From 8bb50c406c621fec946bd7dacd648fa71c889470 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 29 Jan 2025 09:04:11 +0000 Subject: [PATCH] Auto-Update: 2025-01-29T09:00:44.427663+00:00 --- CVE-2024/CVE-2024-120xx/CVE-2024-12085.json | 6 +- CVE-2024/CVE-2024-136xx/CVE-2024-13696.json | 68 +++++++++++++ CVE-2024/CVE-2024-76xx/CVE-2024-7695.json | 100 ++++++++++++++++++++ README.md | 13 +-- _state.csv | 8 +- 5 files changed, 185 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-136xx/CVE-2024-13696.json create mode 100644 CVE-2024/CVE-2024-76xx/CVE-2024-7695.json diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json index ca901e9ce58..a2ff6395093 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12085", "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-14T18:15:25.123", - "lastModified": "2025-01-28T19:15:13.630", + "lastModified": "2025-01-29T08:15:19.247", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -76,6 +76,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:0774", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:0787", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-12085", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json new file mode 100644 index 00000000000..aec1e82c3c6 --- /dev/null +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-13696", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-29T08:15:19.677", + "lastModified": "2025-01-29T08:15:19.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wishlist_name\u2019 parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/flexible-wishlist/trunk/assets/js/front.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3230370/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/flexible-wishlist/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112456a9-8bb6-4007-87da-6d0fba912498?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json new file mode 100644 index 00000000000..1cf5ef5b514 --- /dev/null +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-7695", + "sourceIdentifier": "psirt@moxa.com", + "published": "2025-01-29T08:15:19.933", + "lastModified": "2025-01-29T08:15:19.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \n\nThis vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "psirt@moxa.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "psirt@moxa.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@moxa.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches", + "source": "psirt@moxa.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4003d5f1aa5..ebc689e14af 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-29T07:00:21.555533+00:00 +2025-01-29T09:00:44.427663+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-29T06:15:30.670000+00:00 +2025-01-29T08:15:19.933000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -279358 +279360 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-12749](CVE-2024/CVE-2024-127xx/CVE-2024-12749.json) (`2025-01-29T06:15:30.387`) +- [CVE-2024-13696](CVE-2024/CVE-2024-136xx/CVE-2024-13696.json) (`2025-01-29T08:15:19.677`) +- [CVE-2024-7695](CVE-2024/CVE-2024-76xx/CVE-2024-7695.json) (`2025-01-29T08:15:19.933`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-3913](CVE-2024/CVE-2024-39xx/CVE-2024-3913.json) (`2025-01-29T06:15:30.670`) +- [CVE-2024-12085](CVE-2024/CVE-2024-120xx/CVE-2024-12085.json) (`2025-01-29T08:15:19.247`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0aea8c64630..07687c3d0c8 100644 --- a/_state.csv +++ b/_state.csv @@ -245179,7 +245179,7 @@ CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000 CVE-2024-12083,0,0,d43543ed1a2c4c8cfbaff70b85f71ffc7dc15514475ec8e8bc46a80ffd753fb3,2025-01-14T01:15:09.267000 CVE-2024-12084,0,0,85dd725fc2f0b24c79e999378b1f0199fad5fe5d164b31609c57a84bcb434c0d,2025-01-15T15:15:10.537000 -CVE-2024-12085,0,0,0b3f67b146b5cf234037ad71331d36ffee2667252d390f670b9aee26d30279b7,2025-01-28T19:15:13.630000 +CVE-2024-12085,0,1,213a2fdbe8cea793aa5c5b1fc44d03bef42e730164368fae39f280c0d2967618,2025-01-29T08:15:19.247000 CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000 CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000 CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000 @@ -245701,7 +245701,7 @@ CVE-2024-12744,0,0,db2cef6174f0f203336fd1a602951ac160bef125d0730a8230a23f49ec8a8 CVE-2024-12745,0,0,d39132eefd07723f30fb227ef12fb8aaf3a83b250d0f3b28d89ab1e076f94541,2024-12-26T15:15:06.527000 CVE-2024-12746,0,0,df5c191123ddac7611e41b52ec167446638f37d1f7bfb5919f7163608ca92308,2024-12-26T15:15:06.650000 CVE-2024-12747,0,0,ebc91191d07badeb79dc6f2f702ff942b05784a8436470a9a76f1e6a5f2c2932,2025-01-14T22:15:26.700000 -CVE-2024-12749,1,1,fc313d5feab22f8121324f61a74b655471231ec246bb75d52bc817604d98fc50,2025-01-29T06:15:30.387000 +CVE-2024-12749,0,0,fc313d5feab22f8121324f61a74b655471231ec246bb75d52bc817604d98fc50,2025-01-29T06:15:30.387000 CVE-2024-1275,0,0,55e303d499b7cd70146b064f11442ebd0ad45cafbb26b305d69871c04faa255a,2024-11-21T08:50:12.913000 CVE-2024-12751,0,0,c8d36ab052c0d3e9ec35af9571e74ed832930012381575b9dc1af30fc71ca134,2024-12-30T21:15:06.130000 CVE-2024-12752,0,0,23a1df67098cb18d5a208109678c48c3e7913067d5db32571522e50bc90bc4a8,2024-12-30T21:15:06.260000 @@ -246270,6 +246270,7 @@ CVE-2024-1368,0,0,e78cd290aff3eda879ea71814281e9fb9dbaef60630fac7d18ff14dae3d223 CVE-2024-13680,0,0,f3164c1a021ffb39e27590d49b20eab131951c6817a6dc8655e0dfc9f53950e4,2025-01-24T07:15:06.930000 CVE-2024-13683,0,0,afca8ca5733f1981ab92ff6f92163a36f62ba84bc4cae91c9eb4b4db6612f745,2025-01-24T07:15:08.523000 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000 +CVE-2024-13696,1,1,1705bcf2f6a6958e20414c0c17b533dd95f6dfcba36bb76e0b9f7d75e553f199,2025-01-29T08:15:19.677000 CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000 CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000 @@ -261673,7 +261674,7 @@ CVE-2024-39124,0,0,b89a6ad01be86442200dfda8e2d9f478ea1466944e9cfcad7239db5ce8bf7 CVE-2024-39125,0,0,d369e2cc9d5a90f6ebe45980f2884b9acd269ec9ed2d8c8513e72acecc0e2e5c,2024-11-21T09:27:13.103000 CVE-2024-39126,0,0,e08f3abe2cc1e738b288970bae9e8f3bc74af350f44daa14e3f45bb5bc1b07ca,2024-11-21T09:27:13.267000 CVE-2024-39129,0,0,19eb1dee58afa6c2767224231ffaf92ccdb5b37e3b078ec5f75eeb24861f8743,2024-12-06T21:15:07.637000 -CVE-2024-3913,0,1,3c39a97f2a23817f5f07256146450bb9bcd789a6d6dfbbfd042d028223df0681,2025-01-29T06:15:30.670000 +CVE-2024-3913,0,0,3c39a97f2a23817f5f07256146450bb9bcd789a6d6dfbbfd042d028223df0681,2025-01-29T06:15:30.670000 CVE-2024-39130,0,0,680e4171889397762b2c1496bb01f8837a0c47429b2e74914705378acf24913d,2024-11-21T09:27:13.560000 CVE-2024-39132,0,0,780fc2d7cf4ecdd788c1657c626f8740dd8fc2e66c418edfb8cd97eda04189a2,2024-11-21T09:27:13.773000 CVE-2024-39133,0,0,1fd24f61073967354c204318abe7b3082fbfa1d2c08fcb3fb3cfe3c5e50db3b7,2024-11-21T09:27:13.993000 @@ -275749,6 +275750,7 @@ CVE-2024-7691,0,0,6dad0c769fb572b88a068528267f61949164dc392b80af6f168258a6b2c7f6 CVE-2024-7692,0,0,4b38ff30e017e91d8a002928077306fde8ee04d0be5e9045460020d6ccc3af22,2024-10-04T17:14:50.990000 CVE-2024-7693,0,0,dd3e43863a4776bf6aa9cee54c3310fd08dfe98f5bd8663ebc12432cb7153f16,2024-09-06T16:51:35.647000 CVE-2024-7694,0,0,3a2582a984429d8c89c3dd71bc863aef01ff80b7baff4f3e3f71f54998d90a46,2024-09-06T17:24:42.573000 +CVE-2024-7695,1,1,9dd5f87b950b58727d2e2a28297a0af3ae776c663d9f14eb97db04400ecfdd7b,2025-01-29T08:15:19.933000 CVE-2024-7696,0,0,f0052f9d5e178b3ea159f04ebcfd4751f930fb606630e5cab2ff7b8b63a94d0f,2025-01-07T06:15:17.827000 CVE-2024-7697,0,0,122b8f72aeda3c5b2d61460f1dce24bd382a6f877b1c3f9efb3e322459b58ee0,2024-09-06T18:04:28.030000 CVE-2024-7698,0,0,28382cbcfd0fa7ea6a7d15c9ccdd01abba2e948df9ed5ab95948fe232327814d,2024-09-27T19:39:43.350000