diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10095.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10095.json index de75f9550f5..9eaea0a3bb0 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10095.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10095.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10095", "sourceIdentifier": "security@progress.com", "published": "2024-12-16T17:15:06.757", - "lastModified": "2024-12-16T17:15:06.757", - "vulnStatus": "Received", + "lastModified": "2024-12-18T12:59:51.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability." + }, + { + "lang": "es", + "value": "En las versiones de Telerik UI para WPF anteriores al cuarto trimestre de 2024 (2024.4.1213), es posible un ataque de ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de una vulnerabilidad de deserializaci\u00f3n insegura." } ], "metrics": { @@ -32,6 +36,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:telerik:ui_for_wpf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.4.1213", + "matchCriteriaId": "49231DFA-90F4-45A3-8257-3CA0EFC1526B" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-vulnerability-cve-2024-10095", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json new file mode 100644 index 00000000000..4f639d2aaca --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11291", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-18T12:15:08.710", + "lastModified": "2024-12-18T12:15:08.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3206206/paid-member-subscriptions", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e207f1a3-2ca5-46d1-91a9-89652451266c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json new file mode 100644 index 00000000000..c0cea608d32 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11912", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-18T12:15:08.950", + "lastModified": "2024-12-18T12:15:08.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the \u2018order_id\u2019 parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://travelerwp.com/traveler-changelog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/febd1ff3-3a1a-49c2-b210-9e72051e3172?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json new file mode 100644 index 00000000000..98ec84c84b8 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11926", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-18T12:15:09.107", + "lastModified": "2024-12-18T12:15:09.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://travelerwp.com/traveler-changelog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d21c7537-8437-43aa-ab52-9e14d27a6e7f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json new file mode 100644 index 00000000000..92c908304fc --- /dev/null +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47104", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-12-18T11:15:05.763", + "lastModified": "2024-12-18T11:15:05.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7179158", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json new file mode 100644 index 00000000000..b128e47e844 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49677", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:09.767", + "lastModified": "2024-12-18T12:15:09.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bootstrap-buttons/vulnerability/wordpress-bootstrap-buttons-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json new file mode 100644 index 00000000000..156535c3350 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-4995", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-12-18T12:15:09.940", + "lastModified": "2024-12-18T12:15:09.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.\u00a0This issue affects Wapro ERP Desktop versions before 9.00.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber", + "baseScore": 9.2, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "USER", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "AMBER" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2024/12/CVE-2024-4995/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/12/CVE-2024-4995/", + "source": "cvd@cert.pl" + }, + { + "url": "https://wapro.pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json new file mode 100644 index 00000000000..0d047698f00 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-4996", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-12-18T12:15:10.120", + "lastModified": "2024-12-18T12:15:10.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP\u00a0installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP\u00a0installations.