admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-07T04:00:17.978415+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-07 04:03:09 +00:00
parent 11493e127d
commit a5a02716d9
8 changed files with 315 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-324xx/CVE-2023-32475.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32475",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-07T03:15:08.950",
"lastModified": "2024-06-07T03:15:08.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-353"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability",
"source": "security_alert@emc.com"
}
]
}

51
CVE-2023/CVE-2023-68xx/CVE-2023-6876.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-6876",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:08.933",
"lastModified": "2024-06-07T02:15:08.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Clever Fox \u2013 One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-16xx/CVE-2024-1689.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1689",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:09.203",
"lastModified": "2024-06-07T02:15:09.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-tools/trunk/admin/admin-init.php#L61",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098165%40woo-tools&new=3098165%40woo-tools&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3830c901-be36-4c4b-976b-d388b6af0c67?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-17xx/CVE-2024-1768.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1768",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.237",
"lastModified": "2024-06-07T03:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=#file1",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16af8724-595c-4daa-80bd-8125a32cc502?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-39xx/CVE-2024-3987.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3987",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.440",
"lastModified": "2024-06-07T03:15:09.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3097563/mobile-menu/trunk/includes/class-wp-mobile-menu-core.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-56xx/CVE-2024-5607.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-5607",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.630",
"lastModified": "2024-06-07T03:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3097680%40ninja-gdpr-compliance&new=3097680%40ninja-gdpr-compliance&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cve",
"source": "security@wordfence.com"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-07T02:00:18.149564+00:00
2024-06-07T04:00:17.978415+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-07T01:15:49.463000+00:00
2024-06-07T03:15:09.630000+00:00
```
### Last Data Feed Release
@ -33,14 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
252943
252949
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `6`
- [CVE-2022-4968](CVE-2022/CVE-2022-49xx/CVE-2022-4968.json) (`2024-06-07T01:15:49.463`)
- [CVE-2023-32475](CVE-2023/CVE-2023-324xx/CVE-2023-32475.json) (`2024-06-07T03:15:08.950`)
- [CVE-2023-6876](CVE-2023/CVE-2023-68xx/CVE-2023-6876.json) (`2024-06-07T02:15:08.933`)
- [CVE-2024-1689](CVE-2024/CVE-2024-16xx/CVE-2024-1689.json) (`2024-06-07T02:15:09.203`)
