Auto-Update: 2024-07-04T20:00:43.629043+00:00

CVE-2024/CVE-2024-374xx/CVE-2024-37471.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-37471",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-04T19:15:10.417",
+  "lastModified": "2024-07-04T19:15:10.417",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/woffice-core/wordpress-woffice-core-plugin-5-4-8-site-wide-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-374xx/CVE-2024-37472.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-37472",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-04T19:15:10.610",
+  "lastModified": "2024-07-04T19:15:10.610",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/woffice/wordpress-woffice-theme-5-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-374xx/CVE-2024-37474.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-37474",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-04T19:15:10.790",
+  "lastModified": "2024-07-04T19:15:10.790",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/newspack-ads/wordpress-newspack-ads-plugin-1-47-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-374xx/CVE-2024-37476.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-37476",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-04T18:15:10.210",
+  "lastModified": "2024-07-04T18:15:10.210",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/newspack-popups/wordpress-newspack-campaigns-plugin-2-31-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-399xx/CVE-2024-39934.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-39934",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T19:15:10.967",
+  "lastModified": "2024-07-04T19:15:10.967",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the \"shared holotree usage\" feature allows any user to edit any Python environment."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://checkmk.com/werk/16434",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/elabit/robotmk/releases/tag/v2.0.1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-65xx/CVE-2024-6511.json

@@ -0,0 +1,133 @@
+{
+  "id": "CVE-2024-6511",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-07-04T19:15:11.207",
+  "lastModified": "2024-07-04T19:15:11.207",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/y_project/RuoYi/issues/IA8O7O",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.270343",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.270343",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-07-04T18:02:10.871503+00:00
+2024-07-04T20:00:43.629043+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-07-04T16:15:03.103000+00:00
+2024-07-04T19:15:11.207000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,18 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-255878
+255884
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `6`
 