\u00a0This issue affects Wapro ERP Desktop versions before 8.90.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:M/U:Red", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "YES", + "recovery": "IRRECOVERABLE", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2024/12/CVE-2024-4995/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/12/CVE-2024-4995/", + "source": "cvd@cert.pl" + }, + { + "url": "https://wapro.pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json new file mode 100644 index 00000000000..0c084c9035b --- /dev/null +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-51646", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:10.270", + "lastModified": "2024-12-18T12:15:10.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/saoshyant-element/vulnerability/wordpress-saoshyant-element-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json new file mode 100644 index 00000000000..0ab62334067 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52485", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:10.417", + "lastModified": "2024-12-18T12:15:10.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-menu-image/vulnerability/wordpress-wp-menu-image-plugin-2-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json new file mode 100644 index 00000000000..3f76a35ff8d --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54270", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:10.570", + "lastModified": "2024-12-18T12:15:10.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/axeptio-sdk-integration/vulnerability/wordpress-axeptio-plugin-2-5-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json new file mode 100644 index 00000000000..5392b8575dd --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54350", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:10.713", + "lastModified": "2024-12-18T12:15:10.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/hmd/vulnerability/wordpress-hmd-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55975.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55975.json new file mode 100644 index 00000000000..3a79d1a7ea0 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55975.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55975", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:10.850", + "lastModified": "2024-12-18T12:15:10.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dr-affiliate/vulnerability/wordpress-dr-affiliate-plugin-1-2-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55983.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55983.json new file mode 100644 index 00000000000..656bfc88227 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55983.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55983", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.003", + "lastModified": "2024-12-18T12:15:11.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/power-forms-builder/vulnerability/wordpress-powerformbuilder-plugin-1-0-6-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55984.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55984.json new file mode 100644 index 00000000000..0170de9283f --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55984.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55984", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.167", + "lastModified": "2024-12-18T12:15:11.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/saksh-escrow-system/vulnerability/wordpress-saksh-escrow-system-plugin-2-4-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55985.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55985.json new file mode 100644 index 00000000000..5e0ac390815 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55985.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55985", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.323", + "lastModified": "2024-12-18T12:15:11.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/yds-support-ticket-system/vulnerability/wordpress-yds-support-ticket-system-plugin-1-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55997.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55997.json new file mode 100644 index 00000000000..22234728e81 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55997.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55997", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.477", + "lastModified": "2024-12-18T12:15:11.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/order-delivery-pickup-location-date-time-free-version/vulnerability/wordpress-order-delivery-pickup-location-date-time-plugin-1-1-0-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56008.