mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-11 16:13:34 +00:00
Auto-Update: 2024-07-20T04:00:18.578871+00:00
This commit is contained in:
parent
2d1f736748
commit
d08a20053a
60
CVE-2024/CVE-2024-23xx/CVE-2024-2337.json
Normal file
60
CVE-2024/CVE-2024-23xx/CVE-2024-2337.json
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2024-2337",
|
||||||
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
|
"published": "2024-07-20T03:15:02.290",
|
||||||
|
"lastModified": "2024-07-20T03:15:02.290",
|
||||||
|
"vulnStatus": "Received",
|
||||||
|
"cveTags": [],
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "LOW",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "CHANGED",
|
||||||
|
"confidentialityImpact": "LOW",
|
||||||
|
"integrityImpact": "LOW",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 6.4,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 3.1,
|
||||||
|
"impactScore": 2.7
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-79"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/browser/easy-testimonials/trunk/easy-testimonials.php#L1039",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=cve",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
64
CVE-2024/CVE-2024-58xx/CVE-2024-5804.json
Normal file
64
CVE-2024/CVE-2024-58xx/CVE-2024-5804.json
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2024-5804",
|
||||||
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
|
"published": "2024-07-20T02:15:09.480",
|
||||||
|
"lastModified": "2024-07-20T02:15:09.480",
|
||||||
|
"vulnStatus": "Received",
|
||||||
|
"cveTags": [],
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"userInteraction": "REQUIRED",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "NONE",
|
||||||
|
"integrityImpact": "LOW",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 4.3,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 2.8,
|
||||||
|
"impactScore": 1.4
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-352"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/browser/cf7-conditional-fields/trunk/wpcf7cf-options.php#L285",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121497%40cf7-conditional-fields&new=3121497%40cf7-conditional-fields&sfp_email=&sfph_mail=",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/827c5dc2-3195-47d9-9e44-ca2043748eed?source=cve",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
64
CVE-2024/CVE-2024-65xx/CVE-2024-6560.json
Normal file
64
CVE-2024/CVE-2024-65xx/CVE-2024-6560.json
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2024-6560",
|
||||||
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
|
"published": "2024-07-20T03:15:02.680",
|
||||||
|
"lastModified": "2024-07-20T03:15:02.680",
|
||||||
|
"vulnStatus": "Received",
|
||||||
|
"cveTags": [],
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "LOW",
|
||||||
|
"integrityImpact": "NONE",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 5.3,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 3.9,
|
||||||
|
"impactScore": 1.4
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-200"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/browser/addonify-quick-view/trunk/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail=",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve",
|
||||||
|
"source": "security@wordfence.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
16
README.md
16
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
|||||||
### Last Repository Update
|
### Last Repository Update
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2024-07-19T23:55:17.882892+00:00
|
2024-07-20T04:00:18.578871+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2024-07-19T22:15:04.563000+00:00
|
2024-07-20T03:15:02.680000+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Last Data Feed Release
|
### Last Data Feed Release
|
||||||
@ -27,26 +27,28 @@ Repository synchronizes with the NVD every 2 hours.
