Skip to content

Commit

Permalink
Auto-Update: 2024-12-17T07:00:20.452212+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 17, 2024
1 parent 080c4b3 commit 69b5cd8
Show file tree
Hide file tree
Showing 7 changed files with 344 additions and 13 deletions.
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-123xx/CVE-2024-12356.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-12356",
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"published": "2024-12-17T05:15:06.413",
"lastModified": "2024-12-17T05:15:06.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356",
"source": "13061848-ea10-403d-bd75-c83a022c2891"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10",
"source": "13061848-ea10-403d-bd75-c83a022c2891"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356",
"source": "13061848-ea10-403d-bd75-c83a022c2891"
}
]
}
78 changes: 78 additions & 0 deletions CVE-2024/CVE-2024-384xx/CVE-2024-38499.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
{
"id": "CVE-2024-38499",
"sourceIdentifier": "[email protected]",
"published": "2024-12-17T06:15:20.760",
"lastModified": "2024-12-17T06:15:20.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284",
"source": "[email protected]"
}
]
}
60 changes: 60 additions & 0 deletions CVE-2024/CVE-2024-541xx/CVE-2024-54125.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"id": "CVE-2024-54125",
"sourceIdentifier": "[email protected]",
"published": "2024-12-17T06:15:21.030",
"lastModified": "2024-12-17T06:15:21.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme issue in \"Shonen Jump+\" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-939"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN08430039/",
"source": "[email protected]"
},
{
"url": "https://shonenjumpplus.com/article/info20241216",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-558xx/CVE-2024-55864.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-55864",
"sourceIdentifier": "[email protected]",
"published": "2024-12-17T05:15:09.937",
"lastModified": "2024-12-17T05:15:09.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU90748215/",
"source": "[email protected]"
},
{
"url": "https://mywpcustomize.com/update-history-my-wp-customize-admin-frontend-1-24-1/",
"source": "[email protected]"
},
{
"url": "https://wordpress.org/plugins/my-wp/#developers",
"source": "[email protected]"
}
]
}
60 changes: 60 additions & 0 deletions CVE-2024/CVE-2024-96xx/CVE-2024-9624.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"id": "CVE-2024-9624",
"sourceIdentifier": "[email protected]",
"published": "2024-12-17T06:15:21.173",
"lastModified": "2024-12-17T06:15:21.173",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eabde2e7-5cd4-4c3e-959a-69e04f6350d3?source=cve",
"source": "[email protected]"
},
{
"url": "https://www.wpallimport.com",
"source": "[email protected]"
}
]
}
16 changes: 8 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update

```plain
2024-12-17T05:00:31.582484+00:00
2024-12-17T07:00:20.452212+00:00
```

### Most recent CVE Modification Timestamp synchronized with NVD

```plain
2024-12-17T04:15:05.333000+00:00
2024-12-17T06:15:21.173000+00:00
```

### Last Data Feed Release
Expand All @@ -33,18 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs

```plain
274101
274106
```

### CVEs added in the last Commit

Recently added CVEs: `5`

- [CVE-2020-12484](CVE-2020/CVE-2020-124xx/CVE-2020-12484.json) (`2024-12-17T03:15:05.613`)
- [CVE-2020-12487](CVE-2020/CVE-2020-124xx/CVE-2020-12487.json) (`2024-12-17T03:15:06.453`)
- [CVE-2021-26278](CVE-2021/CVE-2021-262xx/CVE-2021-26278.json) (`2024-12-17T03:15:06.573`)
- [CVE-2021-26279](CVE-2021/CVE-2021-262xx/CVE-2021-26279.json) (`2024-12-17T04:15:05.333`)
- [CVE-2024-12239](CVE-2024/CVE-2024-122xx/CVE-2024-12239.json) (`2024-12-17T03:15:06.710`)
- [CVE-2024-12356](CVE-2024/CVE-2024-123xx/CVE-2024-12356.json) (`2024-12-17T05:15:06.413`)
- [CVE-2024-38499](CVE-2024/CVE-2024-384xx/CVE-2024-38499.json) (`2024-12-17T06:15:20.760`)
- [CVE-2024-54125](CVE-2024/CVE-2024-541xx/CVE-2024-54125.json) (`2024-12-17T06:15:21.030`)
- [CVE-2024-55864](CVE-2024/CVE-2024-558xx/CVE-2024-55864.json) (`2024-12-17T05:15:09.937`)
- [CVE-2024-9624](CVE-2024/CVE-2024-96xx/CVE-2024-9624.json) (`2024-12-17T06:15:21.173`)


### CVEs modified in the last Commit
Expand Down
Loading

0 comments on commit 69b5cd8

Please sign in to comment.