diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12006.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12006.json new file mode 100644 index 00000000000..09148b9f02e --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12006.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-12006", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-14T07:15:25.633", + "lastModified": "2025-01-14T07:15:25.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L186", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L220", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L60", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L63", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L212", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/329ad5dc-9339-4540-aba3-f21a78a74d4b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12008.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12008.json new file mode 100644 index 00000000000..2417dba6f51 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12008.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12008", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-14T07:15:25.907", + "lastModified": "2025-01-14T07:15:25.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.\r\nNote: the debug feature must be enabled for this to be a concern, and it is disabled by default." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Debug.php#L29", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Environment.php#L430", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12365.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12365.json new file mode 100644 index 00000000000..89c170ea389 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12365.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2024-12365", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-14T07:15:26.080", + "lastModified": "2025-01-14T07:15:26.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 88149bc0049..21edaaa7e1a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-14T07:00:24.020058+00:00 +2025-01-14T09:00:25.957842+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-14T06:15:15.480000+00:00 +2025-01-14T07:15:26.080000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276998 +277001 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-13323](CVE-2024/CVE-2024-133xx/CVE-2024-13323.json) (`2025-01-14T06:15:15.480`) +- [CVE-2024-12006](CVE-2024/CVE-2024-120xx/CVE-2024-12006.json) (`2025-01-14T07:15:25.633`) +- [CVE-2024-12008](CVE-2024/CVE-2024-120xx/CVE-2024-12008.json) (`2025-01-14T07:15:25.907`) +- [CVE-2024-12365](CVE-2024/CVE-2024-123xx/CVE-2024-12365.json) (`2025-01-14T07:15:26.080`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-28016](CVE-2024/CVE-2024-280xx/CVE-2024-28016.json) (`2025-01-14T05:15:08.677`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e2d34163a42..072d9ea7a1e 100644 --- a/_state.csv +++ b/_state.csv @@ -244949,7 +244949,9 @@ CVE-2024-12001,0,0,75bbf94d31b41f422ac1216beeda365d0b924dd232e408edb33262f11bb39 CVE-2024-12002,0,0,642bad4c124467ff4f581f355ddf310f5dadc994966ff22ccdf8e42852d0744f,2024-12-10T23:21:19.827000 CVE-2024-12003,0,0,14ef5c0679ec50bb5e5014c8e7b631b4905f5419df127668fd74fc6d22bcfff5,2024-12-06T09:15:07.630000 CVE-2024-12004,0,0,3dce40ab1e8f9f1b73bc9bad8477202dd665f9594517ea95d989e909aeed6010,2024-12-11T09:15:05.500000 +CVE-2024-12006,1,1,63550435eaae2ecd65ca5ba47447dea1847c25ad1aef47ab934389493f428db4,2025-01-14T07:15:25.633000 CVE-2024-12007,0,0,8e607a1eddf324cb0db7978994624ff72f4892cd536259d2d33593eb53a4d98b,2024-12-11T03:16:24.473000 +CVE-2024-12008,1,1,46e525f0aad0cda7b4fb1c6055edf05bd2bf2e7c41b5e53c37ecd0a9654ac645,2025-01-14T07:15:25.907000 CVE-2024-1201,0,0,98150b7d086d80b767e6802e39750bc86f0479b7a9cd93495263225678c4d4a5,2024-11-21T08:50:01.647000 CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab749,2024-12-20T16:15:23.030000 CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000 @@ -245207,6 +245209,7 @@ CVE-2024-1236,0,0,42d257f977d290f4d0aa2f8d4699f4951f80f18e17ed46b119e80f5ed73ef1 CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000 CVE-2024-12362,0,0,3d126c7d5b2c7c892f0afca83b7e5d0a3fdd9f8568569cdb62c20aebeb726e71,2024-12-16T10:15:05.097000 CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000 +CVE-2024-12365,1,1,0cfd561a6ea9ae6ee1397d5d03dabe05fda08be3f1822c163b489efd4f381673,2025-01-14T07:15:26.080000 CVE-2024-12369,0,0,fcd74b43ea72489fd8099497c673c3afa2054b03bb7ec4819b8a995ebe30e685,2024-12-09T21:15:08.203000 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000 CVE-2024-12371,0,0,ad8806dfee353fdb9887f497d244b3ccfcec0ca669e819f5ec6c72aa1dddd27b,2024-12-18T20:15:21.193000 @@ -245866,7 +245869,7 @@ CVE-2024-13311,0,0,043082a8dd739b5eb445323387334add04ddcec723a1cf1ae43347104de3b CVE-2024-13312,0,0,1596f306a61a66773ca721f46a9f359accd6e8bc761ac287ef2d071eacd93640,2025-01-09T21:15:29.077000 CVE-2024-13318,0,0,bd9b3dd8797a6a8e50fbc0881ed502b3d6c9d2df54bdf8f89c7bd4c9f15cb658,2025-01-10T12:15:24.257000 CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000 -CVE-2024-13323,1,1,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000 +CVE-2024-13323,0,0,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000 CVE-2024-13324,0,0,e28b727b7b2e4ff67b104bb8829ddea65c155869cb67c2e17008296310ed866b,2025-01-13T21:15:12.053000 CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000 CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000 @@ -252796,7 +252799,7 @@ CVE-2024-28012,0,0,87d141419e8c7f128982750023e3ec1e976ac47b29ad9b8d2c9bb03dd60be CVE-2024-28013,0,0,280bcd0de0622447cde065c0f3f6f0df6920a91ef4c6aad207057f1744479404,2025-01-14T04:15:11.427000 CVE-2024-28014,0,0,41625df99f453d3ffaca450014299a8b29e4ea5ba0c886a20ecfe541c3e779f5,2025-01-14T04:15:11.617000 CVE-2024-28015,0,0,70d32c00f90d171129ccd0af0d2ebd8dbe72335e809f4e5cf6f251a8c45f8e68,2025-01-14T04:15:11.820000 -CVE-2024-28016,0,1,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000 +CVE-2024-28016,0,0,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000 CVE-2024-2802,0,0,4d7e48fbf79d86b86a336401cd7856f9a2e312e8845717a11d0136644698f700,2024-03-26T15:15:49.677000 CVE-2024-28020,0,0,353857c6f72177d44fa539cd26ab29ac243a888fbe1ba2619943550305df92b7,2024-11-21T09:05:39.310000 CVE-2024-28021,0,0,ef91a2bbc3a7ba80aa4b93dc521740325b47bcd3461fc4ac520536869818ea73,2024-11-21T09:05:39.497000