From 8027c564d11bbe5285bfe2f089674fb9e82fe19b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 26 Sep 2024 04:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-09-26T04:00:17.798479+00:00 --- CVE-2023/CVE-2023-60xx/CVE-2023-6006.json | 4 +- CVE-2024/CVE-2024-223xx/CVE-2024-22303.json | 4 +- CVE-2024/CVE-2024-30xx/CVE-2024-3037.json | 18 +++--- CVE-2024/CVE-2024-473xx/CVE-2024-47330.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-47xx/CVE-2024-4712.json | 20 +++---- CVE-2024/CVE-2024-84xx/CVE-2024-8404.json | 56 ++++++++++++++++++ CVE-2024/CVE-2024-84xx/CVE-2024-8405.json | 56 ++++++++++++++++++ CVE-2024/CVE-2024-85xx/CVE-2024-8552.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8723.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-88xx/CVE-2024-8803.json | 64 +++++++++++++++++++++ README.md | 23 +++++--- _state.csv | 18 ++++-- 12 files changed, 410 insertions(+), 37 deletions(-) create mode 100644 CVE-2024/CVE-2024-473xx/CVE-2024-47330.json create mode 100644 CVE-2024/CVE-2024-84xx/CVE-2024-8404.json create mode 100644 CVE-2024/CVE-2024-84xx/CVE-2024-8405.json create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8552.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8723.json create mode 100644 CVE-2024/CVE-2024-88xx/CVE-2024-8803.json diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json index 481d7c03859..d3c752330f4 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json @@ -2,13 +2,13 @@ "id": "CVE-2023-6006", "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "published": "2023-11-14T04:15:07.850", - "lastModified": "2024-09-26T01:15:10.953", + "lastModified": "2024-09-26T02:15:02.163", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM" + "value": "This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM\n\nNote: This CVE has been rescored with a \"Privileges Required (PR)\" rating of low, and \u201cAttack Complexity (AC)\u201d rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json index 5069bc19eae..56811fee435 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22303.json @@ -2,13 +2,13 @@ "id": "CVE-2024-22303", "sourceIdentifier": "audit@patchstack.com", "published": "2024-09-17T14:15:17.123", - "lastModified": "2024-09-20T12:30:51.220", + "lastModified": "2024-09-26T03:15:02.520", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4." + "value": "Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3037.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3037.json index 51286ab5a90..8699a3dc692 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3037.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3037.json @@ -2,13 +2,13 @@ "id": "CVE-2024-3037", "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "published": "2024-05-14T15:39:48.660", - "lastModified": "2024-05-14T16:11:39.510", + "lastModified": "2024-09-26T02:15:02.277", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group).\n\n" + "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nNote: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it\u2019s been rescored with a \"Privileges Required (PR)\" rating of low, and \u201cAttack Complexity (AC)\u201d rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server." }, { "lang": "es", @@ -22,20 +22,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "NONE", + "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.0, - "baseSeverity": "MEDIUM" + "baseScore": 7.