Auto-Update: 2024-10-02T06:00:17.597686+00:00

2025-05-08 19:47:09 +00:00 · 2024-10-02 06:03:17 +00:00 · 2024-10-02 06:03:17 +00:00 · f49d861767
commit f49d861767
parent 9188635288
6 changed files with 202 additions and 10 deletions
--- a/CVE-2024/CVE-2024-215xx/CVE-2024-21530.json
+++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21530.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-21530",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2024-10-02T05:15:11.300",
+  "lastModified": "2024-10-02T05:15:11.300",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object.\r\r**Note:**\rThe issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "report@snyk.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-323"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/advisories/GHSA-6878-6wc2-pf5h",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/fadeevab/cocoon/commit/1b6392173ce35db4736a94b62b2d2973f9a71441",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/fadeevab/cocoon/issues/22",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0068.html",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-RUST-COCOON-6028364",
+      "source": "report@snyk.io"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-336xx/CVE-2024-33662.json
+++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33662.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2024-33662",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-10-02T05:15:11.643",
+  "lastModified": "2024-10-02T05:15:11.643",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/portainer/portainer/compare/2.20.1...2.20.2",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/portainer/portainer/issues/11737",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.portainer.io",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-451xx/CVE-2024-45186.json
+++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45186.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-45186",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-10-02T05:15:11.743",
+  "lastModified": "2024-10-02T05:15:11.743",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-78xx/CVE-2024-7855.json
+++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7855.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-7855",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-02T05:15:11.843",
+  "lastModified": "2024-10-02T05:15:11.843",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-hotel-booking/trunk/includes/class-wphb-comments.php#L150",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3157905%40wp-hotel-booking&new=3157905%40wp-hotel-booking&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/784593ec-b635-4f59-9afb-ab506f786d21?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-01T23:55:16.795913+00:00
+2024-10-02T06:00:17.597686+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-01T23:15:02.737000+00:00
+2024-10-02T05:15:11.843000+00:00
 ```

 ### Last Data Feed Release
@ -27,27 +27,29 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-10-01T00:00:08.653945+00:00
