diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11896.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11896.json new file mode 100644 index 00000000000..467fcc7bf2e --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11896.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11896", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T09:15:05.663", + "lastModified": "2024-12-24T09:15:05.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Text Prompter \u2013 Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3212197%40ai-content&new=3212197%40ai-content&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/165f988d-ec6d-44f7-8884-23aedc2fcb08?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12031.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12031.json new file mode 100644 index 00000000000..d3cf4d935f8 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12031.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12031", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T10:15:05.580", + "lastModified": "2024-12-24T10:15:05.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/advanced-floating-content/9945856", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/927076bc-bafa-43d6-bf3b-5861844c932a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12103.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12103.json new file mode 100644 index 00000000000..25f446994a9 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12103.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12103", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T10:15:05.820", + "lastModified": "2024-12-24T10:15:05.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3211815/content-no-cache/trunk/inc/eos-dyn-ajax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90c6fd67-2140-4835-98d0-cfd1af95ac4c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12468.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12468.json new file mode 100644 index 00000000000..f310693e865 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12468.json @@ -0,0 +1,120 @@ +{ + "id": "CVE-2024-12468", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T09:15:06.227", + "lastModified": "2024-12-24T09:15:06.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L267", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L271", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L359", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L361", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L377", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L401", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L402", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L408", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L409", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L415", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L416", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L423", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L552", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-datepicker/tags/2.1.3/inc/wpdp_settings.php#L553", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210616%40wp-datepicker&new=3210616%40wp-datepicker&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3212312%40wp-datepicker&new=3212312%40wp-datepicker&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6b61731-ded2-4ac1-83f6-686daf92441e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12850.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12850.json new file mode 100644 index 00000000000..f3b34b86541 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12850.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12850", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T10:15:06.033", + "lastModified": "2024-12-24T10:15:06.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "http://plugins.svn.wordpress.org/database-backup/tags/2.32/functions/download.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3212315/database-backup/trunk/functions/download.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b972626c-6374-4084-a0e1-1ea4a3062228?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12881.