admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-26T19:01:14.497043+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-26 19:04:26 +00:00
parent 6899c0203c
commit 2e7c3a972f
39 changed files with 2509 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2020/CVE-2020-103xx/CVE-2020-10367.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10367",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-10T23:15:04.170",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-26T18:15:17.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten el acceso a la memoria a trav\u00e9s de un ataque \"Spectra\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052676",

39
CVE-2020/CVE-2020-103xx/CVE-2020-10368.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10368",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-10T23:15:04.247",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-26T18:15:17.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten el acceso de lectura de memoria a trav\u00e9s de un ataque \"Spectra\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052676",

39
CVE-2020/CVE-2020-103xx/CVE-2020-10369.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10369",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-10T23:15:04.307",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-26T18:15:17.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten inferencias sobre el contenido de la memoria a trav\u00e9s de un ataque \"Spectra\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052676",

39
CVE-2021/CVE-2021-277xx/CVE-2021-27704.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-27704",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-12T23:15:03.993",
"lastModified": "2024-11-13T17:01:16.850",
"lastModified": "2024-11-26T18:15:17.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Appspace 6.2.4 se ve afectado por un control de acceso incorrecto a trav\u00e9s de la p\u00e1gina de restablecimiento de contrase\u00f1a del portal web de Appspace."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2021-27704",

37
CVE-2023/CVE-2023-373xx/CVE-2023-37305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37305",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.707",
"lastModified": "2023-07-07T18:24:43.897",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-26T17:15:19.303",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,6 +19,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -26,9 +28,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
@ -82,6 +92,23 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T326952",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-108xx/CVE-2024-10878.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10878",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-26T18:15:18.827",
"lastModified": "2024-11-26T18:15:18.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sugar Calendar \u2013 Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sugar-calendar-lite/tags/3.3.0/includes/common/Features/EventTicketing/includes/admin/orders-list-table.php#L50",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3188760/sugar-calendar-lite/trunk/includes/common/Features/EventTicketing/includes/admin/orders-list-table.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b06cb3cf-e2da-4e18-9a09-c30cebddf5c2?source=cve",
"source": "security@wordfence.com"
}
]
}

16
CVE-2024/CVE-2024-111xx/CVE-2024-11177.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-11177",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-11-26T17:15:22.473",
"lastModified": "2024-11-26T17:15:22.473",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

78
CVE-2024/CVE-2024-112xx/CVE-2024-11233.json
View File

@ -2,12 +2,17 @@
"id": "CVE-2024-11233",
"sourceIdentifier": "security@php.net",
"published": "2024-11-24T02:15:16.030",
"lastModified": "2024-11-24T02:15:16.030",
"vulnStatus": "Received",
"lastModified": "2024-11-26T18:26:37.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in\u00a0convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas."
},
{
"lang": "es",
"value": "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, debido a un error en el filtro convert.quoted-printable-decode, ciertos datos pueden provocar una sobrelectura del b\u00fafer de un byte, lo que en determinadas circunstancias puede provocar fallos o revelar el contenido de otras \u00e1reas de memoria."
}
],
"metrics": {
@ -31,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
@ -44,12 +69,59 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.31",
"matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.26",
"matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "8.3.14",
"matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43",
"source": "security@php.net"
"source": "security@php.net",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-112xx/CVE-2024-11236.json
View File

@ -2,12 +2,17 @@
"id": "CVE-2024-11236",
"sourceIdentifier": "security@php.net",
"published": "2024-11-24T01:15:04.387",
"lastModified": "2024-11-24T01:15:04.387",
"vulnStatus": "Received",
"lastModified": "2024-11-26T18:29:05.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write."
},
{
"lang": "es",
"value": "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, las entradas de cadenas largas no controladas a la funci\u00f3n ldap_escape() en sistemas de 32 bits pueden causar un desbordamiento de enteros, lo que resulta en una escritura fuera de los l\u00edmites."
}
],
"metrics": {
@ -31,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -44,12 +69,58 @@
"value": "CWE-787"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.31",
"matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.26",
"matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "8.3.14",
"matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv",
"source": "security@php.net"
"source": "security@php.net",
"tags": [
"Exploit"
]
}
]
}

