admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-14T09:00:25.957842+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-14 09:03:51 +00:00
parent 920939d6d7
commit e4e3551cd7
5 changed files with 261 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CVE-2024/CVE-2024-120xx/CVE-2024-12006.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-12006",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-14T07:15:25.633",
"lastModified": "2025-01-14T07:15:25.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L186",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L220",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L60",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L63",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L212",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/329ad5dc-9339-4540-aba3-f21a78a74d4b?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-120xx/CVE-2024-12008.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12008",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-14T07:15:25.907",
"lastModified": "2025-01-14T07:15:25.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.\r\nNote: the debug feature must be enabled for this to be a concern, and it is disabled by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Debug.php#L29",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Environment.php#L430",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve",
"source": "security@wordfence.com"
}
]
}

108
CVE-2024/CVE-2024-123xx/CVE-2024-12365.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2024-12365",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-14T07:15:26.080",
"lastModified": "2025-01-14T07:15:26.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve",
"source": "security@wordfence.com"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-14T07:00:24.020058+00:00
2025-01-14T09:00:25.957842+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-14T06:15:15.480000+00:00
2025-01-14T07:15:26.080000+00:00
```
### Last Data Feed Release
@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
276998
277001
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
- [CVE-2024-13323](CVE-2024/CVE-2024-133xx/CVE-2024-13323.json) (`2025-01-14T06:15:15.480`)
- [CVE-2024-12006](CVE-2024/CVE-2024-120xx/CVE-2024-12006.json) (`2025-01-14T07:15:25.633`)
- [CVE-2024-12008](CVE-2024/CVE-2024-120xx/CVE-2024-12008.json) (`2025-01-14T07:15:25.907`)
- [CVE-2024-12365](CVE-2024/CVE-2024-123xx/CVE-2024-12365.json) (`2025-01-14T07:15:26.080`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2024-28016](CVE-2024/CVE-2024-280xx/CVE-2024-28016.json) (`2025-01-14T05:15:08.677`)
## Download and Usage

7
_state.csv
View File

@ -244949,7 +244949,9 @@ CVE-2024-12001,0,0,75bbf94d31b41f422ac1216beeda365d0b924dd232e408edb33262f11bb39
CVE-2024-12002,0,0,642bad4c124467ff4f581f355ddf310f5dadc994966ff22ccdf8e42852d0744f,2024-12-10T23:21:19.827000
CVE-2024-12003,0,0,14ef5c0679ec50bb5e5014c8e7b631b4905f5419df127668fd74fc6d22bcfff5,2024-12-06T09:15:07.630000
CVE-2024-12004,0,0,3dce40ab1e8f9f1b73bc9bad8477202dd665f9594517ea95d989e909aeed6010,2024-12-11T09:15:05.500000
CVE-2024-12006,1,1,63550435eaae2ecd65ca5ba47447dea1847c25ad1aef47ab934389493f428db4,2025-01-14T07:15:25.633000
CVE-2024-12007,0,0,8e607a1eddf324cb0db7978994624ff72f4892cd536259d2d33593eb53a4d98b,2024-12-11T03:16:24.473000
CVE-2024-12008,1,1,46e525f0aad0cda7b4fb1c6055edf05bd2bf2e7c41b5e53c37ecd0a9654ac645,2025-01-14T07:15:25.907000
CVE-2024-1201,0,0,98150b7d086d80b767e6802e39750bc86f0479b7a9cd93495263225678c4d4a5,2024-11-21T08:50:01.647000
CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab749,2024-12-20T16:15:23.030000
CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000
@ -245207,6 +245209,7 @@ CVE-2024-1236,0,0,42d257f977d290f4d0aa2f8d4699f4951f80f18e17ed46b119e80f5ed73ef1
CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000
CVE-2024-12362,0,0,3d126c7d5b2c7c892f0afca83b7e5d0a3fdd9f8568569cdb62c20aebeb726e71,2024-12-16T10:15:05.097000
CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000
CVE-2024-12365,1,1,0cfd561a6ea9ae6ee1397d5d03dabe05fda08be3f1822c163b489efd4f381673,2025-01-14T07:15:26.080000
CVE-2024-12369,0,0,fcd74b43ea72489fd8099497c673c3afa2054b03bb7ec4819b8a995ebe30e685,2024-12-09T21:15:08.203000
CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000
CVE-2024-12371,0,0,ad8806dfee353fdb9887f497d244b3ccfcec0ca669e819f5ec6c72aa1dddd27b,2024-12-18T20:15:21.193000
@ -245866,7 +245869,7 @@ CVE-2024-13311,0,0,043082a8dd739b5eb445323387334add04ddcec723a1cf1ae43347104de3b
CVE-2024-13312,0,0,1596f306a61a66773ca721f46a9f359accd6e8bc761ac287ef2d071eacd93640,2025-01-09T21:15:29.077000
CVE-2024-13318,0,0,bd9b3dd8797a6a8e50fbc0881ed502b3d6c9d2df54bdf8f89c7bd4c9f15cb658,2025-01-10T12:15:24.257000
CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000
CVE-2024-13323,1,1,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000
CVE-2024-13323,0,0,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000
CVE-2024-13324,0,0,e28b727b7b2e4ff67b104bb8829ddea65c155869cb67c2e17008296310ed866b,2025-01-13T21:15:12.053000
CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000
CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000
@ -252796,7 +252799,7 @@ CVE-2024-28012,0,0,87d141419e8c7f128982750023e3ec1e976ac47b29ad9b8d2c9bb03dd60be
CVE-2024-28013,0,0,280bcd0de0622447cde065c0f3f6f0df6920a91ef4c6aad207057f1744479404,2025-01-14T04:15:11.427000
CVE-2024-28014,0,0,41625df99f453d3ffaca450014299a8b29e4ea5ba0c886a20ecfe541c3e779f5,2025-01-14T04:15:11.617000
CVE-2024-28015,0,0,70d32c00f90d171129ccd0af0d2ebd8dbe72335e809f4e5cf6f251a8c45f8e68,2025-01-14T04:15:11.820000
CVE-2024-28016,0,1,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000
CVE-2024-28016,0,0,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000
CVE-2024-2802,0,0,4d7e48fbf79d86b86a336401cd7856f9a2e312e8845717a11d0136644698f700,2024-03-26T15:15:49.677000
CVE-2024-28020,0,0,353857c6f72177d44fa539cd26ab29ac243a888fbe1ba2619943550305df92b7,2024-11-21T09:05:39.310000
CVE-2024-28021,0,0,ef91a2bbc3a7ba80aa4b93dc521740325b47bcd3461fc4ac520536869818ea73,2024-11-21T09:05:39.497000

Can't render this file because it is too large.