+2024-10-02T00:00:08.650594+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-264287
+264291
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `4`

+- [CVE-2024-21530](CVE-2024/CVE-2024-215xx/CVE-2024-21530.json) (`2024-10-02T05:15:11.300`)
+- [CVE-2024-33662](CVE-2024/CVE-2024-336xx/CVE-2024-33662.json) (`2024-10-02T05:15:11.643`)
+- [CVE-2024-45186](CVE-2024/CVE-2024-451xx/CVE-2024-45186.json) (`2024-10-02T05:15:11.743`)
+- [CVE-2024-7855](CVE-2024/CVE-2024-78xx/CVE-2024-7855.json) (`2024-10-02T05:15:11.843`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2024-3727](CVE-2024/CVE-2024-37xx/CVE-2024-3727.json) (`2024-10-01T23:15:02.737`)
- [CVE-2024-45613](CVE-2024/CVE-2024-456xx/CVE-2024-45613.json) (`2024-10-01T22:15:02.757`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244177,6 +244177,7 @@ CVE-2024-21527,0,0,5f68d3fcedc529f8c61b21687ff27d1dfc424d6b1048d7df4e422495549fd
 CVE-2024-21528,0,0,20243e12426582c16920a0ab3a8036a5493484e122893e1731a0b03945a2d62b,2024-09-10T12:09:50.377000
 CVE-2024-21529,0,0,664e585ecfec877dc16e4d09f63918fa2af81f0c56860c291a634c3448dac725,2024-09-11T16:26:11.920000
 CVE-2024-2153,0,0,d3abacc4f79f5ae0d18412563134adcd72e3650da9619fcc6b902801eca849d9,2024-05-17T02:38:04.867000
+CVE-2024-21530,1,1,9047e317b293f5aa790c4706778f022be30afa76b99a5d32db880b7032e0d33b,2024-10-02T05:15:11.300000
 CVE-2024-21531,0,0,2b9ed23aaafa91e39b01eff409d264c9c679eac5ddcacfd84b1a76246c79022e,2024-10-01T05:15:12.440000
 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000
 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000
@ -252781,6 +252782,7 @@ CVE-2024-33656,0,0,bcce08f394a095ebca60ada0fb4a4aafac76a15e930d7944ca1f9457799a1
 CVE-2024-33657,0,0,4304e9ad6a833f4e772f3f337e66d35550f113c5280de638d62e655b681eb6cd,2024-08-21T17:24:59.627000
 CVE-2024-3366,0,0,a2c419b6dceb854c8524f6fea56c90f31e3f9047e1890ead74a66fe52a9e4023,2024-05-17T02:39:53.090000
 CVE-2024-33661,0,0,1fe83f392b56cfa5102f5ff20013157b18140b66b95ef00cb93915789153e2d5,2024-07-03T01:58:33.073000
+CVE-2024-33662,1,1,46d1d2d395802d1631d715ac5931287954ed01bca98531e86282dde27a04d566,2024-10-02T05:15:11.643000
 CVE-2024-33663,0,0,e1e5e3bf2bfb6f84f42175dcb29cc9799e837d7e631a8436167d9acbf72c8e21,2024-09-03T20:15:07.433000
 CVE-2024-33664,0,0,fa102b47e0b0f78985d310d8b8074ad26f7b0a8f6e346244359d7ca87f4b731d,2024-09-05T16:15:07.570000
 CVE-2024-33665,0,0,5ca9bdea72a653edb26c9763ca65ae33540673cea00ec4859ff84abbb4dc8bf9,2024-08-02T03:15:30.310000
@ -255331,7 +255333,7 @@ CVE-2024-37265,0,0,15f68b41e4db6ae6ccda7f80b0a70abe19004015dbcf0d1246d37335388c5
 CVE-2024-37266,0,0,44943b1bec747c3c4ecddbc943aaff365210584d2dac21ff41065ed54e40dcb1,2024-08-29T18:59:40.057000
 CVE-2024-37267,0,0,0d692f1d5fdd2443078b17f2b54167a732ba33e5479382e14b7e2bd4b6ec49a8,2024-07-25T13:47:43.833000
 CVE-2024-37268,0,0,32108042cd6042edb5d9a980c4bc9e7e171800cf8a42366d53d95c0b76a50314,2024-08-29T18:56:01.267000
-CVE-2024-3727,0,1,382df6acca90b0442007d8a3a140043b5826fc442546ce88da4447b34df9102e,2024-10-01T23:15:02.737000
+CVE-2024-3727,0,0,382df6acca90b0442007d8a3a140043b5826fc442546ce88da4447b34df9102e,2024-10-01T23:15:02.737000
