From bafc67cb120426cfa0c95657a5626fc499703e5d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 19 Dec 2024 07:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-12-19T07:00:20.844002+00:00 --- CVE-2024/CVE-2024-117xx/CVE-2024-11740.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11768.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-384xx/CVE-2024-38499.json | 10 +++- README.md | 14 +++-- _state.csv | 6 +- 5 files changed, 145 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11740.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11768.json diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json new file mode 100644 index 00000000000..b87de1a1e69 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11740", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-19T06:15:21.243", + "lastModified": "2024-12-19T06:15:21.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json new file mode 100644 index 00000000000..3322b5b469e --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11768", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-19T06:15:23.007", + "lastModified": "2024-12-19T06:15:23.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json index 896b5da51e5..af26d63e3c8 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38499", "sourceIdentifier": "secure@symantec.com", "published": "2024-12-17T06:15:20.760", - "lastModified": "2024-12-17T15:15:15.087", + "lastModified": "2024-12-19T06:15:23.230", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands." + }, + { + "lang": "es", + "value": "CA Client Automation (ITCM) permite que los usuarios que no sean administradores o superusuario encripten una cadena mediante la CLI de CAF y la CLI de SD_ACMD. Esto permitir\u00eda que el usuario que no sea administrador acceda a las claves de cifrado cr\u00edticas, lo que adem\u00e1s provoca la explotaci\u00f3n de las credenciales almacenadas. Esta soluci\u00f3n no permite que un usuario que no sea administrador o superusuario ejecute los comandos \"caf encrypt\" o \"sd_acmd encrypt\"." } ], "metrics": { @@ -105,6 +109,10 @@ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284", "source": "secure@symantec.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Dec/16", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 3207395b098..e5d42cabd2c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-19T05:00:19.086059+00:00 +2024-12-19T07:00:20.844002+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-19T04:15:05.127000+00:00 +2024-12-19T06:15:23.230000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274343 +274345 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-11984](CVE-2024/CVE-2024-119xx/CVE-2024-11984.json) (`2024-12-19T04:15:05.127`) +- [CVE-2024-11740](CVE-2024/CVE-2024-117xx/CVE-2024-11740.json) (`2024-12-19T06:15:21.243`) +- [CVE-2024-11768](CVE-2024/CVE-2024-117xx/CVE-2024-11768.json) (`2024-12-19T06:15:23.007`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-38499](CVE-2024/CVE-2024-384xx/CVE-2024-38499.json) (`2024-12-19T06:15:23.230`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b408280006d..5bf3ca13006 100644 --- a/_state.csv +++ b/_state.csv @@ -244432,6 +244432,7 @@ CVE-2024-11732,0,0,6786f7c223dbf5c7abf2566386e4c9fbb35edf5a2ada6569df25893c7ff24 CVE-2024-11737,0,0,82b4de15247bbd822a2abb2f56467686fd4a6957a6b87fe1370247ce71679d0b,2024-12-11T10:15:06.677000 CVE-2024-11738,0,0,f587c97dbd4b1ce8e0f6a611dd679c71e26fa6d4305ce8c0e3ca3797b0619379,2024-12-06T15:15:07.723000 