Auto-Update: 2024-08-16T12:00:17.686088+00:00

This commit is contained in:
cad-safe-bot 2024-08-16 12:03:13 +00:00
parent 45c6440b79
commit eff4b8cc66
6 changed files with 251 additions and 9 deletions

View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-25008",
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"published": "2024-08-16T10:15:04.823",
"lastModified": "2024-08-16T10:15:04.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024",
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-7136",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-16T11:15:04.027",
"lastModified": "2024-08-16T11:15:04.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://crocoblock.com/plugins/jetsearch/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9fe9fe85-bcb5-4e12-b879-31bc73074eed?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-7146",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-16T11:15:04.230",
"lastModified": "2024-08-16T11:15:04.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://crocoblock.com/plugins/jettabs/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a401a2dd-9b31-47d9-b841-f2e7042b8333?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-7147",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-16T11:15:04.423",
"lastModified": "2024-08-16T11:15:04.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://crocoblock.com/plugins/jetblocks/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-16T10:00:16.869402+00:00
2024-08-16T12:00:17.686088+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-16T08:15:03.897000+00:00
2024-08-16T11:15:04.423000+00:00
```
### Last Data Feed Release
@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
260204
260208
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `4`
- [CVE-2024-25008](CVE-2024/CVE-2024-250xx/CVE-2024-25008.json) (`2024-08-16T10:15:04.823`)
- [CVE-2024-7136](CVE-2024/CVE-2024-71xx/CVE-2024-7136.json) (`2024-08-16T11:15:04.027`)
- [CVE-2024-7146](CVE-2024/CVE-2024-71xx/CVE-2024-7146.json) (`2024-08-16T11:15:04.230`)
- [CVE-2024-7147](CVE-2024/CVE-2024-71xx/CVE-2024-7147.json) (`2024-08-16T11:15:04.423`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
- [CVE-2024-7262](CVE-2024/CVE-2024-72xx/CVE-2024-7262.json) (`2024-08-16T08:15:03.780`)
- [CVE-2024-7263](CVE-2024/CVE-2024-72xx/CVE-2024-7263.json) (`2024-08-16T08:15:03.897`)
## Download and Usage

View File

@ -246066,6 +246066,7 @@ CVE-2024-25003,0,0,f6c2eafae72b0051e89114af6c6fcddf635670371dbae7c3314ffc7707849
CVE-2024-25004,0,0,b1eaa30b45a2beac602111a556e73283df1fde1d2d56447f15cd2e12b3d43fc3,2024-02-14T20:15:45.980000
CVE-2024-25006,0,0,5b722f2e87bb2f2cd1327a954681e67bfe99d5442b01159ab458f524449bcffe,2024-08-01T13:47:32.460000
CVE-2024-25007,0,0,8168166db4b2b463b1c077994d5d41f318578553eda571604b31f6006eab6cd4,2024-04-29T19:48:09.017000
CVE-2024-25008,1,1,49c188edd94308078a20bd8cc18b029a952d9c33564db44a7c5514832d4844c9,2024-08-16T10:15:04.823000
CVE-2024-2501,0,0,6ce26352b8e14756a33573972eeb4c8a06096eee07ab0fb0ebb1c9238a943b1a,2024-04-10T13:23:38.787000
CVE-2024-25015,0,0,4c1212c8f769823bd4e7049fb129f848dc20c143fc1cc72b02abca5f7451e069,2024-05-01T19:50:25.633000
CVE-2024-25016,0,0,0e9311458b59df4142779e7a8b1d9bd170deea1a4bb4a555b03bbf822c263b92,2024-03-04T13:58:23.447000
@ -259787,7 +259788,10 @@ CVE-2024-7123,0,0,9cd56c5d21be01850838f11a2df252558cd6c9b176bc2485ad2b1b549f072a
CVE-2024-7127,0,0,6b292748e8421eae2ee17ad044bc14a6084b68762b6284b02f94a1dd672b3c81,2024-07-30T13:32:45.943000
CVE-2024-7128,0,0,22b40e3236f05da8de2b73f629340b5796a3b45429dedc50864bf862ccb583f9,2024-07-29T14:12:08.783000
CVE-2024-7135,0,0,31437d1db396166831d3abd18bbeb77eef50ad11110b9df0f25d86e90a9b1fe1,2024-07-31T12:57:02.300000
CVE-2024-7136,1,1,800009dc095d757e18cd07243220b156b5e1378ab0cdc8e3a6c11dcf096f0c2b,2024-08-16T11:15:04.027000
CVE-2024-7143,0,0,444409226f2889debaa1b6cea63b846cc438f1a41258f2e601b106b9c83baf18,2024-08-07T19:09:46.290000
CVE-2024-7146,1,1,1125a4692c6fb48bbab5140d3c4102c44a646d58d32c16ab6b96c4c0e4b7524f,2024-08-16T11:15:04.230000
CVE-2024-7147,1,1,ed3b030df37f35c2a7c1d91a50fe73f1fed45a60129d0a6db288bd63bdbff53b,2024-08-16T11:15:04.423000
CVE-2024-7150,0,0,c7aa662c62f137fc9f5e7c2c4fa11d684ce4d74402782286c7770e7f6bcc041e,2024-08-08T13:04:18.753000
CVE-2024-7151,0,0,27748e77ac666f37b5ea95444b5871c2d624c12d124d7b3d9588f7bd43672a12,2024-07-29T14:12:08.783000
CVE-2024-7152,0,0,dcb2ef4ff482b2e3310b87257a8cfd0ded02bb0f2f9cc18d404e9808150d9dbb,2024-07-29T14:12:08.783000
@ -259871,8 +259875,8 @@ CVE-2024-7252,0,0,b11855d09d58123416b1c452f42a306230094dfbea0e43cbf3d1a4ad2d82d8
CVE-2024-7255,0,0,fd2a8f993022fe32cb5a87546341ab7eeda32776ebc3f07d5c930f36c0483b95,2024-08-02T12:59:43.990000
CVE-2024-7256,0,0,28c6c5405ca0661376f4706f7e75647b14826bc648847c0c2ef29d4ee5bafea0,2024-08-03T18:35:04.003000
CVE-2024-7257,0,0,e6ef266df52e25692b132cfb6522d79defb5eb3e548daae54be1d69b0c3ab16e,2024-08-05T12:41:45.957000
CVE-2024-7262,0,1,d60dbfbf9319b6eac66a6b4e1dfce58ccb5030b654af2818e0169c0934be100e,2024-08-16T08:15:03.780000
CVE-2024-7263,0,1,204a24d64bef00a86bbb0d2328dff2567dd672dfe7303f7bb6981d723e86377e,2024-08-16T08:15:03.897000
CVE-2024-7262,0,0,d60dbfbf9319b6eac66a6b4e1dfce58ccb5030b654af2818e0169c0934be100e,2024-08-16T08:15:03.780000
CVE-2024-7263,0,0,204a24d64bef00a86bbb0d2328dff2567dd672dfe7303f7bb6981d723e86377e,2024-08-16T08:15:03.897000
CVE-2024-7264,0,0,12a75b53a7f63996bb7b4af3d1a6b7462e167bb63f5a12a5607f29e5ee63586a,2024-08-12T17:30:51.880000
CVE-2024-7265,0,0,b8acefabc570cba3338fbcc031201c451674349cab85dfd61e02fb2e8f5c7f19,2024-08-08T15:15:18.970000
CVE-2024-7266,0,0,40ec5b3f4d10f4b6f3816acd7da5d1c216bf118efd4b627aae50abb96a0696e6,2024-08-07T15:17:46.717000

Can't render this file because it is too large.