From e15b9cc23d5fd90dbe079df4e6be676204935282 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 27 Feb 2024 13:01:09 +0000 Subject: [PATCH] Auto-Update: 2024-02-27T13:01:05.944551+00:00 --- CVE-2023/CVE-2023-59xx/CVE-2023-5993.json | 59 +++++++++++++++++++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7016.json | 59 +++++++++++++++++++++++ CVE-2024/CVE-2024-16xx/CVE-2024-1649.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-16xx/CVE-2024-1650.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-16xx/CVE-2024-1652.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-16xx/CVE-2024-1653.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1906.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1907.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1909.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1910.json | 51 ++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1912.json | 51 ++++++++++++++++++++ README.md | 48 ++++++------------ 12 files changed, 593 insertions(+), 32 deletions(-) create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5993.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7016.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1649.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1650.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1652.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1653.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1906.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1907.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1909.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1910.json create mode 100644 CVE-2024/CVE-2024-19xx/CVE-2024-1912.json diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5993.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5993.json new file mode 100644 index 00000000000..7d1cc1bfdef --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5993.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5993", + "sourceIdentifier": "psirt@thalesgroup.com", + "published": "2024-02-27T11:15:07.343", + "lastModified": "2024-02-27T11:15:07.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access." + }, + { + "lang": "es", + "value": "Una falla en el instalador de Windows en Thales SafeNet Authentication Client anterior a 10.8 R10 en Windows permite a un atacante escalar su nivel de privilegios a trav\u00e9s del acceso local." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@thalesgroup.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@thalesgroup.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.thalesgroup.com", + "source": "psirt@thalesgroup.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7016.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7016.json new file mode 100644 index 00000000000..88244bab23d --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7016.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-7016", + "sourceIdentifier": "psirt@thalesgroup.com", + "published": "2024-02-27T11:15:07.933", + "lastModified": "2024-02-27T11:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access." + }, + { + "lang": "es", + "value": "Una falla en Thales SafeNet Authentication Client anterior a 10.8 R10 en Windows permite a un atacante ejecutar c\u00f3digo a nivel de SYSTEM a trav\u00e9s de acceso local." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@thalesgroup.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@thalesgroup.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.thalesgroup.com", + "source": "psirt@thalesgroup.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1649.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1649.json new file mode 100644 index 00000000000..c196248bf50 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1649.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1649", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:08.133", + "lastModified": "2024-02-27T11:15:08.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n categorifyAjaxDeleteCategory en todas las versiones hasta la 1.0.7.4 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, eliminen categor\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1650.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1650.json new file mode 100644 index 00000000000..d967fb5e6fb --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1650.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1650", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:08.317", + "lastModified": "2024-02-27T11:15:08.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n categorifyAjaxRenameCategory en todas las versiones hasta la 1.0.7.4 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, cambien el nombre de las categor\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1652.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1652.json new file mode 100644 index 00000000000..298f180c004 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1652.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1652", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:08.507", + "lastModified": "2024-02-27T11:15:08.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n categorifyAjaxClearCategory en todas las versiones hasta la 1.0.7.4 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, borren categor\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1653.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1653.json new file mode 100644 index 00000000000..ddbe0ea2b5d --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1653.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1653", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:08.690", + "lastModified": "2024-02-27T11:15:08.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en categorifyAjaxUpdateFolderPosition en todas las versiones hasta la 1.0.7.4 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, actualicen la posici\u00f3n de la carpeta de las categor\u00edas, as\u00ed como los metadatos de otras taxonom\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1906.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1906.json new file mode 100644 index 00000000000..96ab72dc315 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1906.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1906", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:08.863", + "lastModified": "2024-02-27T11:15:08.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.7.4 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n categorifyAjaxAddCategory. Esto hace posible que atacantes no autenticados agreguen categor\u00edas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1907.