diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32850.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32850.json new file mode 100644 index 00000000000..fab34bd6396 --- /dev/null +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32850.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-32850", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-05-31T02:15:08.843", + "lastModified": "2024-05-31T02:15:08.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94872523/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.seiko-sol.co.jp/archives/82992/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5345.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5345.json new file mode 100644 index 00000000000..e6a5031b53a --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5345.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-5345", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-31T03:15:08.613", + "lastModified": "2024-05-31T03:15:08.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The inclusion is limited to PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/responsive-owl-carousel-elementor/trunk/includes/widgets/owl-carousel.php#L669", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5418.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5418.json new file mode 100644 index 00000000000..31e14017043 --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5418.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5418", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-31T03:15:08.853", + "lastModified": "2024-05-31T03:15:08.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/dethemekit-for-elementor/tags/2.1.0/widgets/de-product-tab-slide.php#L1619", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/dethemekit-for-elementor/tags/2.1.4/widgets/de-product-tab-slide.php#L1617", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3094885/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/dethemekit-for-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19bdbde1-1414-4113-890e-b6c96b8a6e11?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 52b5faf02f5..e4cba29e052 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-31T02:00:30.252870+00:00 +2024-05-31T04:00:37.880696+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-31T01:15:54.323000+00:00 +2024-05-31T03:15:08.853000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -252265 +252268 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2024-37017](CVE-2024/CVE-2024-370xx/CVE-2024-37017.json) (`2024-05-31T00:15:08.890`) -- [CVE-2024-37018](CVE-2024/CVE-2024-370xx/CVE-2024-37018.json) (`2024-05-31T01:15:54.323`) +- [CVE-2024-32850](CVE-2024/CVE-2024-328xx/CVE-2024-32850.json) (`2024-05-31T02:15:08.843`) +- [CVE-2024-5345](CVE-2024/CVE-2024-53xx/CVE-2024-5345.json) (`2024-05-31T03:15:08.613`) +- [CVE-2024-5418](CVE-2024/CVE-2024-54xx/CVE-2024-5418.json) (`2024-05-31T03:15:08.853`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `0` -- [CVE-2024-1023](CVE-2024/CVE-2024-10