Auto-Update: 2024-10-09T04:00:16.948659+00:00

2025-05-08 11:37:26 +00:00 · 2024-10-09 04:03:18 +00:00 · 2024-10-09 04:03:18 +00:00 · a6c2d39065
commit a6c2d39065
parent 03156e1864
6 changed files with 79 additions and 66 deletions
--- a/CVE-2024/CVE-2024-213xx/CVE-2024-21338.json
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21338.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-21338",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2024-02-13T18:15:49.083",
-  "lastModified": "2024-06-10T15:42:53.913",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T02:15:15.920",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "cisaExploitAdd": "2024-03-04",
  "cisaActionDue": "2024-03-25",
@ -132,15 +132,6 @@
    }
  ],
  "references": [
-    {
-      "url": "https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/",
-      "source": "secure@microsoft.com",
-      "tags": [
-        "Exploit",
-        "Technical Description",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338",
      "source": "secure@microsoft.com",
--- a/CVE-2024/CVE-2024-214xx/CVE-2024-21413.json
+++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21413.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-21413",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2024-02-13T18:16:00.137",
-  "lastModified": "2024-05-29T00:15:34.720",
+  "lastModified": "2024-10-09T02:15:22.417",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -101,14 +101,6 @@
        "Patch",
        "Vendor Advisory"
      ]
-    },
-    {
-      "url": "https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/",
-      "source": "secure@microsoft.com",
-      "tags": [
-        "Technical Description",
-        "Third Party Advisory"
-      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json
+++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-26256",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2024-04-09T17:15:47.507",
-  "lastModified": "2024-06-12T02:15:09.700",
+  "lastModified": "2024-10-09T02:15:27.847",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -52,41 +52,9 @@
    }
  ],
  "references": [
-    {
-      "url": "http://www.openwall.com/lists/oss-security/2024/06/04/2",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "http://www.openwall.com/lists/oss-security/2024/06/05/1",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/",
-      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/",
-      "source": "secure@microsoft.com"
-    },
    {
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256",
      "source": "secure@microsoft.com"
-    },
-    {
-      "url": "https://www.openwall.com/lists/oss-security/2024/06/04/2",
-      "source": "secure@microsoft.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-79xx/CVE-2024-7963.json
+++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7963.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-7963",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-09T02:15:33.870",
+  "lastModified": "2024-10-09T02:15:33.870",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://cmsmasters.net/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42c1d2ea-dea6-4cde-8db3-37709da9eb71?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-09T02:00:17.236706+00:00
+2024-10-09T04:00:16.948659+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-09T01:00:01.157000+00:00
+2024-10-09T02:15:33.870000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-265034