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12881.json new file mode 100644 index 00000000000..283f684a932 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12881.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12881", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T10:15:06.240", + "lastModified": "2024-12-24T10:15:06.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PlugVersions \u2013 Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3211805%40plugversions&new=3211805%40plugversions&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb06c43c-bf8c-412b-8b1d-fee004d728d2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53240.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53240.json new file mode 100644 index 00000000000..c536a8a02a4 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53240.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-53240", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-12-24T10:15:06.460", + "lastModified": "2024-12-24T10:15:06.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: fix crash when removing device\n\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\n\nFix that by checking the queues are existing before trying to stop\nthem.\n\nThis is XSA-465 / CVE-2024-53240." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "http://xenbits.xen.org/xsa/advisory-465.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53241.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53241.json new file mode 100644 index 00000000000..7e01dcfa168 --- /dev/null +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53241.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2024-53241", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-12-24T10:15:06.640", + "lastModified": "2024-12-24T10:15:06.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: don't do PV iret hypercall through hypercall page\n\nInstead of jumping to the Xen hypercall page for doing the iret\nhypercall, directly code the required sequence in xen-asm.S.\n\nThis is done in preparation of no longer using hypercall page at all,\nas it has shown to cause problems with speculation mitigations.\n\nThis is part of XSA-466 / CVE-2024-53241." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82c211ead1ec440dbf81727e17b03b5e3c44b93d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7b4cfa6213a44fa48714186dfdf125072d036e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7c3fdad0a474062d566aae3289d490d7e702d30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa719857f613fed94a79da055b13ca51214c694f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/12/17/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/12/23/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://xenbits.xen.org/xsa/advisory-466.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8721.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8721.json new file mode 100644 index 00000000000..d8dc5f8043c --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8721.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8721", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-24T10:15:06.803", + "lastModified": "2024-12-24T10:15:06.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3211908%40tracking-code-manager&new=3211908%40tracking-code-manager&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/443d2e80-31db-40ac-9c35-88eec841ebba?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6d1f2d77115..ef30d76ff5c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-24T09:00:21.725100+00:00 +2024-12-24T11:00:19.342154+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-24T07:15:10.800000+00:00 +2024-12-24T10:15:06.803000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274608 +274617 