Auto-Update: 2024-11-20T07:00:20.422284+00:00

2025-07-09 16:05:11 +00:00 · 2024-11-20 07:03:22 +00:00 · 2024-11-20 07:03:22 +00:00 · ba209ee6e6
commit ba209ee6e6
parent dc22615f40
6 changed files with 219 additions and 7 deletions
--- a/CVE-2024/CVE-2024-105xx/CVE-2024-10515.json
+++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10515.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10515",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-11-20T06:15:15.777",
+  "lastModified": "2024-11-20T06:15:15.777",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/367aad17-fbb5-48eb-8829-5d3513098d02/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-112xx/CVE-2024-11278.json
+++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11278.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-11278",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-20T05:15:16.530",
+  "lastModified": "2024-11-20T05:15:16.530",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/gd-bbpress-attachments/trunk/code/front.php#L280",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3189863/gd-bbpress-attachments/trunk/code/front.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f598cfc-4d41-4d22-95f0-47efdb7d07a2?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-526xx/CVE-2024-52614.json
+++ b/CVE-2024/CVE-2024-526xx/CVE-2024-52614.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-52614",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-11-20T06:15:16.023",
+  "lastModified": "2024-11-20T06:15:16.023",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Use of hard-coded cryptographic key issue exists in \"Kura Sushi Official App Produced by EPARK\" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-321"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN16114985/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=jp.co.kura_corpo",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-96xx/CVE-2024-9653.json
+++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9653.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9653",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-20T06:15:16.603",
+  "lastModified": "2024-11-20T06:15:16.603",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3186456%40menu-ordering-reservations&new=3186456%40menu-ordering-reservations&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11ccafd9-dad5-4b7d-b913-7821dd52d12b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-11-20T03:00:19.748736+00:00
+2024-11-20T07:00:20.422284+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-11-20T01:15:04.303000+00:00
+2024-11-20T06:15:16.603000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-270649
+270653
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `4`

+- [CVE-2024-10515](CVE-2024/CVE-2024-105xx/CVE-2024-10515.json) (`2024-11-20T06:15:15.777`)
+- [CVE-2024-11278](CVE-2024/CVE-2024-112xx/CVE-2024-11278.json) (`2024-11-20T05:15:16.530`)
+- [CVE-2024-52614](CVE-2024/CVE-2024-526xx/CVE-2024-52614.json) (`2024-11-20T06:15:16.023`)
+- [CVE-2024-9653](CVE-2024/CVE-2024-96xx/CVE-2024-9653.json) (`2024-11-20T06:15:16.603`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-8403](CVE-2024/CVE-2024-84xx/CVE-2024-8403.json) (`2024-11-20T01:15:04.303`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -242939,6 +242939,7 @@ CVE-2024-10507,0,0,f18494a65f96198598cd9275318405539a3d8636ddbe0a37967ba2288eae0
 CVE-2024-10508,0,0,af9f95e5d7d630b3cf33e7ae9f2d3118be1f7da09e31e6491ee65e4e58c1137c,2024-11-12T13:56:24.513000
 CVE-2024-10509,0,0,a9d05e50f1563ceed5339878fa8c2329eea9e28284f4c0c86984d14b77803f94,2024-11-01T20:52:15.573000
 CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000
+CVE-2024-10515,1,1,95b093829d5f65eddf31cc2d74b4687e2e05262ee824501db195970644d9d2ed,2024-11-20T06:15:15.777000
 CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000
 CVE-2024-10523,0,0,a761a52195ca091ecc100fefe31fd4eadda4d831fe94860e2a159923b6d0d68d,2024-11-08T15:14:30.070000
 CVE-2024-10524,0,0,d6a77c8f99978db429152e8948353f8166b552c9c91594d95f4a0f83de9c3b77,2024-11-19T21:57:32.967000
@ -243367,6 +243368,7 @@ CVE-2024-11261,0,0,03149363d80a7f7d2ba3cb3b58f89eedadeed254dd34f2f03686fd1f44616
 CVE-2024-11262,0,0,5bda125849c583f0ebaa29ca4d26cf0dcf9667997688ed2241531b87cb595dbb,2024-11-18T17:11:17.393000
 CVE-2024-11263,0,0,6a1ac9d3a12801a9f848747b946a0ac459e1982e45197319659c04e5ba98bfce,2024-11-18T17:11:17.393000
 CVE-2024-1127,0,0,fc004f13d69dd65990588f481257d3c8dd60a3804cfac37ac389768e5b88f08c,2024-03-13T18:16:18.563000
+CVE-2024-11278,1,1,cc19a6be7ba80ee301c92f54c29f2c5c95b3da6dd7918df5b7b1d59f8e31a90e,2024-11-20T05:15:16.530000
 CVE-2024-1128,0,0,de5352d9c421a908307277eb7da3f5f6fcfc08a095ea033ab740d4804aa5ccea,2024-02-29T13:49:29.390000
 CVE-2024-1129,0,0,bb6d36851ed2d72741a575302302ac57d511f2bf349c6ca7db7385fd53c3529a,2024-02-29T13:49:29.390000
 CVE-2024-1130,0,0,19461582000c347e1c07ca83a1d00e23feee8e20532d52fc093ba50686691b5b,2024-02-29T13:49:29.390000
@ -266868,6 +266870,7 @@ CVE-2024-5260,0,0,1ea9956e2812efb1ad02a50e6e15b3c5419e86ea96923b6afc83449c655115
 CVE-2024-52600,0,0,889882d763fff118298a79c0992b9d094668285ba42b3979d1acce7319312517,2024-11-19T21:56:45.533000
 CVE-2024-5261,0,0,0592ac8c89e0cb8027f6648912b9536cab36db7fb70868109d4e1f51168ecc2f,2024-06-25T18:50:42.040000
 CVE-2024-52613,0,0,459074184075f7287395d99f0f5a393f7f6f3bf8fc38dc9383b0dd34b217716c,2024-11-19T20:39:42.197000
+CVE-2024-52614,1,1,691c38d1248080ff09180daa940a0ea35464380839e23dd93b5188ae19dfbdb8,2024-11-20T06:15:16.023000
 CVE-2024-5262,0,0,83603483afb7387d019b476baa2cae004e6d4e7f9b65a5997b6545bcd7a41b63,2024-06-11T17:18:50.600000
 CVE-2024-5263,0,0,997be873c6f28955b5d0d8cb5df3c06ebeb17c50a7068003806eac08a0ed2846,2024-08-07T16:01:35.217000
 CVE-2024-5264,0,0,7660c1edaddd779c29789898410be8f6784b9b682f1b3f0cb339e7e58b29768e,2024-06-21T17:18:00.973000
@ -269576,7 +269579,7 @@ CVE-2024-8392,0,0,3343898f56ebc4a1eaf8cb14372686dd9582e66846077d475563fa9697365b
 CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000
 CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000
 CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000
-CVE-2024-8403,0,1,29eb1021a7d2a3dd744c0183b187821c94ddf36f97ed53527910f68dd9e04164,2024-11-20T01:15:04.303000
+CVE-2024-8403,0,0,29eb1021a7d2a3dd744c0183b187821c94ddf36f97ed53527910f68dd9e04164,2024-11-20T01:15:04.303000
 CVE-2024-8404,0,0,945e9eec22e9214ed455520b695d919afbd1adaf6153f6675337e3115aa9e84c,2024-10-03T15:19:28.293000
 CVE-2024-8405,0,0,b5a88bc76e184307ddd2beb081f39e50ae83f9779c678cc8991166da3c096aa9,2024-10-03T00:51:18.313000
 CVE-2024-8407,0,0,190893f5b3da05c3b04f6347e8d36e88eb22b5329ec3a82949674ad3abb1a15d,2024-09-05T14:48:28.513000
@ -270440,6 +270443,7 @@ CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615
 CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000
 CVE-2024-9650,0,0,c785e5c8b40ec3a7d0b9a0e25f6978363c5dcc2fc6507b9c6a2c03a208ac34e9,2024-10-25T12:56:07.750000
 CVE-2024-9652,0,0,096af9c07df6f24ff5a9459bed95d6ce45b4a430b6f907d5bc85c0d2be3b93b5,2024-10-16T16:38:14.557000
+CVE-2024-9653,1,1,314aa9151832f5b91f237551c59d6e3c03b51963edf571db083af473f6355f36,2024-11-20T06:15:16.603000
 CVE-2024-9655,0,0,5f64b0ed215cc4c47eaa212ce6a6578c092759946c6128b0f32509f44691e359,2024-11-01T12:57:03.417000
 CVE-2024-9656,0,0,0baa2843f7043c4ebd829d23f2741f972b762b755442a0f0f83539eb7761035b,2024-10-15T12:57:46.880000
 CVE-2024-9657,0,0,fb687953042b10eb922558cb840c65de9e3c4da22e7016c1d2e6ab79c6132615,2024-11-08T16:00:28.320000