Auto-Update: 2024-10-15T02:00:17.488846+00:00

2025-05-07 19:16:29 +00:00 · 2024-10-15 02:03:17 +00:00 · 2024-10-15 02:03:17 +00:00 · 7ad5006c3a
commit 7ad5006c3a
parent affb0ef2a8
5 changed files with 158 additions and 19 deletions
--- a/CVE-2024/CVE-2024-40xx/CVE-2024-4029.json
+++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4029.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-4029",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-05-02T15:15:07.227",
-  "lastModified": "2024-05-02T18:00:37.360",
+  "lastModified": "2024-10-15T01:15:10.500",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -52,6 +52,22 @@
    }
  ],
  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8075",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8076",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8077",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8080",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2024-4029",
      "source": "secalert@redhat.com"
--- a/CVE-2024/CVE-2024-95xx/CVE-2024-9546.json
+++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9546.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9546",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-15T00:15:21.763",
+  "lastModified": "2024-10-15T00:15:21.763",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WPIDE \u2013 File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wpide/tags/3.4.9/vendor/nikic/php-parser/grammar/rebuildParsers.php#L77",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e884af8b-c83f-4380-bfaf-f1419fce125c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-95xx/CVE-2024-9548.json
+++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9548.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9548",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-15T00:15:22.047",
+  "lastModified": "2024-10-15T00:15:22.047",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.2.6",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.2.6/admin/view/right-now.php#L196",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa91912d-5794-4c96-8a13-bd54ce0f1deb?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-14T23:55:18.535760+00:00
+2024-10-15T02:00:17.488846+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-14T23:15:11.407000+00:00
+2024-10-15T01:15:10.500000+00:00
 ```

 ### Last Data Feed Release
@ -27,31 +27,28 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-10-14T00:00:08.647499+00:00
+2024-10-15T00:00:08.663095+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-265537
+265539
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `2`

- [CVE-2024-30117](CVE-2024/CVE-2024-301xx/CVE-2024-30117.json) (`2024-10-14T23:15:11.407`)
- [CVE-2024-35518](CVE-2024/CVE-2024-355xx/CVE-2024-35518.json) (`2024-10-14T22:15:03.320`)
- [CVE-2024-35519](CVE-2024/CVE-2024-355xx/CVE-2024-35519.json) (`2024-10-14T22:15:03.543`)
- [CVE-2024-35520](CVE-2024/CVE-2024-355xx/CVE-2024-35520.json) (`2024-10-14T22:15:03.727`)
- [CVE-2024-9953](CVE-2024/CVE-2024-99xx/CVE-2024-9953.json) (`2024-10-14T22:15:03.957`)
+- [CVE-2024-9546](CVE-2024/CVE-2024-95xx/CVE-2024-9546.json) (`2024-10-15T00:15:21.763`)
