Auto-Update: 2024-12-16T07:00:19.490656+00:00

fkie-cad · Dec 16, 2024 · f456c45 · f456c45
1 parent c37785c
commit f456c45
Show file tree

Hide file tree

Showing 11 changed files with 296 additions and 9 deletions.
diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-11841",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:05.967",
+  "lastModified": "2024-12-16T06:15:05.967",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/e344c722-c9b3-4527-a50d-50cdf07ebace/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-5333",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:08.100",
+  "lastModified": "2024-12-16T06:15:08.100",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/764b5a23-8b51-4882-b899-beb54f684984/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-56084",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:07.070",
+  "lastModified": "2024-12-16T06:15:07.070",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137632418845-Remote-Code-Execution-while-creating-Universal-Normalizer",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-56085",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:07.257",
+  "lastModified": "2024-12-16T06:15:07.257",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137660393757-Server-Side-Template-Injection-SSTI-in-Search-Template-Dashboard",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-56086",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:07.557",
+  "lastModified": "2024-12-16T06:15:07.557",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-56087",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:07.727",
+  "lastModified": "2024-12-16T06:15:07.727",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137697881885-Server-Side-Template-Injection-SSTI-in-Search-Template-Dashboard-Queries",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json
@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56112",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T06:15:07.920",
+  "lastModified": "2024-12-16T06:15:07.920",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cyberpanel.net/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/usmannasir/cyberpanel/commit/f0cf648c7851c96c36bb0c390d13e60931f45900",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8116.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8116.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8116",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T05:15:05.520",
+  "lastModified": "2024-12-16T05:15:05.520",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480509",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://hackerone.com/reports/2666216",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8650.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8650.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8650",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T05:15:05.780",
+  "lastModified": "2024-12-16T05:15:05.780",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486300",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://hackerone.com/reports/2705909",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-16T05:00:19.264627+00:00
+2024-12-16T07:00:19.490656+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-16T04:15:05.263000+00:00
+2024-12-16T06:15:08.100000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-273889
+273898
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
-
-- [CVE-2024-53376](CVE-2024/CVE-2024-533xx/CVE-2024-53376.json) (`2024-12-16T04:15:05.263`)
-- [CVE-2024-56083](CVE-2024/CVE-2024-560xx/CVE-2024-56083.json) (`2024-12-16T03:15:04.650`)
+Recently added CVEs: `9`
+
+- [CVE-2024-11841](CVE-2024/CVE-2024-118xx/CVE-2024-11841.json) (`2024-12-16T06:15:05.967`)
+- [CVE-2024-5333](CVE-2024/CVE-2024-53xx/CVE-2024-5333.json) (`2024-12-16T06:15:08.100`)
+- [CVE-2024-56084](CVE-2024/CVE-2024-560xx/CVE-2024-56084.json) (`2024-12-16T06:15:07.070`)
+- [CVE-2024-56085](CVE-2024/CVE-2024-560xx/CVE-2024-56085.json) (`2024-12-16T06:15:07.257`)
+- [CVE-2024-56086](CVE-2024/CVE-2024-560xx/CVE-2024-56086.json) (`2024-12-16T06:15:07.557`)
+- [CVE-2024-56087](CVE-2024/CVE-2024-560xx/CVE-2024-56087.json) (`2024-12-16T06:15:07.727`)
+- [CVE-2024-56112](CVE-2024/CVE-2024-561xx/CVE-2024-56112.json) (`2024-12-16T06:15:07.920`)
+- [CVE-2024-8116](CVE-2024/CVE-2024-81xx/CVE-2024-8116.json) (`2024-12-16T05:15:05.520`)
+- [CVE-2024-8650](CVE-2024/CVE-2024-86xx/CVE-2024-8650.json) (`2024-12-16T05:15:05.780`)
 