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.8, - "impactScore": 5.2 + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2024/CVE-2024-473xx/CVE-2024-47330.json b/CVE-2024/CVE-2024-473xx/CVE-2024-47330.json new file mode 100644 index 00000000000..15465e6e681 --- /dev/null +++ b/CVE-2024/CVE-2024-473xx/CVE-2024-47330.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-47330", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-09-26T03:15:02.670", + "lastModified": "2024-09-26T03:15:02.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-6-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4712.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4712.json index 7c748ec1d95..c5b076bc173 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4712.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4712.json @@ -2,13 +2,13 @@ "id": "CVE-2024-4712", "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "published": "2024-05-14T15:44:27.660", - "lastModified": "2024-05-14T16:11:39.510", + "lastModified": "2024-09-26T02:15:02.550", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group).\n\n" + "value": "An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled.\u00a0This specific flaw exists within the image-handler process, which can incorrectly create files that don\u2019t exist when a maliciously formed payload is provided. This can lead to local privilege escalation.\n\nNote: \n\nThis CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it\u2019s been rescored with a \"Privileges Required (PR)\" rating of low, and \u201cAttack Complexity (AC)\u201d rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server." }, { "lang": "es", @@ -22,20 +22,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "NONE", + "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.0, - "baseSeverity": "MEDIUM" + "baseScore": 7.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.8, - "impactScore": 5.2 + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-59" + "value": "CWE-77" } ] } diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8404.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8404.json new file mode 100644 index 00000000000..0eff5913f67 --- /dev/null +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8404.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8404", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-09-26T02:15:02.797", + "lastModified": "2024-09-26T02:15:02.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8405.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8405.json new file mode 100644 index 00000000000..df33d5b14ab --- /dev/null +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8405.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8405", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-09-26T02:15:03.007", + "lastModified": "2024-09-26T02:15:03.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don\u2019t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.\n\nNote: \n\nThis CVE has been split from CVE-2024-4712." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8552.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8552.json new file mode 100644 index 00000000000..5125134ff7a --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8552.