From aa99cdb17e34ce46a869f71b2b7ef9cd574f4ef9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 16 Aug 2024 06:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-08-16T06:00:17.201125+00:00 --- CVE-2024/CVE-2024-73xx/CVE-2024-7301.json | 72 +++++++++++++++++++++++ CVE-2024/CVE-2024-74xx/CVE-2024-7422.json | 60 +++++++++++++++++++ README.md | 22 ++----- _state.csv | 26 ++++---- 4 files changed, 152 insertions(+), 28 deletions(-) create mode 100644 CVE-2024/CVE-2024-73xx/CVE-2024-7301.json create mode 100644 CVE-2024/CVE-2024-74xx/CVE-2024-7422.json diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json new file mode 100644 index 00000000000..3189248c23b --- /dev/null +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-7301", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-08-16T05:15:12.177", + "lastModified": "2024-08-16T05:15:12.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-file-upload/tags/4.24.8/lib/wfu_io.php#L176", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-file-upload/tags/4.24.8/lib/wfu_security.php#L50", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3136025/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b16b9c-48c7-4370-839b-696797ff2101?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json new file mode 100644 index 00000000000..aea0118f02a --- /dev/null +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-7422", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-08-16T04:15:07.497", + "lastModified": "2024-08-16T04:15:07.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3135854/theme-my-login/trunk/admin/settings.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb8e956-3a95-4e55-9816-be7eddb5835d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2cc7ebb4ce6..775246a65c7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-16T04:00:17.399342+00:00 +2024-08-16T06:00:17.201125+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-16T03:15:10.093000+00:00 +2024-08-16T05:15:12.177000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -260200 +260202 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `2` -- [CVE-2022-3399](CVE-2022/CVE-2022-33xx/CVE-2022-3399.json) (`2024-08-16T03:15:09.627`) -- [CVE-2023-7049](CVE-2023/CVE-2023-70xx/CVE-2023-7049.json) (`2024-08-16T03:15:09.887`) -- [CVE-2024-43369](CVE-2024/CVE-2024-433xx/CVE-2024-43369.json) (`2024-08-16T02:15:16.600`) -- [CVE-2024-43370](CVE-2024/CVE-2024-433xx/CVE-2024-43370.json) (`2024-08-16T02:15:17.487`) -- [CVE-2024-43374](CVE-2024/CVE-2024-433xx/CVE-2024-43374.json) (`2024-08-16T02:15:17.687`) -- [CVE-2024-43378](CVE-2024/CVE-2024-433xx/CVE-2024-43378.json) (`2024-08-16T02:15:17.877`) -- [CVE-2024-7630](CVE-2024/CVE-2024-76xx/CVE-2024-7630.json) (`2024-08-16T03:15:10.093`) -- [CVE-2024-7845](CVE-2024/CVE-2024-78xx/CVE-2024-7845.json) (`2024-08-16T02:15:18.080`) -- [CVE-2024-7849](CVE-2024/CVE-2024-78xx/CVE-2024-7849.json) (`2024-08-16T02:15:18.420`) -- [CVE-2024-7851](CVE-2024