Auto-Update: 2024-04-06T04:00:38.666720+00:00

This commit is contained in:
cad-safe-bot 2024-04-06 04:03:28 +00:00
parent ceead18160
commit 86dc006c4a
5 changed files with 114 additions and 15 deletions

View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1994",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-06T02:15:07.493",
"lastModified": "2024-04-06T02:15:07.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3064501%40image-watermark&new=3064501%40image-watermark&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a66e30-972b-4a7b-9d47-ad7abd574e36?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T23:15:55.083",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-04-06T03:15:07.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -80,6 +80,10 @@
"url": "https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.259055",
"source": "cna@vuldb.com"

View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3245",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-06T03:15:08.103",
"lastModified": "2024-04-06T03:15:08.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3064544/embedpress/tags/3.9.15/Gutenberg/dist/blocks.build.js",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a427c798-f546-4ca1-98ab-32b433ee5b59?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-06T02:00:30.559601+00:00
2024-04-06T04:00:38.666720+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-06T01:15:45.400000+00:00
2024-04-06T03:15:08.103000+00:00
```
### Last Data Feed Release
@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
244258
244260
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `2`
- [CVE-2024-1994](CVE-2024/CVE-2024-19xx/CVE-2024-1994.json) (`2024-04-06T02:15:07.493`)
- [CVE-2024-3245](CVE-2024/CVE-2024-32xx/CVE-2024-3245.json) (`2024-04-06T03:15:08.103`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `1`
- [CVE-2023-7152](CVE-2023/CVE-2023-71xx/CVE-2023-7152.json) (`2024-04-06T01:15:45.233`)
- [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2024-04-06T01:15:45.400`)
- [CVE-2024-29745](CVE-2024/CVE-2024-297xx/CVE-2024-29745.json) (`2024-04-06T01:00:01.457`)
- [CVE-2024-29748](CVE-2024/CVE-2024-297xx/CVE-2024-29748.json) (`2024-04-06T01:00:01.457`)
- [CVE-2024-3209](CVE-2024/CVE-2024-32xx/CVE-2024-3209.json) (`2024-04-06T03:15:07.983`)
## Download and Usage

View File

@ -237955,13 +237955,13 @@ CVE-2023-7148,0,0,a8be9b042606ddbe08f78257f07987021d93f188bbdbe3bee89d64b666a19c
CVE-2023-7149,0,0,ca416e5e70e38b7495b0b747b2dc7b931cc8953e7b176d36b81769ecf62c4ee4,2024-03-21T02:50:56.743000
CVE-2023-7150,0,0,b6f897157147c70205cdd64e696497c8c5eb8cad933d57519ff89024cb3c95f0,2024-03-21T02:50:56.820000
CVE-2023-7151,0,0,bb32bdd519a1a50b8c5ab4a323d30cc39a75571831ac8e58df336f69b7cfff53,2024-01-23T15:40:52.973000
CVE-2023-7152,0,1,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000
CVE-2023-7152,0,0,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000
CVE-2023-7153,0,0,e011618db3076d02be0d1ef8dfe51744f3234f2e36498aa2346c160b31a75578,2024-01-24T21:43:31.700000
CVE-2023-7154,0,0,076d7cbaa09541993347ce9e0a30d4438c72b1ebd3caf4aa248135ca6dfc7806,2024-01-23T15:45:39.513000
CVE-2023-7155,0,0,2c4a910ee915766a4997b8baa8551f7532d0761b7c421d119c9e58611e87894e,2024-03-21T02:50:57.017000
CVE-2023-7156,0,0,9b143d48e59b9a06e97c0691c424f9c191a50d6af31ed90dc82638c9c59a00f4,2024-03-21T02:50:57.100000
CVE-2023-7157,0,0,085718248145b3910cb7f5275b79909f7d5d52c6d35d62db614b0f16c4e4f070,2024-03-21T02:50:57.180000
CVE-2023-7158,0,1,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000
CVE-2023-7158,0,0,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000
CVE-2023-7159,0,0,8d5e7e4e57c83d9d1d76429e1dd1433b725bde4bf31c777d13caf26d913c9e88,2024-03-21T02:50:57.347000
CVE-2023-7160,0,0,57a4883751b56355696f40cda7c15e6f0148ae11f808040b9849296f5ea9baa1,2024-03-21T02:50:57.423000
CVE-2023-7161,0,0,28c67d3d8e220f9d2201938311d118238f730177c4b708ae4f1cc3bf111518c5,2024-03-21T02:50:57.503000
