Auto-Update: 2024-02-23T09:00:24.526868+00:00

2025-07-09 16:05:11 +00:00 · 2024-02-23 09:00:28 +00:00 · 2024-02-23 09:00:28 +00:00 · fd50d39ac5
commit fd50d39ac5
parent b2ecf3c487
9 changed files with 250 additions and 12 deletions
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37540.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37540.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-37540",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2024-02-23T07:15:47.700",
+  "lastModified": "2024-02-23T07:15:47.700",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.9,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1776.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1776.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1776",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T07:15:48.120",
+  "lastModified": "2024-02-23T07:15:48.120",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1777.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1777.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1777",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T07:15:48.477",
+  "lastModified": "2024-02-23T07:15:48.477",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1778.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1778.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1778",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T07:15:48.793",
+  "lastModified": "2024-02-23T07:15:48.793",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1779.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1779.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1779",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T07:15:49.133",
+  "lastModified": "2024-02-23T07:15:49.133",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json
+++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-24476",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-21T19:15:09.030",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-02-23T08:15:57.533",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components."
+      "value": "A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json
+++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-24478",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-21T17:15:09.567",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-02-23T08:15:57.673",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components."
+      "value": "An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json
+++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-24479",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-21T19:15:09.077",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-02-23T08:15:57.730",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components."
+      "value": "A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected."
    },
    {
      "lang": "es",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-23T07:00:24.424534+00:00
+2024-02-23T09:00:24.526868+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-23T05:15:08.143000+00:00
+2024-02-23T08:15:57.730000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-239274
+239279
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `5`

-* [CVE-2024-22243](CVE-2024/CVE-2024-222xx/CVE-2024-22243.json) (`2024-02-23T05:15:08.143`)
+* [CVE-2023-37540](CVE-2023/CVE-2023-375xx/CVE-2023-37540.json) (`2024-02-23T07:15:47.700`)
+* [CVE-2024-1776](CVE-2024/CVE-2024-17xx/CVE-2024-1776.json) (`2024-02-23T07:15:48.120`)
+* [CVE-2024-1777](CVE-2024/CVE-2024-17xx/CVE-2024-1777.json) (`2024-02-23T07:15:48.477`)
+* [CVE-2024-1778](CVE-2024/CVE-2024-17xx/CVE-2024-1778.json) (`2024-02-23T07:15:48.793`)
+* [CVE-2024-1779](CVE-2024/CVE-2024-17xx/CVE-2024-1779.json) (`2024-02-23T07:15:49.133`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `3`

+* [CVE-2024-24476](CVE-2024/CVE-2024-244xx/CVE-2024-24476.json) (`2024-02-23T08:15:57.533`)
+* [CVE-2024-24478](CVE-2024/CVE-2024-244xx/CVE-2024-24478.json) (`2024-02-23T08:15:57.673`)
+* [CVE-2024-24479](CVE-2024/CVE-2024-244xx/CVE-2024-24479.json) (`2024-02-23T08:15:57.730`)


 ## Download and Usage