diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0845.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0845.json new file mode 100644 index 00000000000..852dd801299 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0845.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0845", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-18T03:15:09.330", + "lastModified": "2024-06-18T03:15:09.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1634.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1634.json new file mode 100644 index 00000000000..17de9fe534e --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1634.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1634", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-18T03:15:09.580", + "lastModified": "2024-06-18T03:15:09.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Scheduling Plugin \u2013 Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/calendar-booking/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json index 7e90738e6a3..49b604ceb8e 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21096", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:30.207", - "lastModified": "2024-06-10T18:15:25.143", + "lastModified": "2024-06-18T02:15:09.823", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -39,6 +39,10 @@ ] }, "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/", + "source": "secalert_us@oracle.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/", "source": "secalert_us@oracle.com" diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4375.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4375.json new file mode 100644 index 00000000000..9e01a2d2e5e --- /dev/null +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4375.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4375", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-18T03:15:09.797", + "lastModified": "2024-06-18T03:15:09.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L817", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5541.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5541.json new file mode 100644 index 00000000000..80c2bacac6c --- /dev/null +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5541.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-5541", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-18T03:15:10.020", + "lastModified": "2024-06-18T03:15:10.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/admin/settings.php#L9", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/dist/blocks.build.js", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e022febe-7295-493d-afa7-185f55b4d3b9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4371ba13fa7..2ea34443186 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-18T02:00:18.426605+00:00 +2024-06-18T04:00:18.229731+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-18T01:15:20.333000+00:00 +2024-06-18T03:15:10.020000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254324 +254328 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `4` -- [CVE-2024-6083](CVE-2024/CVE-2024-60xx/CVE-2024-6083.json) (`2024-06-18T00:15:09.853`) -- [CVE-2024-6084](CVE-2024/CVE-2024-60xx/CVE-2024-6084.json) (`2024-06-18T01:15:20.333`) +- [CVE-2024-0845](CVE-2024/CVE-2024-08xx/CVE-2024-0845.json) (`2024-06-18T03:15:09.330`) +- [CVE-2024-1634](CVE-2024/CVE-2024-16xx/CVE-2024-1634.json) (`2024-06-18T03:15:09.580`) +- [CVE-2024-4375](CVE-2024/CVE-2024-43xx/CVE-2024-4375.json) (`2024-06-18T03:15:09.797`) +- [CVE-2024-5541](CVE-2024/CVE-2024-55xx/CVE-2024-5541.json) (`2024-06-18T03:15:10.020`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-21096](CVE-2024/CVE-2024-210xx/CVE-2024-21096.json) (`2024-06-18T02:15:09.823`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 41202c25c0e..17b344c90a3 100644 --- a/_state.csv +++ b/_state.csv @@ -241089,6 +241089,7 @@ CVE-2024-0840,0,0,a29fd729ffdb30a11acea1b506301229e907e8ea6ce7fdfdd44e196863c898 CVE-2024-0841,0,0,9e65cbfff7725abca8b3bb8d47238fadc1759ba27b260df301bbf9206f25aa46,2024-05-22T17:16:11.667000 CVE-2024-0842,0,0,2d4febcc0a5bd3f6b5f6eeeb222e1bdadfd7499df5c95fd0f9cc7e2a10a87dbd,2024-02-15T19:11:14.253000 CVE-2024-0844,0,0,9b0ede7ee0379ed34aa516e6f2cba464e96d05ae45278d47c03f7b0b4baaf7d5,2024-02-08T16:15:39.903000 +CVE-2024-0845,1,1,f5157ada9c80be62143fc3b476b2c597f2f65b6c0952aac15a121512f61d89f1,2024-06-18T03:15:09.330000 CVE-2024-0847,0,0,2423a45a83c68ee77ea1657795a6b4f742f1b905ef7ab47fbb7c37fbc6c3b67d,2024-05-02T18:00:37.360000 