diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9071.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9071.json new file mode 100644 index 00000000000..fffb7c58cda --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9071.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9071", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-04T10:15:12.903", + "lastModified": "2024-10-04T10:15:12.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Demo Importer \u2013 A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3162305/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/easy-demo-importer/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27a1f457-6bd9-41eb-83e1-cb9e62950041?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9271.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9271.json new file mode 100644 index 00000000000..5f691b4676c --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9271.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9271", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-04T10:15:13.873", + "lastModified": "2024-10-04T10:15:13.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3161983/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/rewp/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7d340b9-6a77-481c-983c-f4774ecff285?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bf83d783dbe..12e8ff14bcd 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-04T08:00:20.095017+00:00 +2024-10-04T12:00:18.697204+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-04T07:15:03.857000+00:00 +2024-10-04T10:15:13.873000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -264460 +264462 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `2` -- [CVE-2024-47854](CVE-2024/CVE-2024-478xx/CVE-2024-47854.json) (`2024-10-04T06:15:03.027`) -- [CVE-2024-47855](CVE-2024/CVE-2024-478xx/CVE-2024-47855.json) (`2024-10-04T06:15:04.093`) -- [CVE-2024-6442](CVE-2024/CVE-2024-64xx/CVE-2024-6442.json) (`2024-10-04T06:15:04.370`) -- [CVE-2024-6443](CVE-2024/CVE-2024-64xx/CVE-2024-6443.json) (`2024-10-04T06:15:05.160`) -- [CVE-2024-6444](CVE-2024/CVE-2024-64xx/CVE-2024-6444.json) (`2024-10-04T07:15:02.877`) -- [CVE-2024-8804](CVE-2024/CVE-2024-88xx/CVE-2024-8804.json) (`2024-10-04T06:15:05.353`) -- [CVE-2024-9242](CVE-2024/CVE-2024-92xx/CVE-2024-9242.json) (`2024-10-04T06:15:05.647`) -- [CVE-2024-9306](CVE-2024/CVE-2024-93xx/CVE-2024-9306.json) (`2024-10-04T07:15:03.550`) -- [CVE-2024-9435](CVE-2024/CVE-2024-94xx/CVE-2024-9435.json) (`2024-10-04T07:15:03.857`) +- [CVE-2024-9071](CVE-2024/CVE-2024-90xx/CVE-2024-9071.json) (`2024-10-04T10:15:12.903`) +- [CVE-2024-9271](CVE-2024/CVE-2024-92xx/CVE-2024-9271.json) (`2024-10-04T10:15:13.873`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index c684ffc900c..784d1b6ae69 100644 --- a/_state.csv +++ b/_state.csv @@ -261032,8 +261032,8 @@ CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e01 CVE-2024-4784,0,0,4cc2a5a387e2d44a289947f3cae3cd294fd9977dc8f62a4a2754567f4ad78544,2024-08-23T16:59:30.430000 CVE-2024-4785,0,0,86459565331431d4effe5c5baf904159b952a2a7d490db9da0fcd3795764e799,2024-08-20T15:44:20.567000 CVE-2024-47850,0,0,5cfa949a2f348d42209a7ad3229b3dfd8e701c71f62b530011920d6cc2b47a69,2024-10-04T05:15:11.243000 -CVE-2024-47854,1,1,8ada47c8e41eb3ba9174f6b1435ebc115a61393d1f9e0638f68136c31d9e2c64,2024-10-04T06:15:03.027000 -CVE-2024-47855,1,1,61e282832f73281829ef7583678470d096ee6a7f581cbce86a225d728613c584,2024-10-04T06:15:04.093000 +CVE-2024-47854,0,0,8ada47c8e41eb3ba9174f6b1435ebc115a61393d1f9e0638f68136c31d9e2c64,2024-10-04T06:15:03.027000 +CVE-2024-47855,0,0,61e282832f73281829ef7583678470d096ee6a7f581cbce86a225d728613c584,2024-10-04T06:15:04.093000 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 CVE-2024-4787,0,0,6e9b8652de9328ef9248746b2fe52f715cb97566c59048ae6277a1aaed304f45,2024-06-20T12:44:01.637000 CVE-2024-4788,0,0,036e4ce9e476328c73022572d41365684f416f1f77ea3a1f5e72bdd2454ce2ec,2024-08-05T20:23:52.467000 @@ -262475,9 +262475,9 @@ CVE-2024-6438,0,0,dda5c3ef0b29175f6296e0b89d7c12c3e07fe51c2f0cc30ea59ffede8f2663 CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a09a,2024-07-02T17:58:39.773000 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000 -CVE-2024-6442,1,1,c447fd21cd44a9b02f2817edf5de524deb3d008389cb0d42f60bb389c591a4b3,2024-10-04T06:15:04.370000 -CVE-2024-6443,1,1,d08394e0070894131819b9a5154ca9752eb7170874299ab3437aeb40ef47ddf5,2024-10-04T06:15:05.160000 -CVE-2024-6444,1,1,4707fe42307561d9c9157bd0f99f783e8c32216a0a7ebc01cf806124e2433bf5,2024-10-04T07:15:02.877000 +CVE-2024-6442,0,0,c447fd21cd44a9b02f2817edf5de524deb3d008389cb0d42f60bb389c591a4b3,2024-10-04T06:15:04.370000 +CVE-2024-6443,0,0,d08394e0070894131819b9a5154ca9752eb7170874299ab3437aeb40ef47ddf5,2024-10-04T06:15:05.160000 +CVE-2024-6444,0,0,4707fe42307561d9c9157bd0f99f783e8c32216a0a7ebc01cf806124e2433bf5,2024-10-04T07:15:02.877000 CVE-2024-6445,0,0,d4bd07ae9eba462d90eb79dcc7204c56bd4679ce8063eb2ebe32db5f30ce9fc7,2024-09-12T16:14:51.480000 CVE-2024-6446,0,0,40ba33596a31d7c54c56d318bcab067473a99b16234df2e24accf4e6227c9e31,2024-09-14T15:17:11.720000 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000 @@ -264204,7 +264204,7 @@ CVE-2024-8800,0,0,d956ac136643b04f0243a452c8ccfdf197118d0e853c27476b810517af9801 CVE-2024-8801,0,0,b5bc4f982a594acb6aaf56b2e8a82653b32de0b2ae7bfdf440e37c28bdd34de7,2024-09-30T14:23:46.140000 CVE-2024-8802,0,0,fa13adca8a22ec6e50f47087a1da6c1e490e962abace9f54c6d7c55cc28a4817,2024-10-04T05:15:11.930000 CVE-2024-8803,0,0,1e0c20c4da3042f287bedde6aa980588230b643699023347d741bb81db132ef8,2024-10-02T17:15:12.677000 -CVE-2024-8804,1,1,7c528ca66db5ca77abb50794657dc450a6d4f88358c2365f5ecb81bde5817e53,2024-10-04T06:15:05.353000 +CVE-2024-8804,0,0,7c528ca66db5ca77abb50794657dc450a6d4f88358c2365f5ecb81bde5817e53,2024-10-04T06:15:05.353000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 CVE-2024-8853,0,0,b5a3b0675f8f2657c7381537f08c47ae3a3694c18acf1b18976370e35c278f0e,2024-09-25T17:49:25.653000 CVE-2024-8858,0,0,a55a2b45b2b7a3f3c60e0d8077307a88defc4d63f2b498893a25b1463c90c22f,2024-10-02T18:41:29.067000 @@ -264305,6 +264305,7 @@ CVE-2024-9060,0,0,e35befe0c19e9c59756c7c70c224c449f9b987489f50a3c4c91195a0ebac85 CVE-2024-9063,0,0,df96d256cb802a721004c9ac9223f80a26c192f9136fb3599130ecff1f9d6c94,2024-09-25T01:15:48.670000 CVE-2024-9068,0,0,01b6ceee3583b3b207ab2eeaf4c2684cbe8e9990b1a6178aa8ad730654493f98,2024-10-02T19:55:50.547000 CVE-2024-9069,0,0,904bb0393747d55de1840c322bbad7ae9d27b3e14c3398a0999f4d003e7be886,2024-10-02T19:37:49.777000 +CVE-2024-9071,1,1,957e62c0393f0628f9347c6d61d1bdf135a92652d16fab07ebf75d67cdba8861,2024-10-04T10:15:12.903000 CVE-2024-9073,0,0,e1a3718934b1c8aa8070be1e5efd6407ed841e421f9f505c84906bd05d8d4d7e,2024-10-02T19:32:43.047000 CVE-2024-9075,0,0,3b33ab99769a9c852230df8e8b6083f862011911d6a5bcadbdc727ad6f83ab66,2024-09-30T15:27:39.313000 CVE-2024-9076,0,0,8c57021a64484b6edbf7ffabe5a971516c1732fccafbf97d4089a67e7015212f,2024-09-27T16:14:04.977000 @@ -264372,12 +264373,13 @@ CVE-2024-9225,0,0,141d0d35e11a2cd106662fadee1419850af7b64bb767687c4551fb0ce39a77 