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8552", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-26T03:15:03.000", + "lastModified": "2024-09-26T03:15:03.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.8/src/AjaxHandler.php#L317", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3157424/#file17", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3acaedff-f616-4b66-9208-f7e6a4df920d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8723.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8723.json new file mode 100644 index 00000000000..5af4be65306 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8723.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8723", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-26T03:15:03.310", + "lastModified": "2024-09-26T03:15:03.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/012-ps-multi-languages/trunk/includes/ps-multilingual-edit-post.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8803.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8803.json new file mode 100644 index 00000000000..8e58d583cde --- /dev/null +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8803.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8803", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-26T03:15:03.640", + "lastModified": "2024-09-26T03:15:03.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bulk-noindex-nofollow-toolkit-by-mad-fish/trunk/inc/bulk-noindex-toolkit-class.php?rev=3047303#L452", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3157176/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f4a64126259..c53457ae3b6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-26T02:00:16.921892+00:00 +2024-09-26T04:00:17.798479+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-26T01:15:11.220000+00:00 +2024-09-26T03:15:03.640000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -263785 +263791 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +- [CVE-2024-47330](CVE-2024/CVE-2024-473xx/CVE-2024-47330.json) (`2024-09-26T03:15:02.670`) +- [CVE-2024-8404](CVE-2024/CVE-2024-84xx/CVE-2024-8404.json) (`2024-09-26T02:15:02.797`) +- [CVE-2024-8405](CVE-2024/CVE-2024-84xx/CVE-2024-8405.json) (`2024-09-26T02:15:03.007`) +- [CVE-2024-8552](CVE-2024/CVE-2024-85xx/CVE-2024-8552.json) (`2024-09-26T03:15:03.000`) +- [CVE-2024-8723](CVE-2024/CVE-2024-87xx/CVE-2024-8723.json) (`2024-09-26T03:15:03.310`) +- [CVE-2024-8803](CVE-2024/CVE-2024-88xx/CVE-2024-8803.json) (`2024-09-26T03:15:03.640`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `4` -- [CVE-2023-6006](CVE-2023/CVE-2023-60xx/CVE-2023-6006.json) (`2024-09-26T01:15:10.953`) -- [CVE-2024-2660](CVE-2024/CVE-2024-26xx/CVE-2024-2660.json) (`2024-09-26T01:15:11.220`) -- [CVE-2024-43491](CVE-2024/CVE-2024-434xx/CVE-2024-43491.json) (`2024-09-26T01:00:01.267`) +- [CVE-2023-6006](CVE-2023/CVE-2023-60xx/CVE-2023-6006.json) (`2024-09-26T02:15:02.163`) +- [CVE-2024-22303](CVE-2024/CVE-2024-223xx/CVE-2024-22303.json) (`2024-09-26T03:15:02.520`) +- [CVE-2024-3037](CVE-2024/CVE-2024-30xx/CVE-2024-3037.json) (`2024-09-26T02:15:02.277`) +- [CVE-2024-4712](CVE-2024/CVE-2024-47xx/CVE-2024-4712.json) (`2024-09-26T02:15:02.550`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 35780f07648..8cf0a558d9e 100644 --- a/_state.csv +++ b/_state.csv @@ -240118,7 +240118,7 @@ CVE-2023-6001,0,0,f830330f1f4a77e3940459eae75c184566e1206f51966434ad49fe9f62d1e8 