Auto-Update: 2024-07-20T06:00:18.217461+00:00

CVE-2024/CVE-2024-39xx/CVE-2024-3934.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-3934",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T04:15:03.150",
+  "lastModified": "2024-07-20T04:15:03.150",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706&old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278&old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-403xx/CVE-2024-40347.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-40347",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-20T04:15:03.853",
+  "lastModified": "2024-07-20T04:15:03.853",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-403xx/CVE-2024-40348.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-40348",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-20T04:15:05.037",
+  "lastModified": "2024-07-20T04:15:05.037",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-62xx/CVE-2024-6281.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-6281",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-07-20T04:15:05.260",
+  "lastModified": "2024-07-20T04:15:05.260",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-440"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61",
+      "source": "security@huntr.dev"
+    }
+  ]
+}

CVE-2024/CVE-2024-66xx/CVE-2024-6694.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-6694",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T04:15:05.940",
+  "lastModified": "2024-07-20T04:15:05.940",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-257"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3120454/wp-mail-smtp/trunk/src/Providers/OptionsAbstract.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-07-20T04:00:18.578871+00:00
+2024-07-20T06:00:18.217461+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-07-20T03:15:02.680000+00:00
+2024-07-20T04:15:05.940000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-257524
+257529
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `5`
 
-- [CVE-2024-2337](CVE-2024/CVE-2024-23xx/CVE-2024-2337.json) (`2024-07-20T03:15:02.290`)
-- [CVE-2024-5804](CVE-2024/CVE-2024-58xx/CVE-2024-5804.json) (`2024-07-20T02:15:09.480`)
-- [CVE-2024-6560](CVE-2024/CVE-2024-65xx/CVE-2024-6560.json) (`2024-07-20T03:15:02.680`)
+- [CVE-2024-3934](CVE-2024/CVE-2024-39xx/CVE-2024-3934.json) (`2024-07-20T04:15:03.150`)
+- [CVE-2024-40347](CVE-2024/CVE-2024-403xx/CVE-2024-40347.json) (`2024-07-20T04:15:03.853`)
+- [CVE-2024-40348](CVE-2024/CVE-2024-403xx/CVE-2024-40348.json) (`2024-07-20T04:15:05.037`)
+- [CVE-2024-6281](CVE-2024/CVE-2024-62xx/CVE-2024-6281.json) (`2024-07-20T04:15:05.260`)
+- [CVE-2024-6694](CVE-2024/CVE-2024-66xx/CVE-2024-6694.json) (`2024-07-20T04:15:05.940`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -244806,7 +244806,7 @@ CVE-2024-2336,0,0,ee2ed99bdbb77ed98426fec739627a0e0294ad75ca24e044dbbf3ddb7c6991