+265035
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `1`

+- [CVE-2024-7963](CVE-2024/CVE-2024-79xx/CVE-2024-7963.json) (`2024-10-09T02:15:33.870`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `3`

- [CVE-2024-43047](CVE-2024/CVE-2024-430xx/CVE-2024-43047.json) (`2024-10-09T01:00:01.157`)
- [CVE-2024-43572](CVE-2024/CVE-2024-435xx/CVE-2024-43572.json) (`2024-10-09T01:00:01.157`)
- [CVE-2024-43573](CVE-2024/CVE-2024-435xx/CVE-2024-43573.json) (`2024-10-09T01:00:01.157`)
+- [CVE-2024-21338](CVE-2024/CVE-2024-213xx/CVE-2024-21338.json) (`2024-10-09T02:15:15.920`)
+- [CVE-2024-21413](CVE-2024/CVE-2024-214xx/CVE-2024-21413.json) (`2024-10-09T02:15:22.417`)
+- [CVE-2024-26256](CVE-2024/CVE-2024-262xx/CVE-2024-26256.json) (`2024-10-09T02:15:27.847`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244028,7 +244028,7 @@ CVE-2024-21334,0,0,bb98735e0397eef282b3bf0c8a7f17fd1a894c0580516f67c50b6ae552edb
 CVE-2024-21335,0,0,d3be0da75c93e40dc74ef43532ac464e7457c464e235cbe682e70d325b6a979e,2024-07-09T18:18:38.713000
 CVE-2024-21336,0,0,4632192569ed60af4d57d1dd58a5b140d682aa1d82fc677d5ec51bcb39be3541,2024-06-11T15:15:59.553000
 CVE-2024-21337,0,0,1ed4e9ec6936be258d1de771e0acb5830541ca48fb0a246032f3c3930147d134,2024-05-29T00:15:20.793000
-CVE-2024-21338,0,0,fd09b67b390ff51b24709344b010f1522c3f6eaaa3f2afc97b3b0eb7c2e85567,2024-06-10T15:42:53.913000
+CVE-2024-21338,0,1,d38e773ba98c42ebacc4689be186920dfbc7e8b70e880497eafe3190365889c0,2024-10-09T02:15:15.920000
 CVE-2024-21339,0,0,3b2246ef5e1d88b753a2538b4b172fb8ad25db9ef5e4dae729823984d67c0483,2024-05-29T00:15:21.830000
 CVE-2024-2134,0,0,32f7b6769a3de1e870eb862cfbcf578418aa858e7cc01f11b7b77f4ab31882e5,2024-05-17T02:38:03.667000
 CVE-2024-21340,0,0,54f8fce81fb3f01b0990ebeb93fb4090923de6185bd8f6ef3135f577fe07fabe,2024-05-29T00:15:22.083000
@ -244111,7 +244111,7 @@ CVE-2024-2141,0,0,7c4bf37cd4081c2cd46a042815f9ce375b39a3545b48e0b5b91eba9a22eb0f
 CVE-2024-21410,0,0,c8e90612f8b38e6b1f13375d68516f4b4a5a3386c3f385305f0005a7f45de49a,2024-06-10T16:05:10.343000
 CVE-2024-21411,0,0,e4762a6b8c68f949f9dbcca9e77f1e8e5511c352d40e6306cffb620bae6ab489,2024-06-11T16:15:17.890000
 CVE-2024-21412,0,0,19f94d89a29568d47135b4b672838e496edc30a72400f126ad5b6bf639eb739b,2024-08-14T19:47:44.623000
-CVE-2024-21413,0,0,3ad86bc1ba52f2f459810626be1df924b2e3f20d0afe56f118b1051b273d3789,2024-05-29T00:15:34.720000
+CVE-2024-21413,0,1,9ff3f40aef94a5855a3aa31dca1b2a383efeb4c413a3d395684e572375312500,2024-10-09T02:15:22.417000
 CVE-2024-21414,0,0,cb5be5a0298e388117cb17fb4e38b11bac4cf16d9158b5abf408d82cf361dfc1,2024-07-09T18:18:38.713000
 CVE-2024-21415,0,0,42bcd1202ef0ba594d559bd9441152ac5ae9644c270ba50531381a1aa41e9e3f,2024-07-09T18:18:38.713000
 CVE-2024-21416,0,0,7cc6fd4c84942ce1dc818417cef771869802afebc6e3c7d7b19ed19e00198c83,2024-09-20T18:55:14.573000
@ -247486,7 +247486,7 @@ CVE-2024-26252,0,0,a16ea7a04b440699076d4a90d57b94e69adc561ff365215a47bfe0edfb85f
 CVE-2024-26253,0,0,d32f97c711762e973fb1b01c37de60abd45cff8ea3bfc2e555e3e6824fc4b9b7,2024-04-10T13:24:00.070000
 CVE-2024-26254,0,0,024245ede1fede2394fca1e326cc18c265676be3657652d8066482f274ba6b72,2024-04-10T13:24:00.070000
 CVE-2024-26255,0,0,def0d1975fa503fc52bece1a738d7a3d0ac65fd2582e7e57928a6ef65a03e34e,2024-04-10T13:24:00.070000
-CVE-2024-26256,0,0,d6145d605038cf34a2decd53d30e62b601bdaf653df2c29dd79f249a25f37e80,2024-06-12T02:15:09.700000
+CVE-2024-26256,0,1,3807901f6ac90b4732561ba3ffb11bfe90ae3ad76f283571e61bd6293795a413,2024-10-09T02:15:27.847000
