From 7278ed777b782d203eaf33d9a6c9c856299c4adf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 19 Nov 2024 09:03:23 +0000 Subject: [PATCH] Auto-Update: 2024-11-19T09:00:21.888938+00:00 --- CVE-2024/CVE-2024-102xx/CVE-2024-10268.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-103xx/CVE-2024-10388.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-110xx/CVE-2024-11069.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-110xx/CVE-2024-11098.json | 64 +++++++++++++++++++++ README.md | 15 ++--- _state.csv | 10 +++- 6 files changed, 263 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10268.json create mode 100644 CVE-2024/CVE-2024-103xx/CVE-2024-10388.json create mode 100644 CVE-2024/CVE-2024-110xx/CVE-2024-11069.json create mode 100644 CVE-2024/CVE-2024-110xx/CVE-2024-11098.json diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json new file mode 100644 index 00000000000..a63f2d36a0c --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10268", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-19T08:15:15.883", + "lastModified": "2024-11-19T08:15:15.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3188034/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/mp3-music-player-by-sonaar/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/861d0218-0f0f-4299-a0ff-854832348457?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json new file mode 100644 index 00000000000..398602e7f94 --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10388", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-19T08:15:16.293", + "lastModified": "2024-11-19T08:15:16.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json new file mode 100644 index 00000000000..0640c12f548 --- /dev/null +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11069", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-19T08:15:16.577", + "lastModified": "2024-11-19T08:15:16.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json new file mode 100644 index 00000000000..6129dd182cb --- /dev/null +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11098", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-19T08:15:16.833", + "lastModified": "2024-11-19T08:15:16.833", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3188270/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/svg-block/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc1f11-9b53-4e71-b0cc-8f8ebd4a5f32?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index caa400fc43c..26bebb34717 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-19T07:00:20.072979+00:00 +2024-11-19T09:00:21.888938+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-19T06:15:17.873000+00:00 +2024-11-19T08:15:16.833000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -270302 +270306 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -- [CVE-2024-10103](CVE-2024/CVE-2024-101xx/CVE-2024-10103.json) (`2024-11-19T06:15:17.740`) -- [CVE-2024-21539](CVE-2024/CVE-2024-215xx/CVE-2024-21539.json) (`2024-11-19T05:15:16.453`) -- [CVE-2024-8403](CVE-2024/CVE-2024-84xx/CVE-2024-8403.json) (`2024-11-19T06:15:17.873`) +- [CVE-2024-10268](CVE-2024/CVE-2024-102xx/CVE-2024-10268.json) (`2024-11-19T08:15:15.883`) +- [CVE-2024-10388](CVE-2024/CVE-2024-103xx/CVE-2024-10388.json) (`2024-11-19T08:15:16.293`) +- [CVE-2024-11069](CVE-2024/CVE-2024-110xx/CVE-2024-11069.json) (`2024-11-19T08:15:16.577`) +- [CVE-2024-11098](CVE-2024/CVE-2024-110xx/CVE-2024-11098.json) (`2024-11-19T08:15:16.833`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index