admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-10T11:00:20.737961+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-10 11:03:22 +00:00
parent 5b54183feb
commit daaea48570
10 changed files with 509 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
CVE-2024/CVE-2024-110xx/CVE-2024-11054.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-11054",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-10T10:15:03.800",
"lastModified": "2024-11-10T10:15:03.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.283798",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283798",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.438756",
"source": "cna@vuldb.com"
},
{
"url": "https://www.shawroot.cc/2826.html",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-499xx/CVE-2024-49993.json
View File

@ -2,157 +2,15 @@
"id": "CVE-2024-49993",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:19.477",
"lastModified": "2024-10-25T14:52:19.167",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-10T10:15:04.323",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count\n\nIf qi_submit_sync() is invoked with 0 invalidation descriptors (for\ninstance, for DMA draining purposes), we can run into a bug where a\nsubmitting thread fails to detect the completion of invalidation_wait.\nSubsequently, this led to a soft lockup. Currently, there is no impact\nby this bug on the existing users because no callers are submitting\ninvalidations with 0 descriptors. This fix will enable future users\n(such as DMA drain) calling qi_submit_sync() with 0 count.\n\nSuppose thread T1 invokes qi_submit_sync() with non-zero descriptors, while\nconcurrently, thread T2 calls qi_submit_sync() with zero descriptors. Both\nthreads then enter a while loop, waiting for their respective descriptors\nto complete. T1 detects its completion (i.e., T1's invalidation_wait status\nchanges to QI_DONE by HW) and proceeds to call reclaim_free_desc() to\nreclaim all descriptors, potentially including adjacent ones of other\nthreads that are also marked as QI_DONE.\n\nDuring this time, while T2 is waiting to acquire the qi->q_lock, the IOMMU\nhardware may complete the invalidation for T2, setting its status to\nQI_DONE. However, if T1's execution of reclaim_free_desc() frees T2's\ninvalidation_wait descriptor and changes its status to QI_FREE, T2 will\nnot observe the QI_DONE status for its invalidation_wait and will\nindefinitely remain stuck.\n\nThis soft lockup does not occur when only non-zero descriptors are\nsubmitted.In such cases, invalidation descriptors are interspersed among\nwait descriptors with the status QI_IN_USE, acting as barriers. These\nbarriers prevent the reclaim code from mistakenly freeing descriptors\nbelonging to other submitters.\n\nConsidered the following example timeline:\n\tT1\t\t\tT2\n========================================\n\tID1\n\tWD1\n\twhile(WD1!=QI_DONE)\n\tunlock\n\t\t\t\tlock\n\tWD1=QI_DONE*\t\tWD2\n\t\t\t\twhile(WD2!=QI_DONE)\n\t\t\t\tunlock\n\tlock\n\tWD1==QI_DONE?\n\tID1=QI_DONE\t\tWD2=DONE*\n\treclaim()\n\tID1=FREE\n\tWD1=FREE\n\tWD2=FREE\n\tunlock\n\t\t\t\tsoft lockup! T2 never sees QI_DONE in WD2\n\nWhere:\nID = invalidation descriptor\nWD = wait descriptor\n* Written by hardware\n\nThe root of the problem is that the descriptor status QI_DONE flag is used\nfor two conflicting purposes:\n1. signal a descriptor is ready for reclaim (to be freed)\n2. signal by the hardware that a wait descriptor is complete\n\nThe solution (in this patch) is state separation by using QI_FREE flag\nfor #1.