136
CVE-2024/CVE-2024-113xx/CVE-2024-11320.json Normal file
View File

@ -0,0 +1,136 @@
{
"id": "CVE-2024-11320",
"sourceIdentifier": "security@pandorafms.com",
"published": "2024-11-21T11:15:24.387",
"lastModified": "2024-11-26T17:26:33.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n de comandos arbitrarios en el servidor aprovechando una vulnerabilidad de inyecci\u00f3n de comandos en el mecanismo de autenticaci\u00f3n LDAP. Este problema afecta a Pandora FMS: desde 700 hasta &lt;=777.4"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:M/U:Amber",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "AMBER"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndExcluding": "777.5",
"matchCriteriaId": "300E3447-6027-4041-B773-5E6E49F79040"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2024/CVE-2024-113xx/CVE-2024-11334.json Normal file
View File

@ -0,0 +1,115 @@
{
"id": "CVE-2024-11334",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:24.947",
"lastModified": "2024-11-26T17:33:49.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data."
},
{
"lang": "es",
"value": "El complemento My Contador lesr para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n exportar_registros() en todas las versiones hasta la 2.0 incluida. Esto hace posible que atacantes no autenticados exporten datos de usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nes360:my_contador_lesr:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "E4E9C9B8-50C9-48F8-BBFD-C62FC0CA672A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/my-contador-wp/trunk/contador.php#L159",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191748/my-contador-wp/trunk/contador.php",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82cfeff9-7079-408e-9c22-bae0d45000ed?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2024/CVE-2024-113xx/CVE-2024-11354.json Normal file
View File

@ -0,0 +1,95 @@
{
"id": "CVE-2024-11354",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:25.277",
"lastModified": "2024-11-26T17:34:55.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists."
},
{
"lang": "es",
"value": "El complemento Ultimate YouTube Video &amp; Shorts Player With Vimeo para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n del_ytsingvid() en todas las versiones hasta la 3.3 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen listas de reproducci\u00f3n individuales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codelizar:ultimate_youtube_video_\\&_shorts_player_with_vimeo:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3",
"matchCriteriaId": "EB10F9BC-582E-45AD-B686-91841D865A89"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-youtube-video-player/trunk/admin/admin.php#L17",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-youtube-video-player/trunk/admin/inc/handler/delsingvid.php#L8",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30c99510-fd57-4268-8e35-6f7e6f912b7e?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

130
CVE-2024/CVE-2024-113xx/CVE-2024-11360.json Normal file
View File

@ -0,0 +1,130 @@
{
"id": "CVE-2024-11360",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:25.663",
"lastModified": "2024-11-26T17:36:08.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Page Parts para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.4.3 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benhuson:page_parts:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "54620406-8270-4D74-96CF-4BEB4E4B28D1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L36",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L43",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L51",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L57",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L65",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/getting-started.php#L70",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-parts/tags/1.4.3/admin/documentation/index.php#L44",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72f3416a-4d5e-4b95-8f83-7b9440f9e9df?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2024/CVE-2024-113xx/CVE-2024-11365.json Normal file
View File

@ -0,0 +1,95 @@
{
"id": "CVE-2024-11365",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:26.047",
"lastModified": "2024-11-26T17:43:23.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypto and DeFi Widgets \u2013 Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Crypto and DeFi Widgets \u2013 Web3 Cryptocurrency Shortcodes para WordPress es vulnerable a Cross-Site Scripting reflejado debido al uso de add_query_arg sin el escape apropiado en la URL en todas las versiones hasta la 1.1.6 incluida. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hedge3:crypto_and_defi_widgets:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.6",
"matchCriteriaId": "F1BDB2AF-A5E5-4DF5-B2C1-86B1140B0B41"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/security-force/trunk/lib/class.settings-api.php#L2460",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/security-force/trunk/lib/class.settings-api.php#L2497",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dead051c-f28f-4859-b0ba-b27a8d6c9335?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-113xx/CVE-2024-11370.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-11370",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:26.340",
"lastModified": "2024-11-26T17:53:22.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Subaccounts for WooCommerce para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.6.0 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediaticus:subaccounts_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.1",
"matchCriteriaId": "CCCAE7A5-2E89-4534-B655-846386EFC94C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/subaccounts-for-woocommerce/tags/1.5.6/admin/admin.php#L37",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f383a56-21e3-4f06-b4d4-47a269007cdc?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2024/CVE-2024-113xx/CVE-2024-11371.json Normal file
View File

