admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-18T08:00:37.315455+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-18 08:03:28 +00:00
parent c767191d75
commit 965348ff68
6 changed files with 205 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2024/CVE-2024-38xx/CVE-2024-3810.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3810",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-18T06:15:06.440",
"lastModified": "2024-05-18T06:15:06.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-38xx/CVE-2024-3811.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3811",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-18T06:15:07.660",
"lastModified": "2024-05-18T06:15:07.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70682a2d-16f6-4d7e-bf69-f0f3999f03de?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-38xx/CVE-2024-3812.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3812",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-18T06:15:08.000",
"lastModified": "2024-05-18T06:15:08.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-48xx/CVE-2024-4849.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-4849",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-18T06:15:08.310",
"lastModified": "2024-05-18T06:15:08.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018autoplay\u2019 parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://codecanyon.net/item/wordpress-automatic-plugin/1904470",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4be58bfa-d489-45f5-9169-db8bab718175?source=cve",
"source": "security@wordfence.com"
}
]
}

18
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-18T06:00:37.768348+00:00
2024-05-18T08:00:37.315455+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-18T05:15:46.917000+00:00
2024-05-18T06:15:08.310000+00:00
```
### Last Data Feed Release
@ -33,23 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
250626
250630
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
- [CVE-2024-3714](CVE-2024/CVE-2024-37xx/CVE-2024-3714.json) (`2024-05-18T05:15:46.520`)
- [CVE-2024-4374](CVE-2024/CVE-2024-43xx/CVE-2024-4374.json) (`2024-05-18T05:15:46.733`)
- [CVE-2024-4891](CVE-2024/CVE-2024-48xx/CVE-2024-4891.json) (`2024-05-18T05:15:46.917`)
- [CVE-2024-3810](CVE-2024/CVE-2024-38xx/CVE-2024-3810.json) (`2024-05-18T06:15:06.440`)
- [CVE-2024-3811](CVE-2024/CVE-2024-38xx/CVE-2024-3811.json) (`2024-05-18T06:15:07.660`)
- [CVE-2024-3812](CVE-2024/CVE-2024-38xx/CVE-2024-3812.json) (`2024-05-18T06:15:08.000`)
- [CVE-2024-4849](CVE-2024/CVE-2024-48xx/CVE-2024-4849.json) (`2024-05-18T06:15:08.310`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2024-3437](CVE-2024/CVE-2024-34xx/CVE-2024-3437.json) (`2024-05-18T05:15:46.150`)
## Download and Usage

12
_state.csv
View File

@ -249394,7 +249394,7 @@ CVE-2024-34366,0,0,25eb851eb2f231dff6589bef7d2a42ccb066a9937b2c8dd9550db97a42376
CVE-2024-34367,0,0,71d4be6198e4635d1e3c7d4a37f4152439ba7ccd61f31e7e76f4c81875c262d4,2024-05-06T19:53:38.797000
CVE-2024-34368,0,0,4903b79ce8f618d0b1d0d013639d45a4b6153544dfe155bf918623d214d25e20,2024-05-06T19:53:38.797000
CVE-2024-34369,0,0,43ae6e229d2787fd10cd297ec9e349b88579a4bb4535eedd72dead9653248f3c,2024-05-06T19:53:38.797000
CVE-2024-3437,0,1,38c43ea03da10ab778450ecd9b17252c40003e9b31ec84914cfa672f1cc45337,2024-05-18T05:15:46.150000
CVE-2024-3437,0,0,38c43ea03da10ab778450ecd9b17252c40003e9b31ec84914cfa672f1cc45337,2024-05-18T05:15:46.150000
CVE-2024-34370,0,0,1fe718a2eee649d566d79376ebcfe560f8db7814624596f121d4d79c81882b11,2024-05-17T18:36:05.263000
CVE-2024-34371,0,0,221cb018c67b2ca9bbf34009d8128ce932e1ca2cdc202136c2419b8ed0256afb,2024-05-06T19:53:38.797000
CVE-2024-34372,0,0,e4943efa5e4e5fb2e57655cdebc39d5c23b50034b23eb8f2d018eb8338330daf,2024-05-06T19:53:38.797000
@ -249890,7 +249890,7 @@ CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff3
CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000
CVE-2024-3706,0,0,93b27543775cdce8e7b256b8d014ea258e7a61f0ddb1cca03581da1a85330700,2024-04-15T13:15:51.577000
CVE-2024-3707,0,0,cb892298714e8d1628bf09ece0bc00ef0a1a1429034ce83bb3286f4d822c160d,2024-04-15T13:15:51.577000
CVE-2024-3714,1,1,b57899bf4e81fdc0ba3a9f38ed0cf5b27563f225fe7b0f4e6e4acfb83260168e,2024-05-18T05:15:46.520000