CVE-2024-0848,0,0,31e58640f306446653f67bc78198fcff39c93c6b22a4398146342d7991ad8c6a,2024-05-02T18:00:37.360000 CVE-2024-0849,0,0,ab143b9a0b5d37d266faac9cd54f50fee666b57f962e8e1bec5db73357a455f9,2024-02-13T19:16:30.810000 @@ -241791,6 +241792,7 @@ CVE-2024-1630,0,0,b3e63ab3fca2f57c425774ec83616f21b44473c1f5570d1282d02bf599e377 CVE-2024-1631,0,0,fc2893d5d84aff0551fae290d2fe3cfb3246f815cc3e85e7be8cb7a443e59ea9,2024-02-22T19:07:37.840000 CVE-2024-1632,0,0,6e1c47780d96ad6fcb59ec0ca790b51a445b7ba6bfe735fc687e801fa4e9fa24,2024-02-28T14:06:45.783000 CVE-2024-1633,0,0,38fdaaa081cb72684e8a3a7c24003a4981094738f4cb62580982692842e12368,2024-02-20T19:50:53.960000 +CVE-2024-1634,1,1,78175d9e4bf293beda410596616055bfefd86fe734d011e12eb7dad6e0525eeb,2024-06-18T03:15:09.580000 CVE-2024-1635,0,0,df1dd81e97ec5df9995721a1f269c745906d52047fd48e8691457cab01d3dbf8,2024-04-17T16:15:07.720000 CVE-2024-1636,0,0,110561fc2d8220a09cd098605d5d9c82332c44e2266859d6f751e2ed66576fc3,2024-02-28T14:06:45.783000 CVE-2024-1637,0,0,ad9b5ab8aa7d33952d11bf9f2ca328427186899a35864ba9221fa2bbd849dc16,2024-04-10T13:24:00.070000 @@ -242782,7 +242784,7 @@ CVE-2024-21092,0,0,a96f28afb2f79eb08be708f78284cdf08500da8888a0d9699ed9e4b0d6e8e CVE-2024-21093,0,0,3d565421d62fe80376ef2125e9dfb06fdc2a836fda042dda6ad1a1534f2a4f7d,2024-04-17T12:48:31.863000 CVE-2024-21094,0,0,45dda780f642e6a4bed8a6906d75e79d99e2cd6f95b5c06d841ff6133c98a162,2024-04-26T09:15:11.613000 CVE-2024-21095,0,0,5ad9583e4e50b36f664407f6f6164a53dc891483d679c27c4541f930caca17b4,2024-04-17T12:48:31.863000 -CVE-2024-21096,0,0,146ff4a38a4261159d6accf3efdfd780cdd584d34a8524d9f2a6ff246748b553,2024-06-10T18:15:25.143000 +CVE-2024-21096,0,1,f886e9f1346c46c50df462685f956aa1271b364c94bcf6ac8ddc7ccf2fe96a82,2024-06-18T02:15:09.823000 CVE-2024-21097,0,0,8349406a296787533db135239586ab1e354af73ee7e59b17b17098f82af1b697,2024-04-17T12:48:31.863000 CVE-2024-21098,0,0,831ff7ad8d2c7af64e56d89acbf46d4cc91ab5d8748a94e6b6ad4c192afd1308,2024-04-17T12:48:31.863000 CVE-2024-21099,0,0,a8cfc88916a19c4050e2f5c67f5f573e697d20587d6396cec4852563c2a2b6c3,2024-04-17T12:48:31.863000 @@ -253330,6 +253332,7 @@ CVE-2024-4371,0,0,6cec3438f9da16aaaf81036d5252f279057c04fa33a9a5b8c9aee6667c7b57 CVE-2024-4372,0,0,88e318f3c277cb3db68d033332d7a1ea039944347227497506fc7085644cb64e,2024-05-21T12:37:59.687000 CVE-2024-4373,0,0,f38def9014d5248f107e6bba87e0f735d485b9410ddb561204173488b0ad462b,2024-05-15T16:40:19.330000 CVE-2024-4374,0,0,d60604ecf379bdaaec2b6706393723f20191611e78669219836ffafca51bb0b7,2024-05-20T13:00:34.807000 +CVE-2024-4375,1,1,0c05d2181d27372e2e73037a21c8284a668309e752ea21705c58e83f5006338b,2024-06-18T03:15:09.797000 CVE-2024-4376,0,0,a37f8f2c30013a9ce99cf3397e8919ec44dbe48bf70335aec6d3a9f3c4d5ff1f,2024-05-31T13:01:46.727000 CVE-2024-4378,0,0,3d00b0a6c1463c84b18edbc3f37b735155a12d4e83c941a4e59e5c575fc8dda7,2024-05-24T01:15:30.977000 CVE-2024-4379,0,0,4d59152fb4b73c11db800a656f5856d441c43de1bb0066c24dea588b8283a5e6,2024-05-31T13:01:46.727000 @@ -254130,6 +254133,7 @@ CVE-2024-5531,0,0,aff596c4345d9e9649e4107c993c40fc7416a56fa205089ee8692b6e8ba6ce CVE-2024-5536,0,0,d892d63cd79e6d462fe4485ce154b4e3b14e14d416b8b4d67114661d27280a01,2024-06-11T17:28:37.343000 CVE-2024-5537,0,0,071475eb8c0f92cc8ea9522d658283ad0e8213ba6740ff46ee05e5b24c18c3d8,2024-05-30T17:15:34.583000 CVE-2024-5538,0,0,183cea799fa9410e329e72f326a10b8369aedcea9a5b7583a44bf33ecc305070,2024-05-31T11:15:09.923000 +CVE-2024-5541,1,1,abee97a7911b8ced43e1d9fd59bbf81c997c44a26dd0413a404147eb4da33232,2024-06-18T03:15:10.020000 CVE-2024-5542,0,0,77ae3f3a7c4ffc662d4e5625f82b1efcc56a12c39abbd3546ebc6e9e7e619033,2024-06-11T18:25:51.200000 CVE-2024-5543,0,0,8e93e3d42337fd51f8d8d19b50b3f68377ba39e905a95b2594b9c3824c59b9ee,2024-06-13T18:36:09.013000 CVE-2024-5550,0,0,e4fc13aea5b719d7c555043aa9a8be47a59e2f4d5eac2e9fa0d5ff8a8edb892f,2024-06-07T14:56:05.647000 @@ -254321,5 +254325,5 @@ CVE-2024-6066,0,0,4be16afb26a67eeaa99325b278e1eb15007f8629556d5972406c66487d6fe7 CVE-2024-6067,0,0,917ec11acc59771cd289e02ed472e235338a36350e131e2242624c6b5a660576,2024-06-17T22:15:10.657000 CVE-2024-6080,0,0,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2ed,2024-06-17T23:15:51.583000 CVE-2024-6082,0,0,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000 -CVE-2024-6083,1,1,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000 -CVE-2024-6084,1,1,8f1263f1fd5f68ce001ded5ef625a4f2157c36b7cc48c52db74013e47bd8c7ad,2024-06-18T01:15:20.333000 +CVE-2024-6083,0,0,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000 +CVE-2024-6084,0,0,8f1263f1fd5f68ce001ded5ef625a4f2157c36b7cc48c52db74013e47bd8c7ad,2024-06-18T01:15:20.333000