Auto-Update: 2024-07-25T12:00:17.018055+00:00

2025-07-11 16:13:34 +00:00 · 2024-07-25 12:03:13 +00:00 · 2024-07-25 12:03:13 +00:00 · a2dcdc34a4
commit a2dcdc34a4
parent 58d564f6a5
4 changed files with 125 additions and 13 deletions
--- a/CVE-2024/CVE-2024-370xx/CVE-2024-37084.json
+++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37084.json
@ -0,0 +1,44 @@
 {
  "id": "CVE-2024-37084",
  "sourceIdentifier": "security@vmware.com",
  "published": "2024-07-25T10:15:07.260",
  "lastModified": "2024-07-25T10:15:07.260",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Cloud Data Flow versions prior to 2.11.4,\u00a0\u00a0a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@vmware.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "references": [
    {
      "url": "https://spring.io/security/cve-2024-37084",
      "source": "security@vmware.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-65xx/CVE-2024-6589.json
+++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6589.json
@ -0,0 +1,68 @@
 {
  "id": "CVE-2024-6589",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-07-25T11:15:10.333",
  "lastModified": "2024-07-25T11:15:10.333",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-archive-course.php#L28",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-single-course.php#L28",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3124296/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-07-25T10:00:19.174253+00:00
+2024-07-25T12:00:17.018055+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-07-25T09:15:02.410000+00:00
+2024-07-25T11:15:10.333000+00:00
 ```
 ### Last Data Feed Release
@ -33,23 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-257947
+257949
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `3`
+Recently added CVEs: `2`
- [CVE-2024-41705](CVE-2024/CVE-2024-417xx/CVE-2024-41705.json) (`2024-07-25T08:15:02.467`)
+- [CVE-2024-37084](CVE-2024/CVE-2024-370xx/CVE-2024-37084.json) (`2024-07-25T10:15:07.260`)
- [CVE-2024-41706](CVE-2024/CVE-2024-417xx/CVE-2024-41706.json) (`2024-07-25T08:15:02.783`)
+- [CVE-2024-6589](CVE-2024/CVE-2024-65xx/CVE-2024-6589.json) (`2024-07-25T11:15:10.333`)
 - [CVE-2024-41707](CVE-2024/CVE-2024-417xx/CVE-2024-41707.json) (`2024-07-25T08:15:02.980`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 - [CVE-2024-41012](CVE-2024/CVE-2024-410xx/CVE-2024-41012.json) (`2024-07-25T09:15:02.410`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -253981,6 +253981,7 @@ CVE-2024-3708,0,0,d5d3127cf1ebbe4d1277dc91ebc9f2ee01faea98cb7a29c27942fe94c97d6c
 CVE-2024-37080,0,0,f0a9bd7effb46ac30e1d20f1d1aa7a7b386c0ee7e62089b4e1cc310e9f341fd9,2024-06-20T12:44:01.637000
 CVE-2024-37081,0,0,1657c2c6215fa861c8bf708a3b65df9501dd8a14588c6f7d5718007f5ce77c8d,2024-07-03T02:04:05.970000
 CVE-2024-37082,0,0,cdf7ab7ec235a04ab3547ac9302ea8fb37a25e6b12903e2e739c3b31068e7382,2024-07-12T17:15:10.220000
 CVE-2024-37084,1,1,a9a415180d55f187a8422650468ec1e2da51490c6a9314421d241ae87e9f5117,2024-07-25T10:15:07.260000
 CVE-2024-37085,0,0,4b965e98ee84a1f21a1cc50472486b78f46c71d7d7f35fdfea4d6b86e3425175,2024-06-25T18:50:42.040000
 CVE-2024-37086,0,0,9068529bdb3d555265b7f816c31a19ade60e24d8cc46d6bccf0934fca43600dd,2024-06-25T18:50:42.040000
