admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-30T13:00:19.998367+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-30 13:03:21 +00:00
parent 40dc13bfac
commit cb5e000952
7 changed files with 324 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
CVE-2024/CVE-2024-105xx/CVE-2024-10525.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-10525",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:02.787",
"lastModified": "2024-10-30T12:15:02.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190",
"source": "emo@eclipse.org"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/",
"source": "emo@eclipse.org"
}
]
}

82
CVE-2024/CVE-2024-39xx/CVE-2024-3935.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-3935",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:03.090",
"lastModified": "2024-10-30T12:15:03.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197",
"source": "emo@eclipse.org"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/",
"source": "emo@eclipse.org"
}
]
}

6
CVE-2024/CVE-2024-65xx/CVE-2024-6508.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6508",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-21T06:15:08.120",
"lastModified": "2024-10-16T07:15:16.027",
"lastModified": "2024-10-30T11:15:15.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -56,6 +56,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:7922",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8415",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6508",
"source": "secalert@redhat.com"

68
CVE-2024/CVE-2024-85xx/CVE-2024-8512.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-8512",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T11:15:15.963",
"lastModified": "2024-10-30T11:15:15.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server."
},
{
"lang": "es",
"value": "El complemento W3SPEEDSTER para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en todas las versiones hasta la 7.26 incluida a trav\u00e9s del par\u00e1metro 'script' de la funci\u00f3n hookBeforeStartOptimization(). Esto se debe a que el complemento pasa la informaci\u00f3n proporcionada por el usuario a eval(). Esto permite que atacantes autenticados, con acceso de nivel de administrador o superior, ejecuten c\u00f3digo en el servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-95"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3175640/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-93xx/CVE-2024-9388.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-9388",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T11:15:16.297",
"lastModified": "2024-10-30T11:15:16.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
},
{
"lang": "es",
"value": "El complemento Black Widgets For Elementor para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.3.7 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficiente. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/black-widgets/trunk/includes/class-bw.php#L95",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3178366/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/black-widgets/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/618c72b1-363b-41ad-939d-ab2a3b4d579c?source=cve",
"source": "security@wordfence.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-30T11:00:19.099677+00:00
2024-10-30T13:00:19.998367+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-30T09:15:02.860000+00:00
2024-10-30T12:15:03.090000+00:00
```
### Last Data Feed Release
@ -33,20 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
267636
267640
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `4`
- [CVE-2024-10525](CVE-2024/CVE-2024-105xx/CVE-2024-10525.json) (`2024-10-30T12:15:02.787`)
- [CVE-2024-3935](CVE-2024/CVE-2024-39xx/CVE-2024-3935.json) (`2024-10-30T12:15:03.090`)
- [CVE-2024-8512](CVE-2024/CVE-2024-85xx/CVE-2024-8512.json) (`2024-10-30T11:15:15.963`)
- [CVE-2024-9388](CVE-2024/CVE-2024-93xx/CVE-2024-9388.json) (`2024-10-30T11:15:16.297`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-10-30T09:15:02.860`)
- [CVE-2024-6508](CVE-2024/CVE-2024-65xx/CVE-2024-6508.json) (`2024-10-30T11:15:15.220`)
## Download and Usage

8
_state.csv
View File

@ -242642,6 +242642,7 @@ CVE-2024-10507,0,0,f0d511f24f84b9e0af273e44e1eadb29e82d53fc80607d0bb45b0fad15f5c
CVE-2024-10509,0,0,a617a52391f6a05c8db7614b66d9896a1a6ac7734326993025e7a689a1eda8b8,2024-10-30T03:15:04.060000
CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000
CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000
