Auto-Update: 2024-09-23T08:00:20.275540+00:00

2025-05-08 19:47:09 +00:00 · 2024-09-23 08:03:19 +00:00 · 2024-09-23 08:03:19 +00:00 · c4e0f06bbf
commit c4e0f06bbf
parent 8503076d9b
5 changed files with 131 additions and 6 deletions
--- a/CVE-2024/CVE-2024-78xx/CVE-2024-7846.json
+++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7846.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-7846",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-23T06:15:04.050",
+  "lastModified": "2024-09-23T06:15:04.050",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/86f7a136-d09b-4637-97ae-2cdaaff172a3/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-86xx/CVE-2024-8606.json
+++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8606.json
@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-8606",
+  "sourceIdentifier": "security@checkmk.com",
+  "published": "2024-09-23T07:15:02.233",
+  "lastModified": "2024-09-23T07:15:02.233",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "security@checkmk.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 9.2,
+          "baseSeverity": "CRITICAL"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@checkmk.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://checkmk.com/werk/16218",
+      "source": "security@checkmk.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-87xx/CVE-2024-8758.json
+++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8758.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-8758",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-23T06:15:04.310",
+  "lastModified": "2024-09-23T06:15:04.310",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d74ecae2-3a1e-4fc7-9dd3-04cef631ecd9/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-23T06:00:17.401317+00:00
+2024-09-23T08:00:20.275540+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-23T04:15:03.057000+00:00
+2024-09-23T07:15:02.233000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-263557
+263560
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2024-47227](CVE-2024/CVE-2024-472xx/CVE-2024-47227.json) (`2024-09-23T04:15:03.057`)
+- [CVE-2024-7846](CVE-2024/CVE-2024-78xx/CVE-2024-7846.json) (`2024-09-23T06:15:04.050`)
+- [CVE-2024-8606](CVE-2024/CVE-2024-86xx/CVE-2024-8606.json) (`2024-09-23T07:15:02.233`)
+- [CVE-2024-8758](CVE-2024/CVE-2024-87xx/CVE-2024-8758.json) (`2024-09-23T06:15:04.310`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -260430,7 +260430,7 @@ CVE-2024-4722,0,0,d0eb70616d7559be2944527d8cacda4cb03faa787985cf2ceace067dd7c5ef
 CVE-2024-47220,0,0,7634b8c2fd8f2f27236543b2e15c6ac5db18db58ed1ee59e35f0b307defd3fc1,2024-09-22T01:15:11.950000
 CVE-2024-47221,0,0,a39f783e0f1837714118df09b4ab8d238e18d056086adb1e01ef68294fa04896,2024-09-22T01:15:12.013000
 CVE-2024-47226,0,0,411184e87455f1b448c1e2cc11eedd9a4052a8ce1f27eb98a9cd57cddaf32d61,2024-09-22T02:15:02.797000
-CVE-2024-47227,1,1,0b2071d74d7422852497d92cbd355aea49ce9164249a57788cb27cdaaeded9a0,2024-09-23T04:15:03.057000
