Auto-Update: 2024-12-19T07:00:20.844002+00:00

2025-07-09 16:05:11 +00:00 · 2024-12-19 07:03:43 +00:00 · 2024-12-19 07:03:43 +00:00 · bafc67cb12
commit bafc67cb12
parent d51dd40781
5 changed files with 145 additions and 9 deletions
--- a/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json
+++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-11740",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-12-19T06:15:21.243",
+  "lastModified": "2024-12-19T06:15:21.243",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json
+++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11768",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-12-19T06:15:23.007",
+  "lastModified": "2024-12-19T06:15:23.007",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json
+++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38499.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-38499",
  "sourceIdentifier": "secure@symantec.com",
  "published": "2024-12-17T06:15:20.760",
-  "lastModified": "2024-12-17T15:15:15.087",
+  "lastModified": "2024-12-19T06:15:23.230",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands."
+    },
+    {
+      "lang": "es",
+      "value": "CA Client Automation (ITCM) permite que los usuarios que no sean administradores o superusuario encripten una cadena mediante la CLI de CAF y la CLI de SD_ACMD. Esto permitir\u00eda que el usuario que no sea administrador acceda a las claves de cifrado cr\u00edticas, lo que adem\u00e1s provoca la explotaci\u00f3n de las credenciales almacenadas. Esta soluci\u00f3n no permite que un usuario que no sea administrador o superusuario ejecute los comandos \"caf encrypt\" o \"sd_acmd encrypt\"."
    }
  ],
  "metrics": {
@ -105,6 +109,10 @@
    {
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284",
      "source": "secure@symantec.com"
+    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Dec/16",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-12-19T05:00:19.086059+00:00
+2024-12-19T07:00:20.844002+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-12-19T04:15:05.127000+00:00
+2024-12-19T06:15:23.230000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-274343
+274345
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-11984](CVE-2024/CVE-2024-119xx/CVE-2024-11984.json) (`2024-12-19T04:15:05.127`)
+- [CVE-2024-11740](CVE-2024/CVE-2024-117xx/CVE-2024-11740.json) (`2024-12-19T06:15:21.243`)
+- [CVE-2024-11768](CVE-2024/CVE-2024-117xx/CVE-2024-11768.json) (`2024-12-19T06:15:23.007`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2024-38499](CVE-2024/CVE-2024-384xx/CVE-2024-38499.json) (`2024-12-19T06:15:23.230`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244432,6 +244432,7 @@ CVE-2024-11732,0,0,6786f7c223dbf5c7abf2566386e4c9fbb35edf5a2ada6569df25893c7ff24
 CVE-2024-11737,0,0,82b4de15247bbd822a2abb2f56467686fd4a6957a6b87fe1370247ce71679d0b,2024-12-11T10:15:06.677000
 CVE-2024-11738,0,0,f587c97dbd4b1ce8e0f6a611dd679c71e26fa6d4305ce8c0e3ca3797b0619379,2024-12-06T15:15:07.723000
 CVE-2024-1174,0,0,6b46be4d722ab187c094170b7547b36656d9ec8ed90fcec0cd49c5c30bebda75,2024-11-21T08:49:57.790000
+CVE-2024-11740,1,1,46e12694ca821047fe3ab9f444409d2b0328d88c2f3f03956e939a4fc552b35e,2024-12-19T06:15:21.243000