xx/CVE-2024-1023.json) (`2024-05-31T01:15:53.040`) -- [CVE-2024-1086](CVE-2024/CVE-2024-10xx/CVE-2024-1086.json) (`2024-05-31T01:00:03.283`) -- [CVE-2024-1300](CVE-2024/CVE-2024-13xx/CVE-2024-1300.json) (`2024-05-31T01:15:53.967`) -- [CVE-2024-24919](CVE-2024/CVE-2024-249xx/CVE-2024-24919.json) (`2024-05-31T01:00:03.283`) -- [CVE-2024-2700](CVE-2024/CVE-2024-27xx/CVE-2024-2700.json) (`2024-05-31T01:15:54.150`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8afb9df74c2..59fa72b62ea 100644 --- a/_state.csv +++ b/_state.csv @@ -241016,7 +241016,7 @@ CVE-2024-1019,0,0,27c6fed97db80e9684966512d657c2ae1b8d86be0f46f2f894fd714e51d0d5 CVE-2024-1020,0,0,9c38654e469ac00d17546e26ec534d4c7bea2be6d89bdf28044962880f9d5820,2024-05-17T02:35:10.867000 CVE-2024-1021,0,0,5a8e02d7058c067054b063aabba5540169cc60bb5eef34be87a607c196ef7d5f,2024-05-17T02:35:10.970000 CVE-2024-1022,0,0,69eec4d7da603217ad4d94fbf09fef8fa962f38c93419612a0efc6f64912229c,2024-05-17T02:35:11.070000 -CVE-2024-1023,0,1,832d76c2a7892c5300f2672da9b4be5692c4772b3d9ccc839273c6cce5374e6c,2024-05-31T01:15:53.040000 +CVE-2024-1023,0,0,832d76c2a7892c5300f2672da9b4be5692c4772b3d9ccc839273c6cce5374e6c,2024-05-31T01:15:53.040000 CVE-2024-1024,0,0,7bb01e43c6a7b4af67cf4acf4dcde6df2e6c572cbde2c1a38447944ffb722a3a,2024-05-17T02:35:11.210000 CVE-2024-1026,0,0,784347fcfe5d9ff4657c79eb997eb71c4a7b21475ee666dddd58b83b384cf3ea,2024-05-17T02:35:11.320000 CVE-2024-1027,0,0,1d01269e0df9bfa3c025958f48e327f6c3ac7e82a2b5d48fe02f1b63f0a6aa09,2024-05-17T02:35:11.427000 @@ -241076,7 +241076,7 @@ CVE-2024-1082,0,0,5d2917cbc0ebe1d44667869da021a3fe152a9311cc75cb6f51732f94daecc6 CVE-2024-1083,0,0,12f71ff8092607030cf18bf8a64ce08dcbfadccd528aaaf70c8824b0476991c9,2024-03-13T18:16:18.563000 CVE-2024-1084,0,0,034d85bf39978c9573e4dbc412f1867f9df271e85d3cd30f25c6648ff5a9703b,2024-02-13T19:45:42.327000 CVE-2024-1085,0,0,649a4a278db01305790c1d25d5fb8d26a8b328f3c410af99f7747f493230845c,2024-02-05T20:41:40.513000 -CVE-2024-1086,0,1,5d85991a665335200c380b02d0af53f494822617e72b855b98d1419dee926e01,2024-05-31T01:00:03.283000 +CVE-2024-1086,0,0,5d85991a665335200c380b02d0af53f494822617e72b855b98d1419dee926e01,2024-05-31T01:00:03.283000 CVE-2024-1087,0,0,bfb73beeec450e6da5995b5f21712b59848b559e03cbbae3eab10a626379de00,2024-01-31T13:15:11.030000 CVE-2024-1088,0,0,9e4fcd4d80be5fd2d14ec6d1eed4646f24ed688d5f028fb9bbb59da4f601b1b1,2024-03-05T13:41:01.900000 CVE-2024-1089,0,0,c420c84f1c9ea1e3f949226f3064a7cb757fb25c8f460e9f69a5f8ab62483f91,2024-02-29T13:49:29.390000 @@ -241261,7 +241261,7 @@ CVE-2024-1296,0,0,ab648d9dba58ca530bb990b50d92c4f5ce9f591faa8fbeeb49385095b8425c CVE-2024-1297,0,0,1fc219bb038ab422185a999365115aff94759fe3e5ff94e3dc4180f1d6bc82d0,2024-02-20T19:50:53.960000 CVE-2024-1298,0,0,183fffca6bfb02ef60f07817fa282525fd76fdba224033b58a02642498da8e82,2024-05-30T21:15:09.213000 CVE-2024-1299,0,0,165a6e5bf7396c9871edb84a6ce28d3386b33fd34eb9238065e890fa150a178a,2024-03-07T13:52:27.110000 -CVE-2024-1300,0,1,843d0cf47128991e9d7cbff1831c7ad94a9bd78e5cc7dab19b0a5a8848cb7f51,2024-05-31T01:15:53.967000 +CVE-2024-1300,0,0,843d0cf47128991e9d7cbff1831c7ad94a9bd78e5cc7dab19b0a5a8848cb7f51,2024-05-31T01:15:53.967000 CVE-2024-1301,0,0,68d5e322fab21220735382791ea9287e8104e954fa5bc7b1f8f02021f25e280b,2024-03-12T17:46:17.273000 CVE-2024-1302,0,0,e42b35f7a02693024fada8fec8e812444e0bb721c54c537bf6c1b8db8c60ce66,2024-03-12T17:46:17.273000 CVE-2024-1303,0,0,d6386ac67e1b3bd9c657849a1747229ab86034b9c989d20fb5cde0be8bba0359,2024-03-12T17:46:17.273000 @@ -244622,7 +244622,7 @@ CVE-2024-24908,0,0,8283d99d7a40754c521eccb4d65696182424210fa0da9643faa3048901b25 CVE-2024-2491,0,0,56d5936f32866edf29962cfc16d1b84e21384fb0d36dc5404e3888c50a6878ee,2024-04-01T01:12:59.077000 CVE-2024-24910,0,0,bb7bb7f4f89300a6c40465a407ba5586d91f4a455e8da02c5a17663b7715ec72,2024-04-18T18:25:55.267000 CVE-2024-24912,0,0,79cdf936b61cd3c2ac1888b2bf7026a51d657f04895fbd14d8ade234a06c9bbb,2024-05-01T19:50:25.633000 -CVE-2024-24919,0,1,72806e1c6b9ddda43c1ca50ab2960ec7b9fa2eba89f77150cbfe01adea70f81b,2024-05-31T01:00:03.283000 +CVE-2024-24919,0,0,72806e1c6b9ddda43c1ca50ab2960ec7b9fa2eba89f77150cbfe01adea70f81b,2024-05-31T01:00:03.283000 CVE-2024-2492,0,0,a83da3e7ac12e71f3238f0026df94ba19b3a7e74326df6047a5459c611fae961,2024-04-10T13:23:38.787000 CVE-2024-24920,0,0,0c6e0a299c3dcb3e2c9c47cd3391320c9c9126b8fcb7683d54f65bff941cba09,2024-02-13T14:01:00.987000 CVE-2024-24921,0,0,2756f13f54e6771800d4e52f7442498e73a8fe2b3f97e730b1c320dbcf7f624d,2024-02-13T14:01:00.987000 @@ -246082,7 +246082,7 @@ CVE-2024-26996,0,0,cea553e0454def5a96fbfdf9d710c263c431f278cf804a7efd8ec8ff0107b CVE-2024-26997,0,0,bdfca562d47f9e5d3fc1098c4dacc21d61a7ba014b51a9e792d5f847f7afb48b,2024-05-03T06:15:11.950000 CVE-2024-26998,0,0,822a5cfb35cd9e5868bbf4bda50d2331021edf4824c2d8385d4feca7d97a1dd2,2024-05-13T08:15:11.390000 CVE-2024-26999,0,0,9ac4807c2521e1d8db890c0527b001317552b4ac44ce0b01702365258c787f45,2024-05-03T06:15:12.137000 -CVE-2024-2700,0,1,0ab479fa522a944d9d3fb08b496777a56bf41be14a6567ecbaf49b865c2472da,2024-05-31T01:15:54.150000 +CVE-2024-2700,0,0,0ab479fa522a944d9d3fb08b496777a56bf41be14a6567ecbaf49b865c2472da,2024-05-31T01:15:54.150000 CVE-2024-27000,0,0,ad2ef5bdd7c2f9d77d1b6346a92f926b0e0114b79caa616e96d2bb2c427a8aac,2024-05-03T06:15:12.350000 CVE-2024-27001,0,0,f4defde5af84e6133600f9028ad4a44c6061db86e7d3ca3705bde065e8cf1441,2024-05-03T06:15:12.590000 CVE-2024-27002,0,0,6190ad6afa26f7583c9a538caad37267ed161406911969a163db177bf76cd4a6,2024-05-13T08:15:11.473000 @@ -249540,6 +249540,7 @@ CVE-2024-32834,0,0,d2ed9ea40163afd5f111e44be27b5edfb4cb8a8dd0234c49fdc13943a21fb CVE-2024-32835,0,0,a55a936ce932c192bddb52ecc7ef5c50500f7aaee0689f590c1aa942fe932618,2024-04-24T13:39:42.883000 CVE-2024-32836,0,0,b79abde0b1fb00c320171e12e4361e475bc7a0910a68d24b478ff673cfed4676,2024-04-24T13:39:42.883000 CVE-2024-3285,0,0,ea17e16acaa3172cbcc052cf9bfb1b3e7ee2b004434b062b8e67c1c1ed8bff14,2024-04-11T12:47:44.137000 +CVE-2024-32850,1,1,df111e9c097d0d92132a1876ea8ece172e0febc039d526d9e009002112ecff3b,2024-05-31T02:15:08.843000 