 
 ### CVEs modified in the last Commit

diff --git a/_state.csv b/_state.csv
@@ -244459,6 +244459,7 @@ CVE-2024-11838,0,0,8994bf4ba33c708774af24b47413b334fdb73ca6b30384c2ca962cc19efcb
 CVE-2024-11839,0,0,c6c976e0661e60ecd7ad88e86bf60ee8d9fd80cc1c530b3d2b4318b3ad131ec6,2024-12-13T06:15:26.273000
 CVE-2024-1184,0,0,7b0789c4e91a5162e06df6289a54d1b7f2607f1e0a44e814477ad9c07a354474,2024-11-21T08:49:59.067000
 CVE-2024-11840,0,0,4f72dc8e1aec5c10e4842e27b0438d261a566769857022259f6d9b1c51e882be,2024-12-11T11:15:06.453000
+CVE-2024-11841,1,1,fdd18db2374966bd7dc4cfdbec465833272ac15516b4a57ac873a01de2ea53c0,2024-12-16T06:15:05.967000
 CVE-2024-11844,0,0,04412f8d1e89e121c8013622c692022d4f804bc36ac5e0beee05cf8987e8ae7f,2024-12-03T09:15:04.473000
 CVE-2024-1185,0,0,4ecd1740115bf103fbc8dca69b2cfbb42ac9a6d23eecf86cdd29f9e498ced7fa,2024-11-21T08:49:59.223000
 CVE-2024-11853,0,0,34e99eba0841fa956ba4d7c4a308f8505540f1a8e5d486ec7f2fdd3d46494b2f,2024-12-03T08:15:06.710000
@@ -269345,6 +269346,7 @@ CVE-2024-53292,0,0,67896e5cb823d0bbe120641ca2bcb7973e9580249f1b4ecda20948602273c
 CVE-2024-5330,0,0,d644a32144d291678dd5bb7f21b934bb851a049e1a1dcad7ed14bbc2171615fb,2024-11-21T22:46:26.800000
 CVE-2024-5331,0,0,ad9f3e021008e1f906a9999a71be6645de37906a8f88b5de79caa7d877855b39,2024-11-21T23:07:26.067000
 CVE-2024-5332,0,0,1bf02601401a5cfa3a271a75853b96cdcfd3e0b6b58677457c39ef4ba15b4069,2024-11-21T09:47:26.403000
+CVE-2024-5333,1,1,8a7fac0c9eeee2a3a66ad874201cc3f055a06adc9fa6889be0bb6c2b276946c2,2024-12-16T06:15:08.100000
 CVE-2024-53333,0,0,fec584e947b0ef91060e7974c2bc2800b0a5e22197ac40e517d4bb4ecce04a94,2024-11-25T22:15:18.437000
 CVE-2024-53334,0,0,16279143f552729b554e869e900fcdb0e710a67308c49b11d3ac0e3ed52e676d,2024-11-21T21:15:24.810000
 CVE-2024-53335,0,0,c7b5a8f73d12d44b7820d29b4dc55e553a7dba1e50218bfd0cdeaf78dc12e004,2024-11-26T18:15:19.850000
@@ -269355,7 +269357,7 @@ CVE-2024-53364,0,0,924e143b4294f3ffb491904ae2396d08e4637aeb46539cceee83f2ecfb2d4
 CVE-2024-53365,0,0,a93e9b8a9b0b556658347d02609f6ad1ef6238df632d2e5010e1700b801de550,2024-11-26T20:15:33.650000
 CVE-2024-5337,0,0,833c775533ef7ae5a7edcd24b7882543f8822839060a2f050988cae0593a7c5b,2024-11-21T09:47:26.857000
 CVE-2024-53375,0,0,a96158a88ef789b51594e1e6227bfd21c53a5e3374562f83781172631c34018e,2024-12-03T20:15:15.820000
-CVE-2024-53376,1,1,6f2e1cd152948522ed08adda8bddcfe4e01b7c3032de3deba69b2f27d9097e9f,2024-12-16T04:15:05.263000
+CVE-2024-53376,0,0,6f2e1cd152948522ed08adda8bddcfe4e01b7c3032de3deba69b2f27d9097e9f,2024-12-16T04:15:05.263000
 CVE-2024-5338,0,0,abd3cd0960193de57487be3582f664d37ab06a1518c59aace36e92f8c263b67a,2024-11-21T09:47:26.997000
 CVE-2024-5339,0,0,710abf6b65aa86d6904f8abe1101ad889bace87733c06f79ec2fe20822e1db4d,2024-11-21T09:47:27.133000
 CVE-2024-5340,0,0,2c2fba286498156a3309f1d9db161c67194b50596b7c53b6a9c7d8df9b89917d,2024-11-21T09:47:27.263000
@@ -270195,9 +270197,14 @@ CVE-2024-56073,0,0,01824a247f09195beb347683faab76db49c5c6281fc26b7356c5505b6ae50
 CVE-2024-56074,0,0,0642cc60954135db9d21e04c2f8a3494d7d5e43e5456627fcfb7a5451c970b77,2024-12-15T04:15:05.360000
 CVE-2024-5608,0,0,ced92374bfec9f9526a30572e667eb2d7d2eee08d2b8c010b292f0924bebbe2c,2024-11-26T01:42:21.587000