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56008.json new file mode 100644 index 00000000000..9608d235184 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56008.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56008", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.630", + "lastModified": "2024-12-18T12:15:11.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/spreadr-for-woocomerce/vulnerability/wordpress-spreadr-woocommerce-plugin-1-0-4-arbitrary-content-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56010.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56010.json new file mode 100644 index 00000000000..34246114e5b --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56010.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56010", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.790", + "lastModified": "2024-12-18T12:15:11.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/device-detector/vulnerability/wordpress-device-detector-plugin-4-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56016.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56016.json new file mode 100644 index 00000000000..9aa5cad0b0c --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56016.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56016", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:11.940", + "lastModified": "2024-12-18T12:15:11.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-mapper/vulnerability/wordpress-image-mapper-plugin-0-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56058.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56058.json new file mode 100644 index 00000000000..3ac8ec364db --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56058.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56058", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:12.087", + "lastModified": "2024-12-18T12:15:12.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/vrpconnector/vulnerability/wordpress-vrpconnector-plugin-2-0-1-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56059.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56059.json new file mode 100644 index 00000000000..9b24da1c250 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56059.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56059", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-18T12:15:12.237", + "lastModified": "2024-12-18T12:15:12.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/partners/vulnerability/wordpress-partners-plugin-0-2-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d90d84dd85e..29665bf04b9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-18T11:00:29.081256+00:00 +2024-12-18T13:01:15.057411+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-18T10:15:08.493000+00:00 +2024-12-18T12:59:51.003000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274215 +274236 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `21` -- [CVE-2024-11614](CVE-2024/CVE-2024-116xx/CVE-2024-11614.json) (`2024-12-18T09:15:06.660`) -- [CVE-2024-12340](CVE-2024/CVE-2024-123xx/CVE-2024-12340.json) (`2024-12-18T10:15:07.827`) -- [CVE-2024-12454](CVE-2024/CVE-2024-124xx/CVE-2024-12454.json) (`2024-12-18T10:15:08.117`) -- [CVE-2024-12554](CVE-2024/CVE-2024-125xx/CVE-2024-12554.json) (`2024-12-18T10:15:08.493`) +- [CVE-2024-11291](CVE-2024/CVE-2024-112xx/CVE-2024-11291.json) (`2024-12-18T12:15:08.710`) +- [CVE-2024-11912](CVE-2024/CVE-2024-119xx/CVE-2024-11912.json) (`2024-12-18T12:15:08.950`) +- [CVE-2024-11926](CVE-2024/CVE-2024-119xx/CVE-2024-11926.json) (`2024-12-18T12:15:09.107`) +- [CVE-2024-47104](CVE-2024/CVE-2024-471xx/CVE-2024-47104.json) (`2024-12-18T11:15:05.763`) +- [CVE-2024-49677](CVE-2024/CVE-2024-496xx/CVE-2024-49677.json) (`2024-12-18T12:15:09.767`) +- [CVE-2024-4995](CVE-2024/CVE-2024-49xx/CVE-2024-4995.json) (`2024-12-18T12:15:09.940`) +- [CVE-2024-4996](CVE-2024/CVE-2024-49xx/CVE-2024-4996.json) (`2024-12-18T12:15:10.120`) +- [CVE-2024-51646](CVE-2024/CVE-2024-516xx/CVE-2024-51646.json) (`2024-12-18T12:15:10.270`) +- [CVE-2024-52485](CVE-2024/CVE-2024-524xx/CVE-2024-52485.json) (`2024-12-18T12:15:10.417`) +- [CVE-2024-54270](CVE-2024/CVE-2024-542xx/CVE-2024-54270.json) (`2024-12-18T12:15:10.570`) +- [CVE-2024-54350](CVE-2024/CVE-2024-543xx/CVE-2024-54350.json) (`2024-12-18T12:15:10.713`) +- [CVE-2024-55975](CVE-2024/CVE-2024-559xx/CVE-2024-55975.json) (`2024-12-18T12:15:10.850`) +- [CVE-2024-55983](CVE-2024/CVE-2024-559xx/CVE-2024-55983.json) (`2024-12-18T12:15:11.003`) +- [CVE-2024-55984](CVE-2024/CVE-2024-559xx/CVE-2024-55984.json) (`2024-12-18T12:15:11.167`) +- [CVE-2024-55985](CVE-2024/CVE-2024-559xx/CVE-2024-55985.json) (`2024-12-18T12:15:11.323`) +- [CVE-2024-55997](CVE-2024/CVE-2024-559xx/CVE-2024-55997.json) (`2024-12-18T12:15:11.477`) +- [CVE-2024-56008](CVE-2024/CVE-2024-560xx/CVE-2024-56008.json) (`2024-12-18T12:15:11.630`) +- [CVE-2024-56010](CVE-2024/CVE-2024-560xx/CVE-2024-56010.json) (`2024-12-18T12:15:11.790`) +- [CVE-2024-56016](CVE-2024/CVE-2024-560xx/CVE-2024-56016.json) (`2024-12-18T12:15:11.940`) +- [CVE-2024-56058](CVE-2024/CVE-2024-560xx/CVE-2024-56058.json) (`2024-12-18T12:15:12.087`) +- [CVE-2024-56059](CVE-2024/CVE-2024-560xx/CVE-2024-56059.json) (`2024-12-18T12:15:12.237`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `1` -- [CVE-2024-10041](CVE-2024/CVE-2024-100xx/CVE-2024-10041.json) (`2024-12-18T10:15:05.850`) -- [CVE-2024-10573](CVE-2024/CVE-2024-105xx/CVE-2024-10573.json) (`2024-12-18T09:15:05.593`) -- [CVE-2024-52337](CVE-2024/CVE-2024-523xx/CVE-2024-52337.json) (`2024-12-18T09:15:06.843`) +- [CVE-2024-10095](CVE-2024/CVE-2024-100xx/CVE-2024-10095.json) (`2024-12-18T12:59:51.003`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 65e59db9dd0..77a65806f6f 100644 --- a/_state.csv +++ b/_state.csv @@ -243049,7 +243049,7 @@ CVE-2024-10035,0,0,1d712f43023e008a106726b7d0612283e8db958b9552c5958fb255c66dbb3 CVE-2024-10038,0,0,ebd3b63d92012ddaf16057a534e828f3dfcac6a3eb398c1c9f9e757273980dc7,2024-11-13T17:01:16.850000 CVE-2024-1004,0,0,7b6f5b47804b16387719a9bf9a5f5e1230f32238a62387586392ff4de375b23b,2024-11-21T08:49:34.290000 CVE-2024-10040,0,0,f83eb1bf0d191e6ff28c64987d9d925532ba47fbade95b4f2582be8beaa243b5,2024-11-01T18:26:23.450000 -CVE-2024-10041,0,1,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000 +CVE-2024-10041,0,0,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000 CVE-2024-10043,0,0,15debe6a05b2854b66ec2962b60af0c6901f10ade93dabb43ab1785dfa9941db,2024-12-12T12:15:21.330000 CVE-2024-10045,0,0,856fc9a539db9327702f3141fe8cd970de60cdb7e18125e39405eb0d41f31999,2024-10-25T18:52:30.337000 CVE-2024-10046,0,0,affe8ae08e1550f00dfad8d5468ae3e6fc09f4637e56fab36b963f0a53463c60,2024-12-07T02:15:17.543000 @@ -243082,7 +243082,7 @@ CVE-2024-10091,0,0,244835544befc14a0ba664699f50b681fca0c5387af75b0db99291b956c48 CVE-2024-10092,0,0,3187158205da52d65b1fd5fde676bfb3bfd6fed14de72d76a8aab9b275f77138,2024-10-28T13:58:09.230000 CVE-2024-10093,0,0,c59046555fb4e55c30f34ec91ac62910be408e9628c1cf31aaf113495f33e4fd,2024-11-01T18:07:07.003000 CVE-2024-10094,0,0,e63fac5d529dc5bceb010fd479146f46858cd90c1e360601f682aec7c32291c2,2024-11-21T13:57:24.187000 -CVE-2024-10095,0,0,f02d4c4afddaa224b97fe2844cf121a9dc5e62c057c943ae30314d6029474d8f,2024-12-16T17:15:06.757000 +CVE-2024-10095,0,1,7be965c3275839227029409c680ba1f671ec7b8fcaba42e7a973dc116b9093e1,2024-12-18T12:59:51.003000 CVE-2024-10097,0,0,7121c39d2c238d666aa68f098cbf1d5544a9aab3221767519c48769f9658d5d8,2024-11-06T19:14:22.817000 CVE-2024-10099,0,0,ff238a91e24fcb0a85fcb34f700c80404c8e345e8e0c333898778e0f4a6cf856,2024-10-21T21:03:53.647000 CVE-2024-1010,0,0,b760c6839f8ba4fc102d84ec8eb422be6a7986ee41491a18032e2ca8b34ccde5,2024-11-21T08:49:35.243000 @@ -243475,7 +243475,7 @@ CVE-2024-10568,0,0,29a6369be6bdec3fac3a49600567225eff324bd19cbe3ade1e99b53075e8c CVE-2024-1057,0,0,82d074eff87805c0c8af6f292d67be991df4f6c4e8e298eece318c63dbd97000,2024-11-21T08:49:41.890000 CVE-2024-10570,0,0,d14f79535077a039c8f0d0d1b0a6c4a3ac35cc316f33ff69affb05a342db6337,2024-11-26T06:15:07.880000 CVE-2024-10571,0,0,f71ab1f371691490f777d99e9ef171c06da239e7fc0febb0c87d28cd50afda7c,2024-11-19T15:46:52.187000 -CVE-2024-10573,0,1,621e588bdb3cc973a61681ae42e38685083b0c2a5f1638656bd9e4586db91816,2024-12-18T09:15:05.593000 +CVE-2024-10573,0,0,621e588bdb3cc973a61681ae42e38685083b0c2a5f1638656bd9e4586db91816,2024-12-18T09:15:05.593000 CVE-2024-10575,0,0,03762e78a5828d8b55361401397de1337ee643c8f18d1eb80fdc2d4b613eef7a,2024-11-19T17:28:06.750000 CVE-2024-10576,0,0,eed372ac324540d33b58763a1bf43e6b593158e046a13131665b4e3a010fd74b,2024-12-04T12:15:18.463000 CVE-2024-10577,0,0,8ee7592b98835f46232a1e14ff5137523cb2e97a8a69a4d48034bc127b323249,2024-11-21T08:48:45.150000 @@ -244045,6 +244045,7 @@ CVE-2024-1128,0,0,b5697d53bd1cc8361103858a196325f5d64208a9e9a1888a08b3143838ba17 CVE-2024-11280,0,0,c6c99c2b8008dd804efc112557dc7f34f3207d1ea9c17d95b04cb9020689b542,2024-12-17T12:15:19.343000 CVE-2024-11289,0,0,1d2443a1a9242c04e29818ad13875ac1c58e80e7866f1501dec4b2d1a8559f61,2024-12-06T10:15:05.450000 CVE-2024-1129,0,0,cbf5818dce2e4cd60590d30546d905436cb36b8ec16eeb56ee9382ffddfc0bc3,2024-11-21T08:49:51.773000 +CVE-2024-11291,1,1,2cf15ce460c7aba26cc92cc41e6feb3c11e580646437c6ad209f9fd7450b0fdf,2024-12-18T12:15:08.710000 