+- [CVE-2024-9548](CVE-2024/CVE-2024-95xx/CVE-2024-9548.json) (`2024-10-15T00:15:22.047`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2024-1342](CVE-2024/CVE-2024-13xx/CVE-2024-1342.json) (`2024-10-14T22:15:03.180`)
+- [CVE-2024-4029](CVE-2024/CVE-2024-40xx/CVE-2024-4029.json) (`2024-10-15T01:15:10.500`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -242469,7 +242469,7 @@ CVE-2024-1338,0,0,6474a2f9ec77707e3c5a7ecec68ad08fdaaaf47710b8aa6cdb5a2cfaee7798
 CVE-2024-1339,0,0,368269361864aa76c7ef6a6ead9ae9360f0cb61e706ac307e0f405034b0eb75a,2024-02-29T13:49:29.390000
 CVE-2024-1340,0,0,acab2ca1d3318b31d4d04d251916dd1adab58b22e2d14ac1063a094ceddf46bf,2024-02-29T13:49:29.390000
 CVE-2024-1341,0,0,24619d20f61b9a97aae2da06cb6390f1e8423f9ecf5b39ee5b6046a5bdc79a92,2024-02-29T13:49:29.390000
-CVE-2024-1342,0,1,2f41e6eac1e33a309fc72543d371a67df7cdf22eae12449849cd3aab8e438d93,2024-10-14T22:15:03.180000
+CVE-2024-1342,0,0,2f41e6eac1e33a309fc72543d371a67df7cdf22eae12449849cd3aab8e438d93,2024-10-14T22:15:03.180000
 CVE-2024-1343,0,0,82875d509eaa3416e0538211a693191472d47e60fa3c2a9341963ca663e37eaf,2024-02-20T19:50:53.960000
 CVE-2024-1344,0,0,c8f8e91aa1798ddbdeb43554f14e78c140eb10a5e00c86b2c994c9d319f987a2,2024-02-20T19:50:53.960000
 CVE-2024-1345,0,0,6272ad513ba4552ae5369705745cbf75e189d6fc888a0ebaa1209ac2fe013da5,2024-02-20T19:50:53.960000
@ -250337,7 +250337,7 @@ CVE-2024-3011,0,0,c4846fd2702ef9f4bfa13037695154c3570856acd954e92705194ddf548246
 CVE-2024-30110,0,0,a07e687d8cc25234136155156054fc7c4d3e910119afb02b600c596b9dc2e496,2024-06-28T10:27:00.920000
 CVE-2024-30111,0,0,2d23b069061a9f03f5bbdc50f3bb24e02ba7cc17cb7c96642572c4ddb7c10c61,2024-06-28T10:27:00.920000
 CVE-2024-30112,0,0,b1be3742a46d695d3f82f4d182e1b02e2a0a297ddb2b6a4bf1d69911e3eb1b94,2024-06-26T12:44:29.693000
-CVE-2024-30117,1,1,3002b57de7d9e12f5b41e11065fe3521f99b1366de60896899a22442622353a9,2024-10-14T23:15:11.407000
+CVE-2024-30117,0,0,3002b57de7d9e12f5b41e11065fe3521f99b1366de60896899a22442622353a9,2024-10-14T23:15:11.407000
 CVE-2024-30118,0,0,a600cbc3312207feafbf7858618a61f6dd2c38296d39ec303171804559f68377,2024-10-10T18:50:54.383000
 CVE-2024-30119,0,0,4baed8c508a821c818525782701105249753896feab644ba3efffba269f578b9,2024-07-03T01:53:51.120000
 CVE-2024-3012,0,0,ae30314159430e25e9f2b09f2e0a440cd8bb99b7d72b62fa4eb73b4affe20188,2024-05-17T02:39:40.620000
@ -254159,10 +254159,10 @@ CVE-2024-35511,0,0,0925e571054fff897af51a6c91c2579c2749b26c74104183a16b37d4fa6c6
 CVE-2024-35512,0,0,b896e4527afcecfdf8ee8b9a5d8645a7997efcebb8181c42302f1215247b04ab,2024-08-22T21:35:05.483000
 CVE-2024-35515,0,0,0a6259433dc8b772a7751534ecb780dbd399dd4b702a82474be04ca505d614d4,2024-09-20T12:30:17.483000
 CVE-2024-35517,0,0,bfec791a0cb04e3630fa083b2e569215c8722a3346743b806d1ebf61c836a0f3,2024-10-11T22:15:03.930000
-CVE-2024-35518,1,1,7fa27be39321af8e45199f17e2237d4203ee8e8bc4d352607f4d2d2e04bbe49b,2024-10-14T22:15:03.320000
-CVE-2024-35519,1,1,58e4f17cec91bb1fc227c3af675575b49852ceb83aa9c209a7010b359bb94279,2024-10-14T22:15:03.543000
+CVE-2024-35518,0,0,7fa27be39321af8e45199f17e2237d4203ee8e8bc4d352607f4d2d2e04bbe49b,2024-10-14T22:15:03.320000
+CVE-2024-35519,0,0,58e4f17cec91bb1fc227c3af675575b49852ceb83aa9c209a7010b359bb94279,2024-10-14T22:15:03.543000