- [CVE-2024-1768](CVE-2024/CVE-2024-17xx/CVE-2024-1768.json) (`2024-06-07T03:15:09.237`)
- [CVE-2024-3987](CVE-2024/CVE-2024-39xx/CVE-2024-3987.json) (`2024-06-07T03:15:09.440`)
- [CVE-2024-5607](CVE-2024/CVE-2024-56xx/CVE-2024-5607.json) (`2024-06-07T03:15:09.630`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -212127,7 +212127,7 @@ CVE-2022-4964,0,0,1e33f52f21e6461cc018675c2148aa96cac948ebdf6307b4d3746f8773a9bf
CVE-2022-4965,0,0,db99caae0cb2de43133818216d728b6e383517fb71f67f622369387ae341b961,2024-04-10T13:24:00.070000
CVE-2022-4966,0,0,4b6a071e73471757fc55bd168cdc3f57ac339cd73c0d56a405fd8ea19bcfc79e,2024-05-17T02:17:05.713000
CVE-2022-4967,0,0,f64d6e9936967085c3ea26693ea59316b1fba31fa88426c80de2b587efa09fa8,2024-05-14T16:13:02.773000
CVE-2022-4968,1,1,5ea835291645f8398a051a9401d8997a90ebb36002c3199d6fc4a223139116cf,2024-06-07T01:15:49.463000
CVE-2022-4968,0,0,5ea835291645f8398a051a9401d8997a90ebb36002c3199d6fc4a223139116cf,2024-06-07T01:15:49.463000
CVE-2022-4969,0,0,e7667ad9e831fd9b2022455eeca9e7c590310d1520e21bc7482689ef0e3d9055,2024-06-06T16:15:10.250000
CVE-2023-0001,0,0,6ba5d6c17cbd7ec9fa4676d0367d715dae6604f51d9cfe28b728a892d018af19,2024-01-12T22:10:50.817000
CVE-2023-0002,0,0,1b2ceaca2ad4aa0f50a972375612dbbc2aec389d54ffce2da41cd327ee68ab86,2023-11-07T03:59:26.433000
@ -223960,6 +223960,7 @@ CVE-2023-32469,0,0,c64f718d771da097b11fa482f724641a50f58bd141ecdac8ef1bd9ca3a93b
CVE-2023-3247,0,0,944c7a9512d0302f40ba18a4d82c1511a534aceb1c4dea9f4a52b787f5bc6104,2023-08-01T16:38:09.033000
CVE-2023-32470,0,0,cf1fb93bb33344b250fa425962be9282d4e9421bfa05744d38e6fb334ebf28ff,2023-09-13T14:37:24.530000
CVE-2023-32474,0,0,14a7699c96745d2416031df6a87cf303ba86dd81dec884626035282f55099052,2024-02-12T21:37:18.687000
CVE-2023-32475,1,1,f865531aabb7a749b97b40a09c1fabc6b408138b7171f1063f2c9735185792f5,2024-06-07T03:15:08.950000
CVE-2023-32476,0,0,f67bfea26297a4cf8c38d5da9786d71b4b8bf1feb4789219a97bb09d5d395732,2023-07-31T17:05:59.917000
CVE-2023-32477,0,0,c6c53e53bb15cc4bb1e010bc91b9bd9b6aeeeac451ae42307ec3c88df745781c,2023-10-03T15:57:15.073000
CVE-2023-32478,0,0,0a9e3e2ada95dec3b888569322d70937b16477be7b01831c757a4021ed4b299f,2023-07-31T15:08:44.263000
@ -239936,6 +239937,7 @@ CVE-2023-6872,0,0,d1c5b3fc1b3bfefd87d9dad8a9622927485875cb234fe331fefad2ca7b68f5
CVE-2023-6873,0,0,8c787d6e899bda0014371f2611891a291dd7e798bedb926309aeaa78c7003d1a,2024-02-02T02:29:27.507000
CVE-2023-6874,0,0,20d55c881c8740c1c9c245c80d2419e8fd6fe7a8ac50e023c72f933e5bdbc8a7,2024-02-10T04:08:53.127000
CVE-2023-6875,0,0,fa50f826ef562493657259922f0d672e1042b5b70e3533a566fc049edbe41c1f,2024-01-18T16:11:25.827000
CVE-2023-6876,1,1,e659290321848fd1c3ee46b510935c7093662cece1b15a68bc6881338c3d07bf,2024-06-07T02:15:08.933000
CVE-2023-6877,0,0,584d67ded4d169f0ddd54eb7b0729da99776ef4f5bf8697e2f8dfbb6685f9320,2024-04-08T18:48:40.217000
CVE-2023-6878,0,0,c06c28c6ac809dd95b68d213aef696c4411990fd4045334f25f507941978e9dc,2024-01-18T16:34:53.617000
CVE-2023-6879,0,0,c08e575832036ecb7220ddc25f6a81feccb5763236592178949cea3294fefa99,2024-02-02T02:27:15.863000
@ -241709,6 +241711,7 @@ CVE-2024-1685,0,0,8445feed0f23c24c027406dbf274ee8e68366861af592aeb58da42b6e55054
CVE-2024-1686,0,0,513b8933def64d694b65e22b1395645ba43c1774153040be97c24d03679a5263,2024-02-27T14:20:06.637000
