0849b1d25b2edc6baa6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 28 Sep 2024 10:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-09-28T10:00:17.565544+00:00 --- CVE-2024/CVE-2024-87xx/CVE-2024-8712.json | 64 ++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9296.json | 141 ++++++++++++++++++++++ README.md | 21 +--- _state.csv | 24 ++-- 4 files changed, 224 insertions(+), 26 deletions(-) create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8712.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9296.json diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8712.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8712.json new file mode 100644 index 00000000000..49d3e62d88c --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8712.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8712", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-28T09:15:02.167", + "lastModified": "2024-09-28T09:15:02.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gtm-server-side/tags/2.1.19/templates/class-gtm-server-side-admin.php#L30", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3158847/gtm-server-side/tags/2.1.20/templates/class-gtm-server-side-admin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9296.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9296.json new file mode 100644 index 00000000000..5b2d5f25919 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9296.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9296", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-28T09:15:02.600", + "lastModified": "2024-09-28T09:15:02.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/para-paradise/webray.com.cn/blob/main/Advocate%20office%20management%20system/Advocate%20office%20management%20system%20forgot_pass.php%20time-based%20SQL%20Injection%20Vulnerability.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278790", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278790", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.412461", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 084c9e2bae3..d9ab6a082d6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-28T08:00:16.756926+00:00 +2024-09-28T10:00:17.565544+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-28T07:15:04.123000+00:00 +2024-09-28T09:15:02.600000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -264088 +264090 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `2` -- [CVE-2024-23923](CVE-2024/CVE-2024-239xx/CVE-2024-23923.json) (`2024-09-28T07:15:02.440`) -- [CVE-2024-23924](CVE-2024/CVE-2024-239xx/CVE-2024-23924.json) (`2024-09-28T07:15:02.790`) -- [CVE-2024-23935](CVE-2024/CVE-2024-239xx/CVE-2024-23935.json) (`2024-09-28T07:15:02.997`) -- [CVE-2024-23938](CVE-2024/CVE-2024-239xx/CVE-2024-23938.json) (`2024-09-28T06:15:02.200`) -- [CVE-2024-23957](CVE-2024/CVE-2024-239xx/CVE-2024-23957.json) (`2024-09-28T06:15:02.787`) -- [CVE-2024-23958](CVE-2024/CVE-2024-239xx/CVE-2024-23958.json) (`2024-09-28T07:15:03.183`) -- [CVE-2024-23959](CVE-2024/CVE-2024-239xx/CVE-2024-23959.json) (`2024-09-28T07:15:03.367`) -- [CVE-2024-23960](CVE-2024/CVE-2024-239xx/CVE-2024-23960.json) (`2024-09-28T07:15:03.550`) -- [CVE-2024-23961](CVE-2024/CVE