From a2dcdc34a496e47d1dea5a99837284331f2438ad Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 25 Jul 2024 12:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-07-25T12:00:17.018055+00:00 --- CVE-2024/CVE-2024-370xx/CVE-2024-37084.json | 44 +++++++++++++ CVE-2024/CVE-2024-65xx/CVE-2024-6589.json | 68 +++++++++++++++++++++ README.md | 16 +++-- _state.csv | 10 +-- 4 files changed, 125 insertions(+), 13 deletions(-) create mode 100644 CVE-2024/CVE-2024-370xx/CVE-2024-37084.json create mode 100644 CVE-2024/CVE-2024-65xx/CVE-2024-6589.json diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37084.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37084.json new file mode 100644 index 00000000000..6edbfe9f623 --- /dev/null +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37084.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-37084", + "sourceIdentifier": "security@vmware.com", + "published": "2024-07-25T10:15:07.260", + "lastModified": "2024-07-25T10:15:07.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Spring Cloud Data Flow versions prior to 2.11.4,\u00a0\u00a0a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2024-37084", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6589.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6589.json new file mode 100644 index 00000000000..fab95d89583 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6589.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-6589", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-25T11:15:10.333", + "lastModified": "2024-07-25T11:15:10.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-archive-course.php#L28", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-single-course.php#L28", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3124296/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6d48aa69dc5..c023f47c602 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-25T10:00:19.174253+00:00 +2024-07-25T12:00:17.018055+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-25T09:15:02.410000+00:00 +2024-07-25T11:15:10.333000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257947 +257949 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2024-41705](CVE-2024/CVE-2024-417xx/CVE-2024-41705.json) (`2024-07-25T08:15:02.467`) -- [CVE-2024-41706](CVE-2024/CVE-2024-417xx/CVE-2024-41706.json) (`2024-07-25T08:15:02.783`) -- [CVE-2024-41707](CVE-2024/CVE-2024-417xx/CVE-2024-41707.json) (`2024-07-25T08:15:02.980`) +- [CVE-2024-37084](CVE-2024/CVE-2024-370xx/CVE-2024-37084.json) (`2024-07-25T10:15:07.260`) +- [CVE-2024-6589](CVE-2024/CVE-2024-65xx/CVE-2024-6589.json) (`2024-07-25T11:15:10.333`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-41012](CVE-2024/CVE-2024-410xx/CVE-2024-41012.json) (`2024-07-25T09:15:02.410`) ## Download and Usage diff --git a/_state.csv b/_state.csv index de6b429b3a4..254095090f2 100644 --- a/_state.csv +++ b/_state.csv @@ -253981,6 +253981,7 @@ CVE-2024-3708,0,0,d5d3127cf1ebbe4d1277dc91ebc9f2ee01faea98cb7a29c27942fe94c97d6c CVE-2024-37080,0,0,f0a9bd7effb46ac30e1d20f1d1aa7a7b386c0ee7e62089b4e1cc310e9f341fd9,2024-06-20T12:44:01.637000 CVE-2024-37081,0,0,1657c2c6215fa861c8bf708a3b65df9501dd8a14588c6f7d5718007f5ce77c8d,2024-07-03T02:04:05.970000 CVE-2024-37082,0,0,cdf7ab7ec235a04ab3547ac9302ea8fb37a25e6b12903e2e739c3b31068e7382,2024-07-12T17:15:10.220000 +CVE-2024-37084,1,1,a9a415180d55f187a8422650468ec1e2da51490c6a9314421d241ae87e9f5117,2024-07-25T10:15:07.260000 CVE-2024-37085,0,0,4b965e98ee84a1f21a1cc50472486b78f46c71d7d7f35fdfea4d6b86e3425175,2024-06-25T18:50:42.040000 CVE-2024-37086,0,0,9068529bdb3d555265b7f816c31a19ade60e24d8cc46d6bccf0934fca43600dd,2024-06-25T18:50:42.040000 CVE-2024-37087,0,0,cd5f38dea6878f55617a1348143830ab9f44bbdb4a44091efb0c0832c07fcba2,2024-06-25T18:50:42.040000 @@ -255794,7 +255795,7 @@ CVE-2024-41008,0,0,86de6e2be092cac70f5596fb96d0253f26291855f34ae4ddc015775261181 CVE-2024-41009,0,0,b973764a3f5390614759bf6dad52e86dad86b20c98263f759698c0703f8fb179,2024-07-19T15:06:23.827000 CVE-2024-41010,0,0,ae8d1d1b3ebaab40dc6ac6afde49ce66895bb7f4e7ee92f295ff5ca1fa79b217,2024-07-19T15:24:59.137000 CVE-2024-41011,0,0,4c2c460e7d99f33158a9c285f2b0882c56a6716b8d689bc4bd4c6463e3fba1ea,2024-07-18T12:28:43.707000 -CVE-2024-41012,0,1,2bebfd65b0377a9602c1feec303ce4be2b51c9440ed80c757deb9b16aefab66d,2024-07-25T09:15:02.410000 +CVE-2024-41012,0,0,2bebfd65b0377a9602c1feec303ce4be2b51c9440ed80c757deb9b16aefab66d,2024-07-25T09:15:02.410000 CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000 CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000 CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000 @@ -255909,9 +255910,9 @@ CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0 CVE-2024-4170,0,0,62435f89f96f29247c44c5e589e7b97688efd61a202de53db89b1fe5fd4975dc,2024-06-04T19:20:31.883000 CVE-2024-41703,0,0,1c3b299376ef5ce17a21e7b5646c9d050d5b45bd92d1e35dddd90617bf6ddc38,2024-07-22T13:00:31.330000 CVE-2024-41704,0,0,0be617904c777d7b9dc53e786f05db778e1c4b756b7b2091d648829174b58747,2024-07-22T13:00:31.330000 -CVE-2024-41705,1,1,5ffeb4f3b1ed5768c105eab2d087d4a880ca48ab071f0bf50fc47b993fad7e85,2024-07-25T08:15:02.467000 -CVE-2024-41706,1,1,65753859841076a2c598d5e988db4c971c37a1bf17a162950021d17e8e874c15,2024-07-25T08:15:02.783000 -CVE-2024-41707,1,1,8afa17852c89022131cbf2f2cb75902b0724eef0c75229a5ce3250312652b8be,2024-07-25T08:15:02.980000 +CVE-2024-41705,0,0,5ffeb4f3b1ed5768c105eab2d087d4a880ca48ab071f0bf50fc47b993fad7e85,2024-07-25T08:15:02.467000 +CVE-2024-41706,0,0,65753859841076a2c598d5e988db4c971c37a1bf17a162950021d17e8e874c15,2024-07-25T08:15:02.783000 +CVE-2024-41707,0,0,8afa17852c89022131cbf2f2cb75902b0724eef0c75229a5ce3250312652b8be,2024-07-25T08:15:02.980000 CVE-2024-41709,0,0,2bdff8d893d96056721920d5bf998022e35373c018be8a15f2bfa536aa265890,2024-07-22T13:00:31.330000 CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000 @@ -257762,6 +257763,7 @@ CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537 CVE-2024-6579,0,0,70ddc19f754f7cb2643cde5cc84c5570c5648bfc6d8e404da6cc6aa9bb2155c8,2024-07-16T13:43:58.773000 CVE-2024-6580,0,0,d43dfa58651574c4447e8f323f3cb1f6a00d6bdef0613d5834aefccecf968c5d,2024-07-09T18:19:14.047000 CVE-2024-6588,0,0,67672e854c20766f2e15151fa1e111ec8310b7083a57f535c99159d2ce6e5af7,2024-07-12T12:49:07.030000 +CVE-2024-6589,1,1,e45ff7e87c25dfc54dcd2dc238380aa5459a05b7a0544b26208a08a6e162636f,2024-07-25T11:15:10.333000 CVE-2024-6595,0,0,97cf6a37af39b7f5832976478077fe225f57d63ffd9a5f39caf9eca8e3545339,2024-07-19T14:52:54.943000 CVE-2024-6598,0,0,fb802128b1cfc176540749693b684b4374936099ab1c7948c1ec819266291908,2024-07-09T18:19:14.047000 CVE-2024-6599,0,0,6a69a16a0a8781527f95db9310983c42c357e28a72f780fd79d80c9654364b86,2024-07-18T12:28:43.707000