From 6f585fbe02071abd63cee358dcc21fc6ff235c63 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 28 Nov 2024 11:06:09 +0000 Subject: [PATCH] Auto-Update: 2024-11-28T11:02:56.670902+00:00 --- CVE-2024/CVE-2024-106xx/CVE-2024-10670.json | 60 ++++++++++++ CVE-2024/CVE-2024-107xx/CVE-2024-10780.json | 60 ++++++++++++ CVE-2024/CVE-2024-107xx/CVE-2024-10798.json | 60 ++++++++++++ CVE-2024/CVE-2024-110xx/CVE-2024-11082.json | 72 ++++++++++++++ CVE-2024/CVE-2024-111xx/CVE-2024-11103.json | 68 +++++++++++++ CVE-2024/CVE-2024-112xx/CVE-2024-11203.json | 68 +++++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11333.json | 60 ++++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11366.json | 72 ++++++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11431.json | 68 +++++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11458.json | 68 +++++++++++++ CVE-2024/CVE-2024-115xx/CVE-2024-11599.json | 56 +++++++++++ CVE-2024/CVE-2024-116xx/CVE-2024-11684.json | 64 +++++++++++++ CVE-2024/CVE-2024-116xx/CVE-2024-11685.json | 60 ++++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11761.json | 60 ++++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11786.json | 64 +++++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11788.json | 64 +++++++++++++ CVE-2024/CVE-2024-220xx/CVE-2024-22037.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-220xx/CVE-2024-22038.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-495xx/CVE-2024-49502.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-495xx/CVE-2024-49503.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-522xx/CVE-2024-52283.json | 56 +++++++++++ CVE-2024/CVE-2024-80xx/CVE-2024-8066.json | 64 +++++++++++++ CVE-2024/CVE-2024-86xx/CVE-2024-8672.json | 72 ++++++++++++++ CVE-2024/CVE-2024-96xx/CVE-2024-9669.json | 72 ++++++++++++++ README.md | 39 ++++++-- _state.csv | 34 ++++++- 26 files changed, 1746 insertions(+), 15 deletions(-) create mode 100644 CVE-2024/CVE-2024-106xx/CVE-2024-10670.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10780.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10798.json create mode 100644 CVE-2024/CVE-2024-110xx/CVE-2024-11082.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11103.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11203.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11333.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11366.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11431.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11458.json create mode 100644 CVE-2024/CVE-2024-115xx/CVE-2024-11599.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11684.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11685.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11761.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11786.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11788.json create mode 100644 CVE-2024/CVE-2024-220xx/CVE-2024-22037.json create mode 100644 CVE-2024/CVE-2024-220xx/CVE-2024-22038.json create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49502.json create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49503.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52283.json create mode 100644 CVE-2024/CVE-2024-80xx/CVE-2024-8066.json create mode 100644 CVE-2024/CVE-2024-86xx/CVE-2024-8672.json create mode 100644 CVE-2024/CVE-2024-96xx/CVE-2024-9669.json diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10670.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10670.json new file mode 100644 index 00000000000..a07c437b824 --- /dev/null +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10670.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10670", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:04.987", + "lastModified": "2024-11-28T10:15:04.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197298%40primary-addon-for-elementor&new=3197298%40primary-addon-for-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/636bd8ce-4737-4117-9581-42c7dcb3ad22?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10780.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10780.json new file mode 100644 index 00000000000..18469619e68 --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10780.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10780", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:05.280", + "lastModified": "2024-11-28T10:15:05.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197286%40restaurant-cafe-addon-for-elementor&new=3197286%40restaurant-cafe-addon-for-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c29cbd-6c39-4a54-a2a2-bc4c8feeeb70?