|
|||||||
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
|
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2024-07-19T00:00:08.658093+00:00
|
2024-07-20T00:00:08.659552+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Total Number of included CVEs
|
### Total Number of included CVEs
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
257521
|
257524
|
||||||
```
|
```
|
||||||
|
|
||||||
### CVEs added in the last Commit
|
### CVEs added in the last Commit
|
||||||
|
|
||||||
Recently added CVEs: `0`
|
Recently added CVEs: `3`
|
||||||
|
|
||||||
|
- [CVE-2024-2337](CVE-2024/CVE-2024-23xx/CVE-2024-2337.json) (`2024-07-20T03:15:02.290`)
|
||||||
|
- [CVE-2024-5804](CVE-2024/CVE-2024-58xx/CVE-2024-5804.json) (`2024-07-20T02:15:09.480`)
|
||||||
|
- [CVE-2024-6560](CVE-2024/CVE-2024-65xx/CVE-2024-6560.json) (`2024-07-20T03:15:02.680`)
|
||||||
|
|
||||||
|
|
||||||
### CVEs modified in the last Commit
|
### CVEs modified in the last Commit
|
||||||
|
|
||||||
Recently modified CVEs: `1`
|
Recently modified CVEs: `0`
|
||||||
|
|
||||||
- [CVE-2024-35260](CVE-2024/CVE-2024-352xx/CVE-2024-35260.json) (`2024-07-19T22:15:04.563`)
|
|
||||||
|
|
||||||
|
|
||||||
## Download and Usage
|
## Download and Usage
|
||||||
|
@ -244806,6 +244806,7 @@ CVE-2024-2336,0,0,ee2ed99bdbb77ed98426fec739627a0e0294ad75ca24e044dbbf3ddb7c6991
|
|||||||
CVE-2024-23360,0,0,4a7bbca8a03b30cf4df988e0f08196d33c6bd581b3c7bc61fba22b18c171830b,2024-06-03T14:46:24.250000
|
CVE-2024-23360,0,0,4a7bbca8a03b30cf4df988e0f08196d33c6bd581b3c7bc61fba22b18c171830b,2024-06-03T14:46:24.250000
|
||||||
CVE-2024-23363,0,0,f3bca7930119a168b01a4f3c6a543138a5f31bd5e8f14fd6e950dfaab71bf1eb,2024-06-03T14:46:24.250000
|
CVE-2024-23363,0,0,f3bca7930119a168b01a4f3c6a543138a5f31bd5e8f14fd6e950dfaab71bf1eb,2024-06-03T14:46:24.250000
|
||||||
CVE-2024-23368,0,0,5726397ddc8ddada7ad85b481081c827980e0b31f00843d9c4a575a1cdcf7c17,2024-07-02T17:51:25.690000
|
CVE-2024-23368,0,0,5726397ddc8ddada7ad85b481081c827980e0b31f00843d9c4a575a1cdcf7c17,2024-07-02T17:51:25.690000
|
||||||
|
CVE-2024-2337,1,1,8d7a8269dcc1610b66c0f656f3547809d9e64e820daa07dd068f3da4b909f9e0,2024-07-20T03:15:02.290000
|
||||||
CVE-2024-23372,0,0,23b270a28eac6f2e33d3cc96090d40d8bd34b2e6172d17ba5be5b87ce6bb3571,2024-07-02T17:51:04.530000
|
CVE-2024-23372,0,0,23b270a28eac6f2e33d3cc96090d40d8bd34b2e6172d17ba5be5b87ce6bb3571,2024-07-02T17:51:04.530000
|
||||||
CVE-2024-23373,0,0,5f71e52681ce9b4c683001ee0714339e5fcbf3b0ac462fe47ab6cd76399fa906,2024-07-02T17:50:38.573000
|
CVE-2024-23373,0,0,5f71e52681ce9b4c683001ee0714339e5fcbf3b0ac462fe47ab6cd76399fa906,2024-07-02T17:50:38.573000
|
||||||
CVE-2024-2338,0,0,97ed9304e53653e5f2f6be84ec656ed42a5ae14786266fb81f31dd764d99c05c,2024-03-08T21:19:43.127000
|
CVE-2024-2338,0,0,97ed9304e53653e5f2f6be84ec656ed42a5ae14786266fb81f31dd764d99c05c,2024-03-08T21:19:43.127000
|
||||||
@ -252713,7 +252714,7 @@ CVE-2024-35254,0,0,45ef78e7aab61785b60639ab749398d66c1fb5a7b87988e5d821011437a5e
|
|||||||
CVE-2024-35255,0,0,dd2820217033d300b334ae05889b3c3f413c0da4e96707fa039fcafe96b24ff2,2024-06-20T16:31:46.127000
|
CVE-2024-35255,0,0,dd2820217033d300b334ae05889b3c3f413c0da4e96707fa039fcafe96b24ff2,2024-06-20T16:31:46.127000
|
||||||
CVE-2024-35256,0,0,f2176a2df1a1016e0c34600dbc0c04e96b8b2ff9ee36a42a63c8d07aa875d956,2024-07-09T18:18:38.713000
|
CVE-2024-35256,0,0,f2176a2df1a1016e0c34600dbc0c04e96b8b2ff9ee36a42a63c8d07aa875d956,2024-07-09T18:18:38.713000
|
||||||
