From c767191d75405c85d94bf63d0064c47949068282 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 18 May 2024 06:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-05-18T06:00:37.768348+00:00 --- CVE-2024/CVE-2024-34xx/CVE-2024-3437.json | 22 +++++----- CVE-2024/CVE-2024-37xx/CVE-2024-3714.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-43xx/CVE-2024-4374.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-48xx/CVE-2024-4891.json | 51 +++++++++++++++++++++++ README.md | 15 ++++--- _state.csv | 7 +++- 6 files changed, 170 insertions(+), 19 deletions(-) create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3714.json create mode 100644 CVE-2024/CVE-2024-43xx/CVE-2024-4374.json create mode 100644 CVE-2024/CVE-2024-48xx/CVE-2024-4891.json diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json index 0cc995c562d..a7d01074c8c 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3437", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-08T00:15:08.537", - "lastModified": "2024-05-17T02:39:56.097", + "lastModified": "2024-05-18T05:15:46.150", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -21,19 +21,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", - "baseScore": 4.7, - "baseSeverity": "MEDIUM" + "baseScore": 7.3, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.2, + "exploitabilityScore": 3.9, "impactScore": 3.4 } ], @@ -43,17 +43,17 @@ "type": "Secondary", "cvssData": { "version": "2.0", - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", - "authentication": "MULTIPLE", + "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", - "baseScore": 5.8 + "baseScore": 7.5 }, - "baseSeverity": "MEDIUM", - "exploitabilityScore": 6.4, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3714.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3714.json new file mode 100644 index 00000000000..a2225531c82 --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3714.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3714", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-18T05:15:46.520", + "lastModified": "2024-05-18T05:15:46.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3083390/give/tags/3.11.0/includes/class-give-donate-form.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4374.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4374.json new file mode 100644 index 00000000000..29d821ae802 --- /dev/null +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4374.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4374", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-18T05:15:46.733", + "lastModified": "2024-05-18T05:15:46.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3088000%40dethemekit-for-elementor&new=3088000%40dethemekit-for-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd9384c-5af3-4544-8179-c2f5550dd152?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4891.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4891.json new file mode 100644 index 00000000000..53ae45681c1 --- /dev/null +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4891.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-4891", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-18T05:15:46.917", + "lastModified": "2024-05-18T05:15:46.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/blocks/AdvancedHeading.php#L115", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3087677/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bcebb3-920b-40cc-aa5c-24a1f729b28d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e9dea5dd941..7ec2e11d5cc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-18T04:00:37.537745+00:00 +2024-05-18T06:00:37.768348+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-18T03:15:06.340000+00:00 +2024-05-18T05:15:46.917000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -250623 +250626 