CVE-2024-3714,0,0,b57899bf4e81fdc0ba3a9f38ed0cf5b27563f225fe7b0f4e6e4acfb83260168e,2024-05-18T05:15:46.520000
CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000
CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000
CVE-2024-3719,0,0,98817b00c300460b7ee17e28b90d655bc3286869de6cea5831a06059286a41a5,2024-05-17T02:40:05.100000
@ -249969,6 +249969,9 @@ CVE-2024-3806,0,0,6bbac8d6c88802878efd703235f913abf5f918c846b51b9285e58ed8ddf880
CVE-2024-3807,0,0,b5687c705ca990e1c1a2e9ad106003739cb7bca636e958ece9155bcc4ab8d5b2,2024-05-14T16:11:39.510000
CVE-2024-3808,0,0,6e074e31636384af2b6d4c4deeb087980da7fc56f8430a6542c2a3c25ff06612,2024-05-14T16:11:39.510000
CVE-2024-3809,0,0,37707cfa70ea9f681f8356134c37777c1e86daf3349fcedf4bb40eddd72d2fa3,2024-05-14T16:11:39.510000
CVE-2024-3810,1,1,6e67ea93016866473dc758c3900a365cc240be34e67ca7f44a4b5e3ab393e024,2024-05-18T06:15:06.440000
CVE-2024-3811,1,1,e1c4892b86bca6154cccb40b756148e6a356434ba325ff4d85437d146059d1e9,2024-05-18T06:15:07.660000
CVE-2024-3812,1,1,471c9599f5151fd0e5d227812f8e2840ee6e9728987b0ff55497b8463f158cb2,2024-05-18T06:15:08
CVE-2024-3817,0,0,46e4b3903939ad7f28eeb8afee28fc4c5b18be71847d60ae426ede3b66e11122,2024-04-18T13:04:28.900000
CVE-2024-3818,0,0,3b93c96d931c7712dba585285a5a0f954163c40c8ab2b4d2e42e74b7a416a166,2024-04-19T13:10:25.637000
CVE-2024-3819,0,0,070335cf0d21b4518c9cf130cbde224bb7db7bd3582033700dab419bc756cd20,2024-05-02T18:00:37.360000
@ -250284,7 +250287,7 @@ CVE-2024-4368,0,0,0ee02ebde276d817508f5495294b3429c463a1f4241660388e0c329992e72b
CVE-2024-4369,0,0,ab5992320463150d25768d540495632f3cea0e672e96fca10ae18e5fed17e7b3,2024-05-02T03:15:15.027000
CVE-2024-4370,0,0,9cb4b287947cccbb5312f0b956bd28c5e0677f742a744bda42968ce33f6a04bb,2024-05-15T16:40:19.330000
CVE-2024-4373,0,0,1ffc43bce359a7dc4906a84b6fc8a1ff35c385d778f8a99a36e9677433d92d07,2024-05-15T16:40:19.330000
CVE-2024-4374,1,1,509f60ac40a5583989d86027571d7dd8b31bf8b38e963c7743b38df392611aed,2024-05-18T05:15:46.733000
CVE-2024-4374,0,0,509f60ac40a5583989d86027571d7dd8b31bf8b38e963c7743b38df392611aed,2024-05-18T05:15:46.733000
CVE-2024-4383,0,0,5a1fe08151a13ea21e71cf2d0c78ad0aa3b9532b0b753d777378763b8935a44b,2024-05-14T16:11:39.510000
CVE-2024-4385,0,0,ca3b527b38ef117a25bd1a563993108f86670c5409f332b50d53521ab7d618e2,2024-05-16T13:03:05.353000
CVE-2024-4386,0,0,e3470cc6a1cc1ee4032b4297ad39fc1eda67f128aadce11b5ef951d1e0deaf83,2024-05-14T16:11:39.510000
@ -250538,6 +250541,7 @@ CVE-2024-4840,0,0,c9ca0895b4a51cab0e2c0d59965d65e29a18e7a3fb86aea7f8e73c28a9d25d
CVE-2024-4843,0,0,58cfe808f738fd9393d526b6ae9c349063459aa7046a90d478177ce3db0c98a6,2024-05-16T13:03:05.353000
CVE-2024-4844,0,0,9cc52c71da3e5a51bc8bac3549d843df2f9b393e878f774cc4555ff01bf8c6f2,2024-05-16T13:03:05.353000
CVE-2024-4847,0,0,bba6603a81b56f6d60e806e2e7574571e772d40efe56d1512e7524611ff51b1c,2024-05-15T16:40:19.330000
CVE-2024-4849,1,1,cf05ac9f954acc664aee89456d166c8162ab156913355e7575a336cb8cbe7099,2024-05-18T06:15:08.310000
CVE-2024-4853,0,0,08d9956cd1fc82aacd4cc52b553fb1ad7c9d41ecc90cc195f4a6a68d3e7942e4,2024-05-14T16:11:39.510000
CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a56284679,2024-05-14T16:11:39.510000
CVE-2024-4855,0,0,bb7758177ed568c219e106881d12c1be9e05abe80abbc1ed8dc52d386d88e25c,2024-05-14T16:11:39.510000
@ -250545,7 +250549,7 @@ CVE-2024-4859,0,0,0e7c5125874f1925896116e914ab4a4e3b887f22c447a3549ca2e9da643585
CVE-2024-4860,0,0,4e8a6a855a2e6e16dad5d91e17b904b6b709d252c51887af538903d405cd55bc,2024-05-14T19:17:55.627000
CVE-2024-4865,0,0,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000
CVE-2024-4871,0,0,8ab16008698c56948c2f0ae8cf729bc698d4cce8f05c254b91a2ba1c9d6200d3,2024-05-14T19:17:55.627000
CVE-2024-4891,1,1,e927ef516e79f1f82b710fc93245e2976a4ebaebf27d0810ac01907f3f3d2a4c,2024-05-18T05:15:46.917000
CVE-2024-4891,0,0,e927ef516e79f1f82b710fc93245e2976a4ebaebf27d0810ac01907f3f3d2a4c,2024-05-18T05:15:46.917000
CVE-2024-4893,0,0,8ffb453add192bbe3edd5219a0cc1fecef136881814a15b6a6fff19e64221c30,2024-05-15T16:40:19.330000
CVE-2024-4894,0,0,6ac5cb6e261d69ae931137ad62bda7bde45e9f279ec9c4c45067086e1e08f8a1,2024-05-15T16:40:19.330000
CVE-2024-4903,0,0,9a411d9f215d13d2c422791efc5893252c00fbd9ad8c56cc74522677d5819e4f,2024-05-17T02:40:40.423000

Can't render this file because it is too large.