-- [CVE-2024-39930](CVE-2024/CVE-2024-399xx/CVE-2024-39930.json) (`2024-07-04T16:15:02.277`)
-- [CVE-2024-39931](CVE-2024/CVE-2024-399xx/CVE-2024-39931.json) (`2024-07-04T16:15:02.503`)
-- [CVE-2024-39932](CVE-2024/CVE-2024-399xx/CVE-2024-39932.json) (`2024-07-04T16:15:02.707`)
-- [CVE-2024-39933](CVE-2024/CVE-2024-399xx/CVE-2024-39933.json) (`2024-07-04T16:15:02.900`)
-- [CVE-2024-6513](CVE-2024/CVE-2024-65xx/CVE-2024-6513.json) (`2024-07-04T16:15:03.103`)
+- [CVE-2024-37471](CVE-2024/CVE-2024-374xx/CVE-2024-37471.json) (`2024-07-04T19:15:10.417`)
+- [CVE-2024-37472](CVE-2024/CVE-2024-374xx/CVE-2024-37472.json) (`2024-07-04T19:15:10.610`)
+- [CVE-2024-37474](CVE-2024/CVE-2024-374xx/CVE-2024-37474.json) (`2024-07-04T19:15:10.790`)
+- [CVE-2024-37476](CVE-2024/CVE-2024-374xx/CVE-2024-37476.json) (`2024-07-04T18:15:10.210`)
+- [CVE-2024-39934](CVE-2024/CVE-2024-399xx/CVE-2024-39934.json) (`2024-07-04T19:15:10.967`)
+- [CVE-2024-6511](CVE-2024/CVE-2024-65xx/CVE-2024-6511.json) (`2024-07-04T19:15:11.207`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -253512,6 +253512,10 @@ CVE-2024-3744,0,0,3408d488e8996c91d94ffcdb9d000c212f3fb5178aa8822cd0999d10712521
 CVE-2024-3745,0,0,0c97e7d88631153724030fc4589ac35dd3957f099e7d9be0c53b9ed0e2dd38f4,2024-05-20T13:00:34.807000
 CVE-2024-3746,0,0,b404a3f5af28975fb4e5d0eb577c67fe9710274ad0c55beaeeb6ef81bbf0e35b,2024-07-03T02:06:31.490000
 CVE-2024-3747,0,0,6871870ddb764bd7e2884ba1607d3a8e3ec9c4bf7e3490a3d61f8ca42b77a2e1,2024-05-02T18:00:37.360000
+CVE-2024-37471,1,1,6dd9c7c7ddb7b8493629859db09c986279b62df98a192230f1211785ebd71b74,2024-07-04T19:15:10.417000
+CVE-2024-37472,1,1,42e481d511cb53e61acd0a58f513934c802130e1ec0726dafd3ccdc2fcf681d2,2024-07-04T19:15:10.610000
+CVE-2024-37474,1,1,6ef04928de9b22f3e0f8b650e0d24e68a81b9718de954f9b8a038743344e76a7,2024-07-04T19:15:10.790000
+CVE-2024-37476,1,1,0964cff549dc7d405b7426ff441622b62473a958c4aee6ad37b5bf8d7a2a3577,2024-07-04T18:15:10.210000
 CVE-2024-37479,0,0,b47f15244b7d8bdc435b7b058e1a43515a90d9355fb7c5cb51f1025055601a89,2024-07-02T12:09:16.907000
 CVE-2024-3748,0,0,130f91484f33c46b6a8a1b827c41c8bedf887e9f91a42beeaa1df38ecf15e978,2024-07-03T02:06:31.737000
 CVE-2024-3749,0,0,b3391f40e1bcbcef1a08d3c4874bc14a907340ab4c3bf6aac04f7b2d59e58359,2024-07-03T02:06:31.950000
@@ -254176,10 +254180,11 @@ CVE-2024-3992,0,0,ff644523dcb07d662c2bf53b9e125872cf5c9b9df16e03b5f8dec25363b303
 CVE-2024-39920,0,0,8281f1288058876e172a78a04b7e10123b671826d2c29ba249d059d614d38347,2024-07-03T12:53:24.977000
 CVE-2024-39929,0,0,cf5d8cc3088017350f8fafafc8f29dd7664dcda46f2c4ba2922b28cf1942dccf,2024-07-04T15:15:10.323000
 CVE-2024-3993,0,0,a2f94f13d02cfe8603a71433706e6cc2c5ad0c0e3e2fd5d51c299cf3fc301a73,2024-07-03T02:06:58.160000
-CVE-2024-39930,1,1,c9bc32e6cdb5f84ae20f0bbafebd539d8b9ce97eccd6c3ad4d901e67bdb0c0af,2024-07-04T16:15:02.277000
-CVE-2024-39931,1,1,344e1125fce2a708cd0a7659223ec19cdd698a80f41e308b2f4f40a3d93ac22e,2024-07-04T16:15:02.503000
-CVE-2024-39932,1,1,5e4272e9d0dd9401714213f00c1f63699f061b026540df960a62aedeac1dbca4,2024-07-04T16:15:02.707000
-CVE-2024-39933,1,1,e770b0700b1b578e89eeefbea1daf93cbdb4de4c1196c535b6cafa82bc86fc2a,2024-07-04T16:15:02.900000
+CVE-2024-39930,0,0,c9bc32e6cdb5f84ae20f0bbafebd539d8b9ce97eccd6c3ad4d901e67bdb0c0af,2024-07-04T16:15:02.277000
+CVE-2024-39931,0,0,344e1125fce2a708cd0a7659223ec19cdd698a80f41e308b2f4f40a3d93ac22e,2024-07-04T16:15:02.503000
+CVE-2024-39932,0,0,5e4272e9d0dd9401714213f00c1f63699f061b026540df960a62aedeac1dbca4,2024-07-04T16:15:02.707000
+CVE-2024-39933,0,0,e770b0700b1b578e89eeefbea1daf93cbdb4de4c1196c535b6cafa82bc86fc2a,2024-07-04T16:15:02.900000
+CVE-2024-39934,1,1,00c0ccfbd3241171fde97351b4b48f02266ea6fad6011bbce1bf251e8c022dd0,2024-07-04T19:15:10.967000
 CVE-2024-3994,0,0,292539249e741e7003c555a5d4fa2182b15a01b393fb04fa15e675750c01906e,2024-04-25T13:18:02.660000
 CVE-2024-3995,0,0,a7fe690817691037765b680c602849c2a36e767bb2849159693fe5a7864f46cb,2024-07-01T14:15:05.680000
 CVE-2024-3997,0,0,507ae8762d75f9d68eda75aa3a6fbbaf1b3579404dfa0ecd9f2978d2aa87a55f,2024-05-24T01:15:30.977000
@@ -255876,4 +255881,5 @@ CVE-2024-6471,0,0,33db1e0271959450d1204c1eba113a94befddf6a5610d2c3f2f72d1021d9b2
 CVE-2024-6488,0,0,41fc5abcd5ea3e9bb883e6ccb6f9823e582dfd700e5d2a53a889772d0ec7808d,2024-07-03T19:15:05.143000
 CVE-2024-6506,0,0,f64c6542ddc1860dd875b3613d62502bf6eb753475b36b267157e30bbe0eab6c,2024-07-04T13:15:10.240000
 CVE-2024-6507,0,0,7fc34ffc93e91ceb57cb62db5fda91831601bb47254c70726f80d542d50ab8bd,2024-07-04T12:15:03.963000
-CVE-2024-6513,1,1,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000
+CVE-2024-6511,1,1,13032e0f940591a484293a07a862271ed8d2856d5582bbc0f01657029640c8b1,2024-07-04T19:15:11.207000
+CVE-2024-6513,0,0,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000