From 22d3d6c4467c8a3021bda9da010aea16102f226c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 2 Oct 2024 10:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-10-02T10:00:17.344678+00:00 --- CVE-2024/CVE-2024-82xx/CVE-2024-8254.json | 4 ++ CVE-2024/CVE-2024-88xx/CVE-2024-8800.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-89xx/CVE-2024-8967.json | 72 +++++++++++++++++++++++ CVE-2024/CVE-2024-91xx/CVE-2024-9172.json | 72 +++++++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9210.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9218.json | 64 ++++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9222.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9225.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-93xx/CVE-2024-9344.json | 64 ++++++++++++++++++++ CVE-2024/CVE-2024-93xx/CVE-2024-9378.json | 64 ++++++++++++++++++++ README.md | 34 +++++------ _state.csv | 37 +++++++----- 12 files changed, 650 insertions(+), 33 deletions(-) create mode 100644 CVE-2024/CVE-2024-88xx/CVE-2024-8800.json create mode 100644 CVE-2024/CVE-2024-89xx/CVE-2024-8967.json create mode 100644 CVE-2024/CVE-2024-91xx/CVE-2024-9172.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9210.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9218.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9222.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9225.json create mode 100644 CVE-2024/CVE-2024-93xx/CVE-2024-9344.json create mode 100644 CVE-2024/CVE-2024-93xx/CVE-2024-9378.json diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8254.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8254.json index 6424528e9a8..04e21556694 100644 --- a/CVE-2024/CVE-2024-82xx/CVE-2024-8254.json +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8254.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento Email Subscribers de Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce para WordPress es vulnerable a la ejecuci\u00f3n de shortcodes arbitrarios en todas las versiones hasta la 5.7.34 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, ejecuten shortcodes arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8800.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8800.json new file mode 100644 index 00000000000..6bc7b3d0e13 --- /dev/null +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8800.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-8800", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:02.510", + "lastModified": "2024-10-02T08:15:02.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more para WordPress es vulnerable a Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 2.21.0 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/rabbit-loader/tags/2.21.0/inc/tab_init.php#L86", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3160267/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba435b26-a6f1-41cf-acb8-fffd8a18fea7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8967.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8967.json new file mode 100644 index 00000000000..408b059f2b5 --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8967.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-8967", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:02.740", + "lastModified": "2024-10-02T08:15:02.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PWA \u2014 easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento PWA (Easy Way to Progressive Web App) para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.6.3 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/iworks-pwa/trunk/includes/iworks/class-iworks-svg.php#L16", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3161056/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/iworks-pwa/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/000bf956-1781-4596-ac12-81691fdd789c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9172.