df474a55c70..813bc9cdc4c 100644 --- a/_state.csv +++ b/_state.csv @@ -242602,7 +242602,7 @@ CVE-2024-10099,0,0,f14bdb99d2ca7956ea9400330266332303014dc510bc6e629dc22733e615a CVE-2024-1010,0,0,b9c2292e551f86bb732084025c958f6307d4b05614efbc31206ace678efe61b8,2024-05-17T02:35:09.883000 CVE-2024-10100,0,0,f9d8653b0b809755807a27c91859fa59733e823c9baf33fbd9ba6460baccb9d4,2024-11-04T19:15:05.297000 CVE-2024-10101,0,0,e3896c5d7db68c5b786b00b58edff142c65dff97c0f85c49d64d1701e59c4a4a,2024-11-04T19:15:05.527000 -CVE-2024-10103,1,1,4259a45e1665318ed535f7305838a4cb3abef1b7dc3496a387dfd27ceff4334f,2024-11-19T06:15:17.740000 +CVE-2024-10103,0,0,4259a45e1665318ed535f7305838a4cb3abef1b7dc3496a387dfd27ceff4334f,2024-11-19T06:15:17.740000 CVE-2024-10104,0,0,72cf69759458c44313ae635dcdff8a669fdc4ab81a7522ae21a712b6681cb93c,2024-11-15T19:35:04.683000 CVE-2024-10108,0,0,f3f4ad009417795f18debc95373d890db3250e635fff4006fa4ef1bc9580626c,2024-11-01T12:57:03.417000 CVE-2024-1011,0,0,a83b664837c33e7f0f4cec42868f7bdd93765cacc9e6b97b43804e8b07af65f2,2024-05-17T02:35:09.987000 @@ -242715,6 +242715,7 @@ CVE-2024-10262,0,0,b25951f7fcc5631ad4155b91ad809e634024513fda623a2bac7141bab57d5 CVE-2024-10263,0,0,d8274159492686a2b3c754959bfc4509f9c9201a502006a3dee5515647626798,2024-11-08T15:59:41.633000 CVE-2024-10265,0,0,f3110d4f544093035d0a9b2f7bbeb2aefd9a822ae90a8974b8e692b012c9f1eb,2024-11-14T15:17:47.947000 CVE-2024-10266,0,0,c93db2a67de792a64ad3b8f3ae10accf6f21ac600e94cc18aca994ed95268502,2024-10-29T14:34:04.427000 +CVE-2024-10268,1,1,27c5b1ce8872d5fc213df09447b64c06daeee0d01f3e5b8645d32b090b77d36c,2024-11-19T08:15:15.883000 CVE-2024-10269,0,0,bfeaf8d939f903a9745c05ccdf0b7972355de998c5dbb79eabed8a663d484515,2024-11-13T17:59:27.717000 CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000 CVE-2024-10276,0,0,913e45b2b0c4a67a031924d52b79fd99196e0bfd1eaceb610aead0724000ee9a,2024-10-29T18:15:05.140000 @@ -242803,6 +242804,7 @@ CVE-2024-10380,0,0,251c7695ebdffe14f2a561bb3be22f7946019d2ec5c5cf9081e853969f103 CVE-2024-10381,0,0,c0308fe75631e6e478c4bb91d489e96b1c2dde80a7b938a5a315dee1135c5bea,2024-11-14T21:44:53.280000 CVE-2024-10386,0,0,92094aeb70b25026044a453c13f522af4eb391b2229044481dc021518acdc439,2024-11-05T20:07:59.487000 CVE-2024-10387,0,0,5a1f42d28f618e614b5301c0b94be55a535432bf7194e0692256ccf6aa332018,2024-11-05T20:05:55.323000 +CVE-2024-10388,1,1,c2960cbbc2e5161c0463a02ee44fa68a529103c55fa798af351a15b4f21da7fe,2024-11-19T08:15:16.293000 CVE-2024-10389,0,0,5c3e383a622dd2c962c1328ad97e7119997516337f3c204f5e02dea9bf077b56,2024-11-04T18:50:05.607000 CVE-2024-1039,0,0,823ba846a6d7c1759f085b54cf23829cdbadd28135927175e007d2b5df85a6ad,2024-02-07T14:09:47.017000 CVE-2024-10390,0,0,0f765d0806cdf9196d329bdcf23025ca64b02fa3979afe4c4c743c1ebcd10d41,2024-11-18T17:15:10.897000 @@ -243218,6 +243220,7 @@ CVE-2024-11065,0,0,07ecc20a5dd82ce3ecccd8bd16ce6c9c834a7ee14450b7b733f59e01e4d5a CVE-2024-11066,0,0,e16818aa9ce80078f2734ac486cf4eb542ac5bd17e4c391662d4998111e3a483,2024-11-15T18:22:45.323000 