diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10515.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10515.json new file mode 100644 index 00000000000..db5017e5ea0 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10515.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10515", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-11-20T06:15:15.777", + "lastModified": "2024-11-20T06:15:15.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/367aad17-fbb5-48eb-8829-5d3513098d02/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11278.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11278.json new file mode 100644 index 00000000000..7fe8a72ca96 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11278.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11278", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-20T05:15:16.530", + "lastModified": "2024-11-20T05:15:16.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gd-bbpress-attachments/trunk/code/front.php#L280", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3189863/gd-bbpress-attachments/trunk/code/front.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f598cfc-4d41-4d22-95f0-47efdb7d07a2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-526xx/CVE-2024-52614.json b/CVE-2024/CVE-2024-526xx/CVE-2024-52614.json new file mode 100644 index 00000000000..8de7e347f44 --- /dev/null +++ b/CVE-2024/CVE-2024-526xx/CVE-2024-52614.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-52614", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-11-20T06:15:16.023", + "lastModified": "2024-11-20T06:15:16.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of hard-coded cryptographic key issue exists in \"Kura Sushi Official App Produced by EPARK\" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN16114985/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://play.google.com/store/apps/details?id=jp.co.kura_corpo", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9653.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9653.json new file mode 100644 index 00000000000..789eb0b5baa --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9653.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9653", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-20T06:15:16.603", + "lastModified": "2024-11-20T06:15:16.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3186456%40menu-ordering-reservations&new=3186456%40menu-ordering-reservations&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11ccafd9-dad5-4b7d-b913-7821dd52d12b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 798c3af3d64..7f933dd04f7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-20T03:00:19.748736+00:00 +2024-11-20T07:00:20.422284+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-20T01:15:04.303000+00:00 +2024-11-20T06:15:16.603000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -270649 +270653 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `4` +- [CVE-2024-10515](CVE-2024/CVE-2024-105xx/CVE-2024-10515.json) (`2024-11-20T06:15:15.777`) +- [CVE-2024-11278](CVE-2024/CVE-2024-112xx/CVE-2024-11278.json) (`2024-11-20T05:15:16.530`) +- [CVE-2024-52614](CVE-2024/CVE-2024-526xx/CVE-2024-52614.json) (`2024-11-20T06:15:16.023`) +- [CVE-2024-9653](CVE-2024/CVE-2024-96xx/CVE-2024-9653.json) (`2024-11-20T06:15:16.603`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-8403](CVE-2024/CVE-2024-84xx/CVE-2024-8403.json) (`2024-11-20T01:15:04.303`) ## Download and Usage diff --git a/_state.csv b/_state.csv index da285e2fc39..7303d47e6a2 100644 --- a/_state.csv +++ b/_state.csv @@ -242939,6 +242939,7 @@ CVE-2024-10507,0,0,f18494a65f96198598cd9275318405539a3d8636ddbe0a37967ba2288eae0 CVE-2024-10508,0,0,af9f95e5d7d630b3cf33e7ae9f2d3118be1f7da09e31e6491ee65e4e58c1137c,2024-11-12T13:56:24.513000 CVE-2024-10509,0,0,a9d05e50f1563ceed5339878fa8c2329eea9e28284f4c0c86984d14b77803f94,2024-11-01T20:52:15.573000 CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000 +CVE-2024-10515,1,1,95b093829d5f65eddf31cc2d74b4687e2e05262ee824501db195970644d9d2ed,2024-11-20T06:15:15.777000 CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000 CVE-2024-10523,0,0,a761a52195ca091ecc100fefe31fd4eadda4d831fe94860e2a159923b6d0d68d,2024-11-08T15:14:30.070000 CVE-2024-10524,0,0,d6a77c8f99978db429152e8948353f8166b552c9c91594d95f4a0f83de9c3b77,2024-11-19T21:57:32.967000 @@ -243367,6 +243368,7 @@ CVE-2024-11261,0,0,03149363d80a7f7d2ba3cb3b58f89eedadeed254dd34f2f03686fd1f44616 CVE-2024-11262,0,0,5bda125849c583f0ebaa29ca4d26cf0dcf9667997688ed2241531b87cb595dbb,2024-11-18T17:11:17.393000 CVE-2024-11263,0,0,6a1ac9d3a12801a9f848747b946a0ac459e1982e45197319659c04e5ba98bfce,2024-11-18T17:11:17.393000 CVE-2024-1127,0,0,fc004f13d69dd65990588f481257d3c8dd60a3804cfac37ac389768e5b88f08c,2024-03-13T18:16:18.563000 +CVE-2024-11278,1,1,cc19a6be7ba80ee301c92f54c29f2c5c95b3da6dd7918df5b7b1d59f8e31a90e,2024-11-20T05:15:16.530000 CVE-2024-1128,0,0,de5352d9c421a908307277eb7da3f5f6fcfc08a095ea033ab740d4804aa5ccea,2024-02-29T13:49:29.390000 CVE-2024-1129,0,0,bb6d36851ed2d72741a575302302ac57d511f2bf349c6ca7db7385fd53c3529a,2024-02-29T13:49:29.390000 CVE-2024-1130,0,0,19461582000c347e1c07ca83a1d00e23feee8e20532d52fc093ba50686691b5b,2024-02-29T13:49:29.390000 @@ -266868,6 +266870,7 @@ CVE-2024-5260,0,0,1ea9956e2812efb1ad02a50e6e15b3c5419e86ea96923b6afc83449c655115 CVE-2024-52600,0,0,889882d763fff118298a79c0992b9d094668285ba42b3979d1acce7319312517,2024-11-19T21:56:45.533000 CVE-2024-5261,0,0,0592ac8c89e0cb8027f6648912b9536cab36db7fb70868109d4e1f51168ecc2f,2024-06-25T18:50:42.040000 CVE-2024-52613,0,0,459074184075f7287395d99f0f5a393f7f6f3bf8fc38dc9383b0dd34b217716c,2024-11-19T20:39:42.197000 +CVE-2024-52614,1,1,691c38d1248080ff09180daa940a0ea35464380839e23dd93b5188ae19dfbdb8,2024-11-20T06:15:16.023000 CVE-2024-5262,0,0,83603483afb7387d019b476baa2cae004e6d4e7f9b65a5997b6545bcd7a41b63,2024-06-11T17:18:50.600000 CVE-2024-5263,0,0,997be873c6f28955b5d0d8cb5df3c06ebeb17c50a7068003806eac08a0ed2846,2024-08-07T16:01:35.217000 CVE-2024-5264,0,0,7660c1edaddd779c29789898410be8f6784b9b682f1b3f0cb339e7e58b29768e,2024-06-21T17:18:00.973000 @@ -269576,7 +269579,7 @@ CVE-2024-8392,0,0,3343898f56ebc4a1eaf8cb14372686dd9582e66846077d475563fa9697365b CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000 CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000 CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000 -CVE-2024-8403,0,1,29eb1021a7d2a3dd744c0183b187821c94ddf36f97ed53527910f68dd9e04164,2024-11-20T01:15:04.303000 +CVE-2024-8403,0,0,29eb1021a7d2a3dd744c0183b187821c94ddf36f97ed53527910f68dd9e04164,2024-11-20T01:15:04.303000 CVE-2024-8404,0,0,945e9eec22e9214ed455520b695d919afbd1adaf6153f6675337e3115aa9e84c,2024-10-03T15:19:28.293000 CVE-2024-8405,0,0,b5a88bc76e184307ddd2beb081f39e50ae83f9779c678cc8991166da3c096aa9,2024-10-03T00:51:18.313000 CVE-2024-8407,0,0,190893f5b3da05c3b04f6347e8d36e88eb22b5329ec3a82949674ad3abb1a15d,2024-09-05T14:48:28.513000 @@ -270440,6 +270443,7 @@ CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615 CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000 CVE-2024-9650,0,0,c785e5c8b40ec3a7d0b9a0e25f6978363c5dcc2fc6507b9c6a2c03a208ac34e9,2024-10-25T12:56:07.750000 CVE-2024-9652,0,0,096af9c07df6f24ff5a9459bed95d6ce45b4a430b6f907d5bc85c0d2be3b93b5,2024-10-16T16:38:14.557000 +CVE-2024-9653,1,1,314aa9151832f5b91f237551c59d6e3c03b51963edf571db083af473f6355f36,2024-11-20T06:15:16.603000 CVE-2024-9655,0,0,5f64b0ed215cc4c47eaa212ce6a6578c092759946c6128b0f32509f44691e359,2024-11-01T12:57:03.417000 CVE-2024-9656,0,0,0baa2843f7043c4ebd829d23f2741f972b762b755442a0f0f83539eb7761035b,2024-10-15T12:57:46.880000 CVE-2024-9657,0,0,fb687953042b10eb922558cb840c65de9e3c4da22e7016c1d2e6ab79c6132615,2024-11-08T16:00:28.320000