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9172.json new file mode 100644 index 00000000000..e8a483f23c4 --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9172.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-9172", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:02.960", + "lastModified": "2024-10-02T08:15:02.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento Demo Importer Plus para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 2.0.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/demo-importer-plus/trunk/inc/importers/wxr-importer/class-demo-importer-plus-wxr-importer.php#L331", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3160715/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/demo-importer-plus/#description", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/476c4eb3-db28-4f6a-9502-969e7f1c5ec1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9210.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9210.json new file mode 100644 index 00000000000..631bbef249d --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9210.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9210", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:03.180", + "lastModified": "2024-10-02T08:15:03.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento MC4WP: Mailchimp Top Bar para WordPress es vulnerable a ataques de Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.6.0 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mailchimp-top-bar/tags/1.6.0/views/settings-page.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mailchimp-top-bar/tags/1.6.1/views/settings-page.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b45ba98f-4cd1-406a-8661-e19d5b4c3ba8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9218.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9218.json new file mode 100644 index 00000000000..bdf9a4d2cd4 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9218.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9218", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T09:15:02.837", + "lastModified": "2024-10-02T09:15:02.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/magazine-blocks/tags/1.3.14/includes/Blocks.php#L334", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3161000/#file13", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9222.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9222.json new file mode 100644 index 00000000000..988a50979ee --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9222.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9222", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:03.380", + "lastModified": "2024-10-02T08:15:03.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction para WordPress es vulnerable a Cross-Site Scripting Reflejado debido al uso de add_query_arg sin el escape apropiado en la URL en todas las versiones hasta la 2.12.8 incluida. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/tags/2.12.8/includes/admin/class-admin-payments-list-table.php#L155", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3160323/#file10", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d43235b-9c5e-4d7f-99f0-28dcab4b2a91?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9225.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9225.json new file mode 100644 index 00000000000..9d8fbbf0dc1 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9225.