CVE-2024-3286,0,0,2b72849c89237e28c3d3a120424f9748393454aee8e724834e4cfefbfa74f3f9,2024-05-17T18:36:31.297000 CVE-2024-32866,0,0,20522d9aebf09a5d43cbab0aa4b3dc9ed937958cfd0ea9d3803e03cb59093366,2024-04-24T13:39:42.883000 CVE-2024-32867,0,0,8b49049697f6722e345366f8694914765116c8554c5893cf239e1c1a736d6057,2024-05-07T20:07:58.737000 @@ -251207,8 +251208,8 @@ CVE-2024-3696,0,0,54c8c42492f1c31e1d0d081b12ae9fb101d447905039b557dcc4372130239b CVE-2024-3697,0,0,cc8cf5a7af305c88ebdfa6655aacb4fa5ec406664965d679a29a0cbf17ffb930,2024-05-17T02:40:04.710000 CVE-2024-3698,0,0,13b4029eb6179dbe788598788e16556a1995d850ddfc4af1ee0c4e86961a3a21,2024-05-17T02:40:04.800000 CVE-2024-3701,0,0,d78f52a76181001272debccb095fb5971bb478ebc111313d9ff2994f4ec0598f,2024-04-15T13:15:31.997000 -CVE-2024-37017,1,1,a92df0fafe66b57fbe8f6a1f20bf3902c65d99ba86bca3f5a67b04f174fafc33,2024-05-31T00:15:08.890000 -CVE-2024-37018,1,1,369f4f53e34cd54c57d99b89ebf6aea6aedb35d7f020c20028cdc1b2916fe8e4,2024-05-31T01:15:54.323000 +CVE-2024-37017,0,0,a92df0fafe66b57fbe8f6a1f20bf3902c65d99ba86bca3f5a67b04f174fafc33,2024-05-31T00:15:08.890000 +CVE-2024-37018,0,0,369f4f53e34cd54c57d99b89ebf6aea6aedb35d7f020c20028cdc1b2916fe8e4,2024-05-31T01:15:54.323000 CVE-2024-3703,0,0,46d289814974ee20b6160fe56cc828277066d832a1c60ccf5d9c1a62d06c47e2,2024-05-03T12:48:41.067000 CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff393,2024-04-15T13:15:51.577000 CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000 @@ -252188,6 +252189,7 @@ CVE-2024-5338,0,0,f1fc65a7b53696dcb1b22f7cb4a402d175011424b23786711e5e263fd7ec2e CVE-2024-5339,0,0,06454cd858966bd04fe11523962adaa26a10dc55f1781c23c279a6bf8e0f1118,2024-05-28T12:39:42.673000 CVE-2024-5340,0,0,c66c0c9e55de3c725084d3080da1dc604d47daf703d95b2c548541ec6a382225,2024-05-28T12:39:42.673000 CVE-2024-5341,0,0,2b72dd4ef57e598a2469a1d6786a4762ce0fcb8187c35f2f4bd1ff39b4044b7e,2024-05-30T13:15:41.297000 +CVE-2024-5345,1,1,ab408465466f89085738a2657691827a8c34288c9c24d6282b532357c2e7aa95,2024-05-31T03:15:08.613000 CVE-2024-5350,0,0,60bbd22831ddecb115d40713a9dc768f9983e70563a63aa9f7486c68fbd4f9e1,2024-05-28T12:39:42.673000 CVE-2024-5351,0,0,75936f9a30b9b2678d667660507da4226e150a018add31c316ae6f6c8d9a34b8,2024-05-28T12:39:42.673000 CVE-2024-5352,0,0,436cc86ab2a56db91a02662bc69df77d88892fce705caf803e28ba33694f3f1c,2024-05-28T12:39:42.673000 @@ -252244,6 +252246,7 @@ CVE-2024-5411,0,0,e0e2b037ba712eee566a50718dc689d20775fc59c9b248d0618a71b0dcd07b CVE-2024-5413,0,0,b82b9711af907924143b902545bad47c16b9191e82f7488c30e422ab2732b1e2,2024-05-28T14:59:09.827000 CVE-2024-5414,0,0,00699255cb30deaace9d09c2453b71a81be7d08b48d1c00b566847910d37827a,2024-05-28T14:59:09.827000 CVE-2024-5415,0,0,30fb2f383abca6cc2ff9ab88331c18d1b11c9d102c850a6497c8044d92363f58,2024-05-28T14:59:09.827000 +CVE-2024-5418,1,1,1d2ad2df007595b2da9031a43cb4322b2ece3287a48cad8d9581b799a377fd31,2024-05-31T03:15:08.853000 CVE-2024-5428,0,0,48df461aef64d2744feebfecb3948a4ed7b72d467be8b3109a057cc13cad6e25,2024-05-28T14:59:09.827000 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000