@ -0,0 +1,95 @@
{
"id": "CVE-2024-11371",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:26.653",
"lastModified": "2024-11-26T18:01:57.250",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Theater for WordPress para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 0.18.6.2 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slimndap:theater:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.18.7",
"matchCriteriaId": "947799E1-BEAB-4E05-9EA0-2DFBA8FA4DEE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/theatre/trunk/functions/wpt_productions_list_table.php#L332",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3193083%40theatre&new=3193083%40theatre&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65bf0897-4d90-41e7-89a3-69845ea54ce5?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-113xx/CVE-2024-11385.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2024-11385",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:26.943",
"lastModified": "2024-11-26T18:04:49.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circle_progress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Pure CSS Circle Progress bar para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'circle_progress' del complemento en todas las versiones hasta la 1.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shafayat:pure_css_circle_progress_bar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "92DDAEBB-AD5F-4272-9849-02C043E4DBB9"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/pure-css-circle-progress-bar/trunk/pure-css-circle-progress-bar.php#L19",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c098c975-3a9b-4b6c-81e7-c66ca9e3d09c?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-113xx/CVE-2024-11388.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2024-11388",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:27.240",
"lastModified": "2024-11-26T17:23:56.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dino Game \u2013 Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento The Dino Game \u2013 Embed Google Chrome Dinosaur Game in WordPress para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'dino-game' del complemento en todas las versiones hasta la 1.1.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tahmid-ul:dino_game:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "537241CA-A9E0-4962-8FC9-BAEEA72B5C60"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/dino-game/trunk/dino-game.php#L41",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1acc5f8-bd77-42e0-96d5-636039a533a1?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-114xx/CVE-2024-11407.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-11407",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-11-26T17:15:22.830",
"lastModified": "2024-11-26T17:15:22.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There exists a denial of service through Data corruption in gRPC-C++ -\u00a0gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u00a0e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "GREEN"
}
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-682"
}
]
}
],
"references": [
{
"url": "https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791",
"source": "cve-coordination@google.com"
}
]
}

40
CVE-2024/CVE-2024-117xx/CVE-2024-11706.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2024-11706",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-11-26T14:15:20.080",
"lastModified": "2024-11-26T14:15:20.080",
"lastModified": "2024-11-26T17:15:23.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923767",

51
CVE-2024/CVE-2024-292xx/CVE-2024-29220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29220",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-11T03:15:09.823",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-11-26T18:15:19.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ninja Forms anterior a 3.8.1 contiene una vulnerabilidad de cross-site scripting en campos personalizados para etiquetas. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN50361500/",
@ -28,6 +63,18 @@
{
"url": "https://wordpress.org/plugins/ninja-forms/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN50361500/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://ninjaforms.com/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://wordpress.org/plugins/ninja-forms/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

43
CVE-2024/CVE-2024-397xx/CVE-2024-39702.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39702",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-23T16:15:05.557",
"lastModified": "2024-07-24T12:55:13.223",
"lastModified": "2024-11-26T18:15:19.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": " En lj_str_hash.c en OpenResty 1.19.3.1 a 1.25.3.1, la funci\u00f3n hash de cadena (utilizada durante el internamiento de cadenas) permite ataques HashDoS (denegaci\u00f3n de servicio de hash). Un atacante podr\u00eda provocar un uso excesivo de recursos durante las operaciones de proxy a trav\u00e9s de solicitudes manipuladas, lo que podr\u00eda provocar una denegaci\u00f3n de servicio con relativamente pocas solicitudes entrantes. Esta vulnerabilidad solo existe en la bifurcaci\u00f3n OpenResty en el repositorio de GitHub openresty/luajit2. El repositorio LuaJIT/LuaJIT. no se ve afectado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-407"
}
]
}
],
"references": [
{
"url": "https://openresty.org/en/ann-1025003002.html",
"source": "cve@mitre.org"
},
{
"url": "https://openresty.org/en/ann-1025003002.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

28
CVE-2024/CVE-2024-472xx/CVE-2024-47248.json
View File

@ -2,15 +2,39 @@
"id": "CVE-2024-47248",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-26T12:15:19.007",
"lastModified": "2024-11-26T14:15:20.810",
"lastModified": "2024-11-26T17:15:24.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