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9225", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T08:15:03.580", + "lastModified": "2024-10-02T08:15:03.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento SEOPress \u2013 On-site SEO para WordPress es vulnerable a ataques Cross-Site Scripting reflejado debido al uso de add_query_arg y remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 8.1.1 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-seopress/tags/8.1.1/inc/admin/wizard/admin-wizard.php#L286", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3159928/wp-seopress/trunk/inc/admin/wizard/admin-wizard.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e648f65-3eeb-405d-b243-26354f3843c8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9344.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9344.json new file mode 100644 index 00000000000..52170e4c117 --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9344.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9344", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T09:15:03.570", + "lastModified": "2024-10-02T09:15:03.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BerqWP \u2013 Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/searchpro/trunk/simplehtmldom/example/scraping/example_scraping_general.php?rev=3138385", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3160806%40searchpro&new=3160806%40searchpro&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01d5e5b5-033c-4690-9857-3339e2831340?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9378.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9378.json new file mode 100644 index 00000000000..5a575d2ba6b --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9378.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9378", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-02T09:15:04.257", + "lastModified": "2024-10-02T09:15:04.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yml-for-yandex-market/tags/4.7.2/classes/system/pages/settings-page/class-y4ym-settings-page-feeds-wp-list-table.php#L311", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3160483/yml-for-yandex-market/trunk/classes/system/pages/settings-page/class-y4ym-settings-page-feeds-wp-list-table.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a463c5be-13d9-45d8-b43e-54ab188c151a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 331ef6520dd..b9029a11ff7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-02T08:00:20.463940+00:00 +2024-10-02T10:00:17.344678+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-02T07:15:03.033000+00:00 +2024-10-02T09:15:04.257000+00:00 ``` ### Last Data Feed Release @@ -33,33 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -264295 +264304 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `9` -- [CVE-2024-7315](CVE-2024/CVE-2024-73xx/CVE-2024-7315.json) (`2024-10-02T06:15:09.963`) -- [CVE-2024-8254](CVE-2024/CVE-2024-82xx/CVE-2024-8254.json) (`2024-10-02T07:15:03.033`) -- [CVE-2024-9174](CVE-2024/CVE-2024-91xx/CVE-2024-9174.json) (`2024-10-02T06:15:10.387`) -- [CVE-2024-9333](CVE-2024/CVE-2024-93xx/CVE-2024-9333.json) (`2024-10-02T06:15:11.113`) +- [CVE-2024-8800](CVE-2024/CVE-2024-88xx/CVE-2024-8800.json) (`2024-10-02T08:15:02.510`) +- [CVE-2024-8967](CVE-2024/CVE-2024-89xx/CVE-2024-8967.json) (`2024-10-02T08:15:02.740`) +- [CVE-2024-9172](CVE-2024/CVE-2024-91xx/CVE-2024-9172.json) (`2024-10-02T08:15:02.960`) +- [CVE-2024-9210](CVE-2024/CVE-2024-92xx/CVE-2024-9210.json) (`2024-10-02T08:15:03.180`) +- [CVE-2024-9218](CVE-2024/CVE-2024-92xx/CVE-2024-9218.json) (`2024-10-02T09:15:02.837`) +- [CVE-2024-9222](CVE-2024/CVE-2024-92xx/CVE-2024-9222.json) (`2024-10-02T08:15:03.380`) +- [CVE-2024-9225](CVE-2024/CVE-2024-92xx/CVE-2024-9225.json) (`2024-10-02T08:15:03.580`) +- [CVE-2024-9344](CVE-2024/CVE-2024-93xx/CVE-2024-9344.json) (`2024-10-02T09:15:03.570`) +- [CVE-2024-9378](CVE-2024/CVE-2024-93xx/CVE-2024-9378.json) (`2024-10-02T09:15:04.257`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` +Recently