CVE-2024-11292,0,0,44d76ae9b7e309446be6c076fee918f16faf12f6eba1bd4aed88a2108eee73db,2024-12-06T09:15:05.993000 CVE-2024-11293,0,0,963e5cd86fd8964150efb764dabf7f60f1898cb3eb1113839b414494aefc5068,2024-12-04T08:15:06.343000 CVE-2024-11294,0,0,2eb006c700872e4221a5d65f1f84540c18c42b5a19bdffcef60597b889db391d,2024-12-17T09:15:05.193000 @@ -244306,7 +244307,7 @@ CVE-2024-11601,0,0,51a555e6d26623f2054da12f000d146e4e1662608f2c3f75f4d4bafe7cada CVE-2024-11608,0,0,8ddbc230a8730b76ffe6955779ba3c4d90ea8f23edd3f564c2db516009c0d0dc,2024-12-09T18:15:22.580000 CVE-2024-1161,0,0,68cc61ca71a85d6059ad02181ec1fb4a89655dbd3db8900d271e7a26ec14fb67,2024-11-21T08:49:56.127000 CVE-2024-11612,0,0,bb444eed2bab8dc9d7d3d2707a19c782bc9311cf8cab3a2875a904169993bb7a,2024-11-22T21:15:17.387000 -CVE-2024-11614,1,1,13dd2dd6a852c375ccdb00718f2e6d48f93b262b14487508e32f597f2f0ff20b,2024-12-18T09:15:06.660000 +CVE-2024-11614,0,0,13dd2dd6a852c375ccdb00718f2e6d48f93b262b14487508e32f597f2f0ff20b,2024-12-18T09:15:06.660000 CVE-2024-11618,0,0,faa524e213716321f8f8b440fa9593fea7194f824084fdf0ccb0ec4689ef9c66,2024-11-22T19:15:05.437000 CVE-2024-11619,0,0,17535dfba9741d471fadae0fb91280b5ae16dfa5d4f7978c2708116e3a1ee713,2024-11-22T21:15:17.500000 CVE-2024-1162,0,0,3088f9ddfe31234409eeca0c6733f6625e00a303f5f7e9ffe94fe1a6782630d7,2024-11-21T08:49:56.270000 @@ -244531,10 +244532,12 @@ CVE-2024-11906,0,0,bd06f91b81ce065886b8d405edb88e6a7d8f769e622325bb6fd5cdbba074c CVE-2024-1191,0,0,6f7a8128ca74425a818c30dd0345aad863d38fbb6a993214ffab466088e49214,2024-11-21T08:50:00.150000 CVE-2024-11910,0,0,7cdc56d220bb226d66f2e09af7dfa09212676d67ef40d93704c67462fa98d7df,2024-12-13T09:15:06.543000 CVE-2024-11911,0,0,caa0b453641ff9f186639ae770eb52db38531714654a626a4eab9e32db68000f,2024-12-13T09:15:07.083000 +CVE-2024-11912,1,1,fd00ef8938fde1ad7f771834102d2a306c5a726aced6f24d18f621b4fda8b9a3,2024-12-18T12:15:08.950000 CVE-2024-11914,0,0,fa4ae25ac8caf18cb116501f16c4447bae56afeb864dc904882202ad6cc9632f,2024-12-12T04:15:06.983000 CVE-2024-11918,0,0,f7031582b21494aaa2ccab4dd4ab92d52bf9f67c1445d9fb72b363b717cfc06b,2024-11-28T06:15:08.347000 CVE-2024-1192,0,0,feeadd7788bda0ae41e0b060ef10672169205cb5b73feeee0610abe95f0f97d2,2024-11-21T08:50:00.287000 CVE-2024-11925,0,0,77043a2dc07077ec38aa584033543217cc9fb39ce00751159aa83ba0aa54cc6b,2024-11-28T07:15:05.267000 +CVE-2024-11926,1,1,baba6306cf533ff903f4dad88b2b137bc601e7849d607c260cbaf97669347fa1,2024-12-18T12:15:09.107000 CVE-2024-11928,0,0,4eb81c3b991253e17b093831750d2f60d8030675796e16e7e29cc29429037a0b,2024-12-10T11:15:07.220000 CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 @@ -244740,7 +244743,7 @@ CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614da CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000 CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000 CVE-2024-1234,0,0,6b4d1ae0b8159c98fb379447cf95a21f71a7514cfa9af5f48616ab89e3a52cca,2024-11-21T08:50:07.567000 -CVE-2024-12340,1,1,cc3d10aac895cc18a95acaee43486e0dd3f14720e258c0bcb796836c33e401b1,2024-12-18T10:15:07.827000 +CVE-2024-12340,0,0,cc3d10aac895cc18a95acaee43486e0dd3f14720e258c0bcb796836c33e401b1,2024-12-18T10:15:07.827000 CVE-2024-12341,0,0,73d0614d7c98b23e49242f0be40422e4e73b095a6a96061a926bb2fee6b56681,2024-12-12T04:15:07.660000 CVE-2024-12342,0,0,ca2d1ce741ee271c3f8bb6665fd58409882d87693c71ffc1173980d86241d998,2024-12-08T07:15:04.950000 CVE-2024-12343,0,0,ac88dc9695a819696f313a26b68429a92402a92d44a44fae3dae004786557c5b,2024-12-10T23:26:52.047000 @@ -244792,7 +244795,7 @@ CVE-2024-12447,0,0,c7d237797e5045bf7231fd7a8dd02f5534e2ad794fcb81ab9e39a8e990833 CVE-2024-12448,0,0,11e50dbe77a1a32d7920e9e6082c85f472336b04f5fe27094dc25dc5df597595,2024-12-14T05:15:10.873000 CVE-2024-12449,0,0,cc5a471cbb81d8238c3d9f1680145c72ae8c0bd44f99f5f3dc86949ac489bcc7,2024-12-18T04:15:08.103000 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000 -CVE-2024-12454,1,1,b4d45e724a1c42d03375fcfe4d874a27f69cfccb10695f36b87764625e7bd0cc,2024-12-18T10:15:08.117000 +CVE-2024-12454,0,0,b4d45e724a1c42d03375fcfe4d874a27f69cfccb10695f36b87764625e7bd0cc,2024-12-18T10:15:08.117000 CVE-2024-12458,0,0,2dff647285f20b176250357c056fba4cfb4d59ea24572e2cfd9d5f5ecb43bfcb,2024-12-14T05:15:11.060000 CVE-2024-12459,0,0,afa492c736eca842cbfac1bae4af71a966055505fb77debb49ea61411a663e1d,2024-12-14T06:15:19.487000 CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000 @@ -244836,7 +244839,7 @@ CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c CVE-2024-1255,0,0,5935182eb4eb024c7cf7e3cda464e0c74472c4e58bc0030bb090a2a8f708b72f,2024-11-21T08:50:10.150000 CVE-2024-12552,0,0,fb797bda6a7925c8d7543e5704f2ad51014fa3335d6fe6df263bb53aa2925a54,2024-12-13T23:15:05.553000 