Auto-Update: 2024-10-24T08:00:37.566938+00:00

2025-05-30 10:10:41 +00:00 · 2024-10-24 08:03:38 +00:00 · 2024-10-24 08:03:38 +00:00 · 96f120ea1d
commit 96f120ea1d
parent 5bfe04586a
5 changed files with 161 additions and 15 deletions
--- a/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json
+++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-40595",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-10-24T06:15:11.703",
+  "lastModified": "2024-10-24T06:15:11.703",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://support.oneidentity.com/kb/4376565/cve-2024-40595-authentication-bypass-vulnerability",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-98xx/CVE-2024-9864.json
+++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9864.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9864",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-24T07:15:02.310",
+  "lastModified": "2024-10-24T07:15:02.310",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when front-end users can submit new events with tickets."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3170503/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-98xx/CVE-2024-9865.json
+++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9865.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9865",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-24T07:15:02.987",
+  "lastModified": "2024-10-24T07:15:02.987",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ep_booking_attendee_fields\u2019 fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the transaction log for a booking."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3170503/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168585%40eventprime-event-calendar-management&new=3168585%40eventprime-event-calendar-management&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ded977-5297-4b6f-b9f3-0567f995d08a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-24T06:00:19.112720+00:00
+2024-10-24T08:00:37.566938+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-24T05:15:04.717000+00:00
+2024-10-24T07:15:02.987000+00:00
 ```

 ### Last Data Feed Release
@ -33,24 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-266888
+266891
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2024-9374](CVE-2024/CVE-2024-93xx/CVE-2024-9374.json) (`2024-10-24T05:15:04.717`)
+- [CVE-2024-40595](CVE-2024/CVE-2024-405xx/CVE-2024-40595.json) (`2024-10-24T06:15:11.703`)
+- [CVE-2024-9864](CVE-2024/CVE-2024-98xx/CVE-2024-9864.json) (`2024-10-24T07:15:02.310`)
+- [CVE-2024-9865](CVE-2024/CVE-2024-98xx/CVE-2024-9865.json) (`2024-10-24T07:15:02.987`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `4`
+Recently modified CVEs: `0`

- [CVE-2024-10286](CVE-2024/CVE-2024-102xx/CVE-2024-10286.json) (`2024-10-24T04:08:14.833`)
- [CVE-2024-10287](CVE-2024/CVE-2024-102xx/CVE-2024-10287.json) (`2024-10-24T04:07:33.057`)
- [CVE-2024-10288](CVE-2024/CVE-2024-102xx/CVE-2024-10288.json) (`2024-10-24T04:07:45.110`)
- [CVE-2024-10289](CVE-2024/CVE-2024-102xx/CVE-2024-10289.json) (`2024-10-24T04:07:51.340`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -242443,10 +242443,10 @@ CVE-2024-10280,0,0,5929b917545d8ac9a5712190601c52463c1c49843096ab22a3ee3e511638c
 CVE-2024-10281,0,0,9a36c44d0eeb7437ca773f59beacf73fd89778a77f7f1816f560992a33fce085,2024-10-23T15:12:34.673000
 CVE-2024-10282,0,0,502f13ab11591f902fdee413a1b458cbf17ac0e902dcb767bc7c74b4896284ae,2024-10-23T15:15:29.590000
 CVE-2024-10283,0,0,4218091fe17f678b6c5995fd76360b7bb48740fb8bde0144c6a1a41fe06176ce,2024-10-23T15:15:29.850000
-CVE-2024-10286,0,1,00d08dc008bd1989e54b5705c1beff1950aa6f43f0a4065f0f61313516d3cdf8,2024-10-24T04:08:14.833000
-CVE-2024-10287,0,1,f35de541a09293478313fb52f4e207e82b325b3fc6432429ed8850f6465c2bda,2024-10-24T04:07:33.057000