modified CVEs: `1` -- [CVE-2023-1083](CVE-2023/CVE-2023-10xx/CVE-2023-1083.json) (`2024-10-02T06:15:03.470`) -- [CVE-2023-1150](CVE-2023/CVE-2023-11xx/CVE-2023-1150.json) (`2024-10-02T06:15:04.583`) -- [CVE-2023-1619](CVE-2023/CVE-2023-16xx/CVE-2023-1619.json) (`2024-10-02T06:15:05.420`) -- [CVE-2023-1620](CVE-2023/CVE-2023-16xx/CVE-2023-1620.json) (`2024-10-02T06:15:06.393`) -- [CVE-2023-1779](CVE-2023/CVE-2023-17xx/CVE-2023-1779.json) (`2024-10-02T06:15:07.000`) -- [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2024-10-02T06:15:07.620`) -- [CVE-2023-2759](CVE-2023/CVE-2023-27xx/CVE-2023-2759.json) (`2024-10-02T06:15:08.133`) -- [CVE-2023-3379](CVE-2023/CVE-2023-33xx/CVE-2023-3379.json) (`2024-10-02T06:15:08.453`) -- [CVE-2023-3663](CVE-2023/CVE-2023-36xx/CVE-2023-3663.json) (`2024-10-02T06:15:08.703`) -- [CVE-2024-44610](CVE-2024/CVE-2024-446xx/CVE-2024-44610.json) (`2024-10-02T06:15:09.210`) +- [CVE-2024-8254](CVE-2024/CVE-2024-82xx/CVE-2024-8254.json) (`2024-10-02T07:15:03.033`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8d9b924db8d..39d71dd7065 100644 --- a/_state.csv +++ b/_state.csv @@ -213629,7 +213629,7 @@ CVE-2023-1079,0,0,35d5b0fa56fa088ea40ff86f193102e8019c9b458a29a25be315b7c68f31fc CVE-2023-1080,0,0,edc3e203b3554b02b410c564e010e419c78c00b3bd0ea386e31d67e412375091,2023-11-07T04:02:27.867000 CVE-2023-1081,0,0,1a66ef6bba6aeefbb573ef325b4f0781c618f72103a8a1fec657c993b6dba0ad,2023-03-04T02:06:16.360000 CVE-2023-1082,0,0,e5f26717cf7661ac36ae6d1001bf68b6f75e2a46297c905c72b698fb7186ce7c,2024-04-09T12:48:04.090000 -CVE-2023-1083,0,1,f9bd295f8ad141f3b0566c4a077796c17d6fe37ff2b908a5c672e85fd207c192,2024-10-02T06:15:03.470000 +CVE-2023-1083,0,0,f9bd295f8ad141f3b0566c4a077796c17d6fe37ff2b908a5c672e85fd207c192,2024-10-02T06:15:03.470000 CVE-2023-1084,0,0,5ab3a140a667c0e4f5c55fba2fdfb68fc34acae85c055654d26900a686e643c1,2023-03-15T14:27:48.850000 CVE-2023-1086,0,0,c7281028cb86518b7c41f8d8b2b705f8b4ccf1e4ba109ef7ea30d649d1263555,2023-11-07T04:02:28.057000 CVE-2023-1087,0,0,240da9e9925987a88bc3d7d2abc22d60c954a4ad03edccea0cee6ddfa6eb94c5,2023-11-07T04:02:28.193000 @@ -213692,7 +213692,7 @@ CVE-2023-1146,0,0,70947ce73b581441f38546cc6de6c449e4b6fe6f062c4aedb8bc1a0ca70be6 CVE-2023-1147,0,0,83e0e3991a149430380ed67ac44f63947a541a5d40b113cc1f5b35dae0eec6f5,2023-03-03T18:57:03.790000 CVE-2023-1148,0,0,eaec08639d5d56c2dc64c2f46ed39455a99e091602259fe3cdab0cdc3052432f,2023-03-03T18:56:46.617000 CVE-2023-1149,0,0,0846ce04539f5fa2379014bee973dfe260c03b5d06bcd94a559e8b0acf579d37,2023-03-10T18:20:45.080000 -CVE-2023-1150,0,1,0f1551e79929da56cbc5f417d4dfb4cc544fa5cce9b87a4b179b0bdb5485221b,2024-10-02T06:15:04.583000 +CVE-2023-1150,0,0,0f1551e79929da56cbc5f417d4dfb4cc544fa5cce9b87a4b179b0bdb5485221b,2024-10-02T06:15:04.583000 CVE-2023-1151,0,0,bba6cc80a45b75fcc62773eae0e5e960d5874dfaa8466192d38abbc9b1691406,2024-05-17T02:17:50.957000 CVE-2023-1152,0,0,6729a25a6fe4ef26ffb2ee154eb5f611a955228fcee15ac5df7a209da6a79427,2023-11-07T04:02:39.170000 CVE-2023-1153,0,0,cd3f7e8edcf987be593b058b20fea8969ff28b97322655e212b5d3a83ee9485e,2023-11-07T04:02:39.383000 @@ -214133,8 +214133,8 @@ CVE-2023-1615,0,0,a2d21336f537d172e82784fcc880cb301c9ecbd7fab6ed45b83b458f73ce0a CVE-2023-1616,0,0,5db3d1a6b8c6bc3e4436023d3e63cc63acd9394ab42eb7b57ef11c641c6c9bd7,2024-05-17T02:18:17.100000 