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-4865](CVE-2024/CVE-2024-48xx/CVE-2024-4865.json) (`2024-05-18T03:15:06.340`) +- [CVE-2024-3714](CVE-2024/CVE-2024-37xx/CVE-2024-3714.json) (`2024-05-18T05:15:46.520`) +- [CVE-2024-4374](CVE-2024/CVE-2024-43xx/CVE-2024-4374.json) (`2024-05-18T05:15:46.733`) +- [CVE-2024-4891](CVE-2024/CVE-2024-48xx/CVE-2024-4891.json) (`2024-05-18T05:15:46.917`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-3437](CVE-2024/CVE-2024-34xx/CVE-2024-3437.json) (`2024-05-18T05:15:46.150`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1ab996ce865..0213225e75c 100644 --- a/_state.csv +++ b/_state.csv @@ -249394,7 +249394,7 @@ CVE-2024-34366,0,0,25eb851eb2f231dff6589bef7d2a42ccb066a9937b2c8dd9550db97a42376 CVE-2024-34367,0,0,71d4be6198e4635d1e3c7d4a37f4152439ba7ccd61f31e7e76f4c81875c262d4,2024-05-06T19:53:38.797000 CVE-2024-34368,0,0,4903b79ce8f618d0b1d0d013639d45a4b6153544dfe155bf918623d214d25e20,2024-05-06T19:53:38.797000 CVE-2024-34369,0,0,43ae6e229d2787fd10cd297ec9e349b88579a4bb4535eedd72dead9653248f3c,2024-05-06T19:53:38.797000 -CVE-2024-3437,0,0,a8455c6ec73ec4b28146267eb8bc8bcebef11156b28339dbc3a0817cad1e2f02,2024-05-17T02:39:56.097000 +CVE-2024-3437,0,1,38c43ea03da10ab778450ecd9b17252c40003e9b31ec84914cfa672f1cc45337,2024-05-18T05:15:46.150000 CVE-2024-34370,0,0,1fe718a2eee649d566d79376ebcfe560f8db7814624596f121d4d79c81882b11,2024-05-17T18:36:05.263000 CVE-2024-34371,0,0,221cb018c67b2ca9bbf34009d8128ce932e1ca2cdc202136c2419b8ed0256afb,2024-05-06T19:53:38.797000 CVE-2024-34372,0,0,e4943efa5e4e5fb2e57655cdebc39d5c23b50034b23eb8f2d018eb8338330daf,2024-05-06T19:53:38.797000 @@ -249890,6 +249890,7 @@ CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff3 CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000 CVE-2024-3706,0,0,93b27543775cdce8e7b256b8d014ea258e7a61f0ddb1cca03581da1a85330700,2024-04-15T13:15:51.577000 CVE-2024-3707,0,0,cb892298714e8d1628bf09ece0bc00ef0a1a1429034ce83bb3286f4d822c160d,2024-04-15T13:15:51.577000 +CVE-2024-3714,1,1,b57899bf4e81fdc0ba3a9f38ed0cf5b27563f225fe7b0f4e6e4acfb83260168e,2024-05-18T05:15:46.520000 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000 CVE-2024-3719,0,0,98817b00c300460b7ee17e28b90d655bc3286869de6cea5831a06059286a41a5,2024-05-17T02:40:05.100000 @@ -250283,6 +250284,7 @@ CVE-2024-4368,0,0,0ee02ebde276d817508f5495294b3429c463a1f4241660388e0c329992e72b CVE-2024-4369,0,0,ab5992320463150d25768d540495632f3cea0e672e96fca10ae18e5fed17e7b3,2024-05-02T03:15:15.027000 CVE-2024-4370,0,0,9cb4b287947cccbb5312f0b956bd28c5e0677f742a744bda42968ce33f6a04bb,2024-05-15T16:40:19.330000 CVE-2024-4373,0,0,1ffc43bce359a7dc4906a84b6fc8a1ff35c385d778f8a99a36e9677433d92d07,2024-05-15T16:40:19.330000 +CVE-2024-4374,1,1,509f60ac40a5583989d86027571d7dd8b31bf8b38e963c7743b38df392611aed,2024-05-18T05:15:46.733000 CVE-2024-4383,0,0,5a1fe08151a13ea21e71cf2d0c78ad0aa3b9532b0b753d777378763b8935a44b,2024-05-14T16:11:39.510000 CVE-2024-4385,0,0,ca3b527b38ef117a25bd1a563993108f86670c5409f332b50d53521ab7d618e2,2024-05-16T13:03:05.353000 CVE-2024-4386,0,0,e3470cc6a1cc1ee4032b4297ad39fc1eda67f128aadce11b5ef951d1e0deaf83,2024-05-14T16:11:39.510000 @@ -250541,8 +250543,9 @@ CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a562846 CVE-2024-4855,0,0,bb7758177ed568c219e106881d12c1be9e05abe80abbc1ed8dc52d386d88e25c,2024-05-14T16:11:39.510000 CVE-2024-4859,0,0,0e7c5125874f1925896116e914ab4a4e3b887f22c447a3549ca2e9da643585d9,2024-05-14T19:17:55.627000 CVE-2024-4860,0,0,4e8a6a855a2e6e16dad5d91e17b904b6b709d252c51887af538903d405cd55bc,2024-05-14T19:17:55.627000 -CVE-2024-4865,1,1,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000 +CVE-2024-4865,0,0,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000 CVE-2024-4871,0,0,8ab16008698c56948c2f0ae8cf729bc698d4cce8f05c254b91a2ba1c9d6200d3,2024-05-14T19:17:55.627000 +CVE-2024-4891,1,1,e927ef516e79f1f82b710fc93245e2976a4ebaebf27d0810ac01907f3f3d2a4c,2024-05-18T05:15:46.917000 CVE-2024-4893,0,0,8ffb453add192bbe3edd5219a0cc1fecef136881814a15b6a6fff19e64221c30,2024-05-15T16:40:19.330000 CVE-2024-4894,0,0,6ac5cb6e261d69ae931137ad62bda7bde45e9f279ec9c4c45067086e1e08f8a1,2024-05-15T16:40:19.330000 CVE-2024-4903,0,0,9a411d9f215d13d2c422791efc5893252c00fbd9ad8c56cc74522677d5819e4f,2024-05-17T02:40:40.423000