CVE-2024-11067,0,0,56467501c947edd55cd4613fd2ef381247159c27f7d35a83af06c94b6a86acf3,2024-11-15T18:23:32.557000 CVE-2024-11068,0,0,f7e9062074774d089c911b3e1747ffd8f63444b7d0cb3b7ce8ded4e6fed69b57,2024-11-15T18:24:25.127000 +CVE-2024-11069,1,1,a172cc54d01dc6b8855201d4b16e878d8ae4ef189281e0ed7da7ecf00cc67c55,2024-11-19T08:15:16.577000 CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000 CVE-2024-11070,0,0,3b497257d1d87e8089d11256275eff956cb64bd2c8e5b58c0672dafc5015efdc,2024-11-12T13:55:21.227000 CVE-2024-11073,0,0,ef922d07a39eeb6c1fcac9a877724098fbbee23a8a49829a797889d4fd66dae6,2024-11-18T17:21:19.557000 @@ -243233,6 +243236,7 @@ CVE-2024-11092,0,0,e9f7e804f043cae81931fc37547f9a5b6c886cc0c38e1290ab1e0b94e6cf7 CVE-2024-11094,0,0,96d31b5c75c99258f7a77fadd259d6f2363d98a6ce11e212a75b9e3f71f6de55,2024-11-18T17:11:17.393000 CVE-2024-11096,0,0,c3ff544a53c1563b81fded1ba3057d9b03d9b4212c24283ee7f8f621c81cae5e,2024-11-12T13:55:21.227000 CVE-2024-11097,0,0,42c24fe7e0f8ce5adf3737634dc818886f4840c68e0d42aa533b9f6a8bbe1a75,2024-11-14T15:14:40.767000 +CVE-2024-11098,1,1,c21df5fdfc60ff949c7010ca716fb5ee06a857cecf964ce98fff0dc8269a7e28,2024-11-19T08:15:16.833000 CVE-2024-11099,0,0,b02ba7425ae521b4e61975a45bff8e8ecb52a8a9c6c1cb2a6953e7ebe403b20e,2024-11-14T14:37:45.570000 CVE-2024-1110,0,0,2a7a998b7b1ccd0c64d40f28b7bfefdfe0681031ac010f23e86b81b22a7f4df6,2024-02-10T04:13:13.260000 CVE-2024-11100,0,0,f07ccb7cc897bda2a057cc3519e9430aab72a4403683b1022f65cd547ed95dbc,2024-11-18T18:52:35.447000 @@ -245513,7 +245517,7 @@ CVE-2024-21535,0,0,2e7744380a1db7060122e5ae23002590579ae07efcc1f1beb06e6a3a8350e CVE-2024-21536,0,0,4f914cfe6666bcd465a58ac4926a267d85d3e48bad9af0623e3ff24aeb06f5b5,2024-11-01T18:03:15.897000 CVE-2024-21537,0,0,b5c780dab93a9075b9d24d6af4e9f73fa194b201a9c6953f660e67892e16f17b,2024-11-01T12:57:03.417000 CVE-2024-21538,0,0,e8cdab9c6756d7f91f4358b51c5fdc4acd8293095dfa14f99a5a2ff2dfe3d783,2024-11-08T19:01:03.880000 -CVE-2024-21539,1,1,dfd9359e0c564c537268368db999f7713955785d7a4a9df91fee71b6b45e0530,2024-11-19T05:15:16.453000 +CVE-2024-21539,0,0,dfd9359e0c564c537268368db999f7713955785d7a4a9df91fee71b6b45e0530,2024-11-19T05:15:16.453000 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000 CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000 CVE-2024-21541,0,0,373acd5e14ddf4ee5ebb476557660e01f865be6144d1960555899268f402376b,2024-11-13T17:01:16.850000 @@ -269231,7 +269235,7 @@ CVE-2024-8392,0,0,3343898f56ebc4a1eaf8cb14372686dd9582e66846077d475563fa9697365b CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000 CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000 CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000 -CVE-2024-8403,1,1,76051fc12bd0333a7606f6cf01a867d2aa1e21c6ea793b04145849a57407d57c,2024-11-19T06:15:17.873000 +CVE-2024-8403,0,0,76051fc12bd0333a7606f6cf01a867d2aa1e21c6ea793b04145849a57407d57c,2024-11-19T06:15:17.873000 CVE-2024-8404,0,0,945e9eec22e9214ed455520b695d919afbd1adaf6153f6675337e3115aa9e84c,2024-10-03T15:19:28.293000 CVE-2024-8405,0,0,b5a88bc76e184307ddd2beb081f39e50ae83f9779c678cc8991166da3c096aa9,2024-10-03T00:51:18.313000 CVE-2024-8407,0,0,190893f5b3da05c3b04f6347e8d36e88eb22b5329ec3a82949674ad3abb1a15d,2024-09-05T14:48:28.513000