From 76d8e5c571d2d00d4838840ef3e2e68376e48cb3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 23 Dec 2024 07:03:46 +0000 Subject: [PATCH] Auto-Update: 2024-12-23T07:00:21.886599+00:00 --- CVE-2024/CVE-2024-112xx/CVE-2024-11230.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-506xx/CVE-2024-50623.json | 14 ++++- README.md | 21 +++---- _state.csv | 21 +++---- 4 files changed, 94 insertions(+), 26 deletions(-) create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11230.json diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11230.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11230.json new file mode 100644 index 00000000000..07189a2a042 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11230.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11230", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-23T05:15:05.800", + "lastModified": "2024-12-23T05:15:05.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018size\u2019 parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.46/inc/widgets-manager/widgets/class-page-title.php#L516", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3194764/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d82c866-5b35-414e-bd72-30530930d5d8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50623.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50623.json index 83a32554211..835727764b8 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50623.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50623.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50623", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-28T00:15:03.657", - "lastModified": "2024-12-20T15:04:26.097", - "vulnStatus": "Analyzed", + "lastModified": "2024-12-23T06:15:06.357", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -64,6 +64,16 @@ "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Cleo Multiple Products Unrestricted File Upload Vulnerability", "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "nvd@nist.gov", "type": "Primary", diff --git a/README.md b/README.md index 8405e1b21d0..c6bb323c678 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-23T03:00:21.371894+00:00 +2024-12-23T07:00:21.886599+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-23T02:15:06.613000+00:00 +2024-12-23T06:15:06.357000+00:00 ``` ### Last Data Feed Release @@ -33,28 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274566 +274567 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `1` -- [CVE-2024-12898](CVE-2024/CVE-2024-128xx/CVE-2024-12898.json) (`2024-12-23T01:15:06.840`) -- [CVE-2024-12899](CVE-2024/CVE-2024-128xx/CVE-2024-12899.json) (`2024-12-23T01:15:07.020`) -- [CVE-2024-12900](CVE-2024/CVE-2024-129xx/CVE-2024-12900.json) (`2024-12-23T02:15:05.630`) -- [CVE-2024-12901](CVE-2024/CVE-2024-129xx/CVE-2024-12901.json) (`2024-12-23T02:15:06.613`) -- [CVE-2024-45721](CVE-2024/CVE-2024-457xx/CVE-2024-45721.json) (`2024-12-23T01:15:07.200`) -- [CVE-2024-46873](CVE-2024/CVE-2024-468xx/CVE-2024-46873.json) (`2024-12-23T01:15:07.403`) -- [CVE-2024-47864](CVE-2024/CVE-2024-478xx/CVE-2024-47864.json) (`2024-12-23T01:15:07.553`) -- [CVE-2024-52321](CVE-2024/CVE-2024-523xx/CVE-2024-52321.json) (`2024-12-23T01:15:07.700`) -- [CVE-2024-54082](CVE-2024/CVE-2024-540xx/CVE-2024-54082.json) (`2024-12-23T01:15:07.840`) +- [CVE-2024-11230](CVE-2024/CVE-2024-112xx/CVE-2024-11230.json) (`2024-12-23T05:15:05.800`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-50623](CVE-2024/CVE-2024-506xx/CVE-2024-50623.json) (`2024-12-23T06:15:06.357`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c3e9e3f9e9e..118eb42f4ec 100644 --- a/_state.csv +++ b/_state.csv @@ -244057,6 +244057,7 @@ CVE-2024-11227,0,0,4429f46befcca636641488313efda0ce9e85d610d1a8222594e7b609e2557 CVE-2024-11228,0,0,ea3ea506f494760971365e8cc08e4c50cc9e1b3e56f38ea31b32e4e82646f717,2024-11-23T12:15:18.577000 CVE-2024-11229,0,0,f216e4e055884628872bc9827bd59bcb71e0c27eff667134ca7f40729f0e7955,2024-11-23T12:15:18.983000 CVE-2024-1123,0,0,8b17d130c61ae38981c31032a4e85450c1b0fc32b8189b46d005a999a3b68420,2024-11-21T08:49:51.077000 +CVE-2024-11230,1,1,f575b944f513597b2d7c102a684d7520e6de50ddd1d937643a4b3d348b3f1a97,2024-12-23T05:15:05.800000 CVE-2024-11231,0,0,1babaa8434f0dabb897e61577b0db39dc3dbee760a24a16a5980940fb44c99a3,2024-11-23T12:15:19.387000 CVE-2024-11233,0,0,f693569babb39b28690250bf399e234d5652aa087fc09c6fa53135c369c0e730,2024-11-26T18:26:37.783000 CVE-2024-11234,0,0,76a20d0b5df369c7dd2c3a2819b7721a96e80c779172c74c627d64ef7ab10b79,2024-11-26T19:06:10.243000 @@ -245070,11 +245071,11 @@ CVE-2024-12894,0,0,38ca8339bb6400ff08caeebde70032264a7662949504841ad5ff150add3fc CVE-2024-12895,0,0,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000 CVE-2024-12896,0,0,b46bab1f05703ff0008332eb402a62ef781a767148efb6c7c7134cb4f610f1e9,2024-12-22T23:15:05.677000 CVE-2024-12897,0,0,e84417159b1fa979d786feb5c9c9428d1f89aad1baca53371c1b473a818b22fd,2024-12-23T00:15:04.940000 -CVE-2024-12898,1,1,01cf06e013b17879e3ad11f28cc90b4f8ab9d8accfe80d6b33f345df309c44cc,2024-12-23T01:15:06.840000 -CVE-2024-12899,1,1,a8156719562171ad632b82cbae15ec7c223a7a48bfe33b1a670936619c6c2e7c,2024-12-23T01:15:07.020000 +CVE-2024-12898,0,0,01cf06e013b17879e3ad11f28cc90b4f8ab9d8accfe80d6b33f345df309c44cc,2024-12-23T01:15:06.840000 +CVE-2024-12899,0,0,a8156719562171ad632b82cbae15ec7c223a7a48bfe33b1a670936619c6c2e7c,2024-12-23T01:15:07.020000 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000 -CVE-2024-12900,1,1,1012b3733f239b410a68b2041572702d5a7f787259c3b8be862ffc1a0d536863,2024-12-23T02:15:05.630000 -CVE-2024-12901,1,1,7438bb24c69768569f04db263b25be4e855460433a924b6dad82e02e6b0c486b,2024-12-23T02:15:06.613000 +CVE-2024-12900,0,0,1012b3733f239b410a68b2041572702d5a7f787259c3b8be862ffc1a0d536863,2024-12-23T02:15:05.630000 +CVE-2024-12901,0,0,7438bb24c69768569f04db263b25be4e855460433a924b6dad82e02e6b0c486b,2024-12-23T02:15:06.613000 CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000 CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000 