28
CVE-2024/CVE-2024-472xx/CVE-2024-47249.json
View File

@ -2,15 +2,39 @@
"id": "CVE-2024-47249",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-26T12:15:19.123",
"lastModified": "2024-11-26T14:15:20.900",
"lastModified": "2024-11-26T17:15:24.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

28
CVE-2024/CVE-2024-472xx/CVE-2024-47250.json
View File

@ -2,15 +2,39 @@
"id": "CVE-2024-47250",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-26T12:15:19.230",
"lastModified": "2024-11-26T14:15:21.010",
"lastModified": "2024-11-26T17:15:24.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

41
CVE-2024/CVE-2024-482xx/CVE-2024-48288.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-48288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-21T18:15:10.193",
"lastModified": "2024-11-26T17:15:24.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend."
},
{
"lang": "es",
"value": "TP-Link TL-IPC42C V4.0_20211227_1.0.16 es vulnerable a la inyecci\u00f3n de comandos debido a la falta de verificaci\u00f3n de c\u00f3digo malicioso tanto en el frontend como en el backend."
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/Cisco_Linksys_E3000_rce.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/TP-Link_TL-IPC42C_RCE.md",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-510xx/CVE-2024-51058.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-51058",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-26T18:15:19.440",
"lastModified": "2024-11-26T18:15:19.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tecnickcom/TCPDF",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b",
"source": "cve@mitre.org"
}
]
}

40
CVE-2024/CVE-2024-510xx/CVE-2024-51072.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-51072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-22T16:15:33.603",
"lastModified": "2024-11-25T18:15:13.240",
"lastModified": "2024-11-26T18:15:19.603",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"references": [
{
"url": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/628b1550f0093f79380929074b6a5e6ca6f2d04b/CVE/Denial%20of%20Service%20via%20ECU%20Reset%20Service%20For%20KIA%20SELTOS%20CVE-2024-51072.md",

28
CVE-2024/CVE-2024-515xx/CVE-2024-51569.json
View File

@ -2,15 +2,39 @@
"id": "CVE-2024-51569",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-26T12:15:21.113",
"lastModified": "2024-11-26T14:15:21.343",
"lastModified": "2024-11-26T17:15:25.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

15
CVE-2024/CVE-2024-527xx/CVE-2024-52765.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-52765",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-20T21:15:08.783",
"lastModified": "2024-11-22T16:46:58.787",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-26T17:15:25.557",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -48,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

60
CVE-2024/CVE-2024-533xx/CVE-2024-53335.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53335",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-21T18:15:14.153",
"lastModified": "2024-11-26T18:15:19.850",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi."
},
{
"lang": "es",
"value": "TOTOLINK A810R V4.1.2cu.5182_B20201026 es vulnerable a un desbordamiento de b\u00fafer en downloadFlile.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/luckysmallbird/Totolink-A810R-Vulnerability-1/blob/main/2.md",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-533xx/CVE-2024-53365.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-26T17:15:26.123",
"lastModified": "2024-11-26T17:15:26.123",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field."
}
],
"metrics": {},
"references": [
{
"url": "http://phpgurukul.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/SCR-athif/CVE/tree/main/CVE-2024-53365",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-534xx/CVE-2024-53425.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53425",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-21T14:15:18.303",
"lastModified": "2024-11-26T18:15:20.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer de mont\u00f3n en la funci\u00f3n SkipSpacesAndLineEnd en Assimp v5.4.3. Este problema ocurre al procesar ciertos archivos de modelo MD5 malformados, lo que provoca una lectura fuera de los l\u00edmites y un posible bloqueo de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/assimp/assimp/issues/5860",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-534xx/CVE-2024-53426.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53426",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-21T14:15:18.527",
"lastModified": "2024-11-26T18:15:20.330",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de desbordamiento de b\u00fafer de mont\u00f3n en ntopng 6.2 en la funci\u00f3n Flow::dissectMDNS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/ntop/ntopng/issues/8793",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-535xx/CVE-2024-53555.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53555",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-26T17:15:26.300",
"lastModified": "2024-11-26T17:15:26.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1M4UjoTUqlPWLYjevCuE3WhdUqQkRj0-r/view?usp=drive_link",
"source": "cve@mitre.org"
},
{
"url": "https://gist.githubusercontent.com/Tommywarren/bb1287d17ac83f2e277c0dea798f6ff7/raw/e21132dbaf81e210c2e1cb5babfc4dcca9b2c0d8/CVE-2024-53555",
"source": "cve@mitre.org"
}
]
}