CVE-2024-12553,0,0,a2255cbe7c81f26e6254fdbc6535a51f1e6a86b8a15e67572b76456e109cd8f4,2024-12-13T23:15:06.310000 -CVE-2024-12554,1,1,9c2c5116d478f8a3368d2869fc0d22776c7ca9cea54e725be0c02d64f1e2b79f,2024-12-18T10:15:08.493000 +CVE-2024-12554,0,0,9c2c5116d478f8a3368d2869fc0d22776c7ca9cea54e725be0c02d64f1e2b79f,2024-12-18T10:15:08.493000 CVE-2024-12555,0,0,0d42d0c8cac624be8352d225c1fedeed93d78abfe4d84ed9171ab1d4e5a1062b,2024-12-14T05:15:11.827000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 @@ -265437,6 +265440,7 @@ CVE-2024-4709,0,0,613e57ae1ceb02dcd7cd23d2e724aec8eab6480f5f138696ad2d1f217ee1ae CVE-2024-47094,0,0,d24e1f292f7d19d40d32d967d3e72cc931ea886edc80358cb771de69f5f1ca5a,2024-12-03T20:01:52.610000 CVE-2024-47095,0,0,ab3ae5fb8cc2610821c1dec2e1fa7073f06cbe80c80fa571d8c05d61db95648f,2024-10-10T12:56:30.817000 CVE-2024-4710,0,0,9c507813f9fc80a7b0290c71ebb56c5cafbe3613f57bf93e1120a9c56f52904d,2024-11-21T09:43:25.600000 +CVE-2024-47104,1,1,495d25b5470a35cca2a2f33e6af7aaae09698e2f7d25049602857c1ae4c17548,2024-12-18T11:15:05.763000 CVE-2024-47107,0,0,cbccf574787d61b4f6ca0e02b243f9353763dfcf6f42da1d1ab7d0498a1d160e,2024-12-07T15:15:04.123000 CVE-2024-4711,0,0,e4ef71037ebae75f1c7783581ae71eaf15c6142551362f95bff0adb8f63f9b15,2024-11-21T09:43:25.710000 CVE-2024-47115,0,0,64bb47e915974f1dfec3d4bee74763bed48bbf036cf9597873496ec80cb951dc,2024-12-07T13:19:14.783000 @@ -267113,6 +267117,7 @@ CVE-2024-49673,0,0,5cfbaeb230b289604e6a9a17a0e3169a5fd351a546e39f0d9f8cdbcaef1b2 CVE-2024-49674,0,0,485cc36f092613aa15cc1bf9c84e4863b887e4a287065a305bbaf4e37c253850,2024-11-01T12:57:03.417000 CVE-2024-49675,0,0,b7fbdd38c92d79ba1d7bcc6ed0be95e3d48c155f778ae6bd0a0ba79a52dcf7e9,2024-11-06T22:24:22.907000 CVE-2024-49676,0,0,5e84a7f815d1b9044cdeca37f68c539b4cbe8969197e93a16e488c34b320dc93,2024-10-25T12:56:36.827000 +CVE-2024-49677,1,1,9b95a0c54be2f3a3b825b7321144b8a29c710b057aa4cd9ca09142432eaa41c8,2024-12-18T12:15:09.767000 CVE-2024-49678,0,0,319a818bec0536024df1c2df86fbfbecb9d910baf74659a55d48a69eb70b5fda,2024-10-29T14:34:04.427000 CVE-2024-49679,0,0,69366457d136ea54a3b6926990a6003dde86feed848c00d8b78be39be0d98ee7,2024-11-08T14:52:24.823000 CVE-2024-4968,0,0,5c01ac4183eb6b049ceed5603d9de2600208167774b0c29de75a6b09dcf8cd7e,2024-11-21T09:43:58.297000 @@ -267289,6 +267294,7 @@ CVE-2024-49946,0,0,4282502abb14004f3ad3b6990ba1eea19c5a1f24f9e8009830652e8dcd140 CVE-2024-49947,0,0,45246e2f634d00c4f196249e0c002c9ac4a3e83049907010f1a2ea778482c097,2024-11-12T21:25:21.870000 CVE-2024-49948,0,0,3c07375ebdcbc88e821363a12991edcd9ef0a0e6f3e0ea074854719cb756d20d,2024-11-12T21:19:24.440000 CVE-2024-49949,0,0,862d00735d151a14c8eadd98da18017da1bd5bd1db3933cfea0083036e3d13f8,2024-11-12T21:03:59.377000 +CVE-2024-4995,1,1,311d73f94712d43484eb5a9a868c6f771d7f103c26ce938da17c32c3ddb1edb1,2024-12-18T12:15:09.940000 CVE-2024-49950,0,0,a3b2e262aca9e244ab2da6b1f6a174049eadab2e9a1c66c343347b7a6457968f,2024-12-14T21:15:31.613000 CVE-2024-49951,0,0,1bcd56af774503e3361ae7748b61405667859f87d6c481b76256bab77dfaa560,2024-12-14T21:15:32.053000 CVE-2024-49952,0,0,4211d2a9f88cb08f96387a31b9ab3d61b023ec569e7605a0a8bc222d3124b341,2024-11-13T00:46:03.893000 @@ -267299,6 +267305,7 @@ CVE-2024-49956,0,0,ad41e742c241feac4d7d72745b86d5b76fa77783fcd0fc01df15ad2e54cc7 CVE-2024-49957,0,0,9fe20b814f873df80408128cebb309ff4cb21aaafe57f30b76e489a1f3b92b1a,2024-11-08T16:15:33.963000 CVE-2024-49958,0,0,5a97ea90ba1b12a92ad466299cd8b86dadc4bd73e96d0f2c30a9c22bc81604fc,2024-11-08T16:15:34.497000 CVE-2024-49959,0,0,6fe07b5cdf4fe31cd38dce519a93cee53aeca01693535ae376b18ac0b1feb771,2024-11-08T16:15:34.923000 +CVE-2024-4996,1,1,46cadb52903517fe87cbb6981ddc580cd04057e637a71401fff7fce04e8a9988,2024-12-18T12:15:10.120000 CVE-2024-49960,0,0,acab1eb31f27cdc9f4ae9bec65ad798d53c3a894c6765df6ead00c7435d0c074,2024-11-17T15:15:18.527000 CVE-2024-49961,0,0,dde3df5f8bdf7f3dca86d86905800e80b0cf9f5a049803c6b644a59c20edafeb,2024-11-07T19:22:15.323000 CVE-2024-49962,0,0,9e23d9ec87abc1ddc1631ece5ff7f04c4c36be12aa82158171cb5a65d60f4061,2024-11-08T16:15:35.413000 @@ -268447,6 +268454,7 @@ CVE-2024-51642,0,0,5152e85707089a7f3186d35c0774851bc910b269c16bcf282f6f8c964d97d CVE-2024-51643,0,0,6cd95bcb0b7533023b50646b0fac301aca8db2d6cdd664093da0890b1d9cb32a,2024-11-19T21:57:32.967000 CVE-2024-51644,0,0,34e478edea57d0615ca8c922c7e7d4b0973519169e85ccc175b6a394b6401123,2024-11-19T21:57:32.967000 CVE-2024-51645,0,0,06028be70e3cbb5560cab4fc4dcc9fdb4e95ab08be7c034a585406faa5e25e73,2024-11-19T21:57:32.967000 +CVE-2024-51646,1,1,b391865e870d9134387057bc06f0e5d67ed66c2d1ef2083a2b758d08cb39d757,2024-12-18T12:15:10.270000 