 CVE-2024-3552,0,0,b573d704f72bfadd96d903b41988b7617b9a930535c0b223b9c260b4778dcd0d,2024-07-02T14:45:34.543000
-CVE-2024-35520,1,1,2307c8964a0318367d34a80378fdc9376b35045a2a51dc1571d9e8fcfe6557ba,2024-10-14T22:15:03.727000
+CVE-2024-35520,0,0,2307c8964a0318367d34a80378fdc9376b35045a2a51dc1571d9e8fcfe6557ba,2024-10-14T22:15:03.727000
 CVE-2024-35522,0,0,22d6e02f9325c21ee5222c88289910f8f2671497792135b8ac5269387a1004a7,2024-10-11T22:15:04.117000
 CVE-2024-35526,0,0,45f791392c66ed8c499767ccc3e4221d8293b29407aac62d7317c3cd0f64f171,2024-06-26T12:44:29.693000
 CVE-2024-35527,0,0,72600462defbad3d94b9b914561cd106abcd4f14940c552d4d0bd67292ce0acb,2024-08-12T19:35:08.817000
@ -257447,7 +257447,7 @@ CVE-2024-4021,0,0,dd2bc601eca69892097c83b39a1492ca9523a7d157d2f946a0dd030b7888e0
 CVE-2024-4022,0,0,9e369b5b5ea8df7d6bd27a7262a9ade1fde2246b7a1d942564d51d8d0f92edd2,2024-05-17T02:40:13.413000
 CVE-2024-4024,0,0,cc98f9c4ade6346ddf60b956b23ffc3086de856365a82e459e99fddb48dab750,2024-10-03T07:15:31.163000
 CVE-2024-4026,0,0,52171498c993bd60e060ecb310b6ba3adb61d51839677cb6159cb2398bf728c1,2024-04-22T13:28:34.007000
-CVE-2024-4029,0,0,07f4a3557bfc1c26259e7db528f531861deb0f132a9070099c7eec2168b5c67e,2024-05-02T18:00:37.360000
+CVE-2024-4029,0,1,deab3cb05d7bf66c27cb73f3f02ac15e689dfb2c8641f6cd6ac4fde94b23bfc0,2024-10-15T01:15:10.500000
 CVE-2024-4030,0,0,19f825236112c2d38d9364772b7c94395cd52376c790d25417954ee2205eccd6,2024-09-07T03:15:09.917000
 CVE-2024-4031,0,0,5f28e8c1b5067aec87f50d97cb32ada2d0e893cae64c0dbc730c44d567aac95b,2024-04-23T12:52:09.397000
 CVE-2024-40318,0,0,f408c0d0f38b709a30b5f60bb9fda15422ea10a5b622771fde6eea8ad61fdb12,2024-08-26T16:48:28.277000
@ -265414,6 +265414,8 @@ CVE-2024-9536,0,0,56b0d71a5e1f747b35f1ac4fcfd42bf040a735cf796864344938e26d90f693
 CVE-2024-9538,0,0,09ff8d828136926273e234a7df0de9f7df3e277701497c2d4680e9ae80291314,2024-10-11T13:15:19.373000
 CVE-2024-9539,0,0,8966fc6636af6152e0414eab130e86797be15626adebb04d75d77ec16901db50,2024-10-11T18:15:08.887000
 CVE-2024-9543,0,0,0c6f45a8dc106427c9aa4a27ce0a99c89f29e67e9019a384d028eb17f2682b51,2024-10-11T13:15:19.577000
+CVE-2024-9546,1,1,6aac64b1102c33c774b76b25f0b6a6b87033dee1a7d18ff9f9ac75cc4a818f9c,2024-10-15T00:15:21.763000
+CVE-2024-9548,1,1,232fa192560e4c430950e1265a5cdfa1cfba698aec21b94c5cb7438516c743b3,2024-10-15T00:15:22.047000
 CVE-2024-9549,0,0,de2015c0f448716988568c7b5dd774c121a80649e44094dfa56d887e4c1906a6,2024-10-10T13:14:51.793000
 CVE-2024-9550,0,0,910b684d766fc00d3bc835188c16842c5e64a2ca110db17b68c67c53481422d4,2024-10-09T11:15:52.520000
 CVE-2024-9551,0,0,7b5500ec170a7497f673defff182e65008fa33c1b82ef626dcc76f8e4cb7177b,2024-10-09T11:15:42.060000
@ -265535,4 +265537,4 @@ CVE-2024-9922,0,0,38a9a769415efbcfedd53b122b48fa65b5e1f382fdf217a030bbaee2ce3081
 CVE-2024-9923,0,0,54d0eb71a24239c4cf72f6c8d2d43f40cc27d7ae4dae943f2db0568ffd629c72,2024-10-14T04:15:06.070000
 CVE-2024-9924,0,0,5d7f89079afc3d9ca8548ebb3725e799ef08b64b7b5fd0fc7f3c47978b6a83d8,2024-10-14T04:15:06.353000
 CVE-2024-9936,0,0,84f1422b67bbaa43c4b2b921a0bd24fe5cb86e5da956c7f811c06ae275078cda,2024-10-14T14:15:12.553000
-CVE-2024-9953,1,1,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000
+CVE-2024-9953,0,0,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000