CVE-2023-1617,0,0,b780d545c3f94e6ca59de93e4557f8b45e6665b5368584201729571eaeae0616,2023-04-24T13:21:35.890000 CVE-2023-1618,0,0,e2ca67f41771f43cc6e9df1222d0768f3a2568901b94863f2176a2fdfd4f4d38,2023-08-23T01:15:09.957000 -CVE-2023-1619,0,1,e6d41afec3016561a24d5870d4b2351dc00e843706f9f6980cf320b543827a50,2024-10-02T06:15:05.420000 -CVE-2023-1620,0,1,8a1568da99b514f12b7268a0f9917091bd88f0de5ba41c53376f3c7ba270730a,2024-10-02T06:15:06.393000 +CVE-2023-1619,0,0,e6d41afec3016561a24d5870d4b2351dc00e843706f9f6980cf320b543827a50,2024-10-02T06:15:05.420000 +CVE-2023-1620,0,0,8a1568da99b514f12b7268a0f9917091bd88f0de5ba41c53376f3c7ba270730a,2024-10-02T06:15:06.393000 CVE-2023-1621,0,0,5a85e2be03756e0e1cfaf94c5790c023de583dc164b4b46f47cc4f20ae49b61c,2023-06-13T19:36:25.590000 CVE-2023-1622,0,0,9cc6746ab278552b174b0b9dfb515e038e5d45526ba53ca98f3e8044c09591f0,2023-11-07T04:04:21.773000 CVE-2023-1623,0,0,82a406b24cf62c651285c9701c471a92be1ea31cc63213c22393b2d3247fb7a8,2023-11-07T04:04:22 @@ -214287,7 +214287,7 @@ CVE-2023-1775,0,0,f34f2593d0902fb662441e4fa5f5ac80d16b926bed526ebf048330ccfe6823 CVE-2023-1776,0,0,950861070c60356796ce0c848513d2f02b58996e09094d81b4038656961df13b,2023-11-07T04:04:53.637000 CVE-2023-1777,0,0,2b460607cdf55efc2e7b7cef0ae666bb7afda934a4ae4bdd8c55ea98c5aae6b3,2023-11-07T04:04:53.807000 CVE-2023-1778,0,0,217bfee5862138837555b76c07ee35825b7cec0aca49c2d5ff74782d1625f55a,2023-05-08T18:34:04.320000 -CVE-2023-1779,0,1,66d0bc932f0879c2f1e47d249c0fe64cedade32cdf27d5c3eb28a0790df18518,2024-10-02T06:15:07 +CVE-2023-1779,0,0,66d0bc932f0879c2f1e47d249c0fe64cedade32cdf27d5c3eb28a0790df18518,2024-10-02T06:15:07 CVE-2023-1780,0,0,3946b01981b86cdc187d47752958c60bd62bc48c840a391a386042ef7c4f5728,2023-11-07T04:04:54.073000 CVE-2023-1782,0,0,584a59fb33a64dfb2a4a5f82b814cc4c1f27d558782d1b6286350680d4937f4b,2023-04-12T19:34:26.840000 CVE-2023-1783,0,0,e6b6b594519a0e16795cc5ed0bdc1b7eed1d6d0d08e1d2cf30e26ede926c5923,2023-07-06T17:53:33.903000 @@ -220074,7 +220074,7 @@ CVE-2023-26692,0,0,545bb4c8ce274f7c60cd4ed5223892b23358f551e603bb026e462243c0dc4 CVE-2023-2670,0,0,cde7a163d050644d2c2d58d38a9f3ff0b16c52d630ab83b17431e97bfe82badd,2024-05-17T02:23:08.840000 CVE-2023-2671,0,0,fc4f7219005f0b035da4666f0a7bbf9ca629a3ad7d3128512dadedc9de3bb7e4,2024-05-17T02:23:08.947000 CVE-2023-2672,0,0,aabcae4ca9a9bd9a2e31149e98e48c1f5cd465ee0e6420ae77e80a401e4f9da0,2024-05-17T02:23:10.067000 -CVE-2023-2673,0,1,246dafe5d8c99c4b137f4c4e273b75c09ffe86e61a50345ccfaa6a37e9335ce0,2024-10-02T06:15:07.620000 +CVE-2023-2673,0,0,246dafe5d8c99c4b137f4c4e273b75c09ffe86e61a50345ccfaa6a37e9335ce0,2024-10-02T06:15:07.620000 CVE-2023-26733,0,0,8087db337ca67d33fde5e9f564e6beb430f8f0b55028117c5ab183b16ae085e1,2023-04-10T19:01:16.217000 CVE-2023-26735,0,0,f0b76f09ad441387f56bc459708505e9cc3b69ee91ccff83e1d93bf3ad3e2280,2024-08-02T12:16:09.757000 CVE-2023-2674,0,0,d2234fc1009355c5454b2805ad7f9c7de23117a9f5353b6bc1fe48925725aefd,2023-05-22T14:58:07.940000 @@ -220699,7 +220699,7 @@ CVE-2023-27586,0,0,72de1619c31b9c2ff4ad09f40e3b9c53d6bc1c9f49761fe93846248e8881b CVE-2023-27587,0,0,ff84401de0a75d958d75bc60aaf34fc3791f8b67e0e2909ed4ac19eca27c4613,2023-03-17T16:26:13.203000 CVE-2023-27588,0,0,874c3205a5388c94e1a71e728cad2c914a9e85ce1ebab6fb5c0be65b7a6acd1f,2023-03-21T13:43:20.797000 CVE-2023-27589,0,0,36b0c65f6baadb268fa6360b2ad6c5762938c568776531af92f8e5ce4ac857d4,2023-03-21T14:16:35.477000 -CVE-2023-2759,0,1,89449da3007a0a87ec2969f8f0e527bb56ee934be722818085958fd5036261ee,2024-10-02T06:15:08.133000 +CVE-2023-2759,0,0,89449da3007a0a87ec2969f8f0e527bb56ee934be722818085958fd5036261ee,2024-10-02T06:15:08.133000 CVE-2023-27590,0,0,fbcdacdeb11d1d96b95db1af17c251768df12d37260f207c37323cae54be7d35,2023-07-12T03:15:08.943000 