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10798.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10798.json new file mode 100644 index 00000000000..e57b2b25fee --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10798.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10798", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:05.673", + "lastModified": "2024-11-28T10:15:05.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3195352/royal-elementor-addons/tags/1.7.1004/admin/includes/wpr-templates-shortcode.php?old=3193132&old_path=royal-elementor-addons%2Ftags%2F1.7.1003%2Fadmin%2Fincludes%2Fwpr-templates-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7ef5a0-f6c8-41e1-bb3b-119a682be69f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11082.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11082.json new file mode 100644 index 00000000000..9d9b038b715 --- /dev/null +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11082.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-11082", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:05.973", + "lastModified": "2024-11-28T10:15:05.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tumult/hype-wordpress-plugin/commit/1702d3d4fd0fae9cb9fc40cdfc3dfb8584d5f04c", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/tumult-hype-animations/trunk/includes/adminpanel.php#L277", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3197761/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/tumult-hype-animations/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be3a0b4b-cce5-4d78-99d5-697f2cf04427?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11103.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11103.json new file mode 100644 index 00000000000..e075c201ce5 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11103.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11103", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:06.197", + "lastModified": "2024-11-28T10:15:06.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php#L31", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-password-reset.php#L88", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3196011/contest-gallery/tags/24.0.8/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php?old=3190068&old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11203.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11203.json new file mode 100644 index 00000000000..527d1a946a7 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11203.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11203", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.007", + "lastModified": "2024-11-28T09:15:04.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/WPDevelopers/embedpress/blob/a6aa3339d9dc69ab6f9338ded073e5709173c2d4/EmbedPress/Shortcode.php#L240", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/WPDevelopers/embedpress/blob/a6aa3339d9dc69ab6f9338ded073e5709173c2d4/vendor/wpdevelopers/embera/src/Embera/ProviderCollection/ProviderCollectionAdapter.php#L173", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3196371/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/167dedfa-36cc-4b01-8ea4-8eda8742953c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11333.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11333.json new file mode 100644 index 00000000000..55609fa744e --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11333.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11333", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.170", + "lastModified": "2024-11-28T09:15:04.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3197684/hls-player/tags/1.0.11/hls-player.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/808695a2-4d34-4b43-88a6-7da788100f2e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11366.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11366.json new file mode 100644 index 00000000000..8ca97fe3443 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11366.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-11366", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.313", + "lastModified": "2024-11-28T09:15:04.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/seo-landing-page-generator/trunk/admin/class-issslpg-admin-location-settings-page.php#L185", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/seo-landing-page-generator/trunk/admin/class-issslpg-admin-location-settings-page.php#L330", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/seo-landing-page-generator/trunk/admin/class-issslpg-admin-location-settings-page.php#L433", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197642%40seo-landing-page-generator&new=3197642%40seo-landing-page-generator&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99dcb6c4-b9c6-4d3d-942f-b3877cc3efa7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11431.