84
CVE-2024/CVE-2024-538xx/CVE-2024-53899.json
View File

@ -2,16 +2,41 @@
"id": "CVE-2024-53899",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T16:15:06.647",
"lastModified": "2024-11-24T19:15:05.010",
"vulnStatus": "Received",
"lastModified": "2024-11-26T18:23:09.517",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287."
},
{
"lang": "es",
"value": "Virtualenv anterior a la versi\u00f3n 20.26.6 permite la inyecci\u00f3n de comandos a trav\u00e9s de los scripts de activaci\u00f3n para un entorno virtual. Las cadenas de plantilla m\u00e1gica no se citan correctamente al reemplazarlas. NOTA: esto no es lo mismo que CVE-2024-9287."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -35,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -46,18 +81,45 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/pypa/virtualenv/issues/2768",
"source": "cve@mitre.org"
},
"nodes": [
{
"url": "https://github.com/pypa/virtualenv/pull/2771",
"source": "cve@mitre.org"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://github.com/pypa/virtualenv/releases/tag/20.26.6",
"source": "cve@mitre.org"
"vulnerable": true,
"criteria": "cpe:2.3:a:virtualenv:virtualenv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.26.6",
"matchCriteriaId": "CF06C282-558B-4BD3-9260-61E491A730EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pypa/virtualenv/issues/2768",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/pypa/virtualenv/pull/2771",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pypa/virtualenv/releases/tag/20.26.6",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