CVE-2024-10525,1,1,da84dc04e510361b72b51fc7c592df068e859d162a075e07b45c4a38e16505a6,2024-10-30T12:15:02.787000
CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000
CVE-2024-1054,0,0,f8e7e53b5707aaecdfe1ea6fba53413ba04bed5cdf673762252b510775f984b1,2024-02-29T13:49:29.390000
CVE-2024-1055,0,0,ccc78f7d4bd63bcc448b5e62f7789de0e1a26ab036272b89eca521cba41a35e3,2024-02-14T18:59:33.780000
@ -257560,6 +257561,7 @@ CVE-2024-39345,0,0,f773bf4aa168ca0fb54a499af45e3e951779cc47e8e783983f66e20a08393
CVE-2024-39347,0,0,f05ffc50868d752b16aba36bcf98397a1a823dcf709e914fdceefc955d8df28b,2024-06-28T10:27:00.920000
CVE-2024-39348,0,0,798f996b4382b8a6e782460918b5005c42ce376a9b87c3209ffaa4789fe2c24c,2024-06-28T10:27:00.920000
CVE-2024-39349,0,0,d94bdd4e2f366e0736711898b6f6670e30f7a98126cdfe514679d42f61eff674,2024-06-28T10:27:00.920000
CVE-2024-3935,1,1,9b8bae2be6b10a90a976788d253fe304a54a44f2d97732e708c4299de4f9cf9d,2024-10-30T12:15:03.090000
CVE-2024-39350,0,0,933f5cf4e1e8654d4184b998e6e3d84f4d423cc036a81e5a6851a5092c592ad5,2024-06-28T10:27:00.920000
CVE-2024-39351,0,0,9b4d39161319839f1a0a214dc211a28fd92f2da777165762a051c899eb88a499,2024-06-28T10:27:00.920000
CVE-2024-39352,0,0,2125967ac59376c4e2a4b0fc39ded99823f5fb5459f0421dba32eed656bdf603,2024-06-28T10:27:00.920000
@ -265175,7 +265177,7 @@ CVE-2024-6504,0,0,6666bb3ba2314d1147da34b1413146555668de024ce515e1e34c91b1fe3247
CVE-2024-6505,0,0,2472b280b959c45a84076dc8298b1f0ea15132bfdd2f045bf3ab100aab446db1,2024-09-19T06:15:03.463000
CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48d6,2024-07-05T12:55:51.367000
CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000
CVE-2024-6508,0,0,d23055a39e1df773d98780577d434c72bc67df9f2fd0b90538a160cf45e32579,2024-10-16T07:15:16.027000
CVE-2024-6508,0,1,83afbbb0c300c926d75e43d120f11132485b3123bc7f3e14a9e5aa056ca1afd1,2024-10-30T11:15:15.220000
CVE-2024-6509,0,0,7eb4fc03788f01fd646b7975c190061926ae41b355a82f9aed0c1fc50ccfb715,2024-09-10T12:09:50.377000
CVE-2024-6510,0,0,5e8ec1aef4696d364d1cf0507192e6236a7f19c30decdfeea7966d96cda0feda,2024-10-02T17:17:46.450000
CVE-2024-6511,0,0,053f3089b06a0cd915df79eb3301836b5db5c9fe4d3ed571ee6923d36f4d1832,2024-07-05T12:55:51.367000
@ -266751,6 +266753,7 @@ CVE-2024-8505,0,0,1c04e90354babae2df3035dc354852183330b8445c04d1f2331a89a32b3e4a
CVE-2024-8507,0,0,f8ab6ca415f5a0161413ce7f662341ea541aaee581333ff12dda1758c919ad13,2024-10-17T18:20:13.153000
CVE-2024-8508,0,0,095cff01fb00165e2108ed0a6b3f940edeffb7916515f1cc0f2ea48f2031a7c8,2024-10-04T13:50:43.727000
CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000
CVE-2024-8512,1,1,dd2902edc8baaa2462a4f8cb4b2213b16da52f669ae88c8584b52bb6683dd9da,2024-10-30T11:15:15.963000
CVE-2024-8513,0,0,910ae7d47a27f3be55b8ebbee4133c06edee61ebde300e418feb96105acdd2ce,2024-10-15T13:33:14.333000
CVE-2024-8514,0,0,c58a76f0057441ba23f8e2f32e326770fb9d4e75db425aee0ab9e343556d5997,2024-10-02T19:59:17.080000
CVE-2024-8515,0,0,2860d4fc2403ef731ebb5d2e3d51ef0155fe3387c99bac76ffcaa85980c8d253,2024-10-02T19:22:00.953000
@ -267309,6 +267312,7 @@ CVE-2024-9382,0,0,9974cbae3b65aba95d0b7e51ea5485cc9f96ba1c03eee8eb0122ba4567d68e
CVE-2024-9383,0,0,bcbb779641918c0449c8c1e715b100b70d4ebd612997069770f4fe494807a125,2024-10-22T14:27:13.377000
CVE-2024-9384,0,0,a6a408c481cce62ffd2afe76e175a7a94a46c764ed46cc8221ec17248ad3b62d,2024-10-10T20:52:33.333000
CVE-2024-9385,0,0,0d2e28a3f2481a04ce784fbf885d088010920135683d5ffb6adf8001c8688dc2,2024-10-07T17:48:28.117000
CVE-2024-9388,1,1,009230a12615f1bb2e717bad5419f25943ec085386cae195436492e6c2697f58,2024-10-30T11:15:16.297000
CVE-2024-9391,0,0,7d6eba489d698d80c25274418cf61f043b91561cc903d053b7833bff789db601,2024-10-04T13:51:25.567000
CVE-2024-9392,0,0,beca44e590b21e5502ca4e733f60749ac893cd13053addd71013500d8f613300,2024-10-04T13:51:25.567000
CVE-2024-9393,0,0,8991f032fac5df92cbca1bcfbd289d2f6fc6372985ab09be505deb12f485dbe2,2024-10-11T16:07:50.900000
@ -267470,7 +267474,7 @@ CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b763
CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000
CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000
CVE-2024-9675,0,0,eeea36cc8b9f2954bb20129c787b2558ad2679a2c1fb2ba959a00f3259f50e8c,2024-10-30T07:15:16.493000
CVE-2024-9676,0,1,388826e2f736cae6407dafbf37e070d02b7de19b7221232ae54333a7a67ea4ed,2024-10-30T09:15:02.860000
CVE-2024-9676,0,0,388826e2f736cae6407dafbf37e070d02b7de19b7221232ae54333a7a67ea4ed,2024-10-30T09:15:02.860000
CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000
CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000
CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000

Can't render this file because it is too large.