CVE-2023-27591,0,0,4a43fd171d94712f0a7a600747860c8bc4b8abe33f62ab2291722213622f8063,2023-03-24T14:50:00.573000 CVE-2023-27592,0,0,10a78a6f5645e927bdea072df914877bfcf4d5776beb770245704abd3b9c951a,2023-11-07T04:10:01.260000 @@ -225560,7 +225560,7 @@ CVE-2023-33786,0,0,9e0053cbcc3bc74a69aaab6df3264fc3822ff8e82ff701337e250fc0ab528 CVE-2023-33787,0,0,a5cef9d088fc92a18f769b41833c6411a90e93f579d03dcb29efe55dfbfbab47,2024-02-02T13:54:55.517000 CVE-2023-33788,0,0,29f4003849fbeb9e3edcda7044282c36f86864ae53b748e95c65416b3ba28d91,2024-02-02T13:54:55.517000 CVE-2023-33789,0,0,5cded3fc1b2071193e891685b0a4bf8c7ca4778e1d9270a3d07030ee29c5a25a,2024-02-02T13:54:55.517000 -CVE-2023-3379,0,1,a3a2d587f14bbf62d77df42322d96140b9fb0122196facc88e69371cd89db914,2024-10-02T06:15:08.453000 +CVE-2023-3379,0,0,a3a2d587f14bbf62d77df42322d96140b9fb0122196facc88e69371cd89db914,2024-10-02T06:15:08.453000 CVE-2023-33790,0,0,574f30aa621eb6bd6e69277494a82c5a6dbfb075017a72d958745c3fe64d9d52,2024-02-02T13:54:55.517000 CVE-2023-33791,0,0,d89ad384ec2bd02797748adc2e5ce6707e516b33f8639d89b97715bfd37b513d,2024-02-02T13:54:55.517000 CVE-2023-33792,0,0,57ea47b1ea472c27f98ad7acf24ee7a9354aae8cada024223cbb33fe4b3314d4,2024-02-02T13:54:55.517000 @@ -227539,7 +227539,7 @@ CVE-2023-36624,0,0,ed102f304664f69909ab4a1ccc1e3356d06e80c9b65d103d99142f0f38a34 CVE-2023-36627,0,0,2a2bcbf5e969a1678717a39d50dd1198f813b67fa053ed1d8099b098c17e3441,2023-10-05T15:39:20.327000 CVE-2023-36628,0,0,5e0aab7401b16f4c2fe335ba59e75b163e29dd5e3dccbcdf44e86818ab6c474d,2024-09-23T14:35:02.833000 CVE-2023-36629,0,0,24be445cef433fcf828c5dc1ce1d9f8df15f6bbb991544126f3c95b17aad6b04,2024-01-16T19:13:33.347000 -CVE-2023-3663,0,1,ddb92791766760b746e516f3c5844309359d9b8c46f9e7577df13157ba39c6d9,2024-10-02T06:15:08.703000 +CVE-2023-3663,0,0,ddb92791766760b746e516f3c5844309359d9b8c46f9e7577df13157ba39c6d9,2024-10-02T06:15:08.703000 CVE-2023-36630,0,0,813af12d002300be9872f8f77de31f15678cc30a7b3af0fd6232bdd7e6fd45e1,2023-07-03T13:03:32.567000 CVE-2023-36631,0,0,9ad1650c694f5c2829f029fa300eb17f88d9916a189bcdc6f41f1c4f7f2ac588,2024-08-02T17:16:13.233000 CVE-2023-36632,0,0,da0a317ff8744cc8ec4757a0ac6f14e4980ff513671876b7213ca4cc4b0c7956,2024-08-02T17:16:13.363000 @@ -259691,7 +259691,7 @@ CVE-2024-44589,0,0,67d52b979dbf84795ff1b1a6445da43c9d3cf1ac9141ab2287575f9704bf9 CVE-2024-4459,0,0,b17743adc54c2996e578e7c399fafb8182f2604175c352726fa92e67f639f3de,2024-07-24T18:00:21.097000 CVE-2024-4460,0,0,91888f8bde5a4d48a24dfa2195fe74c4db2ec96b9dcf1f6b0a4392132da82baa,2024-07-17T11:15:10.240000 CVE-2024-4461,0,0,51250da8bcd9ecf720caf9f3a7efd550d6e47af21e57f982fabb8237238dcfce,2024-05-03T12:48:41.067000 -CVE-2024-44610,0,1,d1a5ad8642b14d9c678d37711b95729790d0ce9ddce47b7569f0eb14e24ca8dc,2024-10-02T06:15:09.210000 +CVE-2024-44610,0,0,d1a5ad8642b14d9c678d37711b95729790d0ce9ddce47b7569f0eb14e24ca8dc,2024-10-02T06:15:09.210000 CVE-2024-4462,0,0,7de1c10fc651b37d9659e3e60da12a8c072b437874aeb6819554614b6acb9a58,2024-06-04T16:57:41.053000 CVE-2024-44623,0,0,be0881fa228aca782008c2748d4b046bd517031ec8a03bf9e09823e1f811d2b8,2024-09-25T14:53:20.253000 CVE-2024-4463,0,0,697d96b65b3f5bb41384b58e0f6586cf3caa8378b8edc45503427d4f5bdd2d8e,2024-05-14T16:11:39.510000 @@ -263031,7 +263031,7 @@ CVE-2024-7311,0,0,b37b59792dd58cee524c8ffe58ffad74a44a459beeecd4500b7db56eb7cdda CVE-2024-7312,0,0,dc3f367e0f0a86ec8a8ee4af9b89c7ef895e4bddfa2b420824b06225d6049fc1,2024-09-13T16:27:50.577000 CVE-2024-7313,0,0,d7b0f37e48710e5f5a7b78ed26ce477c46ecddb143fdd8dc8ca6d6152120ce70,2024-08-26T18:35:13.207000 CVE-2024-7314,0,0,64aaecd133deeb35ae51feed7f4d71099832a2945a1861cec1e5be771eb8caf9,2024-09-17T15:45:01.970000 -CVE-2024-7315,1,1,c76281c597cfe81f1f3116f1e5bb315d0944617079208c3562ff072b668f5bf4,2024-10-02T06:15:09.963000 +CVE-2024-7315,0,0,c76281c597cfe81f1f3116f1e5bb315d0944617079208c3562ff072b668f5bf4,2024-10-02T06:15:09.963000 CVE-2024-7317,0,0,d290990c88ffba5acfc4fa1e36f444dec67bc90a1513331480ff821c55d2a98f,2024-08-06T16:30:24.547000 CVE-2024-7318,0,0,3b07c549e5fb2dfd376a8d14b85e9bdf6d56cc8a33e82cf1a53a16bb45702ca6,2024-09-20T16:02:06.977000 CVE-2024-7319,0,0,91324dd5cce8fc33151e2efd0732f449f761808f1b2abe94f46ca69302c16039,2024-09-24T17:00:00.917000 @@ -263729,7 +263729,7 @@ CVE-2024-8247,0,0,fcbdec6a2008dfeaed8390f987d382af34f3ecfe1f1962e571c7da897df6ef CVE-2024-8250,0,0,9b93a65d8c7dcee06e07a2e2b390d716b51503d05b493ec48aa5a8756ae94b8c,2024-08-30T16:32:16.917000 CVE-2024-8252,0,0,36e1aa114a02ff2bf925a636a4ed4135ae0e6011078bf9fd8b3aff586823c205,2024-09-03T14:31:27.243000 CVE-2024-8253,0,0,538885466f07c28468f1d184c3fb77b594dc3a7e7631ea6be509e963086ff9ce,2024-09-25T19:42:31.943000 -CVE-2024-8254,1,1,e17b6a394845d896fa0f545553b5d14bc24382d74740c918f53581aac086c8b7,2024-10-02T07:15:03.033000 +CVE-2024-8254,0,1,07cb27d1ee420722e61945f6e00bb92f2652b00dd2252e1a7d511aca31734d7e,2024-10-02T07:15:03.033000 CVE-2024-8255,0,0,c6874ac38c80acc73ad7edcdfa1b6810f24be9f578842829800024511d128d5a,2024-09-06T22:53:34.187000 CVE-2024-8258,0,0,acf33ae8a1adec0534fb0ef526f8343ca036563113e584df48e051347d7f4bae,2024-09-27T18:56:41.140000 CVE-2024-8260,0,0,58ee93928fd92124dbf3bf24e885a2e8306c83787bcabfd7a73757f9785d81fb,2024-09-19T16:08:58.863000 @@ -264069,6 +264069,7 @@ CVE-2024-8795,0,0,f7b3fc89482c22947a1a26e63d2f04d7dee1f77ad827021897b332709b0407 CVE-2024-8796,0,0,3072a1878c469640ca1580f40189a95dca902784c81c016c261f3bdcec04f58c,2024-09-30T14:10:38.937000 CVE-2024-8797,0,0,bc71120ba9c562037001bef5ed49069a2fb96f9263b3c8e2a617e34946a91f4d,2024-09-27T14:02:23.700000 CVE-2024-8799,0,0,00121647efdfbda1953f2b1e9dcd564fbf00607f157bcfec6188d74e35b1233b,2024-10-01T09:15:05.220000 +CVE-2024-8800,1,1,d956ac136643b04f0243a452c8ccfdf197118d0e853c27476b810517af98011a,2024-10-02T08:15:02.510000 CVE-2024-8801,0,0,b5bc4f982a594acb6aaf56b2e8a82653b32de0b2ae7bfdf440e37c28bdd34de7,2024-09-30T14:23:46.140000 CVE-2024-8803,0,0,1e21e2187793442a371c4b65c97d90253ace224e18e6d0a30f5421631b4c2a19,2024-09-26T13:32:02.803000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 @@ -264125,6 +264126,7 @@ CVE-2024-8956,0,0,67fe3d1874df790c4fe403e5b4da2c61ceb691a22ee76441757b9e4b9f428f CVE-2024-8957,0,0,7754fe7edeaccf469b1d2d0d834f9e662d3691f603f526c2d85ee83a7186072b,2024-10-01T17:49:25.573000 CVE-2024-8963,0,0,67fe8ea90f3163df4929d6782956d377bcadef461d17352cf475deabaa8fd4ad,2024-09-20T16:32:02.563000 CVE-2024-8965,0,0,4ba541e4606533e3a8bee7a33ff07d0a9f7a7b73c53d09de5034be2d80daa7c8,2024-09-30T12:46:20.237000 +CVE-2024-8967,1,1,7776297609e38f6238ec0b6b16a03ab86d44709e6cfab5e185f21104640ed150,2024-10-02T08:15:02.740000 CVE-2024-8969,0,0,98dd6be27cce2c3412495467ecb9257ef6e673bce29c0f376bf0c342ca11f9e9,2024-09-20T12:30:51.220000 CVE-2024-8974,0,0,d4bcc9476e440aef15c3a18c780e18e6939f5911111a1f36c9f70c7d14bcd4bb,2024-09-30T12:46:20.237000 CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000 @@ -264214,8 +264216,9 @@ CVE-2024-9160,0,0,dcb08097a2707d90887b21cc5ab80eb6cf86ff84abb571a9a69f82310c298b CVE-2024-9166,0,0,b24f9ebc4650fb7d123f858805d8b1a753ef6a732064f8b14cd979bccf2c240a,2024-09-30T12:46:20.237000 CVE-2024-9169,0,0,3e58e76dfb6d40928d7a81777e9f17fdbdc857f6ee99a9600a6d563079322d8f,2024-09-26T13:32:02.803000 CVE-2024-9171,0,0,af15a4d4f57722dfce9c8f35af79ddfb4512cd4df5a539148a2f7d51c39f2ac2,2024-09-27T17:15:14.437000 +CVE-2024-9172,1,1,199bb1885edbaf3e5cf8cf5bf50588b7a1520bf934b902a33238e0075b79a13b,2024-10-02T08:15:02.960000 