CVE-2024-1174,0,0,6b46be4d722ab187c094170b7547b36656d9ec8ed90fcec0cd49c5c30bebda75,2024-11-21T08:49:57.790000 +CVE-2024-11740,1,1,46e12694ca821047fe3ab9f444409d2b0328d88c2f3f03956e939a4fc552b35e,2024-12-19T06:15:21.243000 CVE-2024-11742,0,0,573cb42c588bd214b3269f0f0837d622553f326ed266e544aa54ab8c350167c5,2024-12-04T21:04:48.830000 CVE-2024-11743,0,0,f820c67dcaaaf23a6b1da5f22e8dfaf3af6e92af3da2964cdf1cbb12adde80f2,2024-12-04T21:07:20.510000 CVE-2024-11744,0,0,d39b5f592014fd4a2278c647fc2411f75d3865150415b86b86bc4d90ea41f3d3,2024-12-03T15:30:32.153000 @@ -244453,6 +244454,7 @@ CVE-2024-11763,0,0,2b2c0323b3c93139ab3dc406b2344ba6550636910350822782e7898bf1761 CVE-2024-11765,0,0,7ca3665c3c821fbe55ce7d0837aed80052a89fb5c5a0acd85f5778bdcb7cc52c,2024-12-12T06:15:21.570000 CVE-2024-11766,0,0,ece6a23c84d85f85ec62e1b775f625e9ee6e819290e6f88bd3f3e210a2634e2f,2024-12-12T06:15:21.757000 CVE-2024-11767,0,0,27b1bb05f924b0778af68bdc2e081cf79c91f7af32c3aed079cfafa7d5bfee0c,2024-12-13T05:15:05.843000 +CVE-2024-11768,1,1,8dfa0b88a03431c073c3978c64f604dfdd1b4968272ff4a03c494f2b0d2f99f4,2024-12-19T06:15:23.007000 CVE-2024-11769,0,0,7c09ce15e3c33c67c82c4f8389595c27e00e07d607e16c4d909baefd0cbdfd8b,2024-12-04T08:15:06.680000 CVE-2024-1177,0,0,50204f0e1e82280f8898460ad80abf26f09df69c8b4bae2f8e7f259925f88097,2024-11-21T08:49:58.233000 CVE-2024-11770,0,0,be8f578c9f82931df9c3ede6728bb383379d1438331426ab12c908c3c55de158,2024-12-14T05:15:07.627000 @@ -244602,7 +244604,7 @@ CVE-2024-11980,0,0,5c195702c3044363783e02640024befa9b8ad56aa6e8902b10c32e122c344 CVE-2024-11981,0,0,4e8c7d73de59078b6dc7a30279d02d329d5e4f81501d91493f618fea96f72189,2024-11-29T07:15:05.760000 CVE-2024-11982,0,0,fdbe1466c75dff41c18009236254b70f07e6dcbf8224b3254ed5447f6369f8be,2024-11-29T08:15:04.580000 CVE-2024-11983,0,0,b28164039b0dc59ec068d9e4704804a0da409a26a86a99d005cfe1af9f1df7bd,2024-11-29T08:15:04.733000 -CVE-2024-11984,1,1,e4cb8f12f5f76216954f82cc003c009be1d8ec253ba314ea40b01ce15d04236f,2024-12-19T04:15:05.127000 +CVE-2024-11984,0,0,e4cb8f12f5f76216954f82cc003c009be1d8ec253ba314ea40b01ce15d04236f,2024-12-19T04:15:05.127000 CVE-2024-11985,0,0,347bd715be95eb6539997f812c032a6ace7cec9111ea8a772c8788473da7f21d,2024-12-04T02:15:04.237000 CVE-2024-11986,0,0,e3ace666257325f8eafbb0b048032c0cfe2d1f4c40638fcb396e4be31115d6ce,2024-12-13T14:15:21.207000 CVE-2024-1199,0,0,60ffbfb4cdc00bf543d03a59b91efea487f9cf6b0b352d45a15655d219ef20c9,2024-11-21T08:50:01.340000 @@ -259667,7 +259669,7 @@ CVE-2024-38493,0,0,4bc3bb4a09abc963fa51784326718bced0354c37a2459c0b47f92207de44f CVE-2024-38494,0,0,1f129c527a043d054672829334da9694bcc0abb503164120f45d12b60f760728,2024-11-21T09:26:05.737000 CVE-2024-38495,0,0,c57460246bd2654a442a7e089db309669537766d2f426be8aec4def73902de48,2024-11-21T09:26:05.863000 CVE-2024-38496,0,0,01a1900349f3d0adbd135ec854533895da77cbe9c60e719fe6990ff9f4db5d3a,2024-12-03T19:15:09.550000 -CVE-2024-38499,0,0,d48ba7b861247e2e7335421154dd92eb8fc0547f1ac04edea94b3dc629c24888,2024-12-17T15:15:15.087000 +CVE-2024-38499,0,1,5cdcaf2bf3f988260ae4afd83104cd0c145d02633de1d7b12a020c9e6762884e,2024-12-19T06:15:23.230000 CVE-2024-3850,0,0,73a9519b4dc6d88b65702fd8409fd31ed5a6966b8b99f91a593546b7c4071d4a,2024-11-21T09:30:32.383000 CVE-2024-38501,0,0,21a80373aa9d7e24644fdfb4a65ec744cf578aba5d6e990dcbd2df904d0b193f,2024-08-22T13:34:42.653000 CVE-2024-38502,0,0,17ce9bdc7ff577bc96c645bc41b79b45ca6b234955d8ce844b268b214cdd59cb,2024-08-22T13:35:47.970000