CVE-2024-9228,0,0,9405c3cfc45dca66268ec52ff9d3afd2509e4b32bf0c50779cb731b661651911,2024-10-01T09:15:07.750000 CVE-2024-9237,0,0,8e6e22e1e3f1d7c42a4af8690ec68b6567f1938aac087ae222b58b78114ae60d,2024-10-04T05:15:12.390000 CVE-2024-9241,0,0,c97fba2c7aa884bcdd52fc5811a712b361d655a1df561d8ca3d939dedb183a39,2024-10-01T09:15:08.287000 -CVE-2024-9242,1,1,e9b47715b8866c0bb06824338df1ab32ffe4086045274b1a5798b8af973e0ccc,2024-10-04T06:15:05.647000 +CVE-2024-9242,0,0,e9b47715b8866c0bb06824338df1ab32ffe4086045274b1a5798b8af973e0ccc,2024-10-04T06:15:05.647000 CVE-2024-9265,0,0,a960537dfc00aa7287cda3b344edaa9968d5f1c511cd23e19840dec685ffedab,2024-10-01T09:15:08.810000 CVE-2024-9266,0,0,9236ddab7a32ddd3f2f213c68ff62e8764199194dacaa0a345239e73e7878693,2024-10-03T19:15:05.027000 CVE-2024-9267,0,0,dc0e2a16aa688a38c35f6b9ffae7fc1a73b41beb5eb56dfb80ff17744ee58cdd,2024-10-01T08:15:06.103000 CVE-2024-9268,0,0,7e7771d589d5219f5f8e1d4b856d8a4ecc833e195b34661fddc76da01954ef5a,2024-09-27T17:15:14.497000 CVE-2024-9269,0,0,17a005cc0d3d32766c2354e4e21cb5a6af989b17ac72800bc0de449fb0f65c28,2024-10-01T08:15:06.313000 +CVE-2024-9271,1,1,2ea88abcbf961aaa15b521ad34b35dc9cddcc77bca5e08580f9b2be138919aef,2024-10-04T10:15:13.873000 CVE-2024-9272,0,0,3bcc3e0378e59bc6d6daede197b60eb874d387818f18424bcf6330089754e28e,2024-10-01T08:15:06.510000 CVE-2024-9273,0,0,d541667891e816199f828382e531f52a986321fd7f85b5856a4bc94c161620a8,2024-09-27T17:15:14.550000 CVE-2024-9274,0,0,cc5814507328948ef506c997bdd3cfe686c60b8346a4520f66a47bfd431a0fe5,2024-10-01T08:15:06.723000 @@ -264403,7 +264405,7 @@ CVE-2024-9299,0,0,0e06149ad72b9bceed8023fce5d46e4c2d87e230ca1e26b3a70118742de53d CVE-2024-9300,0,0,8cf4fd8be1a68079d9b09593a267df47fb69eec7140ede32d9eeb623680961c8,2024-10-01T13:34:58.760000 CVE-2024-9301,0,0,73ba33e42a5a66e63775d86ddfdf57e7a04bcd9ceda925406fc4894f153c084a,2024-09-30T12:45:57.823000 CVE-2024-9304,0,0,77296627b4e73471315e7e445cf2a4183f5c2120111f84509ea16b607bc5907e,2024-10-01T08:15:06.943000 -CVE-2024-9306,1,1,4ca35b197e1e8441ae7b54d80e40679c30ed3e0a26a5e3ec8e56c166d1689ce9,2024-10-04T07:15:03.550000 +CVE-2024-9306,0,0,4ca35b197e1e8441ae7b54d80e40679c30ed3e0a26a5e3ec8e56c166d1689ce9,2024-10-04T07:15:03.550000 CVE-2024-9313,0,0,533b0d999ec7273986b8e84d0a0b2d019578bc94f6735184fe1b7224c917a32a,2024-10-03T11:15:13.940000 CVE-2024-9315,0,0,dcae3590349756096f3149f913fcd278d961f7a38fe3ece525d39bf3aa5da14a,2024-10-01T13:33:59.480000 CVE-2024-9316,0,0,dc1cd9e0c0f14c1ac859a7efc8a45f5e2b48ab85717e9999593b73d7873483e5,2024-10-02T13:29:29.813000 @@ -264454,7 +264456,7 @@ CVE-2024-9411,0,0,0ed7229fadcaa0ba2be6aae3ed0a903fea8ee7057f413ca8d29b7080b09aae CVE-2024-9421,0,0,113e7be703208961a4797379eec546ebda83429cccc93934d64732f5dbb32085,2024-10-04T05:15:14.030000 CVE-2024-9423,0,0,c94940e86c4d0857c214a72b7785993b36e482d8dc6d4d5d12ed70a35b4f0f3b,2024-10-02T16:15:11.250000 CVE-2024-9429,0,0,db0d8ee6274f5889e645bc8f06bc2c127c429edd7f6e0ee6aa8f7a2649e83d4c,2024-10-02T13:15:12.617000 -CVE-2024-9435,1,1,3547393000ed8dce8618b05e9dca518261bffd0df796ca17f2125743b1b7dc37,2024-10-04T07:15:03.857000 +CVE-2024-9435,0,0,3547393000ed8dce8618b05e9dca518261bffd0df796ca17f2125743b1b7dc37,2024-10-04T07:15:03.857000 CVE-2024-9440,0,0,a014a1e56d1851c7e48b58fd953e33ac08c51de3cb3a714389caa1ff00e4d989,2024-10-02T19:15:15.880000 CVE-2024-9441,0,0,384255352f00f9a9db206fa87755d8414cb6b20054a48cca8134e02f7821516e,2024-10-02T19:15:16.100000 CVE-2024-9445,0,0,fabfc564c6ed891571f4b9f8b25796aae5fe877150de0eb458cd1c36e31c1f17,2024-10-04T05:15:14.230000