 CVE-2024-56082,0,0,57d547b5a105acb2d3e1ac52bd9fee3095823a449148e9ae5f97a8b20acffe15,2024-12-15T05:15:05.803000
-CVE-2024-56083,1,1,d5ae267ba83e28c541445d0350006e64b5fe517cb65a3dc2c39e4da3ee6ab5c3,2024-12-16T03:15:04.650000
+CVE-2024-56083,0,0,d5ae267ba83e28c541445d0350006e64b5fe517cb65a3dc2c39e4da3ee6ab5c3,2024-12-16T03:15:04.650000
+CVE-2024-56084,1,1,dd4b3899f13d6cc48ef2431ecf71a6d4f1f582b01420c47f59b4e730263bceba,2024-12-16T06:15:07.070000
+CVE-2024-56085,1,1,41cd7d13d1f62126b006143baeada1bf2ae2b131b1bffb4b2d1bf4f82008c1a0,2024-12-16T06:15:07.257000
+CVE-2024-56086,1,1,be9d8e8202b01df6ac58f2936c97673c2d917d5f68ce8e6b2c2bc2d1c3ba25db,2024-12-16T06:15:07.557000
+CVE-2024-56087,1,1,c9cb1df91f12c26db3987d003d8609417f9e02ef91af16219fd77e7aa06f6f4e,2024-12-16T06:15:07.727000
 CVE-2024-5609,0,0,4c03a855f07c8ea18d8e7a70e1e2d3467f32254daea5abf62f130fb919fa93d1,2024-06-06T19:16:09.920000
 CVE-2024-5611,0,0,52c51c7a288f3c0ab122ffc809ef2624c3045fff37cac024f8608d70739aac41,2024-11-21T09:48:00.920000
+CVE-2024-56112,1,1,98f0ba8a486530c3d9e8a82fb5101ef3dc6829dab0f1fe3ca7221915d295d052,2024-12-16T06:15:07.920000
 CVE-2024-5612,0,0,fa9f2c267dc0651754a7af098fdc2eb62147cefb9c269a544f85a4928011ea0a,2024-11-21T09:48:01.037000
 CVE-2024-5613,0,0,7adefd0ffa78c5730a0bdb9525773949feed9eb79c6b9e6014b5dbc5d6f802b4,2024-11-21T09:48:01.160000
 CVE-2024-5614,0,0,dbfe1b67548311692c56bb8d68c3048c964ba6dbbed397928536eff3aafacba1,2024-11-21T09:48:01.283000
@@ -272382,6 +272389,7 @@ CVE-2024-8110,0,0,b4e8390c247a4b5c8d5ae2a41711b5d65814e12f51c84ad4e39f5efb287795
 CVE-2024-8112,0,0,fcfc9bb301c5385ecfe64c0038a0f99927eb970927b0a881d422a101bec87660,2024-09-12T18:23:22.507000
 CVE-2024-8113,0,0,427fea32595baa771ed8d55299c8cc984dc80ea36d43c86bbfe37f4bc22b8a1a,2024-09-12T18:21:30.677000
 CVE-2024-8114,0,0,ce4a9e9d0f9dc97020ede98ab17686607ea12b0429f1f29ce319385f294da6e1,2024-12-12T20:54:48.113000
+CVE-2024-8116,1,1,ff523ab2b12e9071c1eb505775c259b4191ba710e3f17c24a56a528dd8081c8f,2024-12-16T05:15:05.520000
 CVE-2024-8117,0,0,d1db9899d5c0506caea4dad3cc8b9020baf45803321fa58841f8294cd6cfc182,2024-09-06T16:04:23.413000
 CVE-2024-8118,0,0,9c68fef3a03eeb61bf75dbaca492f0d566593858e356c54bb24670328382c2a4,2024-09-30T12:46:20.237000
 CVE-2024-8119,0,0,463fd021ace255a8f9e973d2a318e559b325b87766dc92d121c774ab304adc92,2024-09-06T16:11:02.370000
@@ -272821,6 +272829,7 @@ CVE-2024-8645,0,0,6c6883b70c241242d9a1f65a2463032602ee72b4685cb982075bbd16ddb385
 CVE-2024-8646,0,0,5d4c3a28ebd32aa1f4378c55d3483650a644a252e8339908c6d85c6b0a714f65,2024-09-18T20:20:51.643000
 CVE-2024-8647,0,0,b1e9cf01cd5f4a93ab6c4f89b8262f249b7e8a2855444e1565c9ef4716089852,2024-12-12T12:15:28.297000
 CVE-2024-8648,0,0,0abcd802734681ce4af3860b7724ddcd52fed923c7571306906317f333d2adac,2024-12-12T21:45:54.047000
+CVE-2024-8650,1,1,b4934d95d2b7f24eeda683d3c19f02deedd699de5e7bedf0d89634226d9799be,2024-12-16T05:15:05.780000
 CVE-2024-8651,0,0,448e710c58dc2b6cb7e6c0752275d7c46f3230f5cc540adcb81ec64c7f3e3413,2024-09-23T17:51:13.050000
 CVE-2024-8652,0,0,b93328507c3e2c61251105f102cea9b9503ccc6f996f8a6d11d528a513238383,2024-09-23T17:53:49.197000
 CVE-2024-8653,0,0,a43ec1058025e272e63281727c64c580e58aaf2cdc7cca8a6a9eacb06a5bfcda,2024-09-23T17:55:01.610000