From fd50d39ac59efc00eee4309b18afd0ed08011e5a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 23 Feb 2024 09:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-23T09:00:24.526868+00:00 --- CVE-2023/CVE-2023-375xx/CVE-2023-37540.json | 43 +++++++++++++++++++ CVE-2024/CVE-2024-17xx/CVE-2024-1776.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-17xx/CVE-2024-1777.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-17xx/CVE-2024-1778.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-17xx/CVE-2024-1779.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-244xx/CVE-2024-24476.json | 4 +- CVE-2024/CVE-2024-244xx/CVE-2024-24478.json | 4 +- CVE-2024/CVE-2024-244xx/CVE-2024-24479.json | 4 +- README.md | 19 ++++++--- 9 files changed, 250 insertions(+), 12 deletions(-) create mode 100644 CVE-2023/CVE-2023-375xx/CVE-2023-37540.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1776.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1777.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1778.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1779.json diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37540.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37540.json new file mode 100644 index 00000000000..c76f34dc408 --- /dev/null +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37540.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-37540", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-02-23T07:15:47.700", + "lastModified": "2024-02-23T07:15:47.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1776.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1776.json new file mode 100644 index 00000000000..1ecd61adc80 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1776.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1776", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-23T07:15:48.120", + "lastModified": "2024-02-23T07:15:48.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1777.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1777.json new file mode 100644 index 00000000000..90a801499c5 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1777.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1777", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-23T07:15:48.477", + "lastModified": "2024-02-23T07:15:48.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1778.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1778.json new file mode 100644 index 00000000000..0510fccd199 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1778.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1778", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-23T07:15:48.793", + "lastModified": "2024-02-23T07:15:48.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1779.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1779.json new file mode 100644 index 00000000000..d8f2e3a4c86 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1779.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1779", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-23T07:15:49.133", + "lastModified": "2024-02-23T07:15:49.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json index e3fe4c4fe78..6b491fa3e52 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24476.json @@ -2,12 +2,12 @@ "id": "CVE-2024-24476", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-21T19:15:09.030", - "lastModified": "2024-02-22T19:07:27.197", + "lastModified": "2024-02-23T08:15:57.533", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components." + "value": "A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json index b5af6c1870b..42eb502b83c 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24478.json @@ -2,12 +2,12 @@ "id": "CVE-2024-24478", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-21T17:15:09.567", - "lastModified": "2024-02-22T19:07:27.197", + "lastModified": "2024-02-23T08:15:57.673", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components." + "value": "An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json index 3e9db3685f8..4e0854f1b63 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24479.json @@ -2,12 +2,12 @@ "id": "CVE-2024-24479", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-21T19:15:09.077", - "lastModified": "2024-02-22T19:07:27.197", + "lastModified": "2024-02-23T08:15:57.730", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components." + "value": "A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected." }, { "lang": "es", diff --git a/README.md b/README.md index c9c71a61291..f53d08d527e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-23T07:00:24.424534+00:00 +2024-02-23T09:00:24.526868+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-23T05:15:08.143000+00:00 +2024-02-23T08:15:57.730000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239274 +239279 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2024-22243](CVE-2024/CVE-2024-222xx/CVE-2024-22243.json) (`2024-02-23T05:15:08.143`) +* [CVE-2023-37540](CVE-2023/CVE-2023-375xx/CVE-2023-37540.json) (`2024-02-23T07:15:47.700`) +* [CVE-2024-1776](CVE-2024/CVE-2024-17xx/CVE-2024-1776.json) (`2024-02-23T07:15:48.120`) +* [CVE-2024-1777](CVE-2024/CVE-2024-17xx/CVE-2024-1777.json) (`2024-02-23T07:15:48.477`) +* [CVE-2024-1778](CVE-2024/CVE-2024-17xx/CVE-2024-1778.json) (`2024-02-23T07:15:48.793`) +* [CVE-2024-1779](CVE-2024/CVE-2024-17xx/CVE-2024-1779.json) (`2024-02-23T07:15:49.133`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `3` +* [CVE-2024-24476](CVE-2024/CVE-2024-244xx/CVE-2024-24476.json) (`2024-02-23T08:15:57.533`) +* [CVE-2024-24478](CVE-2024/CVE-2024-244xx/CVE-2024-24478.json) (`2024-02-23T08:15:57.673`) +* [CVE-2024-24479](CVE-2024/CVE-2024-244xx/CVE-2024-24479.json) (`2024-02-23T08:15:57.730`) ## Download and Usage