CVE-2023-6002,0,0,d850a94d901a7a5b2325e2e9b24b2ac6dbe4a2de7b859aaf98ea9c00bbc1f100,2023-11-15T15:16:24.487000 CVE-2023-6004,0,0,a6bd4d0bdc71884f4b048260cf693d607d396a950f8df3925897dea0602faafb,2024-09-16T18:15:53.167000 CVE-2023-6005,0,0,3301c705561209053f50b6bec7e6c53a759b655067290560a57ff3b3e19a668c,2024-01-19T14:27:45.383000 -CVE-2023-6006,0,1,aea8187b993aad681213d86414e70882f6044544f8741efdb93c04d5206732d3,2024-09-26T01:15:10.953000 +CVE-2023-6006,0,1,fd752636dfd7fe9a2d58e0f1a26e5e3e499336d3c9b362300abe84d4f3e673ec,2024-09-26T02:15:02.163000 CVE-2023-6007,0,0,bb6ca4c7091c0440becc578eceb68b3d08abac854016d7ee38b11b83593048d5,2023-11-29T19:01:54.823000 CVE-2023-6008,0,0,c5d5d46611f153ede6b144f0e2512002ebcc4e83d1650b6ddf6eb0785b967baf,2023-11-29T18:58:44.753000 CVE-2023-6009,0,0,037bae6f5584e39b19c3b3f5ba6c45c24d1f2f330c48345ca85e845a49dc7170,2023-11-29T18:54:09.383000 @@ -244744,7 +244744,7 @@ CVE-2024-2230,0,0,81b726a6e768be79a74c3dcd4be2a480a2104236725fc7bffdeb7f2fbcd260 CVE-2024-22300,0,0,2ccc2ed7d49a64132a7983e9a20d1608e44be91faa8ac853f3fc7e5537921096,2024-03-27T12:29:30.307000 CVE-2024-22301,0,0,6ea04ba8fe9617b0d51c2fd6df44a496f80ce215c2c4f5fff80486be4006a269,2024-01-30T17:44:59.847000 CVE-2024-22302,0,0,362c5a4f749f18001b8a7dcb225bccd5bc460dbdebe5d9a9ec96a1e36f826c38,2024-02-06T15:03:44.550000 -CVE-2024-22303,0,0,d94975eba9e8b4d178a20cfe3a46d69a48b8fa089f3152af218f7ef6ad604ab4,2024-09-20T12:30:51.220000 +CVE-2024-22303,0,1,1767c298d5b2e06cfe98fc4b15c32ef22f9559b9413cdf859faaf6c176b6afb1,2024-09-26T03:15:02.520000 CVE-2024-22304,0,0,d67aadb9e2f2a8922ce3f2329d1d83c880e9db8ed9775a858536276b6d2b71fb,2024-02-03T00:21:59.163000 CVE-2024-22305,0,0,3299523f3b75290f8ab4191f513bdb6256b216a4956cb61206392c7121abdf41,2024-02-05T20:42:22.943000 CVE-2024-22306,0,0,e9e637b40676dc8271792a0690b94850a032bacff223625bec6ea440280c18af,2024-02-06T18:20:46.017000 @@ -247531,7 +247531,7 @@ CVE-2024-26596,0,0,a95c365bb8aa86f65ccf48ab078f1b584d1d4007c2aa74b6e9891b14dbdc0 CVE-2024-26597,0,0,ab528d9508a4a43c1bd633754ae26c95fecf70fa3f069dcff05111c73d87ff04,2024-06-27T12:15:18.200000 CVE-2024-26598,0,0,1e518e82505097e7b8cfcdf7448800a539eb76e006eac697ca8f89d65bc9d900,2024-08-27T14:34:41.740000 CVE-2024-26599,0,0,6aea73e570b1bfdda9488cab227d897f6bf1c7ed921862f42cf866fbae061ada,2024-04-17T19:34:01.837000 -CVE-2024-2660,0,1,39d392fe193c1565a64b4b3f7b6499afa6e3398aab28e0132e842db9854268ae,2024-09-26T01:15:11.220000 +CVE-2024-2660,0,0,39d392fe193c1565a64b4b3f7b6499afa6e3398aab28e0132e842db9854268ae,2024-09-26T01:15:11.220000 CVE-2024-26600,0,0,15667b54419b74d13bfaebbe5a6d6002dfe7c4fdc4d02b07defbd604b0f0ec30,2024-06-27T12:15:18.347000 CVE-2024-26601,0,0,c309ea678f47918cfba362cb4e6c45ea17486e585f0d624843ed54c0b4206060,2024-06-25T22:15:18.583000 CVE-2024-26602,0,0,c671562f047f7d13a401b1ec7bac2643cfda5f593bfda2f60c85b3df866bd8ff,2024-06-27T12:15:18.543000 @@ -250410,7 +250410,7 @@ CVE-2024-30366,0,0,017638cacc63c5bca1e49a36bd6cf624199b21049716a909c39259050ef5a CVE-2024-30367,0,0,e20ca596e010b38b51bc04c9fe579d6549936485a2ebf8759f46c93b9baf83db,2024-04-03T12:38:04.840000 CVE-2024-30368,0,0,955d719f80aef3f3fce89226b635f4c0f3197824431ae3f1b9a52be812680c97,2024-09-24T13:54:11.827000 CVE-2024-30369,0,0,084ebabb6bba6f65e3a665faf08cf2442ac42f59e1585ca47c68653967d4e7cb,2024-09-24T13:55:20.847000 -CVE-2024-3037,0,0,a1c986f823ccde3b89d50b9d6f5cf759926d2d4da5503398101b7b91b06d035b,2024-05-14T16:11:39.510000 +CVE-2024-3037,0,1,5192283ef3f0b9026a4bd8ad8d1a7b79d0e8030dc3224136afdfcbc8af6dad6b,2024-09-26T02:15:02.277000 CVE-2024-30370,0,0,6207ecfb3ab83effd5b69f8ad0454d61dd1c4b620444f7bf5bed75b59a7e9bf2,2024-04-03T12:38:04.840000 CVE-2024-30371,0,0,5cb1f88df7d7d6dd29afc1f981808ff71d5fa01260db76282c78c8209c6570fc,2024-04-03T12:38:04.840000 CVE-2024-30373,0,0,ac2231546cc34daa74c465f9a9fe35653c0122d2d53839e7bf0cd715536bd357,2024-06-07T14:56:05.647000 @@ -259136,7 +259136,7 @@ CVE-2024-43482,0,0,d8f402bc0f3ce251083854e9d472514518876444465b9e6fddf99899cdf43 CVE-2024-43487,0,0,b1bbbe6f3eeb8f594d4cca9a1e5f97347bd8ae24b6674c21dd2e36175fe4aaad,2024-09-18T14:10:20.320000 CVE-2024-43489,0,0,9f3663a5117643ca66490ff50d07401aac7a21947903cd82d777468b0669d10d,2024-09-23T17:33:25.633000 CVE-2024-4349,0,0,a8b03025f36b8713c52951e7ebcf312d165d904bb8cd188665520ff04ec5e58b,2024-06-04T19:20:36.340000 -CVE-2024-43491,0,1,d198019651bd96853897866c0609cb57460e36f90bdbdfaf53a9951b0099ab32,2024-09-26T01:00:01.267000 +CVE-2024-43491,0,0,d198019651bd96853897866c0609cb57460e36f90bdbdfaf53a9951b0099ab32,2024-09-26T01:00:01.267000 CVE-2024-43492,0,0,af0e73844988f19d42832ecb20006b5ce23817c5aa51bd592ac57ea711827c4a,2024-09-18T13:57:22.880000 CVE-2024-43495,0,0,d2a8d4c3f203ea859641059613f0257436e0f701c3b0d8de8a57b0ddb10ca75e,2024-09-18T13:55:07.100000 CVE-2024-43496,0,0,1e4f277010291ea8388e3463633269924e9ec7b9c2f947668d81da4d3ef80c37,2024-09-23T17:32:54.663000 @@ -260528,7 +260528,7 @@ CVE-2024-47089,0,0,747d9db580763da5143a0072ff546dab60f08a23733ea114071ab112c2f09 CVE-2024-4709,0,0,291d83b7a71e23f3ddf2ffe4b4f9de6c9c89e71bab3de54c457add53e92c99e9,2024-05-20T13:00:34.807000 CVE-2024-4710,0,0,bc3d641a4dcd652350f442cdc80714adde1798c9afb82fb5cdb92bbe3aa27b20,2024-05-21T12:37:59.687000 CVE-2024-4711,0,0,d363465dc42b9acab3c0c0b87ab6c465a5fbabc481e6b69ff97f983a499169d2,2024-07-18T16:32:23.447000 -CVE-2024-4712,0,0,8c9912a72fdb973e445c03f0c431e473f67586d80716ea23b3c04f9af648d862,2024-05-14T16:11:39.510000 +CVE-2024-4712,0,1,3843a22d246b1dcd1f463ab35db131587d98590206b11784167b4cf4df51610c,2024-09-26T02:15:02.550000 CVE-2024-4713,0,0,a3c96b0a67396332ccb3b3b7da032ec990741228737b0623d292fd0ff6dd150b,2024-06-04T19:20:46.913000 CVE-2024-4714,0,0,d7e9d9d95d84a12a856ae94c0b47f221a8b241db6b1f0d94ea74b84fa1b36764,2024-06-04T19:20:47.027000 CVE-2024-4715,0,0,8280b54df57d141f79c5c5ba7edbd4b8610f06a30ecbd5ba39cd6c268b4b3f05,2024-06-04T19:20:47.130000 @@ -260564,6 +260564,7 @@ CVE-2024-4731,0,0,ff0f4697afac2eb26d16b700c40cb0a3947b6039ec9b762c8c08a8e49bc998 CVE-2024-47315,0,0,806f359f72a06920b81ba1ee4bcc9b7d2863d9202ff1492c78f9ed1c318bb568,2024-09-25T18:15:05.807000 CVE-2024-4732,0,0,2f9d1622a74bcf5d144d47d69a297d840c0353e903036f272ef15e7560aa5dbf,2024-06-04T19:20:48.237000 CVE-2024-4733,0,0,bab73609d3aaa55dacedcdd69b9c9d83fbc709adf98853b3adb423b13daf2498,2024-05-17T18:36:31.297000 +CVE-2024-47330,1,1,aee96dfe3b2a24a7a0add2b33c82f3503b8340fef13c82cd4946e8411902491c,2024-09-26T03:15:02.670000 CVE-2024-4734,0,0,0eefea1299cd16be8adb4bc3a22d24ee524acae6c15e2191dca2420e7021d6ef,2024-05-15T16:40:19.330000 CVE-2024-4735,0,0,74f4fbd101bb46efdc880f338cfb70c8fd3a6ef365bd7732d2107c79fb3d78b8,2024-06-04T19:20:48.397000 CVE-2024-4736,0,0,d66d2cb2e0afad57d9d4fb0dd29db1ae480425b093ff5e46c35972ad67bf1599,2024-06-04T19:20:48.497000 @@ -263476,6 +263477,8 @@ CVE-2024-8391,0,0,e4a53876b2b078fcdc3ea9cb2dcdd9122c87a07a74293148b584a5df448e00 CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000 CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000 CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000 +CVE-2024-8404,1,1,04efd95dbbca50c23535a988c1ac175413ff25f3fc5731fe6d68974837b24c08,2024-09-26T02:15:02.797000 +CVE-2024-8405,1,1,b7c48015604dbd0f8305b6dfd330b97a61f8cc61cc88313de67331a605dc4c9a,2024-09-26T02:15:03.007000 CVE-2024-8407,0,0,190893f5b3da05c3b04f6347e8d36e88eb22b5329ec3a82949674ad3abb1a15d,2024-09-05T14:48:28.513000 CVE-2024-8408,0,0,9f87fcd812f2a0614c81edf26c59a3fd5158e6ac48b1ed6a5cdb904e931cd196,2024-09-05T14:41:14.603000 CVE-2024-8409,0,0,9f46c5adb31a6d87824a8eab48e9d2e947ae9b31368ae468d358816a64d27b2e,2024-09-05T14:20:27.397000 @@ -263540,6 +263543,7 @@ CVE-2024-8543,0,0,e190cfdf6def9f928d16ce7c20119d5fac7745c9206ec7d9500145321b367e CVE-2024-8544,0,0,b92ed2b51bae3f52bc853d79bde121bda69091c5cde9cc12e546571a35641dfd,2024-09-24T02:15:03.687000 CVE-2024-8546,0,0,72dd0e8b3978c165f9beb60b55e8d42aa02c7869febf0ff1b80c593288834bb9,2024-09-25T13:15:04.313000 CVE-2024-8549,0,0,fcd242b6ea38a056c01db9880c2a52a409c7d0c95c3a6f9a54b5be14b01f3eaf,2024-09-25T03:15:05.393000 +CVE-2024-8552,1,1,61ca7efc99bf9ad3fbdf1be012e29a1580bfcdc6cbef8f2a52f1d3e90592e91c,2024-09-26T03:15:03 CVE-2024-8554,0,0,46c32adbe15332664cfc930fe8c32bff96db8190902ab789492b593fa03348f1,2024-09-10T13:52:23.250000 CVE-2024-8555,0,0,0c0685cb1cca90ba97dbbe7724af46b71d0ab057cb41b6cc62e81df56a2985b7,2024-09-10T13:53:11.847000 CVE-2024-8557,0,0,86ab04a42076aa0fe9f792cba1f27d54b98becfc358809b664a63ce528fde776,2024-09-10T14:19:36.280000 @@ -263635,6 +263639,7 @@ CVE-2024-8711,0,0,0a0fc486d277b8c36cfb49b6365925dae98dcfc88dd0e7309623a05e1f41ec CVE-2024-8713,0,0,ca0ac042f1c62982fccd7ac5a0424c95d9b030be707adc38aa9969dada509b4b,2024-09-25T03:15:05.840000 CVE-2024-8714,0,0,1f87b4efca35fcf892145b4bafa975ef81f515a87b9325943f1ad91188a98b5b,2024-09-13T16:37:22.997000 CVE-2024-8716,0,0,a77eb658c493b56b9d7fc45aa1847dc2519991d526a5ee8bd0fb542ca8c95921,2024-09-24T02:15:04.360000 +CVE-2024-8723,1,1,403f44e84ea509a26e588d9137cd324aa3c3ee738b85c9ce6f64e21da193b6f0,2024-09-26T03:15:03.310000 CVE-2024-8724,0,0,b84c0f858130dbe3d5efee42c723e6b66a5ac84e9dedd508f06aebfed2f7ce86,2024-09-14T11:47:14.677000 CVE-2024-8730,0,0,992937a3fe08341c8a8ac293d7e6b47ec1d7e31a336aa4a6af6fc18e9a0019bc,2024-09-13T16:37:22.997000 CVE-2024-8731,0,0,736811c720e84a581cf4a6e60c7046f380caf7eabd4dc85e633e03526e4e33b4,2024-09-13T16:37:22.997000 @@ -263672,6 +263677,7 @@ CVE-2024-8795,0,0,ce1ff4c5af2c658433bac2600921c58ddd4ddeb372cf874bcbce03ebd8a824 CVE-2024-8796,0,0,85a6dfb5fb230c10b66238538bd5fe186ab9999598b67e5deda1ed4d1b78b262,2024-09-20T12:30:51.220000 CVE-2024-8797,0,0,ba4df0bb11568fe010be4c16334a8844a03d9d0d5268879bae12ea87dcdf4b9f,2024-09-14T11:47:14.677000 CVE-2024-8801,0,0,f1edc9c7bb1482d2f7aa53a58527c89ff09517b0d8b72cf3ccbe7bbb09f96d53,2024-09-25T01:15:47.050000 +CVE-2024-8803,1,1,809586222f389dc5f26d6896a0cd66484a84cd4f430a4ec0aa479ed335f55b36,2024-09-26T03:15:03.640000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 CVE-2024-8853,0,0,b5a3b0675f8f2657c7381537f08c47ae3a3694c18acf1b18976370e35c278f0e,2024-09-25T17:49:25.653000 CVE-2024-8858,0,0,0d529df68aab7882afa1c5531609cd4c3cd7930c85ebac7f6f37123e0eea3aa1,2024-09-25T11:15:12.730000