-CVE-2024-10288,0,1,fd731f2fa655e977394860f265053908b8d125d4076d3124439c81d187b95c3b,2024-10-24T04:07:45.110000
-CVE-2024-10289,0,1,7362f8b5a4aaa787d5c8f070f69545dea8207d6f1adb78df74793ff58580e97d,2024-10-24T04:07:51.340000
+CVE-2024-10286,0,0,00d08dc008bd1989e54b5705c1beff1950aa6f43f0a4065f0f61313516d3cdf8,2024-10-24T04:08:14.833000
+CVE-2024-10287,0,0,f35de541a09293478313fb52f4e207e82b325b3fc6432429ed8850f6465c2bda,2024-10-24T04:07:33.057000
+CVE-2024-10288,0,0,fd731f2fa655e977394860f265053908b8d125d4076d3124439c81d187b95c3b,2024-10-24T04:07:45.110000
+CVE-2024-10289,0,0,7362f8b5a4aaa787d5c8f070f69545dea8207d6f1adb78df74793ff58580e97d,2024-10-24T04:07:51.340000
 CVE-2024-1029,0,0,0f58435c5c731694bc563330e2e0cc48091c7d28b092c9a25a6684c410525166,2024-05-17T02:35:11.633000
 CVE-2024-10290,0,0,d3e172c9c7b7b0403c392ffa2d79ecaff1aea477f009179997ba8147d4bbe88f,2024-10-23T15:15:30.110000
 CVE-2024-10291,0,0,4221f9dc258e6d84993fa0f34bdeaf5dfcbfbf20fdb69558d099a0b3635f00b4,2024-10-23T16:15:04.597000
@ -258057,6 +258057,7 @@ CVE-2024-40576,0,0,8423823b913f3d1284aae2224b689bfefe0b7a1b018e49f904fd4948fdba6
 CVE-2024-4058,0,0,517dff31dd649a4fc97ec9b0700bafce6dc3cd3c4729ffb175a77bfe0097ad6e,2024-08-01T13:59:23.240000
 CVE-2024-4059,0,0,c49986e07be30ca2c850f4613369c1702dff21e7018832f61c83284c95e0cc00,2024-05-03T03:16:29.430000
 CVE-2024-40594,0,0,5f8b4e7b3001e206c4db42bfb10b66a5767bd1e5041c1bca9998a882526a992d,2024-07-08T15:49:22.437000
+CVE-2024-40595,1,1,a181f13e8c06f281b39ef40cbf09da0370cf06e7de45b29ab6f71c694074e46e,2024-10-24T06:15:11.703000
 CVE-2024-40596,0,0,eba237165708995f6d88799cc22362156aa815eb2255f3ea66a6ad9f417cfe2d,2024-07-09T16:45:08.760000
 CVE-2024-40597,0,0,9253bd3e0343b7becb6fbf27eb19f59c2b782f333d3980529c893721abdb7002,2024-07-08T15:49:22.437000
 CVE-2024-40598,0,0,de25c69f35558b8aca0a1bbf15e54892da14954831f161b4abaf3c33fd743682,2024-07-09T16:45:38.957000
@ -266599,7 +266600,7 @@ CVE-2024-9366,0,0,407cafef9b2d9532a719e3ec12a763493be7d8b50723eedc7ded3a298c185d
 CVE-2024-9368,0,0,9f09034d1cef896f0488110242b0920a28a4e3f8f0b6f56c7b8ec3c63941f7cb,2024-10-10T20:30:51.240000
 CVE-2024-9372,0,0,8dacc1340b523e83cb4764d42eea980a95a68aef0cadf900c3f45471ba3dc7ad,2024-10-10T20:36:28.020000
 CVE-2024-9373,0,0,aeb5e5e7812ae1c911161fbc197cd9777cff81e8221d22b7660e89f11b598b88,2024-10-22T15:07:23.907000
-CVE-2024-9374,1,1,ef0a07c336a99b876e546fbc3fcb161406db39f3adf42d416b132567ab972508,2024-10-24T05:15:04.717000
+CVE-2024-9374,0,0,ef0a07c336a99b876e546fbc3fcb161406db39f3adf42d416b132567ab972508,2024-10-24T05:15:04.717000
 CVE-2024-9375,0,0,232ace92ca49be5c1a33c93abd9a6f17ed5ee21ca74aacf34cd6b513a369ea2a,2024-10-10T20:44:02.900000
 CVE-2024-9377,0,0,3c01b2152e67b0ec56dfdcb67187215bc3a0a790ca5dfe0c8b3edfb9194a5eaf,2024-10-15T14:18:12.483000
 CVE-2024-9378,0,0,ced37e1766b174eaa8afe905f70c6bc3776421764713e21471018e4984150c99,2024-10-07T20:15:08.697000
@ -266812,6 +266813,8 @@ CVE-2024-9860,0,0,5146b7a0224d680f933516d3f319e5a1a7abd782ae32358fb855e1c62c4df5
 CVE-2024-9861,0,0,ea3da873230376cd14799b0d170e8e876683f20c285aa64f3bb5d67920c38493,2024-10-18T12:53:04.627000
 CVE-2024-9862,0,0,a125c015e3b00c8735ed8c9687686a16a9d40d9b6f2ce90b19ff292bf536d9b9,2024-10-18T12:53:04.627000
 CVE-2024-9863,0,0,5a2779f928f03a35905e31f60158c72d5505c6aaa35173f98063e46d2c1389f4,2024-10-18T12:53:04.627000
+CVE-2024-9864,1,1,ed4bb32f7ccba07250ea60d90abd733bee150fd7274c36de00b410e6eb7ee0d6,2024-10-24T07:15:02.310000
+CVE-2024-9865,1,1,3b3858ba53b1464f281dbcaf0c38d3486f6c55a2286b54a15778cb228c16d68e,2024-10-24T07:15:02.987000
 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000
 CVE-2024-9873,0,0,54e1b937a83aa8c512a9ce3ab381594073150b73716fb01cf60c5f6e4db0c415,2024-10-16T16:38:14.557000
 CVE-2024-9888,0,0,de5de1e3177c72ea1d0a5d19aa48b1693390bd1baf1f85524c962ffa2c18433f,2024-10-16T16:38:14.557000