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11431.json new file mode 100644 index 00000000000..9f9820ef4d3 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11431.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11431", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.470", + "lastModified": "2024-11-28T09:15:04.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ragic-shortcode/trunk/ragic.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3194610%40ragic-shortcode&new=3194610%40ragic-shortcode&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/ragic-shortcode/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4afa0148-ad08-493d-9642-0edbde5e8349?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11458.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11458.json new file mode 100644 index 00000000000..d42244305b7 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11458.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11458", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.640", + "lastModified": "2024-11-28T09:15:04.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/faq-builder-ays/tags/1.7.0/admin/partials/faq-builder-ays-admin-actions.php#L281", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/faq-builder-ays/tags/1.7.1/admin/partials/faq-builder-ays-admin-actions.php#L281", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/faq-builder-ays/tags/1.7.2/admin/partials/faq-builder-ays-admin-actions.php#L281", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c509345b-441f-474d-ad3a-720801859f86?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11599.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11599.json new file mode 100644 index 00000000000..6b68becb9f1 --- /dev/null +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11599.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11599", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2024-11-28T10:15:06.657", + "lastModified": "2024-11-28T10:15:06.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11684.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11684.json new file mode 100644 index 00000000000..05ef72b5d99 --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11684.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11684", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.793", + "lastModified": "2024-11-28T09:15:04.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Kudos Donations \u2013 Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3197315/kudos-donations/tags/3.3.0/app/View/kudos-admin-subscriptions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-subscriptions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3197315/kudos-donations/tags/3.3.0/app/View/kudos-admin-transactions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-transactions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f281c9a5-1663-4dca-968f-685d933f99b1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11685.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11685.json new file mode 100644 index 00000000000..d6615998d3d --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11685.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11685", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:04.950", + "lastModified": "2024-11-28T09:15:04.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The `Kudos Donations \u2013 Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3197315/kudos-donations/tags/3.3.0/app/Controller/Table/TransactionsTable.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FController%2FTable%2FTransactionsTable.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b02b5ea6-e112-4255-833c-87ee939986b0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11761.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11761.json new file mode 100644 index 00000000000..73d435cddd1 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11761.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11761", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:05.090", + "lastModified": "2024-11-28T09:15:05.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3198065/legalweb-cloud/trunk/includes/shortcodes/class-legalweb-cloud-cookie-popup-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/034d3d52-cb77-40dd-85a1-81ca3bfd1f23?