diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1994.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1994.json new file mode 100644 index 00000000000..9665bafc844 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1994.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1994", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-06T02:15:07.493", + "lastModified": "2024-04-06T02:15:07.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3064501%40image-watermark&new=3064501%40image-watermark&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a66e30-972b-4a7b-9d47-ad7abd574e36?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json index 62f9c0fff1f..05bc8552446 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3209", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-02T23:15:55.083", - "lastModified": "2024-04-03T12:38:04.840", + "lastModified": "2024-04-06T03:15:07.983", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -80,6 +80,10 @@ "url": "https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing", "source": "cna@vuldb.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.259055", "source": "cna@vuldb.com" diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3245.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3245.json new file mode 100644 index 00000000000..a81ef33ef94 --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3245.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3245", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-06T03:15:08.103", + "lastModified": "2024-04-06T03:15:08.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3064544/embedpress/tags/3.9.15/Gutenberg/dist/blocks.build.js", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a427c798-f546-4ca1-98ab-32b433ee5b59?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 486f2df9a2d..08a952fa2cf 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-06T02:00:30.559601+00:00 +2024-04-06T04:00:38.666720+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-06T01:15:45.400000+00:00 +2024-04-06T03:15:08.103000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -244258 +244260 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `2` +- [CVE-2024-1994](CVE-2024/CVE-2024-19xx/CVE-2024-1994.json) (`2024-04-06T02:15:07.493`) +- [CVE-2024-3245](CVE-2024/CVE-2024-32xx/CVE-2024-3245.json) (`2024-04-06T03:15:08.103`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `1` -- [CVE-2023-7152](CVE-2023/CVE-2023-71xx/CVE-2023-7152.json) (`2024-04-06T01:15:45.233`) -- [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2024-04-06T01:15:45.400`) -- [CVE-2024-29745](CVE-2024/CVE-2024-297xx/CVE-2024-29745.json) (`2024-04-06T01:00:01.457`) -- [CVE-2024-29748](CVE-2024/CVE-2024-297xx/CVE-2024-29748.json) (`2024-04-06T01:00:01.457`) +- [CVE-2024-3209](CVE-2024/CVE-2024-32xx/CVE-2024-3209.json) (`2024-04-06T03:15:07.983`) ## Download and Usage diff --git a/_state.csv b/_state.csv index eb2658fd75b..cc96fe0582c 100644 --- a/_state.csv +++ b/_state.csv @@ -237955,13 +237955,13 @@ CVE-2023-7148,0,0,a8be9b042606ddbe08f78257f07987021d93f188bbdbe3bee89d64b666a19c CVE-2023-7149,0,0,ca416e5e70e38b7495b0b747b2dc7b931cc8953e7b176d36b81769ecf62c4ee4,2024-03-21T02:50:56.743000 CVE-2023-7150,0,0,b6f897157147c70205cdd64e696497c8c5eb8cad933d57519ff89024cb3c95f0,2024-03-21T02:50:56.820000 CVE-2023-7151,0,0,bb32bdd519a1a50b8c5ab4a323d30cc39a75571831ac8e58df336f69b7cfff53,2024-01-23T15:40:52.973000 -CVE-2023-7152,0,1,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000 +CVE-2023-7152,0,0,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000 CVE-2023-7153,0,0,e011618db3076d02be0d1ef8dfe51744f3234f2e36498aa2346c160b31a75578,2024-01-24T21:43:31.700000 CVE-2023-7154,0,0,076d7cbaa09541993347ce9e0a30d4438c72b1ebd3caf4aa248135ca6dfc7806,2024-01-23T15:45:39.513000 CVE-2023-7155,0,0,2c4a910ee915766a4997b8baa8551f7532d0761b7c421d119c9e58611e87894e,2024-03-21T02:50:57.017000 CVE-2023-7156,0,0,9b143d48e59b9a06e97c0691c424f9c191a50d6af31ed90dc82638c9c59a00f4,2024-03-21T02:50:57.100000 CVE-2023-7157,0,0,085718248145b3910cb7f5275b79909f7d5d52c6d35d62db614b0f16c4e4f070,2024-03-21T02:50:57.180000 -CVE-2023-7158,0,1,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000 +CVE-2023-7158,0,0,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000 