 CVE-2024-37270,0,0,09adf8729d6feae3191994dc6f2b286449a8e4d910f8c343a3a9496ea050a29f,2024-07-11T13:05:54.930000
 CVE-2024-37271,0,0,82adde283ff9dacc0f77be200c055ea2f2c58a80387c070880c7d1f2c1068d32,2024-07-25T13:46:39.273000
 CVE-2024-37273,0,0,2a85b1da0ca6e483bcfb6dea755537146c70a6967cba53f16b02bbb377a77813,2024-08-15T14:35:03.053000
@ -259975,6 +259977,7 @@ CVE-2024-4518,0,0,64c3b6e6e74f6d9fd929463119875b686279109a997143c5dd3ad8e2c1af13
 CVE-2024-45180,0,0,08348c7b1382a66372a71879585bc4b470bbbe0e7bc2a628091dcf790778caba,2024-09-13T19:55:54.477000
 CVE-2024-45181,0,0,c1b3f50892c5ad2964a42f2f7c4bb1e591fc78d268d80e02244df3b7c3d3d502,2024-09-18T20:26:26.873000
 CVE-2024-45182,0,0,9a85c862314a6425e6060387f72c5f336d253a6faf88611dfadeddbd5da8c540,2024-09-18T20:26:11.023000
+CVE-2024-45186,1,1,47683f99100dc8f2df73094d6316885d9c66266e79ea57db447ccdbc0f6854ad,2024-10-02T05:15:11.743000
 CVE-2024-45187,0,0,b29c34a9281e147a1f2b33bdd2a8c272cd39081d36dd9d0273787cf191e54024,2024-08-26T12:47:20.187000
 CVE-2024-45188,0,0,b715e0fd98dc9de103c52fc47a055822268226fc14af5f0a01f3a3eab3db9def,2024-08-26T12:47:20.187000
 CVE-2024-45189,0,0,b34fadec0fb3db465bf6b7b191f2d87a7b9589d6e1c6f03c86e02522d36fb854,2024-09-12T20:42:30.850000
@ -260168,7 +260171,7 @@ CVE-2024-45606,0,0,74770cd60bba1a7e3534716f76d2f24e8f6b5a1c9090e259fc4bcbaa50144
 CVE-2024-45607,0,0,9d199e13e4c36b979d30a8467667e188e65d4bf0165b27173d5a6e5dc2ce7529,2024-09-19T02:05:28.707000
 CVE-2024-4561,0,0,8ef61ebc386f7e587b6eb6df8054d64514729591e443c5ac6735c0df58420e0f,2024-05-15T16:40:19.330000
 CVE-2024-45612,0,0,3e30286b1d723ddfef1522eda155227a0e1e8c66d0b8dce0d9a777734913d222,2024-09-23T19:33:04.650000
-CVE-2024-45613,0,1,a2ff9b099297ab22455347765d4960198846769603bf11c2b22cdb95078fe454,2024-10-01T22:15:02.757000
+CVE-2024-45613,0,0,a2ff9b099297ab22455347765d4960198846769603bf11c2b22cdb95078fe454,2024-10-01T22:15:02.757000
 CVE-2024-45614,0,0,ac4b7afda4571cd40367f25e5fa4ed4a95b6d96da3864aae950ca5538b1c5a35,2024-09-26T13:28:30.537000
 CVE-2024-45615,0,0,c6d6282e5a9613bcbeb55c568082301f30c66c5c3e170d6aa78e0325f2dae6b9,2024-09-13T19:21:15.423000
 CVE-2024-45616,0,0,ec4ff704ba2aae95f08442d1bfa2173f2a102c1c3b0570dfa4cb1518cb449547,2024-09-13T19:21:11.507000
@ -263456,6 +263459,7 @@ CVE-2024-7851,0,0,59aa43af6902d4a788d7da1730827e642c78bd3a9a790eb7c6cdc9cf8851f0
 CVE-2024-7852,0,0,cfaf6efee3831acfddb66b2453fc175105bb415bea9978d14cd59ad6f5b30e0e,2024-08-29T15:23:16.160000
 CVE-2024-7853,0,0,90e064ba16388d2c255ea61f6d50069bab92e333b7116c2e5b296230c0d5372d,2024-08-29T15:22:52.710000
 CVE-2024-7854,0,0,aba539cc6b053a0969fb9c545d61b200c22ae8ea4b03c24dce9c6e90a428e01f,2024-09-27T17:27:56.723000
+CVE-2024-7855,1,1,9ef8ad24bc421f37353c4d64435b1490bad1848a4c815862327f32bc10f2c85c,2024-10-02T05:15:11.843000
 CVE-2024-7856,0,0,0b05d57dab8dba6cdf2a128a5ea955132a0df5f7068b3f603d90db91d8053f54,2024-09-13T18:14:47.280000
 CVE-2024-7857,0,0,b74961afa7dd10dda782bf64e146bf5117eb37327cdce5dd6f430c037eea52b1,2024-08-29T13:25:27.537000
 CVE-2024-7858,0,0,dbe22e1f02da632a108fdb9c096b7008488e7f6cd1024c2ca6a33d2456cc067c,2024-09-03T14:34:09.017000