CVE-2024-1293,0,0,a122e9ddbaac35fa4b5b33d2b10cf37b4d4e3a3677cea83da66723805eec222b,2024-11-21T08:50:15.167000 @@ -264834,7 +264835,7 @@ CVE-2024-45717,0,0,d0042290bedfde686afafcdb66609ec6e09f7a07ad76868bcb14ec916e681 CVE-2024-45719,0,0,6ca7636d4f46abcbe25b85f74f485dd396329e29ed902891ee416ba7b0049fcb,2024-11-22T21:15:18.130000 CVE-2024-4572,0,0,6754f54e88e479a744a4367c8d1d2577fd697a90d0783dabcb9fc508df61090e,2024-05-14T15:44:06.153000 CVE-2024-45720,0,0,ab26e4a66e708abfafd5a0e7f8395b5431ac8a5c3efe1cec42e73393318df61a,2024-11-21T09:38:01.030000 -CVE-2024-45721,1,1,9efa8d5c7cbf93ab4f729d2bd7b22842337d0ab8beb27bf5bd04ae2864f2d64d,2024-12-23T01:15:07.200000 +CVE-2024-45721,0,0,9efa8d5c7cbf93ab4f729d2bd7b22842337d0ab8beb27bf5bd04ae2864f2d64d,2024-12-23T01:15:07.200000 CVE-2024-45722,0,0,a6cbff3e6d145027776ad45ff696f8999c1abb5b5325df679b4335e1344e5fc1,2024-12-10T19:49:53.693000 CVE-2024-45723,0,0,e4b82db032d3a4ca868b794df461af99089e3cf6b69e82693349f9c5b4326629,2024-10-17T17:15:12.110000 CVE-2024-45731,0,0,9e6b9f6efc83855233c254d65e09470d9fc869b8f01875e0d9ffb17f0327775d,2024-10-17T13:09:33.017000 @@ -265475,7 +265476,7 @@ CVE-2024-4687,0,0,691fbe5c860edbdf18385945123ec35fc420e5337163168b9949809bc18727 CVE-2024-46870,0,0,1fd806f0972b8da340a2a96a775ca19e71689c6390ef179657882172ad5e53cb,2024-10-23T14:26:28.690000 CVE-2024-46871,0,0,8a75195bb742a7d09e2157f53cf4a29ae8646360a0fbe4ce86872d4d639a0ed3,2024-12-14T21:15:25.810000 CVE-2024-46872,0,0,b89329ee39c24a048dc575ac8e49e59d1a714d7b0226ecee7aec778895c50c1d,2024-11-08T15:00:42.473000 -CVE-2024-46873,1,1,c89ea423c2376bd6f6b72fea3f01f250004a52088b70335286b91ceb3bced266,2024-12-23T01:15:07.403000 +CVE-2024-46873,0,0,c89ea423c2376bd6f6b72fea3f01f250004a52088b70335286b91ceb3bced266,2024-12-23T01:15:07.403000 CVE-2024-46874,0,0,26c14938d3bd992112157bea5c4166c0fd1799831df9907b641db7157a63de40,2024-12-10T19:49:18.773000 CVE-2024-4688,0,0,0da5a2cc4532b2a20302b23569ddc0737195b6ffa097a6ed8db87ef0127f00f2,2024-11-21T09:43:23.167000 CVE-2024-46886,0,0,9a63353229e01fb1edd6f3ab48979b30c42407a9917c12b34caece3fb7192dd7,2024-10-10T12:56:30.817000 @@ -266288,7 +266289,7 @@ CVE-2024-47854,0,0,a9f09de7f0b5818799d7735e32fab0528117f290764772f98a3e102c722b0 CVE-2024-47855,0,0,2488ce52c534b254c4fe75f30de0e6a94b0d61e1b79ce7021bafc48eccaf27dc,2024-11-07T20:35:11.733000 CVE-2024-4786,0,0,5dd0f73d93c1de75f19479b5cea5e29a1ae9a8934feaf695496bbc3c8ecfd1b2,2024-11-21T09:43:36.490000 CVE-2024-47863,0,0,e6340b76eef305e4f9a2a18e9b3431d1240e5a81cf4fe7cadb463db9ca192b6e,2024-11-25T18:15:13.063000 -CVE-2024-47864,1,1,7b10b8eb7e9b4aad4b5e06fbda58fa3c7474d35f3257df4264031ed55cbc2620,2024-12-23T01:15:07.553000 +CVE-2024-47864,0,0,7b10b8eb7e9b4aad4b5e06fbda58fa3c7474d35f3257df4264031ed55cbc2620,2024-12-23T01:15:07.553000 CVE-2024-47865,0,0,856fbee2d0c29a916be674bec6df8b3f8c62e1515bf27cff8f7842b39f9edbc2,2024-11-21T13:57:24.187000 CVE-2024-47867,0,0,e092a653d911d624ac72fe0241f3aa280e95881b91b7bf36e469f143c2618cbf,2024-11-15T16:44:54.783000 CVE-2024-47868,0,0,f48e57a4ad7d358802e08c6ee8997c1410f483adbdf2de7ffeb891dd0fb1dab5,2024-10-17T17:04:35.547000 @@ -268191,7 +268192,7 @@ CVE-2024-50614,0,0,29f22ac93163ff1303a42a1fec38fde0552d285d63129bbab00c726fede4a CVE-2024-50615,0,0,4d2a2e353be570a02fcdfff0b42fb37b106e2c1e8ab4e77f1c580e4daa183aa0,2024-10-30T20:35:37.310000 CVE-2024-50616,0,0,f16f40ce12577bc20e6d17ff8fa15bd5a1f69a543581dc34546ce7e8ac77217c,2024-10-30T20:35:38.380000 CVE-2024-5062,0,0,cdc86dcd84c87200c0328afbc0b136b026f9aaa280f8620d87cfe6bc9e21b227,2024-11-21T09:46:53.077000 -CVE-2024-50623,0,0,fbc7180051d21f3b882ce8b014ba2136036caba5e6fb74887641a3e6975ea4c8,2024-12-20T15:04:26.097000 +CVE-2024-50623,0,1,a42b8474b720b20703db546b945276a382320df10b0eef38229afd3da2f40c09,2024-12-23T06:15:06.357000 CVE-2024-50624,0,0,425b4912ca74d0f19519cece63451f565c900b6a769644536a74ca4edcfab020,2024-10-30T21:35:12.223000 CVE-2024-50625,0,0,600a63b94c23d23207c426e1e43b071296b787357ca99d17c5661761f04e2a95,2024-12-12T02:06:32.647000 CVE-2024-50626,0,0,ee346cb1a02e9d6ceaf318c396c6bbfc04e63993edcd6528fb39c33b5fb34c43,2024-12-12T02:06:32.817000 @@ -269104,7 +269105,7 @@ CVE-2024-52317,0,0,ce73efcf7b1c232dccd668d6afadee9ebc191724bbb215d2a3cde41432512 CVE-2024-52318,0,0,9990c8ea56e7da2a0fb5af64141a1eeb644a507e2c6f41d3a96bd75739255ee9,2024-11-21T09:46:16.813000 CVE-2024-5232,0,0,9c659ab55a0398d626d6da1c09e82340b1fec2662d16e1eca07d5817bed41493,2024-11-21T09:47:14.200000 CVE-2024-52320,0,0,fbfaa1883239695b0007c9764a43ac2cebac69eb763863afcec1548f7df5c2dd,2024-12-06T18:15:25.737000 -CVE-2024-52321,1,1,810125fed33d3a81fef555e63f8bd28a1a60114151ab12dec90595d5f02ee13e,2024-12-23T01:15:07.700000 +CVE-2024-52321,0,0,810125fed33d3a81fef555e63f8bd28a1a60114151ab12dec90595d5f02ee13e,2024-12-23T01:15:07.700000 CVE-2024-52323,0,0,57617b6f1b94228bad139ee211c36bd4ec7e4706388ebf89e10500861eceb01c,2024-11-27T15:15:26.377000 CVE-2024-52324,0,0,1b82757393c4b121efeb2aca56c501ac2b568f66f0e838324b89dea8626b5590,2024-12-10T19:42:56.737000 CVE-2024-5233,0,0,f7aceb9f589abd3e3127e7bdc682ef20b7c3a1e0d748898af38a399a8a8c2229,2024-11-21T09:47:14.357000 @@ -270085,7 +270086,7 @@ CVE-2024-54051,0,0,3a9b3ab110d43a5a43f2119d4ad99971d223dd6716849a13bc9d084152928 CVE-2024-5406,0,0,5db0f501f7c712d4bcce798425460b3472165eeef82fd225689429d234120e5b,2024-11-21T09:47:35.457000 CVE-2024-5407,0,0,e082637321598f3dc8c3c9e1760b81a1e1197c4d13cd58fed3245c37f0bb71c9,2024-11-21T09:47:35.567000 CVE-2024-5408,0,0,0b23a712a85d13fef48f02294d854672174790bd624dfee1416450ccef66434a,2024-11-21T09:47:35.690000 -CVE-2024-54082,1,1,9ebb2a96cc2d7205dc499652563889da625adbc9e224107999418bf2d0739828,2024-12-23T01:15:07.840000 +CVE-2024-54082,0,0,9ebb2a96cc2d7205dc499652563889da625adbc9e224107999418bf2d0739828,2024-12-23T01:15:07.840000 CVE-2024-54083,0,0,5fd9cfa9d541ec1d140263f1195469b624b1e1b6173ea5643199f37a0fe69372,2024-12-16T08:15:05.317000 CVE-2024-5409,0,0,f7df79bf8c405f523130badde3800a80499e2a2f05cefac143617aad785ef5de,2024-11-21T09:47:35.810000 CVE-2024-54091,0,0,dc5c73da9eed4ea1b769bbbff881c5fabd4f746f0337a6f741715e6c55e58677,2024-12-12T14:15:22.953000