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11786.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11786.json new file mode 100644 index 00000000000..afc2c483bd0 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11786.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11786", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:05.243", + "lastModified": "2024-11-28T09:15:05.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/login-with-vipps/tags/1.3.3/VippsLogin.class.php#L724", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3197620/login-with-vipps/trunk/VippsLogin.class.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d015e6ce-641c-4d68-b42b-03c039e973bd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11788.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11788.json new file mode 100644 index 00000000000..75c7dfe1cc0 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11788.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11788", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:05.393", + "lastModified": "2024-11-28T09:15:05.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197683%40streamweasels-youtube-integration&new=3197683%40streamweasels-youtube-integration&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/streamweasels-youtube-integration/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03c76e61-f263-459f-8618-7565225467e8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22037.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22037.json new file mode 100644 index 00000000000..323e2f2cb7b --- /dev/null +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22037.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-22037", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-28T10:15:06.973", + "lastModified": "2024-11-28T10:15:06.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22037", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22038.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22038.json new file mode 100644 index 00000000000..94a938d59f3 --- /dev/null +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22038.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-22038", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-28T10:15:07.567", + "lastModified": "2024-11-28T10:15:07.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49502.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49502.json new file mode 100644 index 00000000000..e3d49d0778e --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49502.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49502", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-28T10:15:07.880", + "lastModified": "2024-11-28T10:15:07.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49502", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49503.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49503.json new file mode 100644 index 00000000000..39a102e7c7e --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49503.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49503", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-28T10:15:08.220", + "lastModified": "2024-11-28T10:15:08.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49503", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52283.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52283.json new file mode 100644 index 00000000000..2f606a17053 --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52283.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52283", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-28T10:15:08.543", + "lastModified": "2024-11-28T10:15:08.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52283", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8066.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8066.json new file mode 100644 index 00000000000..3e4c54c31b1 --- /dev/null +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8066.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8066", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:05.547", + "lastModified": "2024-11-28T09:15:05.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/FileManager.php#L269", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3186518/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27288836-e5d3-49fc-b1f6-319ea3b70839?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8672.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8672.json new file mode 100644 index 00000000000..407bc8513e9 --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8672.