/CVE-2024-78xx/CVE-2024-7851.json) (`2024-08-16T02:15:18.720`) -- [CVE-2024-7852](CVE-2024/CVE-2024-78xx/CVE-2024-7852.json) (`2024-08-16T02:15:18.960`) -- [CVE-2024-7853](CVE-2024/CVE-2024-78xx/CVE-2024-7853.json) (`2024-08-16T02:15:19.217`) +- [CVE-2024-7301](CVE-2024/CVE-2024-73xx/CVE-2024-7301.json) (`2024-08-16T05:15:12.177`) +- [CVE-2024-7422](CVE-2024/CVE-2024-74xx/CVE-2024-7422.json) (`2024-08-16T04:15:07.497`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 954957cb646..53c92ebea50 100644 --- a/_state.csv +++ b/_state.csv @@ -201160,7 +201160,7 @@ CVE-2022-33986,0,0,b73806fd6214ccbe22c050867f0f8bc8416991d60b33ae72b2e29dbd355db CVE-2022-33987,0,0,6ba4eaffba81d7b64000b8f1b479a86619716014614cfa7a5311bf2021cafeb1,2022-06-28T16:15:31.270000 CVE-2022-33988,0,0,69dfcc014caa76cd327269141e2b02134adee4ef60f5f9f5094eea582df01db9,2022-08-17T21:05:17.970000 CVE-2022-33989,0,0,b780074098c3da37829ee5c071dbb29131ee5500cc32de82906be641db3d344a,2022-08-18T16:53:15.373000 -CVE-2022-3399,1,1,62eefac4257f771bfee32f3fa659772eaf24c7e2d824a146f4de96862f9b43a3,2024-08-16T03:15:09.627000 +CVE-2022-3399,0,0,62eefac4257f771bfee32f3fa659772eaf24c7e2d824a146f4de96862f9b43a3,2024-08-16T03:15:09.627000 CVE-2022-33990,0,0,86964e8ef84b8a7b82e7c133d303ead83e4c0d56eaefbdaa57d614afd993fb4a,2022-08-18T16:54:32.357000 CVE-2022-33991,0,0,2b7ffb54165ff5994d07f65e5f00bd0e333c3f31fa13fbf4bbcc5aebc88cc389,2022-08-18T16:46:11.837000 CVE-2022-33992,0,0,493ae6c84e67968b47ab6a7d3bac6cf9f966bb4de056cf28ef7a4925f8282f52,2022-08-18T17:32:05.233000 @@ -240750,7 +240750,7 @@ CVE-2023-7045,0,0,56f72b8799718b9a57c25f98da5738945d9d62f196c72ae2e5b5400f5c5f90 CVE-2023-7046,0,0,1325b623fc707ac674099e6d171e788fc0b1271e372288eb5bdf13523bf4b8ca,2024-04-10T13:24:00.070000 CVE-2023-7047,0,0,df412ac3889a701032edbec4023d6825e5fec0bc08c785aea05e4842aa327410,2024-01-04T18:37:04.157000 CVE-2023-7048,0,0,083baa3f6965f5009fe64187caefcf38bee2f72058b5af742496e5b61251d78e,2024-01-17T22:32:55.657000 -CVE-2023-7049,1,1,c9c64ebb45328d6379d7b9e0977b8153ac03ebb2658b524226f8e3923aaa7781,2024-08-16T03:15:09.887000 +CVE-2023-7049,0,0,c9c64ebb45328d6379d7b9e0977b8153ac03ebb2658b524226f8e3923aaa7781,2024-08-16T03:15:09.887000 CVE-2023-7050,0,0,4bac6368bd056bdc5019cf32a62705315940d90e07b309dce57a8f7c89dab9f8,2024-05-17T02:34:05.373000 CVE-2023-7051,0,0,b8788206b16eeac2e6b6ec8dad7522a48e5f8adb781565bd9e4c184f5f83713b,2024-05-17T02:34:06.490000 CVE-2023-7052,0,0,60b16bacd9aaaea9beebec67ac2450cdfe6c1fa660e825b82aa03b6c05c78d4c,2024-05-17T02:34:06.593000 @@ -257661,12 +257661,12 @@ CVE-2024-43360,0,0,5e83697ea820bba28f28ac74c16eaa49368718cf4d29d0f4eeaac44e95899 CVE-2024-43366,0,0,c6a0c9b79f40e9ac6adfe96e8a726d4a739758a69bf451c548536be75a4590b2,2024-08-15T21:15:17.520000 CVE-2024-43367,0,0,aa40d7ce5e159a344ef88943101f5635e11309c45219cf73c00055952573916e,2024-08-15T21:15:17.777000 CVE-2024-43368,0,0,bc8404f29bdb04258d364b3952f9782a6581bd81b6fee1a7f290b39a6cca9c9f,2024-08-15T13:01:10.150000 -CVE-2024-43369,1,1,f4a5465ed291f137718691ee1318e2bc4e90e440fba9c05e2762e4333a7f89d5,2024-08-16T02:15:16.600000 +CVE-2024-43369,0,0,f4a5465ed291f137718691ee1318e2bc4e90e440fba9c05e2762e4333a7f89d5,2024-08-16T02:15:16.600000 CVE-2024-4337,0,0,87f9a4f489ef032776e3da435c02385147be0cf8fdf2fdcc393190f8f887eca5,2024-04-30T13:11:16.690000 -CVE-2024-43370,1,1,59b87d7d60e811132be75fab5860fc7d531485b8890b7e3ad6ed1f41f6548b62,2024-08-16T02:15:17.487000 +CVE-2024-43370,0,0,59b87d7d60e811132be75fab5860fc7d531485b8890b7e3ad6ed1f41f6548b62,2024-08-16T02:15:17.487000 CVE-2024-43373,0,0,69d56183bd2a33523e74549d732339012a778a169f9424729adc89709a9fb8e3,2024-08-15T17:34:07.033000 -CVE-2024-43374,1,1,7644def70e08cd7a711b128ad560c089ada83dcf140f909f0ac36102735face9,2024-08-16T02:15:17.687000 -CVE-2024-43378,1,1,d0e1086da4bd21519e32eff9bfa155f1714d7bd494c9d21a9f49685aa5f864a3,2024-08-16T02:15:17.877000 +CVE-2024-43374,0,0,7644def70e08cd7a711b128ad560c089ada83dcf140f909f0ac36102735face9,2024-08-16T02:15:17.687000 +CVE-2024-43378,0,0,d0e1086da4bd21519e32eff9bfa155f1714d7bd494c9d21a9f49685aa5f864a3,2024-08-16T02:15:17.877000 CVE-2024-4339,0,0,240ed7230e0a6e458ae0cd6534f1dc024d6c16f3537e0357643e823e6aa09596,2024-05-14T16:11:39.510000 CVE-2024-4340,0,0,47279ef0860b5c8c8bd0a3697c64eecb43c1be11e1b93224b8fe23143c960d81,2024-04-30T17:52:35.057000 CVE-2024-4341,0,0,60a5b39ccdef4d059dc8073670ab0aea750a7880bf4e71543025f3d18b32ff1e,2024-07-08T15:49:22.437000 @@ -259899,6 +259899,7 @@ CVE-2024-7291,0,0,298cd3a818c66e9bf797d2d090f42649293656283b8daab213f19385b28931 CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000 CVE-2024-7300,0,0,a2e066ea38ffd4d283558ac9c550384947d588019ed19b0e0b6c2becc0799ae9,2024-07-31T14:15:08.080000 +CVE-2024-7301,1,1,68efc052c3ff82c00991a0bb754a03ac5193288502719b678a27062d039892f4,2024-08-16T05:15:12.177000 CVE-2024-7302,0,0,3e3978a555cf8f7617492d06d41673a59c5323c552cb9b37b079247ec7c0af88,2024-08-01T12:42:36.933000 CVE-2024-7303,0,0,9520f852975600abd145b384cdd7bd5ee8f54af62f4a78fc6dcf9ca25a845304,2024-08-12T16:47:04.740000 CVE-2024-7306,0,0,3c865c91ac7fc6c8c32a68429064dd89f6391277f467a5bdc571f15092dbadd4,2024-08-12T16:33:51.090000 @@ -259978,6 +259979,7 @@ CVE-2024-7413,0,0,1e2e6e629ae076e767a4ed710c2f32c76d2bd71396701e30749c7812afe7ed CVE-2024-7414,0,0,75779b8687375e2d55d3e2d954892bdff56935440cca361ae4c6a6a0a4f3bed5,2024-08-12T13:41:36.517000 CVE-2024-7416,0,0,9f5565f11e96fff207b91fc0825d45934365835075928991c71489e2cad44813,2024-08-12T13:41:36.517000 CVE-2024-7420,0,0,900b53573d93f498a815ef6b5a664e0852d0bc5883291fa6f9b7211ca7e3509a,2024-08-15T13:01:10.150000 +CVE-2024-7422,1,1,d3b0948dba31e8818223206c1d1d5ef43788c157a17720b489316543b1773917,2024-08-16T04:15:07.497000 CVE-2024-7436,0,0,4e5f8b4434de8d3be7545b252fde74866f6d1e15f143f31c26845d516524cae6,2024-08-05T12:41:45.957000 CVE-2024-7437,0,0,6536d7f97d7ad58b67ec8c23497b1bab63383020d43415bc5b4c83af23e0fa6d,2024-08-12T13:38:43.060000 