CVE-2024-3526,0,0,3b86e48cdd64c94b1957dd961f1ea8a5609328c0a5fd236d499daf2f49d2a875,2024-05-17T02:39:59.067000
|
CVE-2024-3526,0,0,3b86e48cdd64c94b1957dd961f1ea8a5609328c0a5fd236d499daf2f49d2a875,2024-05-17T02:39:59.067000
|
||||||
CVE-2024-35260,0,1,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000
|
CVE-2024-35260,0,0,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000
|
||||||
CVE-2024-35261,0,0,9d9063b6e7979be3a79ef13bd9cc70b3fb0340950dd44d60d9d3d687415ebbe0,2024-07-17T15:48:39.097000
|
CVE-2024-35261,0,0,9d9063b6e7979be3a79ef13bd9cc70b3fb0340950dd44d60d9d3d687415ebbe0,2024-07-17T15:48:39.097000
|
||||||
CVE-2024-35263,0,0,f00bc0132870d05293845d05b9562badae38c6c7b9bb0d9a00ba1c99b84818b6,2024-06-20T16:32:31.287000
|
CVE-2024-35263,0,0,f00bc0132870d05293845d05b9562badae38c6c7b9bb0d9a00ba1c99b84818b6,2024-06-20T16:32:31.287000
|
||||||
CVE-2024-35264,0,0,40d724389414ca4fabf1feae652fc23d2bbd2b3015de995d803ac6656e74295d,2024-07-19T18:59:28.370000
|
CVE-2024-35264,0,0,40d724389414ca4fabf1feae652fc23d2bbd2b3015de995d803ac6656e74295d,2024-07-19T18:59:28.370000
|
||||||
@ -256961,6 +256962,7 @@ CVE-2024-5795,0,0,4a9aecee86bda89829b2518ea02c7a7b2c3a9c81275eb4d5a5086f64238c89
|
|||||||
CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000
|
CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000
|
||||||
CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000
|
CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000
|
||||||
CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000
|
CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000
|
||||||
|
CVE-2024-5804,1,1,b9dfade3e9abf25b83d5f9549ff479e4541cdb1f2dea578b917eb82e2201bdb6,2024-07-20T02:15:09.480000
|
||||||
CVE-2024-5805,0,0,dc303c72bde98fa3d82c375116e3326253eb605d3a044d78a9e45a14399d2f62,2024-06-25T18:50:42.040000
|
CVE-2024-5805,0,0,dc303c72bde98fa3d82c375116e3326253eb605d3a044d78a9e45a14399d2f62,2024-06-25T18:50:42.040000
|
||||||
CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000
|
CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000
|
||||||
CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000
|
CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000
|
||||||
@ -257413,6 +257415,7 @@ CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a
|
|||||||
CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000
|
CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000
|
||||||
CVE-2024-6557,0,0,5f8a5c5bf162c69368d24395d90aef2e1a9fd156ec4a6d0f0e02ca54e1438d8b,2024-07-16T13:43:58.773000
|
CVE-2024-6557,0,0,5f8a5c5bf162c69368d24395d90aef2e1a9fd156ec4a6d0f0e02ca54e1438d8b,2024-07-16T13:43:58.773000
|
||||||
CVE-2024-6559,0,0,2866b76c45bfa3fcb2a29d8b63ef335520f76c77ee94faa7443c1c34b010c185,2024-07-16T13:43:58.773000
|
CVE-2024-6559,0,0,2866b76c45bfa3fcb2a29d8b63ef335520f76c77ee94faa7443c1c34b010c185,2024-07-16T13:43:58.773000
|
||||||
|
CVE-2024-6560,1,1,2f076ff2fd76b43199bd178b1c294f88bc56d1c6024186191e2ffdcc9076e458,2024-07-20T03:15:02.680000
|
||||||
CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000
|
CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000
|
||||||
CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000
|
CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000
|
||||||
CVE-2024-6565,0,0,ee9c3eacf0bc745c4e1df576eb425c3f28c4e22d80193cbda607fc66e3277c71,2024-07-16T13:43:58.773000
|
CVE-2024-6565,0,0,ee9c3eacf0bc745c4e1df576eb425c3f28c4e22d80193cbda607fc66e3277c71,2024-07-16T13:43:58.773000
|
||||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user