 CVE-2024-37087,0,0,cd5f38dea6878f55617a1348143830ab9f44bbdb4a44091efb0c0832c07fcba2,2024-06-25T18:50:42.040000
@ -255794,7 +255795,7 @@ CVE-2024-41008,0,0,86de6e2be092cac70f5596fb96d0253f26291855f34ae4ddc015775261181
 CVE-2024-41009,0,0,b973764a3f5390614759bf6dad52e86dad86b20c98263f759698c0703f8fb179,2024-07-19T15:06:23.827000
 CVE-2024-41010,0,0,ae8d1d1b3ebaab40dc6ac6afde49ce66895bb7f4e7ee92f295ff5ca1fa79b217,2024-07-19T15:24:59.137000
 CVE-2024-41011,0,0,4c2c460e7d99f33158a9c285f2b0882c56a6716b8d689bc4bd4c6463e3fba1ea,2024-07-18T12:28:43.707000
-CVE-2024-41012,0,1,2bebfd65b0377a9602c1feec303ce4be2b51c9440ed80c757deb9b16aefab66d,2024-07-25T09:15:02.410000
+CVE-2024-41012,0,0,2bebfd65b0377a9602c1feec303ce4be2b51c9440ed80c757deb9b16aefab66d,2024-07-25T09:15:02.410000
 CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000
 CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000
 CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000
@ -255909,9 +255910,9 @@ CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0
 CVE-2024-4170,0,0,62435f89f96f29247c44c5e589e7b97688efd61a202de53db89b1fe5fd4975dc,2024-06-04T19:20:31.883000
 CVE-2024-41703,0,0,1c3b299376ef5ce17a21e7b5646c9d050d5b45bd92d1e35dddd90617bf6ddc38,2024-07-22T13:00:31.330000
 CVE-2024-41704,0,0,0be617904c777d7b9dc53e786f05db778e1c4b756b7b2091d648829174b58747,2024-07-22T13:00:31.330000
-CVE-2024-41705,1,1,5ffeb4f3b1ed5768c105eab2d087d4a880ca48ab071f0bf50fc47b993fad7e85,2024-07-25T08:15:02.467000
+CVE-2024-41705,0,0,5ffeb4f3b1ed5768c105eab2d087d4a880ca48ab071f0bf50fc47b993fad7e85,2024-07-25T08:15:02.467000
-CVE-2024-41706,1,1,65753859841076a2c598d5e988db4c971c37a1bf17a162950021d17e8e874c15,2024-07-25T08:15:02.783000
+CVE-2024-41706,0,0,65753859841076a2c598d5e988db4c971c37a1bf17a162950021d17e8e874c15,2024-07-25T08:15:02.783000
-CVE-2024-41707,1,1,8afa17852c89022131cbf2f2cb75902b0724eef0c75229a5ce3250312652b8be,2024-07-25T08:15:02.980000
+CVE-2024-41707,0,0,8afa17852c89022131cbf2f2cb75902b0724eef0c75229a5ce3250312652b8be,2024-07-25T08:15:02.980000
 CVE-2024-41709,0,0,2bdff8d893d96056721920d5bf998022e35373c018be8a15f2bfa536aa265890,2024-07-22T13:00:31.330000
 CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000
 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000
@ -257762,6 +257763,7 @@ CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537
 CVE-2024-6579,0,0,70ddc19f754f7cb2643cde5cc84c5570c5648bfc6d8e404da6cc6aa9bb2155c8,2024-07-16T13:43:58.773000
 CVE-2024-6580,0,0,d43dfa58651574c4447e8f323f3cb1f6a00d6bdef0613d5834aefccecf968c5d,2024-07-09T18:19:14.047000
 CVE-2024-6588,0,0,67672e854c20766f2e15151fa1e111ec8310b7083a57f535c99159d2ce6e5af7,2024-07-12T12:49:07.030000
 CVE-2024-6589,1,1,e45ff7e87c25dfc54dcd2dc238380aa5459a05b7a0544b26208a08a6e162636f,2024-07-25T11:15:10.333000
 CVE-2024-6595,0,0,97cf6a37af39b7f5832976478077fe225f57d63ffd9a5f39caf9eca8e3545339,2024-07-19T14:52:54.943000
 CVE-2024-6598,0,0,fb802128b1cfc176540749693b684b4374936099ab1c7948c1ec819266291908,2024-07-09T18:19:14.047000
 CVE-2024-6599,0,0,6a69a16a0a8781527f95db9310983c42c357e28a72f780fd79d80c9654364b86,2024-07-18T12:28:43.707000