 CVE-2024-23360,0,0,4a7bbca8a03b30cf4df988e0f08196d33c6bd581b3c7bc61fba22b18c171830b,2024-06-03T14:46:24.250000
 CVE-2024-23363,0,0,f3bca7930119a168b01a4f3c6a543138a5f31bd5e8f14fd6e950dfaab71bf1eb,2024-06-03T14:46:24.250000
 CVE-2024-23368,0,0,5726397ddc8ddada7ad85b481081c827980e0b31f00843d9c4a575a1cdcf7c17,2024-07-02T17:51:25.690000
-CVE-2024-2337,1,1,8d7a8269dcc1610b66c0f656f3547809d9e64e820daa07dd068f3da4b909f9e0,2024-07-20T03:15:02.290000
+CVE-2024-2337,0,0,8d7a8269dcc1610b66c0f656f3547809d9e64e820daa07dd068f3da4b909f9e0,2024-07-20T03:15:02.290000
 CVE-2024-23372,0,0,23b270a28eac6f2e33d3cc96090d40d8bd34b2e6172d17ba5be5b87ce6bb3571,2024-07-02T17:51:04.530000
 CVE-2024-23373,0,0,5f71e52681ce9b4c683001ee0714339e5fcbf3b0ac462fe47ab6cd76399fa906,2024-07-02T17:50:38.573000
 CVE-2024-2338,0,0,97ed9304e53653e5f2f6be84ec656ed42a5ae14786266fb81f31dd764d99c05c,2024-03-08T21:19:43.127000
@@ -254937,6 +254937,7 @@ CVE-2024-39330,0,0,df282f57bb00a86772e9e77e51a445a51be95fedbc3011c51977bbb06b0f3
 CVE-2024-39331,0,0,e27921e016dec51173f86ad420de9e9174de4baa540da3f53e6e1157ef72adc9,2024-07-03T02:05:47.260000
 CVE-2024-39334,0,0,94cae5ba65ec50bed6d17b2b54650000947aeee42b8249838d1ebdc24642a191,2024-06-24T12:57:36.513000
 CVE-2024-39337,0,0,ae96e6e5658ac679eff4c9acfa518814cd5ee8874dd941939a565173aee28094,2024-06-24T12:57:36.513000
+CVE-2024-3934,1,1,059d8aace518af84f5283d8abb7521e20232308d89946efd63943e157ca5d785,2024-07-20T04:15:03.150000
 CVE-2024-39340,0,0,8a19ea0d82baf517391d74de09fe55b24d4bbbe3d357c771c961dd3f6f9df19c,2024-07-15T22:15:02.910000
 CVE-2024-39347,0,0,f05ffc50868d752b16aba36bcf98397a1a823dcf709e914fdceefc955d8df28b,2024-06-28T10:27:00.920000
 CVE-2024-39348,0,0,798f996b4382b8a6e782460918b5005c42ce376a9b87c3209ffaa4789fe2c24c,2024-06-28T10:27:00.920000
@@ -255277,6 +255278,8 @@ CVE-2024-40333,0,0,7e3d2c86e913650fda83b9ed457908dd220d08dc6d50420a52a17a80ec44e
 CVE-2024-40334,0,0,0f6416c66a2f7a24655624e914eca89a0566237a51d1e09767a4a1fc38d9e48f,2024-07-11T13:05:54.930000
 CVE-2024-40336,0,0,a5b75245e4db87e4fc3263aabb369a58a472f30d7c4ce491654a7dc1d23a1d6f,2024-07-11T15:06:22.143000
 CVE-2024-4034,0,0,b39ca2e444e8e083e595bb1c45cab5e2a41d75405ee52855e2d6dbb02a011da0,2024-05-02T18:00:37.360000
+CVE-2024-40347,1,1,ed983d7057f29f2aeefd2c55be14103e87ea0000e3baf01566f266a3f251173e,2024-07-20T04:15:03.853000
+CVE-2024-40348,1,1,20304c841485c9c843862d75c56579cbdf091e52faa585a7d474d44d3e5aa2d4,2024-07-20T04:15:05.037000
 CVE-2024-4035,0,0,3bb15040ac0c3c22ceadcf3607ee680ed3a99c29170715a5693bcfb82b999cb6,2024-04-25T13:18:02.660000
 CVE-2024-4036,0,0,faef85b8ea4d3772643857800ca53857ac0bd4e8c893e27c61e628dc7852637c,2024-05-02T18:00:37.360000
 CVE-2024-4037,0,0,835f7b633520c38dc69c5473ca883b788d7739f8c5278809ab72b10ff3489faf,2024-05-24T13:03:05.093000
@@ -256962,7 +256965,7 @@ CVE-2024-5795,0,0,4a9aecee86bda89829b2518ea02c7a7b2c3a9c81275eb4d5a5086f64238c89
 CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000
 CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000
 CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000
-CVE-2024-5804,1,1,b9dfade3e9abf25b83d5f9549ff479e4541cdb1f2dea578b917eb82e2201bdb6,2024-07-20T02:15:09.480000
+CVE-2024-5804,0,0,b9dfade3e9abf25b83d5f9549ff479e4541cdb1f2dea578b917eb82e2201bdb6,2024-07-20T02:15:09.480000
 CVE-2024-5805,0,0,dc303c72bde98fa3d82c375116e3326253eb605d3a044d78a9e45a14399d2f62,2024-06-25T18:50:42.040000
 CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000
 CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000
@@ -257272,6 +257275,7 @@ CVE-2024-6277,0,0,d0f7f00d5819b230843407b9bc3f1c7e29ec0322737584d90fb8a2a7a06622
 CVE-2024-6278,0,0,fef0d28a31a7314ee6fcb58b59b6730b2b275f5a8f8d33529ccdd59b9724e679,2024-06-24T14:15:13.293000
 CVE-2024-6279,0,0,f2caca6d37e74fba33e3ab428913517d72dcdb95f2cf0501739ddd9806dc7417,2024-06-26T20:15:17.003000
 CVE-2024-6280,0,0,6253a77410b62b74de6727f15951d9cf7c735a643bd8fffe051d2d292dc0ad4e,2024-06-24T12:57:36.513000
+CVE-2024-6281,1,1,5c2767dd24ce6a1e6f37b84357fb22f30acd34252322c185629739577cd33309,2024-07-20T04:15:05.260000
 CVE-2024-6283,0,0,84796e0660e5beb3ad885e74e117108f941d8d6090497e3b6867080b852b92df,2024-06-28T13:37:44.763000
 CVE-2024-6284,0,0,73ccbe59cd13df171bbc79ab6b910254c728a7cb44133bad73b07b9d4dc26d5e,2024-07-05T12:55:51.367000
 CVE-2024-6285,0,0,4aa94975a6bb5a18c805d5376b856037574bf8fee823086f9b7bc28590de93c1,2024-06-26T14:24:38.113000
@@ -257415,7 +257419,7 @@ CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a
 CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000
 CVE-2024-6557,0,0,5f8a5c5bf162c69368d24395d90aef2e1a9fd156ec4a6d0f0e02ca54e1438d8b,2024-07-16T13:43:58.773000
 CVE-2024-6559,0,0,2866b76c45bfa3fcb2a29d8b63ef335520f76c77ee94faa7443c1c34b010c185,2024-07-16T13:43:58.773000
-CVE-2024-6560,1,1,2f076ff2fd76b43199bd178b1c294f88bc56d1c6024186191e2ffdcc9076e458,2024-07-20T03:15:02.680000
+CVE-2024-6560,0,0,2f076ff2fd76b43199bd178b1c294f88bc56d1c6024186191e2ffdcc9076e458,2024-07-20T03:15:02.680000
 CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000
 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000
 CVE-2024-6565,0,0,ee9c3eacf0bc745c4e1df576eb425c3f28c4e22d80193cbda607fc66e3277c71,2024-07-16T13:43:58.773000
@@ -257469,6 +257473,7 @@ CVE-2024-6679,0,0,193698b3a519c2de1af0fd23f7e404e2d54c730e4704d97d0092b63ef1c812
 CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232fc,2024-07-11T18:09:58.777000
 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000
 CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d52873c,2024-07-16T13:43:58.773000
+CVE-2024-6694,1,1,9fdb29ac60d9ec71e86e2ee7c9ec5cf21710b803b0c3d5f1c48f9b0df35e7006,2024-07-20T04:15:05.940000
 CVE-2024-6705,0,0,34f2408170b6a15dd38093cb290af7587fb1de87b725336b99400f51279e63d4,2024-07-18T12:28:43.707000
 CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c07,2024-07-17T14:15:04.210000
 CVE-2024-6721,0,0,20bc3ac9fd25b0ef666ff8f606cfc8f742981337efa5a16bd2cfa701fac87a51,2024-07-15T16:15:03.467000