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `9` -- [CVE-2024-12814](CVE-2024/CVE-2024-128xx/CVE-2024-12814.json) (`2024-12-24T07:15:10.800`) +- [CVE-2024-11896](CVE-2024/CVE-2024-118xx/CVE-2024-11896.json) (`2024-12-24T09:15:05.663`) +- [CVE-2024-12031](CVE-2024/CVE-2024-120xx/CVE-2024-12031.json) (`2024-12-24T10:15:05.580`) +- [CVE-2024-12103](CVE-2024/CVE-2024-121xx/CVE-2024-12103.json) (`2024-12-24T10:15:05.820`) +- [CVE-2024-12468](CVE-2024/CVE-2024-124xx/CVE-2024-12468.json) (`2024-12-24T09:15:06.227`) +- [CVE-2024-12850](CVE-2024/CVE-2024-128xx/CVE-2024-12850.json) (`2024-12-24T10:15:06.033`) +- [CVE-2024-12881](CVE-2024/CVE-2024-128xx/CVE-2024-12881.json) (`2024-12-24T10:15:06.240`) +- [CVE-2024-53240](CVE-2024/CVE-2024-532xx/CVE-2024-53240.json) (`2024-12-24T10:15:06.460`) +- [CVE-2024-53241](CVE-2024/CVE-2024-532xx/CVE-2024-53241.json) (`2024-12-24T10:15:06.640`) +- [CVE-2024-8721](CVE-2024/CVE-2024-87xx/CVE-2024-8721.json) (`2024-12-24T10:15:06.803`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 16dcd716524..09aa1e8f3c9 100644 --- a/_state.csv +++ b/_state.csv @@ -244602,6 +244602,7 @@ CVE-2024-1189,0,0,3e2c1a3fc9f24eb6eaedd5adba4b6f521645b93b8971a5e9477fe83a4ee5ef CVE-2024-11891,0,0,f8a38032fa61b45ae7f4fd61d15412795ca770178ff882a3a6fac619a51ce045,2024-12-12T05:15:10.670000 CVE-2024-11893,0,0,c62163c48ee35e299b71936d209d9441db563d33661eb5d071dc1058fa6edb4a,2024-12-20T07:15:11.747000 CVE-2024-11894,0,0,9e31b28fa56a41e12b82fdf98576d9a13777f5eed7b6c3fc1f71a85af109ef81,2024-12-14T05:15:10.227000 +CVE-2024-11896,1,1,b7887a35718982d9a40b48d94a29d98d396924c0396da321ff55af82e411bc5b,2024-12-24T09:15:05.663000 CVE-2024-11897,0,0,63c2369fafd5da048dd57864988be95602290ce10df0f51d423ab54c866c15e0,2024-12-04T03:15:05.380000 CVE-2024-11898,0,0,e843212abf00805a20f8b4b65b36c01f75cc2096cf65f2d0e7899f11eb517a82,2024-12-03T08:15:06.857000 CVE-2024-1190,0,0,234a49a5e7705658abf0b6e88d111180ae34b962c9b1fcba39bd09bd939fee39,2024-11-21T08:49:59.993000 @@ -244694,6 +244695,7 @@ CVE-2024-12026,0,0,cbdee4f4d341b218f2a9910c9db7c968e1470cd32e93684865d3bd2934d62 CVE-2024-12027,0,0,37ec4b44c0b83690aba6eca2d38a4a49f2c2ce6081a618c323d63a584206d2b7,2024-12-06T09:15:07.803000 CVE-2024-12028,0,0,1e73c6e2445828811f3920b16dca38e7a1768853994affcbd716568d4e1eb5f0,2024-12-06T09:15:07.957000 CVE-2024-1203,0,0,d1f896c2674b7d8b8ac7ccf181e7d9a7e598afaaabec693045eb0f85d52368c5,2024-11-21T08:50:01.913000 +CVE-2024-12031,1,1,cfc6f1023abe47e6b5b2864c3b0c4a867844e306a2754ed2113fa3de55e88299,2024-12-24T10:15:05.580000 CVE-2024-12034,0,0,4c2e300bb226d14953e4b3dc5ae8d49de8b4d5f0a3f05cacf826cb6e7c67368a,2024-12-24T06:15:32.553000 CVE-2024-1204,0,0,52c83c0f4289636bc1afd18cb37875b782729e90167239cc1a53f532e5633e12,2024-11-21T08:50:02.033000 CVE-2024-12040,0,0,82ff661fdb988bbdc555297e0b0d4a5a42a6c3fde3cb51373bdf40b4e4dd0633,2024-12-12T06:15:22.947000 @@ -244724,6 +244726,7 @@ CVE-2024-12099,0,0,82c97da21165b875b9d77b9a11ed031ee03fad8a14b90d2e80c74afeac6e2 CVE-2024-1210,0,0,f5a9389cac94cbfcfa3f0d961d1ea27115bf7afa331ce2988db15dbaf2efdf76,2024-11-21T08:50:02.867000 CVE-2024-12100,0,0,d36c08f92a239c009a6ddf35a16924f2d7f8840cc80d6bb06a52ecf54ad1016c,2024-12-24T06:15:32.830000 CVE-2024-12101,0,0,cf6330eb409e982923b4b0b78cc8d64ad396889b9513f5530cedf911c9fe2802,2024-12-03T16:15:20.910000 +CVE-2024-12103,1,1,7561088b40e256189107665db0468ce1a8ba4eda11aa4136609659635e96e605,2024-12-24T10:15:05.820000 CVE-2024-12107,0,0,7da8659dc821ee4f071df4b42d3ae5a3881cc2b8cc55779739dc797df4a302eb,2024-12-04T11:15:05 CVE-2024-12110,0,0,f266935beaa447960f1dea8d3421db64eefadfd0613c53fd8d2543de02327a47,2024-12-06T09:15:08.270000 CVE-2024-12111,0,0,249e2997ccf6c657e0ff5b6a4af4a93a49c070bbbe4a87b0550980bf4bf876ac,2024-12-19T20:15:06.950000 @@ -244906,6 +244909,7 @@ CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f4735 CVE-2024-12461,0,0,f7bab5c2b1e2764e06dde5d0575615b7d6c222c7cf9c0439423d8ffeaa327299,2024-12-12T04:15:07.820000 CVE-2024-12463,0,0,bf2ad951357546047d42b0aefb8a66347583691f5449e603983c94f9bac4eadf,2024-12-12T05:15:13.197000 CVE-2024-12465,0,0,71cf8d099f9bc4306dd9d21cf13805ebee4cfad62908f99a6e3f6ef7ca285117,2024-12-13T09:15:09.060000 +CVE-2024-12468,1,1,f44759d48f32f2ec884919fb05a719abebdbd17e88657464a7f13dce61bb97cf,2024-12-24T09:15:06.227000 CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab750,2024-12-17T10:15:05.997000 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000 CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000 @@ -245055,7 +245059,7 @@ CVE-2024-12793,0,0,97d9131d098644659f23181d66d47e7e6dbb68d01bb35f81f57c3f799fcda CVE-2024-12794,0,0,7ce119cb2594b37b67bf03bd424cdd71bab5c365d2a84fc8a23f80580b183e55,2024-12-19T18:15:09.963000 