 CVE-2024-11742,0,0,573cb42c588bd214b3269f0f0837d622553f326ed266e544aa54ab8c350167c5,2024-12-04T21:04:48.830000
 CVE-2024-11743,0,0,f820c67dcaaaf23a6b1da5f22e8dfaf3af6e92af3da2964cdf1cbb12adde80f2,2024-12-04T21:07:20.510000
 CVE-2024-11744,0,0,d39b5f592014fd4a2278c647fc2411f75d3865150415b86b86bc4d90ea41f3d3,2024-12-03T15:30:32.153000
@ -244453,6 +244454,7 @@ CVE-2024-11763,0,0,2b2c0323b3c93139ab3dc406b2344ba6550636910350822782e7898bf1761
 CVE-2024-11765,0,0,7ca3665c3c821fbe55ce7d0837aed80052a89fb5c5a0acd85f5778bdcb7cc52c,2024-12-12T06:15:21.570000
 CVE-2024-11766,0,0,ece6a23c84d85f85ec62e1b775f625e9ee6e819290e6f88bd3f3e210a2634e2f,2024-12-12T06:15:21.757000
 CVE-2024-11767,0,0,27b1bb05f924b0778af68bdc2e081cf79c91f7af32c3aed079cfafa7d5bfee0c,2024-12-13T05:15:05.843000
+CVE-2024-11768,1,1,8dfa0b88a03431c073c3978c64f604dfdd1b4968272ff4a03c494f2b0d2f99f4,2024-12-19T06:15:23.007000
 CVE-2024-11769,0,0,7c09ce15e3c33c67c82c4f8389595c27e00e07d607e16c4d909baefd0cbdfd8b,2024-12-04T08:15:06.680000
 CVE-2024-1177,0,0,50204f0e1e82280f8898460ad80abf26f09df69c8b4bae2f8e7f259925f88097,2024-11-21T08:49:58.233000
 CVE-2024-11770,0,0,be8f578c9f82931df9c3ede6728bb383379d1438331426ab12c908c3c55de158,2024-12-14T05:15:07.627000
@ -244602,7 +244604,7 @@ CVE-2024-11980,0,0,5c195702c3044363783e02640024befa9b8ad56aa6e8902b10c32e122c344
 CVE-2024-11981,0,0,4e8c7d73de59078b6dc7a30279d02d329d5e4f81501d91493f618fea96f72189,2024-11-29T07:15:05.760000
 CVE-2024-11982,0,0,fdbe1466c75dff41c18009236254b70f07e6dcbf8224b3254ed5447f6369f8be,2024-11-29T08:15:04.580000
 CVE-2024-11983,0,0,b28164039b0dc59ec068d9e4704804a0da409a26a86a99d005cfe1af9f1df7bd,2024-11-29T08:15:04.733000
-CVE-2024-11984,1,1,e4cb8f12f5f76216954f82cc003c009be1d8ec253ba314ea40b01ce15d04236f,2024-12-19T04:15:05.127000
+CVE-2024-11984,0,0,e4cb8f12f5f76216954f82cc003c009be1d8ec253ba314ea40b01ce15d04236f,2024-12-19T04:15:05.127000
 CVE-2024-11985,0,0,347bd715be95eb6539997f812c032a6ace7cec9111ea8a772c8788473da7f21d,2024-12-04T02:15:04.237000
 CVE-2024-11986,0,0,e3ace666257325f8eafbb0b048032c0cfe2d1f4c40638fcb396e4be31115d6ce,2024-12-13T14:15:21.207000
 CVE-2024-1199,0,0,60ffbfb4cdc00bf543d03a59b91efea487f9cf6b0b352d45a15655d219ef20c9,2024-11-21T08:50:01.340000
@ -259667,7 +259669,7 @@ CVE-2024-38493,0,0,4bc3bb4a09abc963fa51784326718bced0354c37a2459c0b47f92207de44f
 CVE-2024-38494,0,0,1f129c527a043d054672829334da9694bcc0abb503164120f45d12b60f760728,2024-11-21T09:26:05.737000
 CVE-2024-38495,0,0,c57460246bd2654a442a7e089db309669537766d2f426be8aec4def73902de48,2024-11-21T09:26:05.863000
 CVE-2024-38496,0,0,01a1900349f3d0adbd135ec854533895da77cbe9c60e719fe6990ff9f4db5d3a,2024-12-03T19:15:09.550000
-CVE-2024-38499,0,0,d48ba7b861247e2e7335421154dd92eb8fc0547f1ac04edea94b3dc629c24888,2024-12-17T15:15:15.087000
+CVE-2024-38499,0,1,5cdcaf2bf3f988260ae4afd83104cd0c145d02633de1d7b12a020c9e6762884e,2024-12-19T06:15:23.230000
 CVE-2024-3850,0,0,73a9519b4dc6d88b65702fd8409fd31ed5a6966b8b99f91a593546b7c4071d4a,2024-11-21T09:30:32.383000
 CVE-2024-38501,0,0,21a80373aa9d7e24644fdfb4a65ec744cf578aba5d6e990dcbd2df904d0b193f,2024-08-22T13:34:42.653000
 CVE-2024-38502,0,0,17ce9bdc7ff577bc96c645bc41b79b45ca6b234955d8ce844b268b214cdd59cb,2024-08-22T13:35:47.970000