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-8672", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T10:15:08.870", + "lastModified": "2024-11-28T10:15:08.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Widget Options \u2013 The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/pagebuilders/beaver/beaver.php#L825", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/pagebuilders/elementor/render.php#L379", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/widgets/gutenberg/gutenberg-toolbar.php#L718", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3192921%40widget-options&new=3192921%40widget-options&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d03af4d-a1f9-4c15-a62e-f4cdbcfc9af7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9669.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9669.json new file mode 100644 index 00000000000..ede3d80385e --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9669.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-9669", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-28T09:15:05.710", + "lastModified": "2024-11-28T09:15:05.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/FileManager.php#L250", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/filester/trunk/views/pages/html-filemanager.php#L3", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3186518/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3196150/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d947023-60d3-4bd8-b45d-e1663326d6c1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 98f0eb9bf2a..bc11b13b6f3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-28T09:01:05.885685+00:00 +2024-11-28T11:02:56.670902+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-28T08:15:05.290000+00:00 +2024-11-28T10:15:08.870000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -271570 +271594 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `24` -- [CVE-2024-11925](CVE-2024/CVE-2024-119xx/CVE-2024-11925.json) (`2024-11-28T07:15:05.267`) -- [CVE-2024-36466](CVE-2024/CVE-2024-364xx/CVE-2024-36466.json) (`2024-11-28T08:15:05.290`) +- [CVE-2024-10670](CVE-2024/CVE-2024-106xx/CVE-2024-10670.json) (`2024-11-28T10:15:04.987`) +- [CVE-2024-10780](CVE-2024/CVE-2024-107xx/CVE-2024-10780.json) (`2024-11-28T10:15:05.280`) +- [CVE-2024-10798](CVE-2024/CVE-2024-107xx/CVE-2024-10798.json) (`2024-11-28T10:15:05.673`) +- [CVE-2024-11082](CVE-2024/CVE-2024-110xx/CVE-2024-11082.json) (`2024-11-28T10:15:05.973`) +- [CVE-2024-11103](CVE-2024/CVE-2024-111xx/CVE-2024-11103.json) (`2024-11-28T10:15:06.197`) +- [CVE-2024-11203](CVE-2024/CVE-2024-112xx/CVE-2024-11203.json) (`2024-11-28T09:15:04.007`) +- [CVE-2024-11333](CVE-2024/CVE-2024-113xx/CVE-2024-11333.json) (`2024-11-28T09:15:04.170`) +- [CVE-2024-11366](CVE-2024/CVE-2024-113xx/CVE-2024-11366.json) (`2024-11-28T09:15:04.313`) +- [CVE-2024-11431](CVE-2024/CVE-2024-114xx/CVE-2024-11431.json) (`2024-11-28T09:15:04.470`) +- [CVE-2024-11458](CVE-2024/CVE-2024-114xx/CVE-2024-11458.json) (`2024-11-28T09:15:04.640`) +- [CVE-2024-11599](CVE-2024/CVE-2024-115xx/CVE-2024-11599.json) (`2024-11-28T10:15:06.657`) +- [CVE-2024-11684](CVE-2024/CVE-2024-116xx/CVE-2024-11684.json) (`2024-11-28T09:15:04.793`) +- [CVE-2024-11685](CVE-2024/CVE-2024-116xx/CVE-2024-11685.json) (`2024-11-28T09:15:04.950`) +- [CVE-2024-11761](CVE-2024/CVE-2024-117xx/CVE-2024-11761.json) (`2024-11-28T09:15:05.090`) +- [CVE-2024-11786](CVE-2024/CVE-2024-117xx/CVE-2024-11786.json) (`2024-11-28T09:15:05.243`) +- [CVE-2024-11788](CVE-2024/CVE-2024-117xx/CVE-2024-11788.json) (`2024-11-28T09:15:05.393`) +- [CVE-2024-22037](CVE-2024/CVE-2024-220xx/CVE-2024-22037.json) (`2024-11-28T10:15:06.973`) +- [CVE-2024-22038](CVE-2024/CVE-2024-220xx/CVE-2024-22038.json) (`2024-11-28T10:15:07.567`) +- [CVE-2024-49502](CVE-2024/CVE-2024-495xx/CVE-2024-49502.json) (`2024-11-28T10:15:07.880`) +- [CVE-2024-49503](CVE-2024/CVE-2024-495xx/CVE-2024-49503.json) (`2024-11-28T10:15:08.220`) +- [CVE-2024-52283](CVE-2024/CVE-2024-522xx/CVE-2024-52283.json) (`2024-11-28T10:15:08.543`) +- [CVE-2024-8066](CVE-2024/CVE-2024-80xx/CVE-2024-8066.json) (`2024-11-28T09:15:05.547`) +- [CVE-2024-8672](CVE-2024/CVE-2024-86xx/CVE-2024-8672.json) (`2024-11-28T10:15:08.870`) +- [CVE-2024-9669](CVE-2024/CVE-2024-96xx/CVE-2024-9669.json) (`2024-11-28T09:15:05.710`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -- [CVE-2023-0142](CVE-2023/CVE-2023-01xx/CVE-2023-0142.json) (`2024-11-28T07:15:04.477`) -- [CVE-2024-0854](CVE-2024/CVE-2024-08xx/CVE-2024-0854.json) (`2024-11-28T08:15:03.713`) -- [CVE-2024-9076](CVE-2024/CVE-2024-90xx/CVE-2024-9076.json) (`2024-11-28T07:15:05.570`) ## Download