admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-17T09:00:24.297300+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-17 09:00:28 +00:00
parent b9b1f0dc9d
commit dd542fdd43
3 changed files with 100 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2024/CVE-2024-06xx/CVE-2024-0610.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-0610",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-17T08:15:07.680",
"lastModified": "2024-02-17T08:15:07.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-15xx/CVE-2024-1512.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1512",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-17T08:15:08.093",
"lastModified": "2024-02-17T08:15:08.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve",
"source": "security@wordfence.com"
}
]
}

22
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-17T07:00:24.733132+00:00
2024-02-17T09:00:24.297300+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-17T06:15:54.487000+00:00
2024-02-17T08:15:08.093000+00:00
```
### Last Data Feed Release
@ -29,25 +29,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238827
238829
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `2`
* [CVE-2024-21492](CVE-2024/CVE-2024-214xx/CVE-2024-21492.json) (`2024-02-17T05:15:08.223`)
* [CVE-2024-21493](CVE-2024/CVE-2024-214xx/CVE-2024-21493.json) (`2024-02-17T05:15:08.747`)
* [CVE-2024-21494](CVE-2024/CVE-2024-214xx/CVE-2024-21494.json) (`2024-02-17T05:15:09.077`)
* [CVE-2024-21495](CVE-2024/CVE-2024-214xx/CVE-2024-21495.json) (`2024-02-17T05:15:09.343`)
* [CVE-2024-21496](CVE-2024/CVE-2024-214xx/CVE-2024-21496.json) (`2024-02-17T05:15:09.603`)
* [CVE-2024-21497](CVE-2024/CVE-2024-214xx/CVE-2024-21497.json) (`2024-02-17T05:15:09.863`)
* [CVE-2024-21498](CVE-2024/CVE-2024-214xx/CVE-2024-21498.json) (`2024-02-17T05:15:10.087`)
* [CVE-2024-21499](CVE-2024/CVE-2024-214xx/CVE-2024-21499.json) (`2024-02-17T05:15:10.400`)
* [CVE-2024-21500](CVE-2024/CVE-2024-215xx/CVE-2024-21500.json) (`2024-02-17T05:15:10.697`)
* [CVE-2024-25297](CVE-2024/CVE-2024-252xx/CVE-2024-25297.json) (`2024-02-17T06:15:53.653`)
* [CVE-2024-25298](CVE-2024/CVE-2024-252xx/CVE-2024-25298.json) (`2024-02-17T06:15:54.437`)
* [CVE-2024-25468](CVE-2024/CVE-2024-254xx/CVE-2024-25468.json) (`2024-02-17T06:15:54.487`)
* [CVE-2024-0610](CVE-2024/CVE-2024-06xx/CVE-2024-0610.json) (`2024-02-17T08:15:07.680`)
* [CVE-2024-1512](CVE-2024/CVE-2024-15xx/CVE-2024-1512.json) (`2024-02-17T08:15:08.093`)
### CVEs modified in the last Commit