From d145829e98421565f49bd47f2f3d077cca5869d9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 23 Jan 2025 11:04:11 +0000 Subject: [PATCH] Auto-Update: 2025-01-23T11:00:45.519826+00:00 --- CVE-2024/CVE-2024-129xx/CVE-2024-12957.json | 78 +++++++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13511.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13593.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-532xx/CVE-2024-53299.json | 33 +++++++++ README.md | 14 ++-- _state.csv | 8 ++- 6 files changed, 253 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-129xx/CVE-2024-12957.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13511.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13593.json create mode 100644 CVE-2024/CVE-2024-532xx/CVE-2024-53299.json diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json new file mode 100644 index 00000000000..45012695f54 --- /dev/null +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-12957", + "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "published": "2025-01-23T10:15:06.867", + "lastModified": "2025-01-23T10:15:06.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion.\nRefer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.asus.com/content/asus-product-security-advisory/", + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json new file mode 100644 index 00000000000..6d0ff07637d --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13511", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-23T10:15:07.253", + "lastModified": "2025-01-23T10:15:07.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/th-variation-swatches/tags/1.3.1/inc/thvs-settings.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226822/th-variation-swatches/trunk/inc/thvs-settings.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c43b9b4-4394-428a-b381-d6a776fcd130?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json new file mode 100644 index 00000000000..6976c449f0e --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13593", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-23T10:15:07.737", + "lastModified": "2025-01-23T10:15:07.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bmlt-meeting-map/trunk/meeting_map.php#L510", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226454%40bmlt-meeting-map&new=3226454%40bmlt-meeting-map&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c22e5765-54bd-4677-947c-8a7c48bdf65b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json new file mode 100644 index 00000000000..0f72ba2efc7 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-53299", + "sourceIdentifier": "security@apache.org", + "published": "2025-01-23T09:15:07.033", + "lastModified": "2025-01-23T09:15:07.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.\nUsers are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 098a40a5814..382a49041d6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-23T09:00:32.968654+00:00 +2025-01-23T11:00:45.519826+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-23T08:15:16.990000+00:00 +2025-01-23T10:15:07.737000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278639 +278643 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `4` -- [CVE-2024-52972](CVE-2024/CVE-2024-529xx/CVE-2024-52972.json) (`2025-01-23T07:15:08.700`) -- [CVE-2024-52975](CVE-2024/CVE-2024-529xx/CVE-2024-52975.json) (`2025-01-23T08:15:16.990`) +- [CVE-2024-12957](CVE-2024/CVE-2024-129xx/CVE-2024-12957.json) (`2025-01-23T10:15:06.867`) +- [CVE-2024-13511](CVE-2024/CVE-2024-135xx/CVE-2024-13511.json) (`2025-01-23T10:15:07.253`) +- [CVE-2024-13593](CVE-2024/CVE-2024-135xx/CVE-2024-13593.json) (`2025-01-23T10:15:07.737`) +- [CVE-2024-53299](CVE-2024/CVE-2024-532xx/CVE-2024-53299.json) (`2025-01-23T09:15:07.033`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f5c87152511..5001fcdd017 100644 --- a/_state.csv +++ b/_state.csv @@ -245754,6 +245754,7 @@ CVE-2024-12953,0,0,118fe151e3354896266cd831d5a6eaac47e26b22f8d6d8b8b79915109dc9d CVE-2024-12954,0,0,3d8ce9b59335959b92acb35793c66a2da6423bee4ff031623546e1feec0d28aa,2024-12-26T16:15:17.510000 CVE-2024-12955,0,0,01c00ead83fa8f9f7c160a68275906de7eedbd365dc21072a2dc6b944ca9d9cb,2024-12-26T16:15:20.320000 