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1907.json new file mode 100644 index 00000000000..14f10f53a80 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1907.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1907", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:09.060", + "lastModified": "2024-02-27T11:15:09.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.7.4 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n categorifyAjaxDeleteCategory. Esto hace posible que atacantes no autenticados eliminen categor\u00edas mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08c79118-9dad-44fd-b683-7950276d3808?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1909.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1909.json new file mode 100644 index 00000000000..d4bcab35d8e --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1909.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1909", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:09.240", + "lastModified": "2024-02-27T11:15:09.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.7.4 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n categorifyAjaxRenameCategory. Esto hace posible que atacantes no autenticados cambien el nombre de las categor\u00edas mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1910.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1910.json new file mode 100644 index 00000000000..449e406df51 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1910.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1910", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:09.427", + "lastModified": "2024-02-27T11:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.7.4 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n categorifyAjaxClearCategory. Esto hace posible que atacantes no autenticados borren categor\u00edas mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1912.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1912.json new file mode 100644 index 00000000000..ce6fce4e3eb --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1912.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1912", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-27T11:15:09.610", + "lastModified": "2024-02-27T11:15:09.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Categorify para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.7.4 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n categorifyAjaxUpdateFolderPosition. Esto hace posible que atacantes no autenticados actualicen la posici\u00f3n de la carpeta de las categor\u00edas, as\u00ed como tambi\u00e9n actualicen los metadatos de otras taxonom\u00edas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 091714beb6c..4657048bf7b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-27T11:01:08.170852+00:00 +2024-02-27T13:01:05.944551+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-27T10:15:08.137000+00:00 +2024-02-27T11:15:09.610000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239577 +239588 ``` ### CVEs added in the last Commit -Recently added CVEs: `29` +Recently added CVEs: `11` -* [CVE-2021-46925](CVE-2021/CVE-2021-469xx/CVE-2021-46925.json) (`2024-02-27T10:15:07.237`) -* [CVE-2021-46926](CVE-2021/CVE-2021-469xx/CVE-2021-46926.json) (`2024-02-27T10:15:07.320`) -* [CVE-2021-46927](CVE-2021/CVE-2021-469xx/CVE-2021-46927.json) (`2024-02-27T10:15:07.410`) -* [CVE-2021-46928](CVE-2021/CVE-2021-469xx/CVE-2021-46928.json) (`2024-02-27T10:15:07.517`) -* [CVE-2021-46929](CVE-2021/CVE-2021-469xx/CVE-2021-46929.json) (`2024-02-27T10:15:07.573`) -* [CVE-2021-46930](CVE-2021/CVE-2021-469xx/CVE-2021-46930.json) (`2024-02-27T10:15:07.637`) -* [CVE-2021-46931](CVE-2021/CVE-2021-469xx/CVE-2021-46931.json) (`2024-02-27T10:15:07.690`) -* [CVE-2021-46932](CVE-2021/CVE-2021-469xx/CVE-2021-46932.json) (`2024-02-27T10:15:07.753`) -* [CVE-2021-46933](CVE-2021/CVE-2021-469xx/CVE-2021-46933.json) (`2024-02-27T10:15:07.807`) -* [CVE-2021-46934](CVE-2021/CVE-2021-469xx/CVE-2021-46934.json) (`2024-02-27T10:15:07.877`) -* [CVE-2021-46935](CVE-2021/CVE-2021-469xx/CVE-2021-46935.json) (`2024-02-27T10:15:07.957`) -* [CVE-2021-46936](CVE-2021/CVE-2021-469xx/CVE-2021-46936.json) (`2024-02-27T10:15:08.017`) -* [CVE-2021-46937](CVE-2021/CVE-2021-469xx/CVE-2021-46937.json) (`2024-02-27T10:15:08.067`) -* [CVE-2023-50379](CVE-2023/CVE-2023-503xx/CVE-2023-50379.json) (`2024-02-27T09:15:36.827`) -* [CVE-2023-51518](CVE-2023/CVE-2023-515xx/CVE-2023-51518.json) (`2024-02-27T09:15:36.983`) -* [CVE-2023-6584](CVE-2023/CVE-2023-65xx/CVE-2023-6584.json) (`2024-02-27T09:15:37.087`) -* [CVE-2023-6585](CVE-2023/CVE-2023-65xx/CVE-2023-6585.json) (`2024-02-27T09:15:37.147`) -* [CVE-2023-7115](CVE-2023/CVE-2023-71xx/CVE-2023-7115.json) (`2024-02-27T09:15:37.197`) -* [CVE-2023-7165](CVE-2023/CVE-2023-71xx/CVE-2023-7165.json) (`2024-02-27T09:15:37.247`) -* [CVE-2023-7167](CVE-2023/CVE-2023-71xx/CVE-2023-7167.json) (`2024-02-27T09:15:37.293`) -* [CVE-2023-7198](CVE-2023/CVE-2023-71xx/CVE-2023-7198.json) (`2024-02-27T09:15:37.350`) -* [CVE-2023-7202](CVE-2023/CVE-2023-72xx/CVE-2023-7202.json) (`2024-02-27T09:15:37.397`) -* [CVE-2023-7203](CVE-2023/CVE-2023-72xx/CVE-2023-7203.json) (`2024-02-27T09:15:37.450`) -* [CVE-2024-0855](CVE-2024/CVE-2024-08xx/CVE-2024-0855.json) (`2024-02-27T09:15:37.497`) -* [CVE-2024-1106](CVE-2024/CVE-2024-11xx/CVE-2024-1106.json) (`2024-02-27T09:15:37.543`) +* [CVE-2023-5993](CVE-2023/CVE-2023-59xx/CVE-2023-5993.json) (`2024-02-27T11:15:07.343`) +* [CVE-2023-7016](CVE-2023/CVE-2023-70xx/CVE-2023-7016.json) (`2024-02-27T11:15:07.933`) +* [CVE-2024-1649](CVE-2024/CVE-2024-16xx/CVE-2024-1649.json) (`2024-02-27T11:15:08.133`) +* [CVE-2024-1650](CVE-2024/CVE-2024-16xx/CVE-2024-1650.json) (`2024-02-27T11:15:08.317`) +* [CVE-2024-1652](CVE-2024/CVE-2024-16xx/CVE-2024-1652.json) (`2024-02-27T11:15:08.507`) +* [CVE-2024-1653](CVE-2024/CVE-2024-16xx/CVE-2024-1653.json) (`2024-02-27T11:15:08.690`) +* [CVE-2024-1906](CVE-2024/CVE-2024-19xx/CVE-2024-1906.json) (`2024-02-27T11:15:08.863`) +* [CVE-2024-1907](CVE-2024/CVE-2024-19xx/CVE-2024-1907.json) (`2024-02-27T11:15:09.060`) +* [CVE-2024-1909](CVE-2024/CVE-2024-19xx/CVE-2024-1909.json) (`2024-02-27T11:15:09.240`) +* [CVE-2024-1910](CVE-2024/CVE-2024-19xx/CVE-2024-1910.json) (`2024-02-27T11:15:09.427`) +* [CVE-2024-1912](CVE-2024/CVE-2024-19xx/CVE-2024-1912.json) (`2024-02-27T11:15:09.610`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -* [CVE-2019-25161](CVE-2019/CVE-2019-251xx/CVE-2019-25161.json) (`2024-02-27T10:15:06.833`) -* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-27T10:15:08.137`) ## Download and Usage