Auto-Update: 2024-08-16T08:00:17.064307+00:00

CVE-2024/CVE-2024-326xx/CVE-2024-32673.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-32673",
   "sourceIdentifier": "PSIRT@samsung.com",
   "published": "2024-07-03T02:15:10.297",
-  "lastModified": "2024-07-03T12:53:24.977",
+  "lastModified": "2024-08-16T07:15:03.693",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -22,15 +22,15 @@
         "type": "Secondary",
         "cvssData": {
           "version": "4.0",
-          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X",
-          "attackVector": "NETWORK",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear",
+          "attackVector": "LOCAL",
           "attackComplexity": "LOW",
           "attackRequirements": "NONE",
           "privilegesRequired": "NONE",
           "userInteraction": "ACTIVE",
           "vulnerableSystemConfidentiality": "NONE",
           "vulnerableSystemIntegrity": "NONE",
-          "vulnerableSystemAvailability": "NONE",
+          "vulnerableSystemAvailability": "HIGH",
           "subsequentSystemConfidentiality": "NONE",
           "subsequentSystemIntegrity": "NONE",
           "subsequentSystemAvailability": "NONE",
@@ -50,15 +50,37 @@
           "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
           "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
           "safety": "NOT_DEFINED",
-          "automatable": "NO",
+          "automatable": "NOT_DEFINED",
           "recovery": "NOT_DEFINED",
           "valueDensity": "NOT_DEFINED",
           "vulnerabilityResponseEffort": "NOT_DEFINED",
-          "providerUrgency": "NOT_DEFINED",
-          "baseScore": 0.0,
-          "baseSeverity": "NONE"
+          "providerUrgency": "CLEAR",
+          "baseScore": 6.7,
+          "baseSeverity": "MEDIUM"
         }
       }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "PSIRT@samsung.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
     ]
   },
   "weaknesses": [

CVE-2024/CVE-2024-64xx/CVE-2024-6460.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6460",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-08-16T06:15:04.170",
+  "lastModified": "2024-08-16T06:15:04.170",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Grow by Tradedoubler  WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-75xx/CVE-2024-7501.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-7501",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-08-16T07:15:05.003",
+  "lastModified": "2024-08-16T07:15:05.003",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3136231/download-plugins-dashboard/tags/1.8.8/includes/class-alg-download-plugins-core.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbfcaeb-2635-4b11-b426-ee04345d5f36?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-08-16T06:00:17.201125+00:00
+2024-08-16T08:00:17.064307+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-08-16T05:15:12.177000+00:00
+2024-08-16T07:15:05.003000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-260202
+260204
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-- [CVE-2024-7301](CVE-2024/CVE-2024-73xx/CVE-2024-7301.json) (`2024-08-16T05:15:12.177`)
-- [CVE-2024-7422](CVE-2024/CVE-2024-74xx/CVE-2024-7422.json) (`2024-08-16T04:15:07.497`)
+- [CVE-2024-6460](CVE-2024/CVE-2024-64xx/CVE-2024-6460.json) (`2024-08-16T06:15:04.170`)
+- [CVE-2024-7501](CVE-2024/CVE-2024-75xx/CVE-2024-7501.json) (`2024-08-16T07:15:05.003`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2024-32673](CVE-2024/CVE-2024-326xx/CVE-2024-32673.json) (`2024-08-16T07:15:03.693`)
 