CVE-2024-12798,0,0,c8def76f215ec6fb002633259b33b357709ad5c7678c4c528001fd9739793735,2024-12-19T16:15:07.557000 CVE-2024-12801,0,0,fd1b88fb10648d972dfbc67ed0f031573b2e2fad387f00b578f8f78c65621d3a,2024-12-19T17:15:08.930000 -CVE-2024-12814,1,1,2479fadc597e238fa3ed6952823a6cd19d27347246e92b32fb925f8152312e93,2024-12-24T07:15:10.800000 +CVE-2024-12814,0,0,2479fadc597e238fa3ed6952823a6cd19d27347246e92b32fb925f8152312e93,2024-12-24T07:15:10.800000 CVE-2024-1282,0,0,e6b07825f0f3597687613e3a6164d0e157f6f527c33c61eb8d90ec07193bdec2,2024-11-21T08:50:13.520000 CVE-2024-12829,0,0,cfc0ae23942488fe83c38a8d7edcc4b6ac27b31a864a52e933a2b181e9de0537,2024-12-20T01:15:05.737000 CVE-2024-1283,0,0,b1c9571efecc70819ed9018aef1b79e079809dddea59c76e732d84247ac1db52,2024-11-21T08:50:13.640000 @@ -245071,11 +245075,13 @@ CVE-2024-12844,0,0,6d8ec288c31d3bbe3b33ef2f9ad3792a8943c952d5f308d34593c00a3e1c4 CVE-2024-12845,0,0,4291254c308b66e0c715e21bc18b77504015cd917159726af921dfd1ff44e590,2024-12-20T22:15:24.727000 CVE-2024-12846,0,0,9690583a4102b053af9756b9270b8bc42327f0664ded7d993b4ca2544e24e5cb,2024-12-21T05:15:07.373000 CVE-2024-1285,0,0,f377c2065ba4ae04295fe1855da43b832210575f04c4c7725642d3c9965142c4,2024-11-21T08:50:13.903000 +CVE-2024-12850,1,1,337106ad10d501f734e3bf88bd4810b6de5d19df8b985806eb036bbc69e4e77c,2024-12-24T10:15:06.033000 CVE-2024-1286,0,0,3a37afba636befcbf537a255eb60a76fe80040636283609c3669d2692aee914a,2024-11-21T08:50:14.037000 CVE-2024-12867,0,0,01e49ed64d6e9cd55a7b69c5d48fb82a0f55b6ea873444ea934a92cdc9c1bea1,2024-12-20T20:15:22.740000 CVE-2024-1287,0,0,86cfcf8ed68830eef8991c1cc47e2012e7e4c97ca8a27598ab8fa2741ba6d8b0,2024-11-21T08:50:14.227000 CVE-2024-12875,0,0,ee4bf98b78016953207e90ab1c1e1367a08d0d85e025d7e25b88e0372fa04581,2024-12-21T12:15:20.910000 CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884fd8,2024-11-21T08:50:14.440000 +CVE-2024-12881,1,1,8633172ceaa02153cd8321289b54fef40b2b6ded85b3f87c287abe9a2a317719,2024-12-24T10:15:06.240000 CVE-2024-12883,0,0,0aa6b94784eb025896882814202fa04e9e4a7816349ae85e5172dbeb18285a66,2024-12-21T13:15:05.613000 CVE-2024-12884,0,0,543f1871079a56956cadcd381356178e485931e988c0c8b4f5476339a04576ed,2024-12-21T14:15:21.063000 CVE-2024-1289,0,0,e65e8e4dfe8200c9b56fed0852a43d923fc5ad73370ce2516cb730a4df84b5f1,2024-11-21T08:50:14.563000 @@ -269717,6 +269723,8 @@ CVE-2024-5318,0,0,87e97b53a33051fc1fa3c078212ad6afb68bf37151bd321e62e233d7b29897 CVE-2024-5321,0,0,0f218b8b6fcc3fc0b4ccef7040ede5ee801dc8e00258e6450bd3f123b6e73ca4,2024-11-21T09:47:25.283000 CVE-2024-5322,0,0,6e9032fa3deabc9be71dae1989b7f0a781e1608a9b8c8f048902e90e4caef6d4,2024-11-21T09:47:25.413000 CVE-2024-5324,0,0,616d1ba80af339308061f2c79fb4da68886ab2b91b97eb35403d14df6efb4acc,2024-11-21T09:47:25.537000 +CVE-2024-53240,1,1,e69ff2fdc28ca3622d0897f90e8abc77194686814995361bc6e5824ed60d497d,2024-12-24T10:15:06.460000 +CVE-2024-53241,1,1,a002e355ac961e14d0fd6f099edd2f8bca3b3ff394530055699c10d0b25dc065,2024-12-24T10:15:06.640000 CVE-2024-53242,0,0,bfcd83cfb5068348e4b0b254067e4992bd35af5c9120fcbf4b785e99c4fb6a44,2024-12-10T14:30:46.700000 CVE-2024-53243,0,0,0055f373ee76668c96d6bfcf8a6f00835a4bd98d186934410e0656653ee7c808,2024-12-10T18:15:41.093000 CVE-2024-53244,0,0,314d52ddee68b7d194db67c48301dcf21a10bd6aaea8b99e26bb6f18d015b1d7,2024-12-10T18:15:41.243000 @@ -273580,6 +273588,7 @@ CVE-2024-8717,0,0,f1a9ff442a5f6813151f0b37448a691be71bf0f8a43db898abd4d0bbf67fe8 CVE-2024-8718,0,0,08f9f7324fe1750583259b3c93648593ad90bf879a6e322b24780fec64fd4610,2024-10-04T13:51:25.567000 CVE-2024-8719,0,0,f09775703ce33efd1a382062d7fd99b2a3df4a10d5639e789be4bdf90386ec17,2024-10-18T12:53:04.627000 CVE-2024-8720,0,0,a92271303c4f165ef6918751e334ec6c2a5d2eedb6ef1b6e7529ea9a9bccddee,2024-10-04T13:51:25.567000 +CVE-2024-8721,1,1,dd39c17641552ccfa4fc9e3c5b59a14dfb4e4fa6da94c7f7ac4b55066666a2ab,2024-12-24T10:15:06.803000 CVE-2024-8723,0,0,83a844d582685fdefc602bc8b434e71b492fde6813a7ae6c416922e3445759df,2024-10-02T17:00:23.603000 CVE-2024-8724,0,0,79eb3fc36e2ade01b1d81ee061bd0ccc9d41db170377c76707443e9b9b4c1829,2024-09-27T15:56:00.073000 CVE-2024-8725,0,0,46dd31707149bc30a113fe6e731b5768bd17b167e63d858b2e790e78d82762b2,2024-10-01T14:16:42.727000