CVE-2023-7159,0,0,8d5e7e4e57c83d9d1d76429e1dd1433b725bde4bf31c777d13caf26d913c9e88,2024-03-21T02:50:57.347000 CVE-2023-7160,0,0,57a4883751b56355696f40cda7c15e6f0148ae11f808040b9849296f5ea9baa1,2024-03-21T02:50:57.423000 CVE-2023-7161,0,0,28c67d3d8e220f9d2201938311d118238f730177c4b708ae4f1cc3bf111518c5,2024-03-21T02:50:57.503000 @@ -239471,6 +239471,7 @@ CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a50 CVE-2024-1987,0,0,51b6353c7487197fcf85dba32dd0017998b1425a36ba707e32269bf4afb531af,2024-03-08T14:02:57.420000 CVE-2024-1989,0,0,e603d4bdfbac73448a418c09b573178507e96a797a5be54fa1a78504bbf887da,2024-03-06T15:18:08.093000 CVE-2024-1992,0,0,5414f0dcecaa73989b0a42a4479c3faccff7f0923e4cfe603f1f9c3c287083d8,2024-03-20T17:15:07.307000 +CVE-2024-1994,1,1,2d320061e2c6e529463ce81ef236173e7a49dd141485fa7a01f610922097b56e,2024-04-06T02:15:07.493000 CVE-2024-1995,0,0,941755b4b854fdf87f18ab79194bcc08291f96cbab42350512c28358afffef58,2024-03-20T13:00:16.367000 CVE-2024-1996,0,0,5966bad552d6bc038d1a2d91bc8f9a32839c685a6932cffdc232ba52d55e3b88,2024-03-13T18:15:58.530000 CVE-2024-1997,0,0,b02f2b8fcf27f075ede3d31ab90af2f1a113a308252f819da806cdcb7ece15d4,2024-03-13T18:15:58.530000 @@ -243591,10 +243592,10 @@ CVE-2024-29741,0,0,5287e10912b70bb061f53de5b83b003317f0455c1e6e8382ca56aea272ded CVE-2024-29742,0,0,f2bc3ea7d601e3d2f89366bc3bf789f7dff9d33d7b969d0681ff0702c8c803ee,2024-04-05T20:15:08.107000 CVE-2024-29743,0,0,c449523fdbfed70e93eb5db09bb0072175dcc5ddecf792b0802f1d6b3e48b44c,2024-04-05T20:15:08.153000 CVE-2024-29744,0,0,648f768a13bd9fd094226fb33743af4a7accff23b8393394010a398a2bf9faf7,2024-04-05T20:15:08.207000 -CVE-2024-29745,0,1,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000 +CVE-2024-29745,0,0,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000 CVE-2024-29746,0,0,f387564f14fa535ea564257d7225ec27fec8b4e39ff6f86e757de7acb23d8e1e,2024-04-05T20:15:08.303000 CVE-2024-29747,0,0,0548417396958cc0ffb5d57a429a647040bc882fc6a141dfeabf96110c8e560c,2024-04-05T20:15:08.357000 -CVE-2024-29748,0,1,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000 +CVE-2024-29748,0,0,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000 CVE-2024-29749,0,0,013121f5f2cf9fc7d35fb3733cc7a973426593dc74f4252d96fe96b1177b73b1,2024-04-05T20:15:08.457000 CVE-2024-29750,0,0,1d1c2c89d3a1e4369128e0b96b6eea44ed888a0866ddcc895f3f878c4d78c9f8,2024-04-05T20:15:08.507000 CVE-2024-29751,0,0,8771fda4f10da37042d80e537d9a6c45d11e384af07f52c7e0558da9a6e89d31,2024-04-05T20:15:08.560000 @@ -244209,7 +244210,7 @@ CVE-2024-3203,0,0,697bde31fba6d3c5a0e2d11da403a2e3b16828faac086b66cd78b0527d17b9 CVE-2024-3204,0,0,a9dea1ca01b499632a34af3ee57c461ecd8a21787537da790c2ae8f833a61142,2024-04-03T12:38:04.840000 CVE-2024-3205,0,0,b2f3ceb1bf38a09a954460b526a18eba5a5a22a0c7181b9f1de158755c6153d4,2024-04-03T12:38:04.840000 CVE-2024-3207,0,0,5c9ae7819818cf69391317769652edafe7eb5058db1623e7c6299d6d13471791,2024-04-03T12:38:04.840000 -CVE-2024-3209,0,0,30868cdb47dd928f589dfe2abcfe897db3e1f5f5372f4956ca12525c6828bcc3,2024-04-03T12:38:04.840000 +CVE-2024-3209,0,1,cbfab2641f7deaa26fa0bc09801c52aa5b55dcac193d132dc1556c423a22c65d,2024-04-06T03:15:07.983000 CVE-2024-3217,0,0,4de075781ed27d9af99ed393e165df2d285dc08a6ed9934e378886c989fa51ff,2024-04-05T12:40:52.763000 CVE-2024-3218,0,0,2efa792f2f422ae3d499fd8bd729cdb1e057c75ae9cfbaccf7a66bc466210399,2024-04-03T12:38:04.840000 CVE-2024-3221,0,0,265e838721fb682684198a7086d104f84e57519a8c4d6ef772db38592eb6bf44,2024-04-03T12:38:04.840000 @@ -244219,6 +244220,7 @@ CVE-2024-3224,0,0,df4c497061254d88e30845f005326a0e8dcc0160759089f479b7881ad8ceac CVE-2024-3225,0,0,c811644d786446dc903ce63beb97b40688ffdfe279f9ae136fe25e53360310ab,2024-04-03T12:38:04.840000 CVE-2024-3226,0,0,0d9ebebedadf244922f8385228c3d640f57a5f4e2e40a7b8124aa06fa756c486,2024-04-03T12:38:04.840000 CVE-2024-3227,0,0,5e86de506c0356caace938eb3ddc76daf74ee07964bebbed2f3824e6fdb4ef31,2024-04-03T12:38:04.840000 +CVE-2024-3245,1,1,f4ace3e27e90324ae2d6a62ba6dc26be58efe872e0e8b571a9ab725be446fd07,2024-04-06T03:15:08.103000 CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000 CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000 CVE-2024-3250,0,0,2d6e4fa76cca7b8e01352ea4b54b7151a6b9e9608e9608dee225853dfeeb2f71,2024-04-04T22:15:09.350000