 
 ## Download and Usage

_state.csv

@@ -251507,7 +251507,7 @@ CVE-2024-3267,0,0,940010b55b9a616638f110687c77a6c496dcf0d2dfd170d1aa59ab5c8e8481
 CVE-2024-32670,0,0,11e459444671f45b9f26d0cdaea8328e4da91a68f683a4e2c21fd5a0bc52f597,2024-07-11T13:05:54.930000
 CVE-2024-32671,0,0,6a813a16be23f5f1d38aab16f1ea83feab7085f490ba24d04e87e7caf4f0848c,2024-07-29T14:12:08.783000
 CVE-2024-32672,0,0,ee29fc695f581fb34ab7bf98446e86972f27b7ccbb3dc78cde6e814c3b7d95d3,2024-05-14T16:12:23.490000
-CVE-2024-32673,0,0,c9f67d54777fc1d6a602ef9ed03e4f5b3605cc09e4b1087225be42a1b82669fa,2024-07-03T12:53:24.977000
+CVE-2024-32673,0,1,3ba332f405fb62a9db852b3a3b63947df990ff59922b5ccf63ffb803181a7192,2024-08-16T07:15:03.693000
 CVE-2024-32674,0,0,8e274e9762e7b32d105911c76fa84ee156bae08969022295a61c40a0ca8ab4bf,2024-07-03T01:56:55.253000
 CVE-2024-32675,0,0,913204d4cbd7767b42b95dac3f501448ad855a8cc8b6e44b189aaed7fb9c4ba4,2024-04-24T17:16:50.397000
 CVE-2024-32676,0,0,b31f11d0c79f627eee2fc0dd8ef5512167a52a89883adae7727493e2257da5c8,2024-05-17T09:15:38.620000
@@ -259404,6 +259404,7 @@ CVE-2024-6455,0,0,8630ebc1a98e741e91f009e85126d02bca9a8a2c6f3c48f74f4c74c8c868f3
 CVE-2024-6456,0,0,bc36926cd39d9c147941407431b009e2492d4daa481901d0ea883b3657b0a7bf,2024-08-15T21:15:18.047000
 CVE-2024-6457,0,0,2021b397e47ab38cda013de2c201fe3ea53b49570246fbb65269f60be90e5ab4,2024-07-16T13:43:58.773000
 CVE-2024-6458,0,0,e6f4f9a699790cfa92517dafe90bcdba32232615fceb305817a9ccda94d06fc4,2024-07-29T14:12:08.783000
+CVE-2024-6460,1,1,ab45ea0deabed8609ca1eeb4abfd3cff05db3028c4cc4323de2fa5625d6caa24,2024-08-16T06:15:04.170000
 CVE-2024-6461,0,0,86a214d0c7bd3f57cea37cd567b01f1a0e55f8d4342f6c7c46fd15b8942c8d90,2024-07-03T21:15:04.580000
 CVE-2024-6463,0,0,f8d7d80ca565804c0caafdbc8214fe1eca7dc83d43861affc813af07365c0cc0,2024-07-03T21:15:04.640000
 CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356cbf,2024-07-03T21:15:04.697000
@@ -259899,7 +259900,7 @@ CVE-2024-7291,0,0,298cd3a818c66e9bf797d2d090f42649293656283b8daab213f19385b28931
 CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000
 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000
 CVE-2024-7300,0,0,a2e066ea38ffd4d283558ac9c550384947d588019ed19b0e0b6c2becc0799ae9,2024-07-31T14:15:08.080000
-CVE-2024-7301,1,1,68efc052c3ff82c00991a0bb754a03ac5193288502719b678a27062d039892f4,2024-08-16T05:15:12.177000
+CVE-2024-7301,0,0,68efc052c3ff82c00991a0bb754a03ac5193288502719b678a27062d039892f4,2024-08-16T05:15:12.177000
 CVE-2024-7302,0,0,3e3978a555cf8f7617492d06d41673a59c5323c552cb9b37b079247ec7c0af88,2024-08-01T12:42:36.933000
 CVE-2024-7303,0,0,9520f852975600abd145b384cdd7bd5ee8f54af62f4a78fc6dcf9ca25a845304,2024-08-12T16:47:04.740000
 CVE-2024-7306,0,0,3c865c91ac7fc6c8c32a68429064dd89f6391277f467a5bdc571f15092dbadd4,2024-08-12T16:33:51.090000
@@ -259979,7 +259980,7 @@ CVE-2024-7413,0,0,1e2e6e629ae076e767a4ed710c2f32c76d2bd71396701e30749c7812afe7ed
 CVE-2024-7414,0,0,75779b8687375e2d55d3e2d954892bdff56935440cca361ae4c6a6a0a4f3bed5,2024-08-12T13:41:36.517000
 CVE-2024-7416,0,0,9f5565f11e96fff207b91fc0825d45934365835075928991c71489e2cad44813,2024-08-12T13:41:36.517000
 CVE-2024-7420,0,0,900b53573d93f498a815ef6b5a664e0852d0bc5883291fa6f9b7211ca7e3509a,2024-08-15T13:01:10.150000
-CVE-2024-7422,1,1,d3b0948dba31e8818223206c1d1d5ef43788c157a17720b489316543b1773917,2024-08-16T04:15:07.497000
+CVE-2024-7422,0,0,d3b0948dba31e8818223206c1d1d5ef43788c157a17720b489316543b1773917,2024-08-16T04:15:07.497000
 CVE-2024-7436,0,0,4e5f8b4434de8d3be7545b252fde74866f6d1e15f143f31c26845d516524cae6,2024-08-05T12:41:45.957000
 CVE-2024-7437,0,0,6536d7f97d7ad58b67ec8c23497b1bab63383020d43415bc5b4c83af23e0fa6d,2024-08-12T13:38:43.060000
 CVE-2024-7438,0,0,e0751aac5a1208089fd3136e155c05769dcef78130a2d9c6fdc04c87ca92fb9a,2024-08-12T13:38:43.203000
@@ -260025,6 +260026,7 @@ CVE-2024-7497,0,0,171d6206f3c6dadbebd8902a7e0a0a1774e2796713d12e03c39eb365b5f7df
 CVE-2024-7498,0,0,34558512fcd1426a2a2d148e9d2625ea3cd75c20501206f3df3d025acddc8114,2024-08-06T16:30:24.547000
 CVE-2024-7499,0,0,6a02f27fcba04de10769d0a3eb8df3330f0153ea641827dd4e7a8cea71e560a6,2024-08-06T16:30:24.547000
 CVE-2024-7500,0,0,931897362fb2ba79107882fb00e70aa09beff68614f848f39093ae56ae63e032,2024-08-06T16:30:24.547000
+CVE-2024-7501,1,1,3089c3693a789a5827625ccdeca3210da85eb8da93bfd28e8a099cdbea8253dc,2024-08-16T07:15:05.003000
 CVE-2024-7502,0,0,400715e8cd7f13a2a067bad8525237ee0b427d91f26288ec69911983b1e213dc,2024-08-12T18:50:46.897000
 CVE-2024-7503,0,0,e784b3ab46a1e81c39e310fabae0c1eb2177c76661481ff0b29d2e5ba473397f,2024-08-12T13:41:36.517000
 CVE-2024-7505,0,0,aecd8f77bf4729577cedcf26eddaf42651063906380e7519311f6a7e624532e3,2024-08-06T16:30:24.547000