Auto-Update: 2024-07-06T12:00:29.667761+00:00

2025-07-09 16:05:11 +00:00 · 2024-07-06 12:03:23 +00:00 · 2024-07-06 12:03:23 +00:00 · 997e44f955
commit 997e44f955
parent ff9675c49d
6 changed files with 210 additions and 6 deletions
--- a/CVE-2024/CVE-2024-372xx/CVE-2024-37208.json
+++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37208.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37208",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T10:15:01.907",
+  "lastModified": "2024-07-06T10:15:01.907",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/wp-scraper/wordpress-wp-scraper-plugin-5-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-372xx/CVE-2024-37234.json
+++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37234.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37234",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T10:15:02.913",
+  "lastModified": "2024-07-06T10:15:02.913",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-372xx/CVE-2024-37260.json
+++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37260.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37260",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T10:15:03.190",
+  "lastModified": "2024-07-06T10:15:03.190",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-394xx/CVE-2024-39486.json
+++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39486.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2024-39486",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-07-06T10:15:03.393",
+  "lastModified": "2024-07-06T10:15:03.393",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\nfilp->pid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp->pid and dropping the\ndev->filelist_mutex, making the following race possible:\n\nprocess A               process B\n=========               =========\n                        begin drm_file_update_pid\n                        mutex_lock(&dev->filelist_mutex)\n                        rcu_replace_pointer(filp->pid, <pid B>, 1)\n                        mutex_unlock(&dev->filelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(&dev->filelist_mutex)\nrcu_replace_pointer(filp->pid, <pid A>, 1)\nmutex_unlock(&dev->filelist_mutex)\nget_pid(<pid A>)\nsynchronize_rcu()\nput_pid(<pid B>)   *** pid B reaches refcount 0 and is freed here ***\n                        get_pid(<pid B>)   *** UAF ***\n                        synchronize_rcu()\n                        put_pid(<pid A>)\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task's pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0acce2a5c619ef1abdee783d7fea5eac78ce4844",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/16682588ead4a593cf1aebb33b36df4d1e9e4ffa",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/4f2a129b33a2054e62273edd5a051c34c08d96e9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-06T10:01:02.688999+00:00
+2024-07-06T12:00:29.667761+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-06T09:15:02.050000+00:00
+2024-07-06T10:15:03.393000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255954
+255958
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

- [CVE-2024-5616](CVE-2024/CVE-2024-56xx/CVE-2024-5616.json) (`2024-07-06T09:15:02.050`)
+- [CVE-2024-37208](CVE-2024/CVE-2024-372xx/CVE-2024-37208.json) (`2024-07-06T10:15:01.907`)
+- [CVE-2024-37234](CVE-2024/CVE-2024-372xx/CVE-2024-37234.json) (`2024-07-06T10:15:02.913`)
+- [CVE-2024-37260](CVE-2024/CVE-2024-372xx/CVE-2024-37260.json) (`2024-07-06T10:15:03.190`)
+- [CVE-2024-39486](CVE-2024/CVE-2024-394xx/CVE-2024-39486.json) (`2024-07-06T10:15:03.393`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -253441,6 +253441,7 @@ CVE-2024-37185,0,0,ce3a2eeaa366e0078438541c31768228f57c06809ab185bd78a5053ce3cc0
 CVE-2024-3719,0,0,d2320674d04cefde56a0b36b463f74328d6f18494803030bdfe9b0b1b4374afd,2024-06-04T19:20:23.553000
 CVE-2024-37198,0,0,8919c8b8db43ac2a9639793fec092e2666b55422ab58e48ee04c39b0bd19361a,2024-06-24T18:55:25.417000