@ -239471,6 +239471,7 @@ CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a50
CVE-2024-1987,0,0,51b6353c7487197fcf85dba32dd0017998b1425a36ba707e32269bf4afb531af,2024-03-08T14:02:57.420000
CVE-2024-1989,0,0,e603d4bdfbac73448a418c09b573178507e96a797a5be54fa1a78504bbf887da,2024-03-06T15:18:08.093000
CVE-2024-1992,0,0,5414f0dcecaa73989b0a42a4479c3faccff7f0923e4cfe603f1f9c3c287083d8,2024-03-20T17:15:07.307000
CVE-2024-1994,1,1,2d320061e2c6e529463ce81ef236173e7a49dd141485fa7a01f610922097b56e,2024-04-06T02:15:07.493000
CVE-2024-1995,0,0,941755b4b854fdf87f18ab79194bcc08291f96cbab42350512c28358afffef58,2024-03-20T13:00:16.367000
CVE-2024-1996,0,0,5966bad552d6bc038d1a2d91bc8f9a32839c685a6932cffdc232ba52d55e3b88,2024-03-13T18:15:58.530000
CVE-2024-1997,0,0,b02f2b8fcf27f075ede3d31ab90af2f1a113a308252f819da806cdcb7ece15d4,2024-03-13T18:15:58.530000
@ -243591,10 +243592,10 @@ CVE-2024-29741,0,0,5287e10912b70bb061f53de5b83b003317f0455c1e6e8382ca56aea272ded
CVE-2024-29742,0,0,f2bc3ea7d601e3d2f89366bc3bf789f7dff9d33d7b969d0681ff0702c8c803ee,2024-04-05T20:15:08.107000
CVE-2024-29743,0,0,c449523fdbfed70e93eb5db09bb0072175dcc5ddecf792b0802f1d6b3e48b44c,2024-04-05T20:15:08.153000
CVE-2024-29744,0,0,648f768a13bd9fd094226fb33743af4a7accff23b8393394010a398a2bf9faf7,2024-04-05T20:15:08.207000
CVE-2024-29745,0,1,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000
CVE-2024-29745,0,0,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000
CVE-2024-29746,0,0,f387564f14fa535ea564257d7225ec27fec8b4e39ff6f86e757de7acb23d8e1e,2024-04-05T20:15:08.303000
CVE-2024-29747,0,0,0548417396958cc0ffb5d57a429a647040bc882fc6a141dfeabf96110c8e560c,2024-04-05T20:15:08.357000
CVE-2024-29748,0,1,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000
CVE-2024-29748,0,0,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000
CVE-2024-29749,0,0,013121f5f2cf9fc7d35fb3733cc7a973426593dc74f4252d96fe96b1177b73b1,2024-04-05T20:15:08.457000
CVE-2024-29750,0,0,1d1c2c89d3a1e4369128e0b96b6eea44ed888a0866ddcc895f3f878c4d78c9f8,2024-04-05T20:15:08.507000
CVE-2024-29751,0,0,8771fda4f10da37042d80e537d9a6c45d11e384af07f52c7e0558da9a6e89d31,2024-04-05T20:15:08.560000
@ -244209,7 +244210,7 @@ CVE-2024-3203,0,0,697bde31fba6d3c5a0e2d11da403a2e3b16828faac086b66cd78b0527d17b9
CVE-2024-3204,0,0,a9dea1ca01b499632a34af3ee57c461ecd8a21787537da790c2ae8f833a61142,2024-04-03T12:38:04.840000
CVE-2024-3205,0,0,b2f3ceb1bf38a09a954460b526a18eba5a5a22a0c7181b9f1de158755c6153d4,2024-04-03T12:38:04.840000
CVE-2024-3207,0,0,5c9ae7819818cf69391317769652edafe7eb5058db1623e7c6299d6d13471791,2024-04-03T12:38:04.840000
CVE-2024-3209,0,0,30868cdb47dd928f589dfe2abcfe897db3e1f5f5372f4956ca12525c6828bcc3,2024-04-03T12:38:04.840000
CVE-2024-3209,0,1,cbfab2641f7deaa26fa0bc09801c52aa5b55dcac193d132dc1556c423a22c65d,2024-04-06T03:15:07.983000
CVE-2024-3217,0,0,4de075781ed27d9af99ed393e165df2d285dc08a6ed9934e378886c989fa51ff,2024-04-05T12:40:52.763000
CVE-2024-3218,0,0,2efa792f2f422ae3d499fd8bd729cdb1e057c75ae9cfbaccf7a66bc466210399,2024-04-03T12:38:04.840000
CVE-2024-3221,0,0,265e838721fb682684198a7086d104f84e57519a8c4d6ef772db38592eb6bf44,2024-04-03T12:38:04.840000
@ -244219,6 +244220,7 @@ CVE-2024-3224,0,0,df4c497061254d88e30845f005326a0e8dcc0160759089f479b7881ad8ceac
CVE-2024-3225,0,0,c811644d786446dc903ce63beb97b40688ffdfe279f9ae136fe25e53360310ab,2024-04-03T12:38:04.840000
CVE-2024-3226,0,0,0d9ebebedadf244922f8385228c3d640f57a5f4e2e40a7b8124aa06fa756c486,2024-04-03T12:38:04.840000
CVE-2024-3227,0,0,5e86de506c0356caace938eb3ddc76daf74ee07964bebbed2f3824e6fdb4ef31,2024-04-03T12:38:04.840000
CVE-2024-3245,1,1,f4ace3e27e90324ae2d6a62ba6dc26be58efe872e0e8b571a9ab725be446fd07,2024-04-06T03:15:08.103000
CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000
CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000
CVE-2024-3250,0,0,2d6e4fa76cca7b8e01352ea4b54b7151a6b9e9608e9608dee225853dfeeb2f71,2024-04-04T22:15:09.350000

Can't render this file because it is too large.