CVE-2024-12956,0,0,4dec445723280c9365c37949b943566ca38fb5a06bc3ebb0c2c7dccc97d497ce,2024-12-26T16:15:22.847000 +CVE-2024-12957,1,1,aa289bb51b5f5b241c51a860b0d26efa04d2da34b7e66f5650b0b75f3f7a3421,2025-01-23T10:15:06.867000 CVE-2024-12958,0,0,2f2d1e34a44aceb03695717140ff583c6dfb2178e3abf88d23cee2fb77b7a1a6,2024-12-27T15:15:11.510000 CVE-2024-12959,0,0,5225592e400663837fc5548274da6cb321b7f3df19f7584dc1065af38a815bb7,2024-12-26T16:15:27.643000 CVE-2024-1296,0,0,bc7ff5b77e78e698d15576309eb7ce4c3d0e54ba3e687f3aa36d053363066caf,2025-01-16T15:27:56.237000 @@ -246110,6 +246111,7 @@ CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a8169 CVE-2024-13502,0,0,ac2a41b6cd26a4157041ef83a41fb1ca5fe4741530d1e5a7cb1a80b922fa6ce0,2025-01-17T14:15:31.147000 CVE-2024-13503,0,0,9a18f887782bddd42cf8f60b9b9da1ba6181ce424bb49fdf69f585a65e64cdd7,2025-01-17T14:15:31.317000 CVE-2024-1351,0,0,0ee767ddd9bd942759d1902d3186de90141de07710cd1c9cc0aaf86395d89b28,2024-11-21T08:50:23.450000 +CVE-2024-13511,1,1,ee31c4a9c7d71550d6c946af9bcb9a76ebd98775b07d5a10fcb060c47d8f693d,2025-01-23T10:15:07.253000 CVE-2024-13515,0,0,9c375e4239ee12fbc562375c345cfda5a849d6fb2775b7f77148bc29db2bffc1,2025-01-18T06:15:26.410000 CVE-2024-13516,0,0,eba414603b972f65f10f7cf853b9c9e3b40669e2a413f223b52ac5eaf1fb3274,2025-01-18T06:15:27.627000 CVE-2024-13517,0,0,648053532f79f5283d5e5013413aa51010bd614d2fa8ab99c641ab7d5b15d86b,2025-01-18T07:15:09.350000 @@ -246126,6 +246128,7 @@ CVE-2024-1358,0,0,c4ea31b36cfcd7f75873d740d9e38ca70692f76dad02370c8ddbe488b80252 CVE-2024-13584,0,0,51a2a8790b306bf6f14abd867916b8a12305829a5bd93ce1ee2660a9c0414149,2025-01-22T04:15:06.907000 CVE-2024-1359,0,0,8114a50ae134a93430da828655ce595d1020af44415effc85b05f4f190881d3c,2024-11-21T08:50:24.543000 CVE-2024-13590,0,0,e744f6d4395f4b003bd865fd245dc1ce88f3f6497b82dad9a2ff5ecb2f4434d5,2025-01-22T04:15:07.083000 +CVE-2024-13593,1,1,9e6eeaf6317d0d53a5777da60336a0df45a0567c61ee5316375bb6592e2f9ab4,2025-01-23T10:15:07.737000 CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000 @@ -271212,9 +271215,9 @@ CVE-2024-52963,0,0,ff01669b1598f0bce0b4b90af8cc55f96a203c8a430eccd639efb9c221ab9 CVE-2024-52967,0,0,ee495ed0ae82b5386a5a5e29b20d009f38e7fec0fdb15824df2e77e4920e6e29,2025-01-14T14:15:33.967000 CVE-2024-52969,0,0,d48edc4c533d9acd9a260c0e4d555526245a1be1476ba79e29b9502b8c79f01c,2025-01-14T14:15:34.123000 CVE-2024-5297,0,0,4e7f74d9629bbb9b864fb76b28bd5d406dd3be0c174577372182a6d0a600d934,2024-11-21T09:47:22.990000 -CVE-2024-52972,1,1,7c321733bc0eb6dbde9e2cbb52d276f2124cc37045e46c00de470cd13b384da3,2025-01-23T07:15:08.700000 +CVE-2024-52972,0,0,7c321733bc0eb6dbde9e2cbb52d276f2124cc37045e46c00de470cd13b384da3,2025-01-23T07:15:08.700000 CVE-2024-52973,0,0,80557c3abfe62ff99c7924275640db641adc976d538445e17950b607d9ba9ac5,2025-01-21T11:15:10.200000 -CVE-2024-52975,1,1,d860756695811f7a9e54fae9d7efd286035e360bea37bbeca473a1af11dfcd09,2025-01-23T08:15:16.990000 +CVE-2024-52975,0,0,d860756695811f7a9e54fae9d7efd286035e360bea37bbeca473a1af11dfcd09,2025-01-23T08:15:16.990000 CVE-2024-5298,0,0,329feabae44ccd7ff86530cac1ce0ba86c416ea44126377af7ea7290b6d65a10,2024-11-21T09:47:23.103000 CVE-2024-52982,0,0,87ddbec0fddbec6a4eb61fd0607c77d31103b1dd9283c5a13ec4d5a36a8ccef0,2024-12-18T18:22:52.637000 CVE-2024-52983,0,0,6cf30a09aaa853464d214fc07b1d213f931e08bd912522971a9cefc2fb965c45,2024-12-18T18:23:06.273000 @@ -271509,6 +271512,7 @@ CVE-2024-5329,0,0,daffb0d0cde1b0a7abdef85d122cb231171a58845d7b7cc2d00de14c5f127b CVE-2024-53290,0,0,08e0a042eea6dcb1196f79e060fe5af8f554fba59cbaa553b3654d405551bc5e,2024-12-11T08:15:06.250000 CVE-2024-53291,0,0,299274b06c39662182dee6f00f076d1e8ae9ce7179d7ff55da229649e130d512,2024-12-25T15:15:07.673000 CVE-2024-53292,0,0,67896e5cb823d0bbe120641ca2bcb7973e9580249f1b4ecda20948602273ce08,2024-12-11T08:15:06.423000 +CVE-2024-53299,1,1,2b991543aa202f443ba03c7edbc594b33f44b98634e051eaae0e785128cdb037,2025-01-23T09:15:07.033000 CVE-2024-5330,0,0,d644a32144d291678dd5bb7f21b934bb851a049e1a1dcad7ed14bbc2171615fb,2024-11-21T22:46:26.800000 CVE-2024-5331,0,0,ad9f3e021008e1f906a9999a71be6645de37906a8f88b5de79caa7d877855b39,2024-11-21T23:07:26.067000 CVE-2024-5332,0,0,1bf02601401a5cfa3a271a75853b96cdcfd3e0b6b58677457c39ef4ba15b4069,2024-11-21T09:47:26.403000