\n\nOnce a thread's invalidation descriptors are complete, their status would\nbe set to QI_FREE. The reclaim_free_desc() function would then only\nfree descriptors marked as QI_FREE instead of those marked as\nQI_DONE. This change ensures that T2 (from the previous example) will\ncorrectly observe the completion of its invalidation_wait (marked as\nQI_DONE)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige el bloqueo potencial si se llama a qi_submit_sync con un recuento de 0 Si se invoca qi_submit_sync() con 0 descriptores de invalidaci\u00f3n (por ejemplo, para fines de vaciado de DMA), podemos encontrarnos con un error en el que un hilo de env\u00edo no detecta la finalizaci\u00f3n de invalidation_wait. Posteriormente, esto condujo a un bloqueo suave. Actualmente, este error no tiene impacto en los usuarios existentes porque ning\u00fan llamante est\u00e1 enviando invalidaciones con 0 descriptores. Esta correcci\u00f3n permitir\u00e1 a los futuros usuarios (como DMA drain) llamar a qi_submit_sync() con un recuento de 0. Supongamos que el hilo T1 invoca qi_submit_sync() con descriptores distintos de cero, mientras que, al mismo tiempo, el hilo T2 llama a qi_submit_sync() con cero descriptores. Ambos hilos entran entonces en un bucle while, esperando a que se completen sus respectivos descriptores. T1 detecta su finalizaci\u00f3n (es decir, el estado invalidation_wait de T1 cambia a QI_DONE por HW) y procede a llamar a reclaim_free_desc() para recuperar todos los descriptores, incluyendo potencialmente los adyacentes de otros subprocesos que tambi\u00e9n est\u00e1n marcados como QI_DONE. Durante este tiempo, mientras T2 espera adquirir el qi->q_lock, el hardware IOMMU puede completar la invalidaci\u00f3n para T2, estableciendo su estado en QI_DONE. Sin embargo, si la ejecuci\u00f3n de reclaim_free_desc() por parte de T1 libera el descriptor invalidation_wait de T2 y cambia su estado a QI_FREE, T2 no observar\u00e1 el estado QI_DONE para su invalidation_wait y permanecer\u00e1 bloqueado indefinidamente. Este bloqueo suave no ocurre cuando solo se env\u00edan descriptores distintos de cero. En tales casos, los descriptores de invalidaci\u00f3n se intercalan entre los descriptores de espera con el estado QI_IN_USE, actuando como barreras. Estas barreras evitan que el c\u00f3digo de recuperaci\u00f3n libere por error descriptores que pertenecen a otros remitentes. Considere la siguiente l\u00ednea de tiempo de ejemplo: T1 T2 ========================================= ID1 WD1 while(WD1!=QI_DONE) unlock lock WD1=QI_DONE* WD2 while(WD2!=QI_DONE) unlock lock WD1==QI_DONE? ID1=QI_DONE WD2=DONE* reclaim() ID1=FREE WD1=FREE WD2=FREE unlock soft lockup! T2 nunca ve QI_DONE en WD2 Donde: ID = descriptor de invalidaci\u00f3n WD = descriptor de espera * Escrito por hardware La ra\u00edz del problema es que el indicador de estado del descriptor QI_DONE se usa para dos prop\u00f3sitos conflictivos: 1. se\u00f1alar que un descriptor est\u00e1 listo para ser recuperado (para ser liberado) 2. se\u00f1alar por el hardware que un descriptor de espera est\u00e1 completo La soluci\u00f3n (en este parche) es la separaci\u00f3n de estados mediante el uso del indicador QI_FREE para #1. Una vez que los descriptores de invalidaci\u00f3n de un hilo est\u00e1n completos, su estado se establecer\u00eda en QI_FREE. La funci\u00f3n reclaim_free_desc() solo liberar\u00eda los descriptores marcados como QI_FREE en lugar de los marcados como QI_DONE. Este cambio asegura que T2 (del ejemplo anterior) observar\u00e1 correctamente la finalizaci\u00f3n de su invalidation_wait (marcada como QI_DONE)."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.55",
"matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.14",
"matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07e4e92f84b7d3018b7064ef8d8438aeb54a2ca5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3cf74230c139f208b7fb313ae0054386eee31a81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8840dc73ac9e1028291458ef1429ec3c2524ffec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/92ba5b014d5435dd7a1ee02a2c7f2a0e8fe06c36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de9e7f68762585f7532de8a06de9485bf39dbd38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dfdbc5ba10fb792c9d6d12ba8cb6e465f97365ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e03f00aa4a6c0c49c17857a4048f586636abdc32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