CVE-2024-9173,0,0,35b89a81311ca677fe554b85f50232d9274c2631e7208ee1d074802a8dbdb506,2024-10-01T14:12:41.293000 -CVE-2024-9174,1,1,b84c9c7a9f9cd2234390c1ae1f1de568c65321ae63b8ba2386d7dc05a067988e,2024-10-02T06:15:10.387000 +CVE-2024-9174,0,0,b84c9c7a9f9cd2234390c1ae1f1de568c65321ae63b8ba2386d7dc05a067988e,2024-10-02T06:15:10.387000 CVE-2024-9177,0,0,538b136929b66f2da77b71c4f345460987a86315e3e44122bd269ab3a2a9e52e,2024-09-30T12:46:20.237000 CVE-2024-9189,0,0,6fc70667b6c052aedd9065fd849720c6949b418d7c844ad831e0ce3249ae6d1c,2024-09-30T12:45:57.823000 CVE-2024-9194,0,0,24e26748ef3bff41d7a06efd6c027f138154eafd040f89b986b59a112235298b,2024-10-01T15:35:17.550000 @@ -264224,8 +264227,12 @@ CVE-2024-9199,0,0,3ca7b00968012de33482b7967da315774f8cea9a5b3070fbe655db855473b7 CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000 CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000 CVE-2024-9209,0,0,7d3bad6781486e2f4da7df129717b8a491edccf73b369d5a2d34b95179369883,2024-10-01T09:15:06.110000 +CVE-2024-9210,1,1,b5bf3ebd13fe0e23d57c1dda8f23c9e29d98e9d13d1a948e54726130578828c9,2024-10-02T08:15:03.180000 +CVE-2024-9218,1,1,77125ca5d3f1f7f81f6120330b8e477b141483fa32387f60a5f81d7ec93a10fb,2024-10-02T09:15:02.837000 CVE-2024-9220,0,0,6f67adeba0c71de630c7e77880260d455139ec3e28b2bcf4d37b6c2e1b517adb,2024-10-01T09:15:06.613000 +CVE-2024-9222,1,1,d4d7c4eff68d89a94204b86589393d1943f67be0939ef8964f73a1dbde0c2c63,2024-10-02T08:15:03.380000 CVE-2024-9224,0,0,daeac54c8a106a2cdf4131c378f84c7cfa1b831c70c575638327c37ab147ad9b,2024-10-01T09:15:07.190000 +CVE-2024-9225,1,1,141d0d35e11a2cd106662fadee1419850af7b64bb767687c4551fb0ce39a77aa,2024-10-02T08:15:03.580000 CVE-2024-9228,0,0,9405c3cfc45dca66268ec52ff9d3afd2509e4b32bf0c50779cb731b661651911,2024-10-01T09:15:07.750000 CVE-2024-9241,0,0,c97fba2c7aa884bcdd52fc5811a712b361d655a1df561d8ca3d939dedb183a39,2024-10-01T09:15:08.287000 CVE-2024-9265,0,0,a960537dfc00aa7287cda3b344edaa9968d5f1c511cd23e19840dec685ffedab,2024-10-01T09:15:08.810000 @@ -264272,12 +264279,14 @@ CVE-2024-9326,0,0,bc58a26c9b43fcdd4054d9300d5d0cde5547399aaa29865b7fca11d142895d CVE-2024-9327,0,0,789b0175cdbfabd0a2b291c27ea4b21dfccf76f50782f3eac2c88bada4dfe956,2024-09-30T12:45:57.823000 CVE-2024-9328,0,0,a5f7378f6f2f1cd502f7cde1b5f6090c2d79ebec3e3af2aa2eaafb1f04d0c325,2024-10-01T11:34:57.773000 CVE-2024-9329,0,0,98bed362b2a24e4db4311c4ce14eee7b5d7d3a2b87c87f5c94a31ac7bc8ac4f5,2024-09-30T12:45:57.823000 -CVE-2024-9333,1,1,3a8b8751894004acbe0040a54680e8b99075c8756a62d62c518a0edb7a9ddf75,2024-10-02T06:15:11.113000 +CVE-2024-9333,0,0,3a8b8751894004acbe0040a54680e8b99075c8756a62d62c518a0edb7a9ddf75,2024-10-02T06:15:11.113000 CVE-2024-9341,0,0,d5fd607e07f2946dcf80c0714f2f83eb8231c34e7bb32f10864cd8428533f0a9,2024-10-01T19:15:09.500000 +CVE-2024-9344,1,1,32aab7c62363bb5e8b74c4e4a828c4e6e171f449ac6c37ef316871cdf05e101c,2024-10-02T09:15:03.570000 CVE-2024-9355,0,0,bc71c5b9ebfc4eac935290ed6c54b2a101846c60f03637d231f1d92ea2a8c69d,2024-10-01T19:15:09.793000 CVE-2024-9358,0,0,0152cc075779a766d901f87385961645ed224130afe67fa457b1ec2b8de41536,2024-10-01T02:15:10.340000 CVE-2024-9359,0,0,5e91a64536057dea096939e15114b5b156ad006dfcccaeb6e7ef261c97c1ddd2,2024-10-01T02:15:10.657000 CVE-2024-9360,0,0,bc1b1d81b39a5da5efaa713a48768241d5b68973f72008d946c08564d584aa3a,2024-10-01T03:15:02.690000 +CVE-2024-9378,1,1,625bda20be6d01a82e3797535fa08f28bfd8bc3a2a03303024fa88544f391e86,2024-10-02T09:15:04.257000 CVE-2024-9391,0,0,4c41432718e7451dc470a85181cb09fb2bd64b781f5907911b14b935baeaf954,2024-10-01T16:15:10.510000 CVE-2024-9392,0,0,407207e9e6bd2b7ba92ed54ef3a4a35aab092bf9644ceeea6fbb3985d013ec81,2024-10-01T19:35:08.990000 CVE-2024-9393,0,0,7475863af582d7682a6cb667413720d8e8e419cf18be5c21c0a8d554e15e8e48,2024-10-01T16:15:10.623000