Auto-Update: 2024-12-17T13:00:39.782151+00:00

fkie-cad · Dec 17, 2024 · b592521 · b592521
1 parent efc326b
commit b592521
Show file tree

Hide file tree

Showing 10 changed files with 534 additions and 21 deletions.
diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11280",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T12:15:19.343",
+  "lastModified": "2024-12-17T12:15:19.343",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3208393/password-protect-page",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9ac0d84-dff4-4a03-a530-cac47ffaf2bb?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json
@@ -0,0 +1,124 @@
+{
+  "id": "CVE-2024-12395",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T12:15:20.377",
+  "lastModified": "2024-12-17T12:15:20.377",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018number\u2019 parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L117",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L127",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L138",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L149",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L173",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L200",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L28",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L31",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L38",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L47",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L53",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L59",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L66",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L76",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L90",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L96",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3208205/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b09dc4dc-d2b9-452a-b005-b69feffdbecf?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json
@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-12601",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T12:15:20.543",
+  "lastModified": "2024-12-17T12:15:20.543",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3207826/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-41xx/CVE-2024-4109.json b/CVE-2024/CVE-2024-41xx/CVE-2024-4109.json
@@ -2,7 +2,7 @@
   "id": "CVE-2024-4109",
   "sourceIdentifier": "[email protected]",
   "published": "2024-12-12T09:15:06.207",
-  "lastModified": "2024-12-12T09:15:06.207",
+  "lastModified": "2024-12-17T11:15:05.717",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -19,7 +19,7 @@
     "cvssMetricV31": [
       {
         "source": "[email protected]",
-        "type": "Primary",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@@ -42,7 +42,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
@@ -52,6 +52,22 @@
     }
   ],
   "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:10927",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:10928",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:10929",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:10933",
+      "source": "[email protected]"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-4109",
       "source": "[email protected]"

diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-52542",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T12:15:20.703",
+  "lastModified": "2024-12-17T12:15:20.703",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-61"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000261039/dsa-2024-496-security-update-for-dell-appsync-vulnerabilities",
+      "source": "[email protected]"
+    }
+  ]
+}