"metrics": {},
"references": []
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51577.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51577",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T10:15:04.877",
"lastModified": "2024-11-10T10:15:04.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bpmnio/wordpress-bpmn-io-plugin-1-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51578.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51578",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T10:15:05.270",
"lastModified": "2024-11-10T10:15:05.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/3d-presentation/wordpress-3d-presentation-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51580.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51580",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T09:15:03.310",
"lastModified": "2024-11-10T09:15:03.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cafe-lite/wordpress-clever-addons-for-elementor-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51581.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51581",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T09:15:03.573",
"lastModified": "2024-11-10T09:15:03.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/restaurant-cafe-addon-for-elementor/wordpress-restaurant-cafe-addon-for-elementor-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51583.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51583",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T09:15:03.793",
"lastModified": "2024-11-10T09:15:03.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kento-ads-rotator/wordpress-kento-ads-rotator-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-515xx/CVE-2024-51584.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51584",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-10T09:15:04.023",
"lastModified": "2024-11-10T09:15:04.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/marquee-elementor/wordpress-marquee-elementor-with-posts-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-10T09:00:20.140104+00:00
2024-11-10T11:00:20.737961+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-10T08:15:03.380000+00:00
2024-11-10T10:15:05.270000+00:00
```
### Last Data Feed Release
@ -33,21 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
268932
268939
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `7`
- [CVE-2024-11050](CVE-2024/CVE-2024-110xx/CVE-2024-11050.json) (`2024-11-10T07:15:03.450`)
- [CVE-2024-11051](CVE-2024/CVE-2024-110xx/CVE-2024-11051.json) (`2024-11-10T08:15:03.380`)
- [CVE-2024-11054](CVE-2024/CVE-2024-110xx/CVE-2024-11054.json) (`2024-11-10T10:15:03.800`)
- [CVE-2024-51577](CVE-2024/CVE-2024-515xx/CVE-2024-51577.json) (`2024-11-10T10:15:04.877`)
- [CVE-2024-51578](CVE-2024/CVE-2024-515xx/CVE-2024-51578.json) (`2024-11-10T10:15:05.270`)
- [CVE-2024-51580](CVE-2024/CVE-2024-515xx/CVE-2024-51580.json) (`2024-11-10T09:15:03.310`)
- [CVE-2024-51581](CVE-2024/CVE-2024-515xx/CVE-2024-51581.json) (`2024-11-10T09:15:03.573`)
- [CVE-2024-51583](CVE-2024/CVE-2024-515xx/CVE-2024-51583.json) (`2024-11-10T09:15:03.793`)
- [CVE-2024-51584](CVE-2024/CVE-2024-515xx/CVE-2024-51584.json) (`2024-11-10T09:15:04.023`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-49993](CVE-2024/CVE-2024-499xx/CVE-2024-49993.json) (`2024-11-10T10:15:04.323`)
## Download and Usage

13
_state.csv
View File

@ -242944,8 +242944,9 @@ CVE-2024-11046,0,0,c5f75fd3d6be6a1aa60facdd87383ba80fd341ca0a0e54d342678209d4d5b
CVE-2024-11047,0,0,984fc7e78ca205e956378f6935ea85591d8ced8cff738a43714b99cf552a64ce,2024-11-10T04:15:15.950000