CVE-2024-1687,0,0,2c139dd7a4cd5eb96b19cf20743fdcf2a4372838670ad53c30ef28a6668ce9e0,2024-02-27T14:20:06.637000
CVE-2024-1688,0,0,00b4663231fd4363af58c5c1074d228a7c964744d2f38e0ca153752afc0e6216,2024-05-02T18:00:37.360000
CVE-2024-1689,1,1,d07a3205c6ad81eb865662554c83592e9b340bde5cfc192dc0028c959970fb03,2024-06-07T02:15:09.203000
CVE-2024-1690,0,0,f64df43faf81ef2a8a790a9c7a5603e22ee6007009a611d7b1688df810896620,2024-03-13T18:15:58.530000
CVE-2024-1691,0,0,f122d989b2d57485de350b354a899ca74c01df04d45a49a682097dfa29b4d980,2024-03-13T18:15:58.530000
CVE-2024-1692,0,0,ef8c2f206aee0606f4bca6d6f966b02bdbb84047340b5cc369611d2c6473005f,2024-04-01T01:12:59.077000
@ -241776,6 +241779,7 @@ CVE-2024-1763,0,0,405c885dcc4adbf16a17f7b66d8be03ca446d597a243846c9d27588a2fd0ac
CVE-2024-1764,0,0,c434e7eb3867d4e9c121215628110f61b78b54be2a078e3d4abbb0d2595e2437,2024-03-06T15:18:08.093000
CVE-2024-1765,0,0,9393650a3716a95a879e579180f18ed4907e1cef3b587b0e572b47942072153d,2024-03-13T12:33:51.697000
CVE-2024-1767,0,0,44a1b3e1abe3115036290e03cd73084f6f589982886166b1120c38962e210b6c,2024-03-11T01:32:39.697000
CVE-2024-1768,1,1,800943f9c3d42539592b2145e9277b4b49b75eb62044406ca874414c13d9fd7f,2024-06-07T03:15:09.237000
CVE-2024-1769,0,0,c8ffc3f95047b836c5cc91dc3d0971a1ad3cd68218c48289a6e49b8c5f51f807,2024-03-05T13:41:01.900000
CVE-2024-1770,0,0,333904774d9a4f3dfdb80debed66f75e1822143539d08bcc59c6ad7076c3f64d,2024-03-28T12:42:56.150000
CVE-2024-1771,0,0,cc7280a085dd6f03eb9687c2eff5425926f2bc0e4a81dde799379b7786c7a87e,2024-03-06T15:18:08.093000
@ -251912,6 +251916,7 @@ CVE-2024-3970,0,0,a6d2ad116e736372d8ee0cd28cd0cbfef25f3ce953ea92bdb2b1ac922e65ee
CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f919a,2024-05-14T16:11:39.510000
CVE-2024-3979,0,0,4ac2126fe63098861061c1ed3772b0712449f42e64a5481492de94fd61a5b947,2024-06-06T20:15:14.127000
CVE-2024-3985,0,0,73586f1cedc99952324792e19f078c055584e6e606f6222ac3907090ad395ced,2024-05-02T18:00:37.360000
CVE-2024-3987,1,1,2ba800c075c8898e9535a892de09f9f8e1c9994e81e8f9dea003439ba3a3320b,2024-06-07T03:15:09.440000
CVE-2024-3988,0,0,ed49ad0e503298ba2fe40c90a665a86dcb918b5087ac61c1edfd746c2ca95d24,2024-04-25T13:18:13.537000
CVE-2024-3989,0,0,41a6b1dcae0354fb8cba40366dc7ed1eeb84d6a6a33689c35123198fe63c8f01,2024-05-14T16:11:39.510000
CVE-2024-3990,0,0,7879115af68e1891db08bd2dafc44fb55db15680f59885de2ed87fd5c16d9492,2024-05-14T16:11:39.510000
@ -252929,6 +252934,7 @@ CVE-2024-5587,0,0,9180b0762a5a5a7a17ce70cd861bdf25e955d88caf903bee442f7c48a0a2a2
CVE-2024-5588,0,0,21589c4423d1fee081cb695dd8009f3bd5a36bd74dae1713c28449f0da1cd8d1,2024-06-04T19:21:10.267000
CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047b7,2024-06-03T14:46:24.250000
CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000
CVE-2024-5607,1,1,8b06d468a789bf21a5887ce32c4b351ff2f13075122362c1fae85c795fb5346a,2024-06-07T03:15:09.630000
CVE-2024-5609,0,0,f28c83e3e9d04345913d36de3bfdbd0d644d73b3d20045d9399b3368319c8d47,2024-06-06T19:16:09.920000
CVE-2024-5615,0,0,2b9f4fbf88dd4ea6ff55678ac9c0762fd6b29ae2ea4765ff6af29ac25e53e3d4,2024-06-06T14:17:35.017000
CVE-2024-5629,0,0,2b19d175fd80b16aa424307957676ae3dd964a506cce5329fc9e2ea04d26ec96,2024-06-06T14:17:35.017000

Can't render this file because it is too large.