-2024-239xx/CVE-2024-23961.json) (`2024-09-28T07:15:03.740`) -- [CVE-2024-23967](CVE-2024/CVE-2024-239xx/CVE-2024-23967.json) (`2024-09-28T07:15:03.937`) -- [CVE-2024-9295](CVE-2024/CVE-2024-92xx/CVE-2024-9295.json) (`2024-09-28T07:15:04.123`) +- [CVE-2024-8712](CVE-2024/CVE-2024-87xx/CVE-2024-8712.json) (`2024-09-28T09:15:02.167`) +- [CVE-2024-9296](CVE-2024/CVE-2024-92xx/CVE-2024-9296.json) (`2024-09-28T09:15:02.600`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f600af7a9e0..4748b850d86 100644 --- a/_state.csv +++ b/_state.csv @@ -245866,13 +245866,13 @@ CVE-2024-23916,0,0,5077cd24018e805b075cf41f1ccac823739f63acd7350dd61dccd4ccae773 CVE-2024-23917,0,0,f3236f3886ac3a298029762564187aed866f84d01e9365abb654a21b0d966829,2024-02-09T01:05:22.180000 CVE-2024-2392,0,0,a1f238224b889878ea8101bb03eb85f7363cbe3f032b78dbb59584257d093c6d,2024-03-22T12:45:36.130000 CVE-2024-23922,0,0,288cd2c46a3e75a5e0ef35cc35e0f6530d4d6b67a2eb2b42fa02b67f3d5649f8,2024-09-26T13:32:55.343000 -CVE-2024-23923,1,1,018ef5fcdc300723cc2e14dae15017b4a930053d99c9fd577ac55b06f0be1909,2024-09-28T07:15:02.440000 -CVE-2024-23924,1,1,fb697cc01f0647d1e21deb85e2308042905d41cb886de08cb4a4c797a6686033,2024-09-28T07:15:02.790000 +CVE-2024-23923,0,0,018ef5fcdc300723cc2e14dae15017b4a930053d99c9fd577ac55b06f0be1909,2024-09-28T07:15:02.440000 +CVE-2024-23924,0,0,fb697cc01f0647d1e21deb85e2308042905d41cb886de08cb4a4c797a6686033,2024-09-28T07:15:02.790000 CVE-2024-2393,0,0,df74eedb2cf97a7cc02bf0873514b7acec290c6b3a77795cc7def5200bf6c3d3,2024-05-17T02:38:12.530000 CVE-2024-23933,0,0,01d625badee588d8b28d0d0fbf55d2f47d0b150143df0e8338ce37487a8f0580,2024-09-26T13:32:55.343000 CVE-2024-23934,0,0,61cba64dd7d447d31e2c1c1cee321294df02a41fb555e62b1a346e8bb423690c,2024-09-26T13:32:55.343000 -CVE-2024-23935,1,1,9cfbd19dce3c7f3d17422ef8161abd59a134553512dbcc0c875da949d881f04b,2024-09-28T07:15:02.997000 -CVE-2024-23938,1,1,d8c7a959dc5a0629d9048ef2f2c4ba4766c3b1bb0c0a6e0dacc9099fa012bc21,2024-09-28T06:15:02.200000 +CVE-2024-23935,0,0,9cfbd19dce3c7f3d17422ef8161abd59a134553512dbcc0c875da949d881f04b,2024-09-28T07:15:02.997000 +CVE-2024-23938,0,0,d8c7a959dc5a0629d9048ef2f2c4ba4766c3b1bb0c0a6e0dacc9099fa012bc21,2024-09-28T06:15:02.200000 CVE-2024-2394,0,0,601af7bb68f57fdb63dc28b1a3be4e92facb0bb452d0b42ad5d6937b933c3deb,2024-05-17T02:38:12.620000 CVE-2024-23940,0,0,1c0bdede0fd3b02e7f9ad21f2aa27ec6ae45825d094730a07bddf507f926c4e8,2024-02-06T19:19:33.920000 CVE-2024-23941,0,0,9709bab66e0af4d3dc69e9a86a5316f0273a5a15f2aac5ab4098dcbc1f12f8f7,2024-02-06T21:37:12.433000 @@ -245885,12 +245885,12 @@ CVE-2024-2395,0,0,37ecce73517ecefe68574d74e2265f3d2a49c15c536980e217743e28f1db87 CVE-2024-23950,0,0,25847234553a7a7aa3af838a477d7b6f4a5c35ccd2e774f811d68e8ce720445a,2024-06-10T17:16:19.833000 CVE-2024-23951,0,0,14a64f857e19fa20b9d905d154185c191d80e1c0b6ed53dd9050b70f076dc813,2024-06-10T17:16:19.930000 CVE-2024-23952,0,0,34c7e2d5919ffb2785317596bbeb44591446a81e60ca69df2cdc3c3c37179a86,2024-02-14T14:16:07.460000 -CVE-2024-23957,1,1,37a91ce79040106532d239390ae444b6332819b7e9f72cf65c63091df80b24de,2024-09-28T06:15:02.787000 -CVE-2024-23958,1,1,cae83859b27785e2bbae1d2b2ec6953f20791a55cf2974554a466cdfbb519ee7,2024-09-28T07:15:03.183000 -CVE-2024-23959,1,1,c8308e13450d2238caf0d7b06734770079188f9a2ef38eb64ae23ee6e678a522,2024-09-28T07:15:03.367000 -CVE-2024-23960,1,1,fda5fbb384c44cfd892f3a255575c7cf6ce4c2641fb844129ac1686dd7735a55,2024-09-28T07:15:03.550000 -CVE-2024-23961,1,1,774760d9234af4b9b92feb77a30beda5760511ad18696f76b2ebaa44aee95b0e,2024-09-28T07:15:03.740000 -CVE-2024-23967,1,1,2bcd51c846821f9a9259d670019f976da6ff4d771498869c33d238e656bb6765,2024-09-28T07:15:03.937000 +CVE-2024-23957,0,0,37a91ce79040106532d239390ae444b6332819b7e9f72cf65c63091df80b24de,2024-09-28T06:15:02.787000 +CVE-2024-23958,0,0,cae83859b27785e2bbae1d2b2ec6953f20791a55cf2974554a466cdfbb519ee7,2024-09-28T07:15:03.183000 +CVE-2024-23959,0,0,c8308e13450d2238caf0d7b06734770079188f9a2ef38eb64ae23ee6e678a522,2024-09-28T07:15:03.367000 +CVE-2024-23960,0,0,fda5fbb384c44cfd892f3a255575c7cf6ce4c2641fb844129ac1686dd7735a55,2024-09-28T07:15:03.550000 +CVE-2024-23961,0,0,774760d9234af4b9b92feb77a30beda5760511ad18696f76b2ebaa44aee95b0e,2024-09-28T07:15:03.740000 +CVE-2024-23967,0,0,2bcd51c846821f9a9259d670019f976da6ff4d771498869c33d238e656bb6765,2024-09-28T07:15:03.937000 CVE-2024-2397,0,0,00747e677ac07569e47a4b44c68849d40056dfcd1ae374307286b3eb2379c47d,2024-06-10T17:16:25.180000 CVE-2024-23972,0,0,828a337376a97e45b1a3d6fb92449e5bfc2bd8dd2b86628021713c0c44f1d02e,2024-09-26T13:32:55.343000 CVE-2024-23974,0,0,c245074da43acd228fb7b61c7f93435155d38dc53924647c7bf42e3ed476242f,2024-08-14T17:49:14.177000 @@ -263885,6 +263885,7 @@ CVE-2024-8708,0,0,661e441f732f7c590146c851caa19d4b9d733a437db35f14f249fe50618d2c CVE-2024-8709,0,0,c4b78e9440da9a95da6880cb2eb594efc3dc26da0951b28cab597493ad1bb06a,2024-09-13T16:27:21.273000 CVE-2024-8710,0,0,4c5169ef585cdb335030b939d5748b4dbbc0a0ee6166dc565231ca1259e5b90c,2024-09-13T16:25:47.510000 CVE-2024-8711,0,0,0a0fc486d277b8c36cfb49b6365925dae98dcfc88dd0e7309623a05e1f41ecb4,2024-09-13T16:18:15.670000 +CVE-2024-8712,1,1,50c8b955b867e54c67f097c66622da6de593bdb6b5d7888352e6bc40f5c29004,2024-09-28T09:15:02.167000 CVE-2024-8713,0,0,77e6eb32497c4838ab6eff0729860dc19e9280431833bec790cbdd0c191045a7,2024-09-26T13:32:02.803000 CVE-2024-8714,0,0,2bf1d2039d26904f97b1e8fc522abe5916905f0e0d26ed18e01afb2d802fce13,2024-09-26T20:06:46.330000 CVE-2024-8715,0,0,5dd80a9e377e26833109e36a9f853397f40930511fcbb10d79b8fb2a0b5afb14,2024-09-28T03:15:02.330000 @@ -264085,5 +264086,6 @@ CVE-2024-9284,0,0,a3f6be1f322902c2dd706322ffd372bfbe9b47cbadedd7cc30aad50104d2b0 CVE-2024-9291,0,0,cb57967e7b1c1e3b6bbd39bdcccb61b556906a24da36a7110dece4902c704d59,2024-09-27T21:15:03.667000 CVE-2024-9293,0,0,58d1b3c8bf6371fb336102f333c7989d6dbbcc39b37756484826d43b383204c0,2024-09-27T21:15:03.937000 CVE-2024-9294,0,0,ecc4d06c597aa37fc99c049d1c5765db52fd8734fa53dc2d290464be84fc4820,2024-09-27T22:15:13.363000 -CVE-2024-9295,1,1,2059e80eecdba7e0e8296ba30a6d99f30eadea57334392b722bd6631f9d60107,2024-09-28T07:15:04.123000 +CVE-2024-9295,0,0,2059e80eecdba7e0e8296ba30a6d99f30eadea57334392b722bd6631f9d60107,2024-09-28T07:15:04.123000 +CVE-2024-9296,1,1,dded0f6e9e44e64bc57cf92e6d2ef3c1cf85d250453ac5cec64d525a4c889bac,2024-09-28T09:15:02.600000 CVE-2024-9301,0,0,f7d62ae99cd0d6877c5db63fcb4f2c0f8f043fbb8339f25415912b7f29acecf1,2024-09-27T18:15:06.163000