CVE-2024-11048,0,0,8a1a0ee812b3b2cc72482d3c403adca6c868c5151ad58a2f1d40939b682a380d,2024-11-10T04:15:16.220000
CVE-2024-11049,0,0,1978b536618f7ab1d33ab032d59e221a65d6a4e301a913cb7e82d49dbd0dbb75,2024-11-10T06:15:03.390000
CVE-2024-11050,1,1,d1ea979a798a6fad1dfe9a73616decc15ac3c49123e740f5f5db51bf9d9bc281,2024-11-10T07:15:03.450000
CVE-2024-11051,1,1,697dc611ad858478c1ba98ead9b1f95cbe7f4821ac4bd5b784eacab40a94ee7b,2024-11-10T08:15:03.380000
CVE-2024-11050,0,0,d1ea979a798a6fad1dfe9a73616decc15ac3c49123e740f5f5db51bf9d9bc281,2024-11-10T07:15:03.450000
CVE-2024-11051,0,0,697dc611ad858478c1ba98ead9b1f95cbe7f4821ac4bd5b784eacab40a94ee7b,2024-11-10T08:15:03.380000
CVE-2024-11054,1,1,e9c381aaeadf77c9d1b7183ed948b8e0efb44af47725b580dad26f17bcbd8d01,2024-11-10T10:15:03.800000
CVE-2024-1106,0,0,20cb4a0a045157ac9e013fd166b9513d5a44a1304cf8a8ccabd3185b4a52ab40,2024-10-27T23:35:01.747000
CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000
CVE-2024-1108,0,0,72e8aa7ee320c630f0cd3020b574b902dcf572a1d2888f0afb29692e74e18247,2024-02-22T19:07:37.840000
@ -264322,7 +264323,7 @@ CVE-2024-4999,0,0,aeea1ad154336e8cbd739fb19642e978908300b067641ea9bc4ea587cb0b31
CVE-2024-49990,0,0,5c46e913e1b887f69cd98fd4cd9207874e501e111cae02b75529083ab20be920,2024-10-28T16:42:56.377000
CVE-2024-49991,0,0,f7e963fec1ee1710f6831f7e501216db0028b69cef9872478e769cac64925083,2024-10-28T16:49:29.023000
CVE-2024-49992,0,0,552b9e8ee31b9d2986b015547bb9a5ad1516a945b66e9c2d1491a0c82371c9bc,2024-10-25T14:52:00.273000
CVE-2024-49993,0,0,173745e8fc0b2f51f6583b765f43b75fc7379f37eeab514e19093d1e0bbc2187,2024-10-25T14:52:19.167000
CVE-2024-49993,0,1,b907a15ea33970559efa18c32336de5d64ca5119c72cb8cdcf23fb33507c3e7d,2024-11-10T10:15:04.323000
CVE-2024-49994,0,0,b259470c6938b01fe0b06a9ea53deb1f1b59fb7f77762cb60813754903d6329f,2024-10-25T14:52:32.877000
CVE-2024-49995,0,0,947c955832459398fdb7474e9367953cc607439ab6fc5b371602748fd593c831,2024-11-08T16:15:40.100000
CVE-2024-49996,0,0,81c0545f780fa695d599970a227ba85a22409c164ec567cfb530b43ba7149524,2024-10-25T19:56:10.320000
@ -265052,9 +265053,15 @@ CVE-2024-51567,0,0,9629c1871377d5b3a8fc7e24f37cf5fff8c7d9ecc5af9890fa03e865aa78a
CVE-2024-51568,0,0,ef96c64ab696ce1dd0f4d9f421838b3895b55219506da5bc264e22e1b5e0e5b2,2024-11-01T12:57:03.417000
CVE-2024-5157,0,0,24d31b037c5fbef35f77d9be746cd537f78e6f1e98b9c21955d97a62fe59949f,2024-07-03T02:08:34.407000
CVE-2024-51570,0,0,039ecc17621b1db181f9096c9a875f2b9973a9cc57be3840bb82f92f55e97e7f,2024-11-09T09:15:03.520000
CVE-2024-51577,1,1,d0ec203417f086b0461ea98ce73b532fa7574e308c18cd79bf8790574f0a3173,2024-11-10T10:15:04.877000
CVE-2024-51578,1,1,c1360c7172cbee5cc357cca65f2404f3c3f06119fe32e88a6590c342673fc1db,2024-11-10T10:15:05.270000
CVE-2024-51579,0,0,a681396d9384ce7f62ae294a5abe6a50486fb6c3c0f1c9412b7e98748fe5f97d,2024-11-09T09:15:03.903000
CVE-2024-5158,0,0,b58e7eaee1d1dd9c5e85390b8596c36aa736d240ceb0715ad1a8e256309daea1,2024-09-15T19:35:04.757000
CVE-2024-51580,1,1,b38187efd383cd0888a3d8d847d5f2da0b00d604b3552caf82283695ea73edf1,2024-11-10T09:15:03.310000
CVE-2024-51581,1,1,11999a08f0b5721713a3c58bb05a4a9035287999564930b937d80332d76ebee9,2024-11-10T09:15:03.573000
CVE-2024-51582,0,0,9c6a2abc6ff39ea954384c7b38779cdbe6d44511f3a75194c8ab9223c55c709b,2024-11-06T15:47:13.077000
CVE-2024-51583,1,1,1f06eff87d966a1366cf3589d3fa5bf78660168897a8587a2b5bd33ab2d044a3,2024-11-10T09:15:03.793000
CVE-2024-51584,1,1,b2dec9205ebe8f37f36f0d050911d2b8320c1f45438a77d2e933bbcd2365839d,2024-11-10T09:15:04.023000
CVE-2024-51585,0,0,578da6d299d3db497adff9832294f12aa0147a27234f59f4b6b3ee3b9f23e492,2024-11-09T15:15:04.480000
CVE-2024-51586,0,0,f6492618139ba3ebc27db38c3c4f0940a20a67b854b176959f69b7bc3ac513c3,2024-11-09T15:15:04.697000
CVE-2024-51587,0,0,10fc71b006c11151c72ed52a3995f11a001d40df57658d9cd056025cb7b05079,2024-11-09T15:15:04.903000

Can't render this file because it is too large.