Auto-Update: 2024-01-30T09:00:25.998000+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-30 09:00:29 +00:00 · 2024-01-30 09:00:29 +00:00 · 95063802e6
commit 95063802e6
parent b2311c5efb
8 changed files with 241 additions and 12 deletions
--- a/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json
+++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-52071",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-30T07:15:07.787",
+  "lastModified": "2024-01-30T07:15:07.787",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain an off-by-one out-of-bounds array index via the component tool_cb_wrt."
+    },
+    {
+      "lang": "es",
+      "value": "Se descubri\u00f3 que tiny-curl-8_4_0, curl-8_4_0 y curl-8_5_0 conten\u00edan un \u00edndice de matriz fuera de los l\u00edmites a trav\u00e9s del componente tool_cb_wrt."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/curl/curl/commit/73980f9ace6c7577e7fcab8008bbde8a0a231692",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/curl/curl/commit/af3f4e41#r127212213",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json
+++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-7225",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-30T08:15:40.090",
+  "lastModified": "2024-01-30T08:15:40.090",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://advisory.abay.sh/cve-2023-7225/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023266%40mappress-google-maps-for-wordpress%2Ftrunk&old=3022439%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fce76126-0cfd-464f-b644-45d4301e958d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json
+++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-21803",
+  "sourceIdentifier": "security@openanolis.org",
+  "published": "2024-01-30T08:15:41.373",
+  "lastModified": "2024-01-30T08:15:41.373",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@openanolis.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@openanolis.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-416"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081",
+      "source": "security@openanolis.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json
+++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-22643",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-30T07:15:07.950",
+  "lastModified": "2024-01-30T07:15:07.950",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en SEO Panel versi\u00f3n 4.10.0 permite a atacantes remotos realizar restablecimientos de contrase\u00f1as de usuarios no autorizados."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22643",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json
+++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-22646",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-30T07:15:08.027",
+  "lastModified": "2024-01-30T07:15:08.027",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system."
+    },
+    {
+      "lang": "es",
+      "value": "Existe una vulnerabilidad de enumeraci\u00f3n de direcciones de correo electr\u00f3nico en la funci\u00f3n de restablecimiento de contrase\u00f1a de SEO Panel versi\u00f3n 4.10.0. Esto permite a un atacante adivinar qu\u00e9 correos electr\u00f3nicos existen en el sistema."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22646",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json
+++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-22647",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-30T07:15:08.103",
+  "lastModified": "2024-01-30T07:15:08.103",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad de enumeraci\u00f3n de usuarios en SEO Panel 4.10.0. Este problema ocurre durante la autenticaci\u00f3n del usuario, donde una diferencia en los mensajes de error podr\u00eda permitir a un atacante determinar si un nombre de usuario es v\u00e1lido o no, lo que permitir\u00eda un ataque de fuerza bruta con nombres de usuario v\u00e1lidos."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json
+++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-22648",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-30T07:15:08.200",
+  "lastModified": "2024-01-30T07:15:08.200",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Blind SSRF vulnerability exists in the \"Crawl Meta Data\" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment."
+    },
+    {
+      "lang": "es",
+      "value": "Existe una vulnerabilidad de Blind SSRF en la funcionalidad \"Crawl Meta Data\" de SEO Panel versi\u00f3n 4.10.0. Esto hace posible que atacantes remotos escaneen puertos en el entorno local."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22648",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-30T07:00:25.349528+00:00
+2024-01-30T09:00:25.998000+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-30T06:15:45.633000+00:00
+2024-01-30T08:15:41.373000+00:00
 ```

 ### Last Data Feed Release
@ -29,27 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-237097
+237104
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `7`

-* [CVE-2023-45923](CVE-2023/CVE-2023-459xx/CVE-2023-45923.json) (`2024-01-30T06:15:45.300`)
-* [CVE-2023-45926](CVE-2023/CVE-2023-459xx/CVE-2023-45926.json) (`2024-01-30T06:15:45.480`)
-* [CVE-2023-45928](CVE-2023/CVE-2023-459xx/CVE-2023-45928.json) (`2024-01-30T06:15:45.520`)
-* [CVE-2023-45930](CVE-2023/CVE-2023-459xx/CVE-2023-45930.json) (`2024-01-30T06:15:45.560`)
-* [CVE-2024-1028](CVE-2024/CVE-2024-10xx/CVE-2024-1028.json) (`2024-01-30T05:15:08.773`)
-* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-01-30T05:15:09.277`)
-* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-01-30T06:15:45.633`)
+* [CVE-2023-52071](CVE-2023/CVE-2023-520xx/CVE-2023-52071.json) (`2024-01-30T07:15:07.787`)
+* [CVE-2023-7225](CVE-2023/CVE-2023-72xx/CVE-2023-7225.json) (`2024-01-30T08:15:40.090`)
+* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-01-30T07:15:07.950`)
+* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-01-30T07:15:08.027`)
+* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-01-30T07:15:08.103`)
+* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-01-30T07:15:08.200`)
+* [CVE-2024-21803](CVE-2024/CVE-2024-218xx/CVE-2024-21803.json) (`2024-01-30T08:15:41.373`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-6395](CVE-2023/CVE-2023-63xx/CVE-2023-6395.json) (`2024-01-30T05:15:08.500`)


 ## Download and Usage