102
CVE-2024/CVE-2024-97xx/CVE-2024-9768.json Normal file
View File

@ -0,0 +1,102 @@
{
"id": "CVE-2024-9768",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-21T11:15:37.987",
"lastModified": "2024-11-26T17:14:14.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Formidable Forms para WordPress anterior a la versi\u00f3n 6.14.1 no desinfecta ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "6.14.1",
"matchCriteriaId": "44DE8E54-14AC-42D0-B0C4-8525E3D8C3A9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3c4ff11b-4a06-433d-8f0e-4069865721c0/",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-26T17:03:16.821292+00:00
2024-11-26T19:01:14.497043+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-26T16:56:25.790000+00:00
2024-11-26T18:29:05.820000+00:00
```
### Last Data Feed Release
@ -33,48 +33,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
271413
271433
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `20`
- [CVE-2024-22117](CVE-2024/CVE-2024-221xx/CVE-2024-22117.json) (`2024-11-26T15:15:31.510`)
- [CVE-2024-36463](CVE-2024/CVE-2024-364xx/CVE-2024-36463.json) (`2024-11-26T15:15:31.827`)
- [CVE-2024-52336](CVE-2024/CVE-2024-523xx/CVE-2024-52336.json) (`2024-11-26T16:15:17.093`)
- [CVE-2024-52337](CVE-2024/CVE-2024-523xx/CVE-2024-52337.json) (`2024-11-26T16:15:17.717`)
- [CVE-2024-10878](CVE-2024/CVE-2024-108xx/CVE-2024-10878.json) (`2024-11-26T18:15:18.827`)
- [CVE-2024-11177](CVE-2024/CVE-2024-111xx/CVE-2024-11177.json) (`2024-11-26T17:15:22.473`)
- [CVE-2024-11320](CVE-2024/CVE-2024-113xx/CVE-2024-11320.json) (`2024-11-21T11:15:24.387`)
- [CVE-2024-11334](CVE-2024/CVE-2024-113xx/CVE-2024-11334.json) (`2024-11-21T11:15:24.947`)
- [CVE-2024-11354](CVE-2024/CVE-2024-113xx/CVE-2024-11354.json) (`2024-11-21T11:15:25.277`)
- [CVE-2024-11360](CVE-2024/CVE-2024-113xx/CVE-2024-11360.json) (`2024-11-21T11:15:25.663`)
- [CVE-2024-11365](CVE-2024/CVE-2024-113xx/CVE-2024-11365.json) (`2024-11-21T11:15:26.047`)
- [CVE-2024-11370](CVE-2024/CVE-2024-113xx/CVE-2024-11370.json) (`2024-11-21T11:15:26.340`)
- [CVE-2024-11371](CVE-2024/CVE-2024-113xx/CVE-2024-11371.json) (`2024-11-21T11:15:26.653`)
- [CVE-2024-11385](CVE-2024/CVE-2024-113xx/CVE-2024-11385.json) (`2024-11-21T11:15:26.943`)
- [CVE-2024-11388](CVE-2024/CVE-2024-113xx/CVE-2024-11388.json) (`2024-11-21T11:15:27.240`)
- [CVE-2024-11407](CVE-2024/CVE-2024-114xx/CVE-2024-11407.json) (`2024-11-26T17:15:22.830`)
- [CVE-2024-48288](CVE-2024/CVE-2024-482xx/CVE-2024-48288.json) (`2024-11-21T18:15:10.193`)
- [CVE-2024-51058](CVE-2024/CVE-2024-510xx/CVE-2024-51058.json) (`2024-11-26T18:15:19.440`)
- [CVE-2024-53335](CVE-2024/CVE-2024-533xx/CVE-2024-53335.json) (`2024-11-21T18:15:14.153`)
- [CVE-2024-53365](CVE-2024/CVE-2024-533xx/CVE-2024-53365.json) (`2024-11-26T17:15:26.123`)
- [CVE-2024-53425](CVE-2024/CVE-2024-534xx/CVE-2024-53425.json) (`2024-11-21T14:15:18.303`)
- [CVE-2024-53426](CVE-2024/CVE-2024-534xx/CVE-2024-53426.json) (`2024-11-21T14:15:18.527`)
- [CVE-2024-53555](CVE-2024/CVE-2024-535xx/CVE-2024-53555.json) (`2024-11-26T17:15:26.300`)
- [CVE-2024-9768](CVE-2024/CVE-2024-97xx/CVE-2024-9768.json) (`2024-11-21T11:15:37.987`)
### CVEs modified in the last Commit
Recently modified CVEs: `217`
Recently modified CVEs: `17`
- [CVE-2024-35678](CVE-2024/CVE-2024-356xx/CVE-2024-35678.json) (`2024-11-26T16:04:49.837`)
- [CVE-2024-38831](CVE-2024/CVE-2024-388xx/CVE-2024-38831.json) (`2024-11-26T15:15:31.957`)
- [CVE-2024-45755](CVE-2024/CVE-2024-457xx/CVE-2024-45755.json) (`2024-11-26T16:15:15.597`)
- [CVE-2024-47854](CVE-2024/CVE-2024-478xx/CVE-2024-47854.json) (`2024-11-26T16:15:15.850`)