CVE-2024-51647,0,0,0324321535da7d43ca4deac4fdb3c1e7d74c19d7383440bb5b1349d55f97e233,2024-11-12T13:56:24.513000 CVE-2024-51648,0,0,dbb0968afe4034eda92af49d97342dc91c1ea36f66d8dfaf80e8afd706de0c57,2024-11-19T21:57:32.967000 CVE-2024-51649,0,0,c81969392142cf30b442ca2488ba5a508853d5d91fdf922f672d341833d4b7a4,2024-11-19T21:57:32.967000 @@ -268879,7 +268887,7 @@ CVE-2024-52324,0,0,1b82757393c4b121efeb2aca56c501ac2b568f66f0e838324b89dea8626b5 CVE-2024-5233,0,0,f7aceb9f589abd3e3127e7bdc682ef20b7c3a1e0d748898af38a399a8a8c2229,2024-11-21T09:47:14.357000 CVE-2024-52335,0,0,e1e5dff8245ade7d0df486779ba826bca2b65cb6a4f443a05cb574ac0185e48c,2024-12-06T14:15:21.230000 CVE-2024-52336,0,0,dd607d54a19f06d9586ad47f8dcb31a3a661a8cc06227fd4e6ebe7bf5d6da0a8,2024-12-05T14:15:21.663000 -CVE-2024-52337,0,1,925be7c9f01edf95601d7cc3682b7656b69faf68fbdaa260a737e95f8a00a21c,2024-12-18T09:15:06.843000 +CVE-2024-52337,0,0,925be7c9f01edf95601d7cc3682b7656b69faf68fbdaa260a737e95f8a00a21c,2024-12-18T09:15:06.843000 CVE-2024-52338,0,0,9bcca0f5584def2789a1613da17d1dfa11f003cf9877e634fced8f070cd4a571,2024-11-29T15:15:17.550000 CVE-2024-52339,0,0,8c254a85b0cc7761c2c8f8cf7f1a34f104621eefc5d8f80c80f60233cb82f4fd,2024-11-19T21:57:32.967000 CVE-2024-5234,0,0,3621dd7a9355ab69fb44113adac5d6db321db5bd9e4f974601bbdcdbc1644b98,2024-11-21T09:47:14.493000 @@ -269033,6 +269041,7 @@ CVE-2024-52481,0,0,a7309831bf78d36e2ea1cd8b30d3ef08bb169830c7beaff56276c63bc5fd7 CVE-2024-52482,0,0,fe3f09e5e14bd802eba12c8c9f67e8414b606975733469038e3912792e967fa2,2024-12-02T14:15:09.603000 CVE-2024-52483,0,0,b3f8c3a0b11741f29ce99b7a7e45ec466bf2e703c6eae60631e7734657eb12df,2024-12-02T14:15:09.740000 CVE-2024-52484,0,0,9c617bb84889d9dd5697e12280aa625dd9b3ccee97deaa14f0f662833ea68d80,2024-12-02T14:15:09.883000 +CVE-2024-52485,1,1,3c00772177329aa6d3970654ef07f7985dffe24c62754084e3d8316b6d92de77,2024-12-18T12:15:10.417000 CVE-2024-52486,0,0,5193c625f02d6aae6fbac2a099657fbf4740615e561f3fade25a73861458812f,2024-12-02T14:15:10.017000 CVE-2024-52487,0,0,1c40351f41ab17b71a0bba45de03b1c3b444df985e36d6893bd7a478b47e5095,2024-12-02T14:15:10.147000 CVE-2024-52489,0,0,114f5b0fd631bb50a3164b9ce3be5beb08fbc61365ea62d5efe502aef3fc623d,2024-12-02T14:15:10.320000 @@ -269982,6 +269991,7 @@ CVE-2024-54267,0,0,19b2edf2ab0201b0d80c620d39e4fa0e8c80c1bf2b0a4f3c81a4c7c9c9e94 CVE-2024-54268,0,0,1f33f3ea0aadfaf832c2d90a075ea324c76d65bcbc684f81278d9e88a8b75851,2024-12-13T15:15:31.080000 CVE-2024-54269,0,0,80ac095d31433aafabf7debefee962a6f6c2eac87daa457c3fe90f17fcc9678f,2024-12-11T10:15:07.790000 CVE-2024-5427,0,0,0e5a4a243a6c356d48858411e10959c0d2b5ef3e2a4a055bc1bad76f470ca7d5,2024-11-21T09:47:38.020000 +CVE-2024-54270,1,1,6c903904805b92d7828dc048abb44933efe419074a352ae063e0c4ebebea5eaa,2024-12-18T12:15:10.570000 CVE-2024-54271,0,0,621ff0326d2fc9dd051c122a542b742e69a78619f0308f7a42511469d1077041,2024-12-13T15:15:31.230000 CVE-2024-54272,0,0,92081ca9070adab845842b45780f43a5b69bd1bc7503c421572a47c2f97ed814,2024-12-13T15:15:31.367000 CVE-2024-54273,0,0,7de1d07a96d26729c0f10f3cecfc2d5673378ba2d504e5d75819c414633476fe,2024-12-13T15:15:31.497000 @@ -270067,6 +270077,7 @@ CVE-2024-54347,0,0,9ecffa953e0884bbd46d6103688207c54883dbdda010bfeb70a36a3a1d570 CVE-2024-54348,0,0,aa27cf6b15bab24c6c600c9630a13cf2537b1e8caebdcb4ef68f3fe5d90bcee2,2024-12-16T16:15:08.477000 CVE-2024-54349,0,0,1827028321e929a3a9304e3cc0db0d3b606a5800582305628e60ae52cd7428a1,2024-12-13T15:15:42.440000 CVE-2024-5435,0,0,be7b01e002899800d7c367843f4cb71728bce729e4821fb8e6b5065711ce87d0,2024-11-21T09:47:40.767000 +CVE-2024-54350,1,1,9b1b46ea9a35c61fd7ad36161d113317be573e993dc087f39eb8044615408f66,2024-12-18T12:15:10.713000 CVE-2024-54351,0,0,c7129cdf0b23517dec940400cbe9c6a0f2d69d5f8af88980273177b73e05253c,2024-12-13T15:15:42.573000 CVE-2024-54352,0,0,d6b00b28bc731c1d7480280f5844dfeeba94e7552fbc8fc902c4d74620e2809a,2024-12-16T15:15:07.707000 CVE-2024-54353,0,0,56c899c16f980be7d5ae16bb63bd232789506aa08518290600f7451bf40d052c,2024-12-16T15:15:07.867000 @@ -270451,6 +270462,7 @@ CVE-2024-55970,0,0,758b82af3b693a427bceeb6ff3980817487e79e485f9519217bb4cb4cf8b5 CVE-2024-55972,0,0,1c44851ff34933b5d9d20c1d43229f33a01d18ccacf7c33b8ab8ff687a3ae63c,2024-12-16T15:15:23.613000 CVE-2024-55973,0,0,88c683f476bee0b08a38ad5028fbfed3d3c5274f5b3a1ebfb1df181a1a2f2141,2024-12-16T15:15:23.767000 CVE-2024-55974,0,0,64a3805e2dde6492ed0dae16ddb2d242bbca0f63953aa16f3a50643bc6d911ba,2024-12-16T15:15:24.397000 +CVE-2024-55975,1,1,764f7e5d25ad0ccbf88d3972a2821b6803c61ed40bd12ebf3c66d169865d4405,2024-12-18T12:15:10.850000 CVE-2024-55976,0,0,677d9056c69dbe1fb1ca305a501c341e634fb161039746fcfd3fad470d57a092,2024-12-16T15:15:24.550000 