+CVE-2024-47227,0,0,0b2071d74d7422852497d92cbd355aea49ce9164249a57788cb27cdaaeded9a0,2024-09-23T04:15:03.057000
 CVE-2024-4723,0,0,7af98ecd367a90ef8c416c400db7bb1bdf630fc1c111a3c8e6b7b48b9bb15bbe,2024-06-04T19:20:47.717000
 CVE-2024-4724,0,0,1e35a8d6fb4d3f11b5f0d2a27ec10d126d5383267b650c161b24f017393ebb63,2024-06-04T19:20:47.830000
 CVE-2024-4725,0,0,038fe38ac4531e61bf3177f0fb7b7333acb4571c75548945a25c993c1898f93c,2024-06-04T19:20:47.930000
@ -262964,6 +262964,7 @@ CVE-2024-7842,0,0,6f597ddda6138d9acc81d07fc2eafe7775fb8cb17d6e8df28c226b7f954176
 CVE-2024-7843,0,0,1916845a00ac6d864acb448c0fe39fd74d4023a097dc2d81074d929455ca1839,2024-08-21T14:13:11.157000
 CVE-2024-7844,0,0,b930ca741640f5c7b3b0ce1c61bb7f4e94c485b2638d8e79f4794845e86ce235,2024-08-21T14:12:43.497000
 CVE-2024-7845,0,0,a27541ca47acd484f46c609f3698b7013802437eb8a6a96b9ef6a93b64b0256f,2024-08-19T13:00:23.117000
+CVE-2024-7846,1,1,af8d452a96f654dbf448d4baea9d07517a631428d8725d42ab279b43226a6489,2024-09-23T06:15:04.050000
 CVE-2024-7848,0,0,0ee368073eef37c35843cc78ada12ebce75ec11f5e51f0fe556018a4bb2deefe,2024-08-22T12:48:02.790000
 CVE-2024-7849,0,0,e63d24df06d5f4555672e0892a25c4e5c95ca031f7861c25398c177add1bd8f5,2024-08-19T13:00:23.117000
 CVE-2024-7850,0,0,eac62d06d40978b154610fb0b8829f684d203615f4f5ebfcbc586877034ad096,2024-08-20T15:44:20.567000
@ -263396,6 +263397,7 @@ CVE-2024-8586,0,0,23468ff8a51a574afa4ccf040ef08b97cdacf6166e19d71118517f5f68bba0
 CVE-2024-8601,0,0,350a6e2c691d4290217990f07e5aa1eab0aea03118253c9c9cd54625cff0b36e,2024-09-17T17:54:39.767000
 CVE-2024-8604,0,0,011a82fa33d28627d93910a4b1b240e8b61f649834230335b18a4a93ce8a99bf,2024-09-10T19:14:57.017000
 CVE-2024-8605,0,0,2abdfde3fad91633012e2fbc4796f8bda82aa939ecbbf9c2890b650d01ffd42b,2024-09-13T15:31:52.140000
+CVE-2024-8606,1,1,bb9532b4e4dcf523b7cf6856b8a02d0c713decb141c17d41b969e878b3c67db4,2024-09-23T07:15:02.233000
 CVE-2024-8610,0,0,9284b474db1beea95bd52a2a34ba37d6ccf26129d36f3b91404a653005c49f87,2024-09-17T18:48:12.130000
 CVE-2024-8611,0,0,3d63bb09edc11ef6327fe857dfe381551fd3ed233dd119eaa741dce3b9b25e8e,2024-09-18T17:24:34.163000
 CVE-2024-8612,0,0,331ed9f80fb6e681449c52c85030a1a5ea68111cde63d87b1f59d236efda09e1,2024-09-20T18:15:04.743000
@ -263457,6 +263459,7 @@ CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b56
 CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f992a,2024-09-13T14:06:04.777000
 CVE-2024-8752,0,0,be5f97c0edf8e6ac8b5e8514ff7047e0f4fcd958517cc5377fbff739f62f1969,2024-09-20T22:42:20.367000
 CVE-2024-8754,0,0,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000
+CVE-2024-8758,1,1,eaf9c33ac5eaa1030465fe486d3a1733b96fb4459bbb275bf4fc004ae2bbaa65,2024-09-23T06:15:04.310000
 CVE-2024-8761,0,0,3585691f416075376d018cf9f4fcfa97af66b09d60d17a08ef4151ff63a68129,2024-09-20T12:31:20.110000
 CVE-2024-8762,0,0,2877f4481d10e26d4e6bf50e010d02152cab4d90b2c2329689bb4edd4b768ea9,2024-09-14T15:54:10.687000
 CVE-2024-8766,0,0,b5c86feebeb7f4c2ef3d57aeff024553a8b8afab58619c1ddcc92e275588dfe2,2024-09-20T12:31:20.110000