 CVE-2024-26257,0,0,066b4f8e21f6da31e18bfde8bcbd77b29d1c931685dc4eb216f9777000563c57,2024-04-10T13:24:00.070000
 CVE-2024-26258,0,0,2a9672d6ed0fd06f71f147874c9f6533f22085e94e3e959706ad13fe0557526a,2024-09-09T07:15:16.343000
 CVE-2024-2626,0,0,5a6c338629bbaaf7065165299ae412c08d9197fb3cad2770c12e07d226bcbe56,2024-04-01T15:22:37.883000
@ -259133,7 +259133,7 @@ CVE-2024-43040,0,0,1da4fee0ec9b26a667b61884070b050a8f4bcf13a2b21e01185cd5279abd3
 CVE-2024-43042,0,0,d94e46af540f49a4f3c40e5f52dafd9243317a2003df44ac76bccf484c7eed66,2024-09-19T21:01:24.137000
 CVE-2024-43044,0,0,0f847f7b25552f59db6fe108bc5868ae7095ef3bf92eb01d14caa8a1c32e542a,2024-08-16T17:19:30.643000
 CVE-2024-43045,0,0,0dfb92f72f0dbde6ae96c501ce5cc9672bcd5c0db43f23e4e6beeb976b582ca3,2024-08-16T17:21:26.803000
-CVE-2024-43047,0,1,93a6e81541a4e8eae92d0fb6b98f2f3a227bbe27d2f4d319249dc880fa2b7c21,2024-10-09T01:00:01.157000
+CVE-2024-43047,0,0,93a6e81541a4e8eae92d0fb6b98f2f3a227bbe27d2f4d319249dc880fa2b7c21,2024-10-09T01:00:01.157000
 CVE-2024-4305,0,0,3d3b1d1c5c813e5fa60e1eff1163926298ea6a7612f6966e2cad8be591d14008,2024-08-01T13:59:30.377000
 CVE-2024-4306,0,0,a2edc9b105cc4a694942681b57dff61f9e5285cc8aec37eba8bdc15814541dcc,2024-04-29T12:42:03.667000
 CVE-2024-4307,0,0,9af1fe76e1dfb80a8368bbb3fc69b1f2cbb4fca53c0870243e2c9aa4c3d8390b,2024-04-30T13:11:16.690000
@ -259502,8 +259502,8 @@ CVE-2024-43567,0,0,dca2ed64951b773cb441fa0df76c09d4a6ffb9288788735af1e1694ac08fb
 CVE-2024-4357,0,0,86e4d24bdc3dca7ecac9fc1438972a4a1617b1654b394ca919ca67f001ce2742,2024-05-15T18:35:11.453000
 CVE-2024-43570,0,0,c865077bca30bc411c801500867ac03cfd59313735d06cc54e40b763efdd85b3,2024-10-08T18:15:24.207000
 CVE-2024-43571,0,0,0541cb90a92aec766aef8dc533345697e7e87469ea5911e020c5fe9cab367e53,2024-10-08T18:15:24.400000
-CVE-2024-43572,0,1,edbf4cc0451928b418ac37d2733f21de9947ba66b2424b00c8249f1e1bca8c18,2024-10-09T01:00:01.157000
-CVE-2024-43573,0,1,704084f80e12465366651c358ebfdfd86e261d32e2e073a1f81d205625e617b4,2024-10-09T01:00:01.157000
+CVE-2024-43572,0,0,edbf4cc0451928b418ac37d2733f21de9947ba66b2424b00c8249f1e1bca8c18,2024-10-09T01:00:01.157000
+CVE-2024-43573,0,0,704084f80e12465366651c358ebfdfd86e261d32e2e073a1f81d205625e617b4,2024-10-09T01:00:01.157000
 CVE-2024-43574,0,0,780ac4540971d435f138e8c561bf22e83d97229ce63df10bbd7e3e1d630f750e,2024-10-08T18:15:25.030000
 CVE-2024-43575,0,0,76037003cd8b64321af240a28da28ffc57467669144e86a45af480a1ae2deea5,2024-10-08T18:15:25.257000
 CVE-2024-43576,0,0,2165af1adc864de0f8da13303861fdda0fe9a0ee1d17c174d40ae96e64d63e3e,2024-10-08T18:15:25.450000
@ -264154,6 +264154,7 @@ CVE-2024-7955,0,0,b6d58093d52dbc1693883781c79b3abb54211ad50ad9e0127c4cb8b72bd51a
 CVE-2024-7958,0,0,483ea949f242fd0880547068782264d397026329e525a14dcbacca7c22e7bcec,2024-08-19T20:15:08.907000
 CVE-2024-7960,0,0,6a2bab47d6fb588f4b238853d16e03fdaf4248afb98afbb54a62ccac2359c7cf,2024-09-19T01:52:55.193000
 CVE-2024-7961,0,0,54fcb6c11cb4fffe551975ea2c4e2b806861e5ed35f30fcbecfeddbc47fcfbb8,2024-09-19T01:52:24.530000
+CVE-2024-7963,1,1,286f726c648a627f7d68c90d704ebb470a6961491de7e9aa929f36bfd75962b5,2024-10-09T02:15:33.870000
 CVE-2024-7964,0,0,c58a832be87177a31dd0ab059ea0a6d25f3e2935f7b0bca0ed2607ff4388d425,2024-08-27T13:35:00.823000
 CVE-2024-7965,0,0,97b62e193bdcda79c7557e9a31668077fb71dcc6db54dee06fbdef6c26c1aa29,2024-09-18T12:40:05.597000
 CVE-2024-7966,0,0,f366846d49db9477cb2ea061c491dcdaebf29f4e555fa7612b32a771fd61b7a0,2024-08-27T13:35:02.630000