CVE-2024-7438,0,0,e0751aac5a1208089fd3136e155c05769dcef78130a2d9c6fdc04c87ca92fb9a,2024-08-12T13:38:43.203000 @@ -260096,7 +260098,7 @@ CVE-2024-7621,0,0,1acf6d4c2a821fce1e3f9264509576725bd5b71a2c3ef943afe6ab5d293518 CVE-2024-7624,0,0,fe880bbf70f7d6e0e0d7959fc4667ae33cede9b405a9b87471b54fc1288842d6,2024-08-15T13:01:10.150000 CVE-2024-7625,0,0,f8c051bee159f37ecabf1edf8939b9aaaa1199377d2392fdca002a4a5223d380,2024-08-15T13:01:10.150000 CVE-2024-7628,0,0,3ea535a326d0197b5259672683acf97672f398fa364ea0c9846f4657432fb454,2024-08-15T13:01:10.150000 -CVE-2024-7630,1,1,df3389a6db8f0c05739658197f1cff43bda4e33470ada70c9ccf1545e9f2c252,2024-08-16T03:15:10.093000 +CVE-2024-7630,0,0,df3389a6db8f0c05739658197f1cff43bda4e33470ada70c9ccf1545e9f2c252,2024-08-16T03:15:10.093000 CVE-2024-7633,0,0,3b1df1487eb71af2061753f656e2660f3fdd60b89404cd84fa2c01a4dff29ee6,2024-08-12T13:38:45.690000 CVE-2024-7635,0,0,77137333cb856f76f03e4b50e0e5dbce5cc99fa466aafebf6530d8cfb2e96fdd,2024-08-15T18:12:33.270000 CVE-2024-7636,0,0,81414365f80fa57b345628baccc97b68e4a32475a3dd61fce01a599a3ee31eee,2024-08-15T18:13:23.327000 @@ -260191,11 +260193,11 @@ CVE-2024-7841,0,0,4632c3971b04a57562f61d399cd515c2019f246d80ccf6d4c535c7b4361e8c CVE-2024-7842,0,0,12f11ac340531e2626da79ded774ccfb3de899c06029be44f6c75df1710957a6,2024-08-15T22:15:07.310000 CVE-2024-7843,0,0,519d47bcb9fc9e3a27bbd644c576e4cb35d41e45b051fa509cdd6678ff80bc77,2024-08-15T23:15:10.453000 CVE-2024-7844,0,0,59508ebc076bca47c92fd6f0f56b8bc2f4a5223afe39a11234df2e1523ff3db6,2024-08-15T23:15:10.740000 -CVE-2024-7845,1,1,cec4b12e61ad5af6384512b749ee37de40fed005846071fbed5b1d50646ef5d2,2024-08-16T02:15:18.080000 -CVE-2024-7849,1,1,9a53b4edab927376347b56000f29fdf1a4dd91182da5073ac560b628d587dcc1,2024-08-16T02:15:18.420000 -CVE-2024-7851,1,1,7e9d901db98778c459aec9ca281e5991e7b51117a6ceaa3bed0c4f742b3c9965,2024-08-16T02:15:18.720000 -CVE-2024-7852,1,1,1036684783a76d9d06f3aeae0b7fecdc70daba8066ad73decf6a80515f103ae0,2024-08-16T02:15:18.960000 -CVE-2024-7853,1,1,ef852cb5b512c1135859e82139cbfc9c3676d14eb1435795734c924ea925f3b7,2024-08-16T02:15:19.217000 +CVE-2024-7845,0,0,cec4b12e61ad5af6384512b749ee37de40fed005846071fbed5b1d50646ef5d2,2024-08-16T02:15:18.080000 +CVE-2024-7849,0,0,9a53b4edab927376347b56000f29fdf1a4dd91182da5073ac560b628d587dcc1,2024-08-16T02:15:18.420000 +CVE-2024-7851,0,0,7e9d901db98778c459aec9ca281e5991e7b51117a6ceaa3bed0c4f742b3c9965,2024-08-16T02:15:18.720000 +CVE-2024-7852,0,0,1036684783a76d9d06f3aeae0b7fecdc70daba8066ad73decf6a80515f103ae0,2024-08-16T02:15:18.960000 +CVE-2024-7853,0,0,ef852cb5b512c1135859e82139cbfc9c3676d14eb1435795734c924ea925f3b7,2024-08-16T02:15:19.217000 CVE-2024-7866,0,0,7b21c6eb36d73c92e1f7d8bb8574d36dfd6e1deee61d5ef7c7c7b7a0b352193c,2024-08-15T20:15:18.793000 CVE-2024-7867,0,0,2c6807e6cda13329c05cc32828904aaff7f4fcd646d878acd15e994ea1a532df,2024-08-15T20:15:18.967000 CVE-2024-7868,0,0,1270b7dc6c77cab6c2ea3d2de21860bb4fd556dbaed1521f53d18e8f28829e9b,2024-08-15T21:15:18.530000