CVE-2024-55977,0,0,00bde74b9c09b028f5e45be95decc038680e51a23a68e23798ad262b3f6d0941,2024-12-16T15:15:24.700000 CVE-2024-55978,0,0,70de8549de34b7beae6d0c7d53f0c88e5e5163d577c6d4b77e1e9a0d3587d5cb,2024-12-16T15:15:24.840000 @@ -270459,6 +270471,9 @@ CVE-2024-5598,0,0,2cf80b31fb178896d7f3a9a8e95bb15f7d3d96fd4d258d8fe02fb96f5cf562 CVE-2024-55980,0,0,c8db833ec7e6e3c339e99eae8d44a99f2eed3deef5836a2ec493c77fc198dde4,2024-12-16T15:15:25.130000 CVE-2024-55981,0,0,f883699a36d99fb40d792fa40c88a353cf593e1183b7ec4c5e05b2733ffab54f,2024-12-16T15:15:25.283000 CVE-2024-55982,0,0,5d9583881751b8be02c821a9caf92f4429cb26fc56f032f5634573dbe01fe6ce,2024-12-16T15:15:25.433000 +CVE-2024-55983,1,1,ed51250b22bb87e1d3deb79978e63e6171ace6a12e6bf51eda55c9b1db86c836,2024-12-18T12:15:11.003000 +CVE-2024-55984,1,1,650491b22fccf1cd632a677fa09dc7fcb6acd68da252d22f02700aa841c546d8,2024-12-18T12:15:11.167000 +CVE-2024-55985,1,1,587793072f3cc35a94189b128fcb7f51bc2ffb2cd3bb9c31011d070ce90589ea,2024-12-18T12:15:11.323000 CVE-2024-55986,0,0,38dc69c582c764aa6783802fb0171e7b5042b834a050391697f2a15e6b5a2ec7,2024-12-16T15:15:25.577000 CVE-2024-55987,0,0,320fc215a551586a71623e41c709ba0ae15b4b8c18f560d8881b040eb63bf602,2024-12-16T15:15:25.733000 CVE-2024-55988,0,0,78318cefbf0a9cd3679cf8f17eeba7d821228ea534660f38950e54bc7283ddc6,2024-12-16T15:15:25.890000 @@ -270469,6 +270484,7 @@ CVE-2024-55992,0,0,66c21f67530201c357756290067290b55d9160751eedffe023b99fe9beda4 CVE-2024-55993,0,0,01857b4340d022453a35608fc0d89f3b2236d7e97f49b7795fa10f528b7ad3bf,2024-12-16T15:15:26.523000 CVE-2024-55994,0,0,11be206618ebd59d6dd447780d180264658d58838f7be46230ab26bdde64cecd,2024-12-16T15:15:26.677000 CVE-2024-55996,0,0,2565ba93c1f065db19de84241b28dc4a2fba083a567a0913fd4af777e3b95656,2024-12-16T15:15:26.820000 +CVE-2024-55997,1,1,3390aaddf620af1066037b898cdbfe0095ccde5d2499e5d696282b8a0efb908d,2024-12-18T12:15:11.477000 CVE-2024-55998,0,0,710f5de4b14b0c0d8579bbf1dfad86e9bc65fb05373752f5527d05614fac6aa3,2024-12-16T15:15:26.957000 CVE-2024-55999,0,0,bbc3255d877ba6fbd7a1898cc98740c856c51f1d6439a774d8af06fc147ebd17,2024-12-16T16:15:08.973000 CVE-2024-5600,0,0,9ec61c0439dd991245dd59b838c072ef06691da563abf803dab52d51cc92f007,2024-11-21T09:47:59.817000 @@ -270477,16 +270493,21 @@ CVE-2024-56003,0,0,625ce523f1770738acc9f8f197189066eb7c396a7124f58b14e9fc0502e63 CVE-2024-56004,0,0,000434e0597f438da98218913e2ee2cb6238f56be36ccc6ef3c06ee0c32a6af1,2024-12-16T15:15:27.233000 CVE-2024-56005,0,0,548e74b83a6ea05a9027b723682f0bf87d4d468fe2385c211a67a524bf422b89,2024-12-16T15:15:27.370000 CVE-2024-56007,0,0,44c512d713a31fc6d0d0b8146683eb2f5c27273cd3a84a44340acadf5fa1a6bf,2024-12-16T15:15:27.507000 +CVE-2024-56008,1,1,3b8fbd8b3ee3791e886659ade89fcfd460edc1be00ea822a7493245c7b1b214e,2024-12-18T12:15:11.630000 CVE-2024-56009,0,0,775ac8634fcf4ecad99e9b5042c330f466f24f7950d7edd2b87f8adc82ecdec5,2024-12-16T15:15:27.643000 CVE-2024-5601,0,0,acbfc7658ae08d87e0393a42bceb6ed0cbea62f439f049ccb260c38457891d44,2024-11-21T09:47:59.930000 +CVE-2024-56010,1,1,21883f22e947f57141020fb892ef52a00c3559ee05ea9d105e802a3866cb5081,2024-12-18T12:15:11.790000 CVE-2024-56011,0,0,0a424cb818da7335bf1f0c462b0a349e91b8f3641cc66bb68166f781c159c53b,2024-12-16T15:15:27.803000 CVE-2024-56012,0,0,1294e1b9cfda889d2897343dbdd5a8f0d69df1b88d00748e64c163cc5857799d,2024-12-16T15:15:27.943000 CVE-2024-56013,0,0,98d5f16619c75bf7700fe13a8918184b7016cc1b87371ca36dfb3fcf7e341f9c,2024-12-16T15:15:28.090000 CVE-2024-56015,0,0,a40d49c757aa948f90c29b7c6bdf9b80dad98326d3e52005d5d7b1f0a780c74b,2024-12-16T15:15:28.230000 +CVE-2024-56016,1,1,cc1acd220f500c5fac906dcdd897f5e0a0ebd8d18a678408fc7adbda2eeb5196,2024-12-18T12:15:11.940000 CVE-2024-56017,0,0,7eef9fb5124dee0b581e34fbc52a1cfe55d67df71e2e8706e4badc71fbd3ebc8,2024-12-16T23:15:06.923000 CVE-2024-5602,0,0,f0b74b0cc64b84af5cc9e3e41d215e059dc6bc39d5e4f09c9ace9e8dd21b7bc5,2024-11-21T09:48:00.070000 CVE-2024-5604,0,0,8891da3265bc2c375fdbcf484ffb602948ffb13c3bebcf06f381e67d81cf40c0,2024-11-21T09:48:00.187000 CVE-2024-5605,0,0,a58f7d5ea1a1f097543f1fa828fe0f4d77e53004da146d280334895bad6f3fd1,2024-11-21T09:48:00.363000 +CVE-2024-56058,1,1,d7e1e75319cea0dd695b37cd1b28e514a80c81cf5d420babece36e7b419a0e40,2024-12-18T12:15:12.087000 +CVE-2024-56059,1,1,73f5e7159a8847c53d07080a32e41db34a65a1756d37f0a879f517ecfda2399c,2024-12-18T12:15:12.237000 CVE-2024-5606,0,0,98eaf774fa1e05fbd39a41e5847ce28629e9cd607119c8a5d04808d521a366d5,2024-11-21T09:48:00.483000 CVE-2024-5607,0,0,2f2e883967a2421396c2c72ed671760bd1b0ce90e12a34d10be305825ec8d97f,2024-11-21T09:48:00.667000 CVE-2024-56072,0,0,88ae4fab448aef17d7ce79e69ee4a7b01a08327e8323b97aaa0bf31e47edc0fa,2024-12-16T17:15:13.500000