- [CVE-2024-48986](CVE-2024/CVE-2024-489xx/CVE-2024-48986.json) (`2024-11-26T16:15:16.217`)
- [CVE-2024-52550](CVE-2024/CVE-2024-525xx/CVE-2024-52550.json) (`2024-11-26T15:15:34.650`)
- [CVE-2024-53554](CVE-2024/CVE-2024-535xx/CVE-2024-53554.json) (`2024-11-26T16:15:18.520`)
- [CVE-2024-53909](CVE-2024/CVE-2024-539xx/CVE-2024-53909.json) (`2024-11-26T16:15:19.210`)
- [CVE-2024-53910](CVE-2024/CVE-2024-539xx/CVE-2024-53910.json) (`2024-11-26T16:15:19.597`)
- [CVE-2024-53911](CVE-2024/CVE-2024-539xx/CVE-2024-53911.json) (`2024-11-26T16:15:19.800`)
- [CVE-2024-53912](CVE-2024/CVE-2024-539xx/CVE-2024-53912.json) (`2024-11-26T16:15:20.273`)
- [CVE-2024-53913](CVE-2024/CVE-2024-539xx/CVE-2024-53913.json) (`2024-11-26T16:15:20.480`)
- [CVE-2024-53914](CVE-2024/CVE-2024-539xx/CVE-2024-53914.json) (`2024-11-26T16:15:20.700`)
- [CVE-2024-53915](CVE-2024/CVE-2024-539xx/CVE-2024-53915.json) (`2024-11-26T16:15:20.943`)
- [CVE-2024-53930](CVE-2024/CVE-2024-539xx/CVE-2024-53930.json) (`2024-11-26T16:15:21.150`)
- [CVE-2024-53976](CVE-2024/CVE-2024-539xx/CVE-2024-53976.json) (`2024-11-26T16:15:21.430`)
- [CVE-2024-5960](CVE-2024/CVE-2024-59xx/CVE-2024-5960.json) (`2024-11-26T15:15:34.893`)
- [CVE-2024-6640](CVE-2024/CVE-2024-66xx/CVE-2024-6640.json) (`2024-11-26T15:15:35.053`)
- [CVE-2024-6972](CVE-2024/CVE-2024-69xx/CVE-2024-6972.json) (`2024-11-26T16:15:23.297`)
- [CVE-2024-7241](CVE-2024/CVE-2024-72xx/CVE-2024-7241.json) (`2024-11-26T15:08:51.357`)
- [CVE-2024-7243](CVE-2024/CVE-2024-72xx/CVE-2024-7243.json) (`2024-11-26T15:04:44.320`)
- [CVE-2024-7244](CVE-2024/CVE-2024-72xx/CVE-2024-7244.json) (`2024-11-26T15:05:19.570`)
- [CVE-2024-7245](CVE-2024/CVE-2024-72xx/CVE-2024-7245.json) (`2024-11-26T15:06:24.367`)
- [CVE-2024-9766](CVE-2024/CVE-2024-97xx/CVE-2024-9766.json) (`2024-11-26T15:10:00.193`)
- [CVE-2024-9929](CVE-2024/CVE-2024-99xx/CVE-2024-9929.json) (`2024-11-26T15:15:35.497`)
- [CVE-2020-10367](CVE-2020/CVE-2020-103xx/CVE-2020-10367.json) (`2024-11-26T18:15:17.033`)
- [CVE-2020-10368](CVE-2020/CVE-2020-103xx/CVE-2020-10368.json) (`2024-11-26T18:15:17.463`)
- [CVE-2020-10369](CVE-2020/CVE-2020-103xx/CVE-2020-10369.json) (`2024-11-26T18:15:17.697`)
- [CVE-2021-27704](CVE-2021/CVE-2021-277xx/CVE-2021-27704.json) (`2024-11-26T18:15:17.960`)
- [CVE-2023-37305](CVE-2023/CVE-2023-373xx/CVE-2023-37305.json) (`2024-11-26T17:15:19.303`)
- [CVE-2024-11233](CVE-2024/CVE-2024-112xx/CVE-2024-11233.json) (`2024-11-26T18:26:37.783`)
- [CVE-2024-11236](CVE-2024/CVE-2024-112xx/CVE-2024-11236.json) (`2024-11-26T18:29:05.820`)
- [CVE-2024-11706](CVE-2024/CVE-2024-117xx/CVE-2024-11706.json) (`2024-11-26T17:15:23.010`)
- [CVE-2024-29220](CVE-2024/CVE-2024-292xx/CVE-2024-29220.json) (`2024-11-26T18:15:19.007`)
- [CVE-2024-39702](CVE-2024/CVE-2024-397xx/CVE-2024-39702.json) (`2024-11-26T18:15:19.193`)
- [CVE-2024-47248](CVE-2024/CVE-2024-472xx/CVE-2024-47248.json) (`2024-11-26T17:15:24.027`)
- [CVE-2024-47249](CVE-2024/CVE-2024-472xx/CVE-2024-47249.json) (`2024-11-26T17:15:24.223`)
- [CVE-2024-47250](CVE-2024/CVE-2024-472xx/CVE-2024-47250.json) (`2024-11-26T17:15:24.420`)
- [CVE-2024-51072](CVE-2024/CVE-2024-510xx/CVE-2024-51072.json) (`2024-11-26T18:15:19.603`)
- [CVE-2024-51569](CVE-2024/CVE-2024-515xx/CVE-2024-51569.json) (`2024-11-26T17:15:25.053`)
- [CVE-2024-52765](CVE-2024/CVE-2024-527xx/CVE-2024-52765.json) (`2024-11-26T17:15:25.557`)
- [CVE-2024-53899](CVE-2024/CVE-2024-538xx/CVE-2024-53899.json) (`2024-11-26T18:23:09.517`)
## Download and Usage

496
_state.csv
View File

File diff suppressed because it is too large Load Diff