 CVE-2024-3720,0,0,f4e69514093cc630aeda39d0a41fe705e0d9916a1077cef429b7dcf05a404308,2024-06-04T19:20:23.660000
+CVE-2024-37208,1,1,7e1627d018918fbe5105fc4fb5063772f37500b3dc14dafb28c1ef266db79c05,2024-07-06T10:15:01.907000
 CVE-2024-3721,0,0,ec8dc4b0ad5d1d9ba11acb18015142f7d1715fd653f7ca2987e266e9c9e8ef01,2024-05-17T02:40:05.290000
 CVE-2024-37212,0,0,cb0e3003beb0d778b1e3e4d8f1145799c285874f36dc8f863bd0c5bf6222df34,2024-06-24T18:55:34.983000
 CVE-2024-3722,0,0,7c1b4fae7e86bf4c1bc76a0d39819ffc592a7b598c7675ac0628daa278671c4c,2024-05-14T16:11:39.510000
@ -253451,12 +253452,14 @@ CVE-2024-3723,0,0,21c397ab5e875f2652ba15d9001cdd8ef5c5941ff996881e18084aebeaee89
 CVE-2024-37230,0,0,c056784fe1461835022ae4387a349a1e9e9676537a6bd83c972fd23b962299aa,2024-06-24T18:55:55.037000
 CVE-2024-37231,0,0,2975c060fd817766775d3e3ec5265250dfcb406eb3856b3f2d8635478d7fc4db,2024-06-24T19:26:47.037000
 CVE-2024-37233,0,0,dcdb23af544a8046a4ecb68f34b48a3a15207d5a73bdc6182df1b28a0bb5e19c,2024-06-24T19:26:47.037000
+CVE-2024-37234,1,1,3d8acf0212e714e21ca36535ed076b048335a1b2240ff0a6d0aa50a33b661aee,2024-07-06T10:15:02.913000
 CVE-2024-3724,0,0,a2f08bb0a2e36a5c374b862fb3e4beff315b3d6672953c5eeabe10290b435e2c,2024-05-02T18:00:37.360000
 CVE-2024-37247,0,0,038744b78f2f2634865ad1661e2c97961d5a301727139375431f6d0656bf9981,2024-06-27T12:47:19.847000
 CVE-2024-37248,0,0,99c2cd4652890a37e2628f89e3ffdbcb4a9642bb6a6f401aec3aa06f83017ab1,2024-06-27T12:47:19.847000
 CVE-2024-3725,0,0,dd194c190207038aca40dcc17eaac7bd7c6f9f34e04d00c016e0de6cd9837da0,2024-05-02T18:00:37.360000
 CVE-2024-37252,0,0,faf33ef7b8f72660b3f71af61d55db3b928cbbfdda8d6a6c03b3fcf0d979da09,2024-06-26T12:44:29.693000
 CVE-2024-3726,0,0,5d13f10d5b73efb7ab7c6448eee56ee5b7f1a739226807fb6eef2a4ab850d2f7,2024-05-30T13:15:41.297000
+CVE-2024-37260,1,1,e7a861e832b89ec4413096ab8d21c1e7d48eb0a1e56b026be187a844069b343b,2024-07-06T10:15:03.190000
 CVE-2024-3727,0,0,8e07517a9dca0048f3a5546e14ea5eaec2b195c195e356a5ec35a7e996ce9012,2024-07-03T17:15:04.780000
 CVE-2024-37273,0,0,8e9dee449ebc3c902c8a48603bfb19c8ba061254dd865164dc4adc81e57806ef,2024-06-11T14:12:23.210000
 CVE-2024-37279,0,0,23b5ab6d6e7d20abbef93be4c8b8a6f2f980c082bdec809528b549006da1d24b,2024-06-13T18:35:19.777000
@ -254180,6 +254183,7 @@ CVE-2024-39482,0,0,b5ca1dd95768db032dce80c55c6258ec99ccbde63e8f741757c09d5b0797c
 CVE-2024-39483,0,0,eadec7028a472ed93e8a5dff095927eb733e9a05f36586ae19cb293f76cb70c1,2024-07-05T12:55:51.367000
 CVE-2024-39484,0,0,b31f852aa24f56cfe148c1d4b3e8b85592312114fff33022a4ab6f2336cd9ae1,2024-07-05T12:55:51.367000
 CVE-2024-39485,0,0,9b3768f03e1707409b88b5bf989b1fa63f75e320d3314c45846159b435aec509,2024-07-05T12:55:51.367000
+CVE-2024-39486,1,1,6a96f68c896ee3f5f62aaf7d0c2f5a9013ed4783a42c5e75fa700ffefa70ff24,2024-07-06T10:15:03.393000
 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000
 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000
 CVE-2024-3954,0,0,45f1b348fcace6f84e3157e2d0f8a54fc4228bb396d26e03c9556cd235947f43,2024-05-14T16:11:39.510000
@ -255521,7 +255525,7 @@ CVE-2024-5611,0,0,7f38716b1ccbe035f7f86ea6c7617ab6f4cac8651e00e7906bbdbf77091ab5
 CVE-2024-5612,0,0,24bfbb6efa391db3014703335fcf10e8f670f2b2b154031d8b7a312f92d36720,2024-06-07T14:56:05.647000
 CVE-2024-5613,0,0,7e758f60ff4a249ae3d985d91b4f3417dc42ff70d8507f5e072b9cf0ad6144fd,2024-06-10T02:52:08.267000
 CVE-2024-5615,0,0,d715351de069ee256cfd127ce22346136f76094dbd1f6f173b336f3c2cdc9c0f,2024-06-11T17:55:16.103000
-CVE-2024-5616,1,1,dc636e3941ecbef30c76d8756c4e51d3b0104af0c561655eb861ad296b553f3c,2024-07-06T09:15:02.050000
+CVE-2024-5616,0,0,dc636e3941ecbef30c76d8756c4e51d3b0104af0c561655eb861ad296b553f3c,2024-07-06T09:15:02.050000
 CVE-2024-5629,0,0,20478b62dd0cd666624f11f2e5a11c22a9915feb481805651583fe7db0518c7b,2024-06-18T18:31:05.663000
 CVE-2024-5635,0,0,2463dd00def60296c968660a2ba7a3c25845ea097c4cd305a7e3f2bd55658946,2024-06-11T16:47:04.413000
 CVE-2024-5636,0,0,82666e4630526d7fc8211dab0f89e7e17d4e982c91e038f44b209ae67bb471f3,2024-06-11T17:23:29.670000