and Usage diff --git a/_state.csv b/_state.csv index a2198bf56da..50716599739 100644 --- a/_state.csv +++ b/_state.csv @@ -213102,7 +213102,7 @@ CVE-2023-0138,0,0,0f9ccca9b74539caf9bf1274a26e12b16eff6998a1ad1c1003e4e4bdb44e51 CVE-2023-0139,0,0,2a1d06ec16cbeb0f42802443463825b23acd36452e12ef549d5a1ce04deec709,2023-11-25T11:15:13.543000 CVE-2023-0140,0,0,2ab5ec9e9acd6659ed75cd30d7b68abf8235bc4af57f2a36dc58df75bf340d2a,2023-11-25T11:15:13.633000 CVE-2023-0141,0,0,2cb1e4440abf0032ef49cf1ab95073658cbf263e8f5270d6f9a5d41ec61c8650,2023-11-25T11:15:13.760000 -CVE-2023-0142,0,1,5e9aeabc5a9967a4f5714513157b5cf282111286b4af2af621fec5e554b0434a,2024-11-28T07:15:04.477000 +CVE-2023-0142,0,0,5e9aeabc5a9967a4f5714513157b5cf282111286b4af2af621fec5e554b0434a,2024-11-28T07:15:04.477000 CVE-2023-0143,0,0,c52bc7813dfc6659f9c59afb905330880b0986c1d9bf153f3ef70aa31d452894,2023-11-07T03:59:43.137000 CVE-2023-0144,0,0,5f9e4ac72968ef219e9d39533d3ff53192a456ee89fe5e9aace6023ca65ee9e2,2023-11-07T03:59:43.350000 CVE-2023-0145,0,0,eed30560a0871467c4d1ebfbc7a0d489db6a1815578450029ed9cf29da6cdcf3,2023-11-07T03:59:43.550000 @@ -242528,7 +242528,7 @@ CVE-2024-0848,0,0,e0e26015fce7454a8ecd0b62d6bfcebc24339b5d12fceee5ba30ea769681be CVE-2024-0849,0,0,3d9186cbdefe9b879cc8d1763ec900b7d18820b531adac823e565a400881f9bb,2024-09-05T23:15:11.673000 CVE-2024-0851,0,0,f71017226a428253d7e6f7557fb0ae0457b9beec038f9e66758c71c8032e7938,2024-05-28T12:39:28.377000 CVE-2024-0853,0,0,3c910daae8e71e1ce70b1329a110fcfb56e12ff4cd703e160872830a02778b72,2024-05-03T13:15:21.320000 -CVE-2024-0854,0,1,6f3673c1790a3b2810043a27ad744b7e692d554b3d876ca60b4a195695e82514,2024-11-28T08:15:03.713000 +CVE-2024-0854,0,0,6f3673c1790a3b2810043a27ad744b7e692d554b3d876ca60b4a195695e82514,2024-11-28T08:15:03.713000 CVE-2024-0855,0,0,61bb12eb398f3f222f6fe0c4603d214af7ba9f6d4fd218198b137421ef268723,2024-08-08T21:35:01.813000 CVE-2024-0856,0,0,cdf686922dc6dc53a8573a4e6d7fe25c3162a97d00eaaeaf4df6f669bee7cf43,2024-08-05T19:35:01.477000 CVE-2024-0857,0,0,135b818be9db5d9ae259c8ee8260201b0eed5c0f5f2f59c834f8ec0a79ea8407,2024-08-22T17:23:44.947000 @@ -243151,6 +243151,7 @@ CVE-2024-10667,0,0,8c3b4c9a2974763bbe2a826956e8c92748c65fd783dec0a85476416fcfdde CVE-2024-10668,0,0,ad6a1e988aa7f35451b56c605706e2e8d28df7ceaf4537d00be5d4d05186782b,2024-11-08T19:01:03.880000 CVE-2024-10669,0,0,23093ef05e499c533c3a2d4bc80a20165a28e5f349ac3746239f8d0e4e64a94d,2024-11-12T13:56:24.513000 CVE-2024-1067,0,0,54f094f38a51fcd0954e79c36caca8c799a450eda4559137980b77dd6d9caf6c,2024-05-03T14:17:53.690000 +CVE-2024-10670,1,1,153d48aa586e78470743addf27956c2c72770d958170e1da150bd27e25f3a43a,2024-11-28T10:15:04.987000 CVE-2024-10672,0,0,1c6c91368b0def5a51813fa0531d7bb91e94a3b53eca32eed9c5f65d5616e882,2024-11-14T18:49:26.733000 CVE-2024-10673,0,0,721fbd2c7f4fd52d46e9315cad58bcfcec74c6705f993232b5ed88d0e5ca2848,2024-11-12T13:56:24.513000 CVE-2024-10674,0,0,d16f584849190e67ddd9b044fe809cc53716f0604b4d903c0b675313c791d9a1,2024-11-12T13:56:24.513000 @@ -243228,6 +243229,7 @@ CVE-2024-10770,0,0,0f5897dd9aba481faece95da66f5bd3d6a2ccff92cbfd04ce22fd4f1ffbf1 CVE-2024-10778,0,0,079913d9652b6f58f66290bfdff6b3da5883740d014ac44b1539fe6c742670ea,2024-11-13T17:01:16.850000 CVE-2024-10779,0,0,03484221afac3766470b5ced8d3332eee24d28c027104d12405179c89d30afec,2024-11-12T13:56:24.513000 CVE-2024-1078,0,0,88568fa2f20f5ea8de25fda48576808429bbc616448df571a879f056db565620,2024-02-14T18:39:51.437000 +CVE-2024-10780,1,1,c1ecca85ce8b3056ebbd399065040071bccfd855c4b5b2dad405de442e772561,2024-11-28T10:15:05.280000 CVE-2024-10781,0,0,525208815751629467d033df5e23d63739a60403cc03b8051f4119b633da5911,2024-11-26T06:15:08.057000 CVE-2024-10786,0,0,a76f656d6635ceb4e91d9df4d3549e3d377ef91a9f4fadf29676d949614dad8b,2024-11-18T17:11:17.393000 CVE-2024-1079,0,0,0a964f4e43e1a2d85a40a4753c5354fe293facf65d0ebcc06031e68ccad95a0f,2024-02-14T19:33:09.977000 @@ -243236,6 +243238,7 @@ CVE-2024-10791,0,0,a1ab37f8c195110cb663fc7e474028527dca661a169201c0160b30306fac4 CVE-2024-10793,0,0,8a3ff16e546d260bc7e93afaa3c02a922265e0ccd50de8007e21a1b57bfbb914,2024-11-19T21:13:22.783000 CVE-2024-10794,0,0,990e73a12d2666bd3fad2efb1281964d2189bbaa2e95112b72149dc1a8399a47,2024-11-13T17:01:16.850000 CVE-2024-10795,0,0,f56188914f3ab678226eff75300691366c848cbd45b4ee5ef0058792d43ba284,2024-11-18T17:11:17.393000 +CVE-2024-10798,1,1,fa4eac69d8b8a9e21d8616f05ef2ef5ec50c9fb54237ba0d28ce930ef2a56990,2024-11-28T10:15:05.673000 CVE-2024-1080,0,0,9acdbacec5fb31283e62a6d3f1b1bde4de3af0ce021840a5a12a8cd06719b667,2024-03-13T18:16:18.563000 CVE-2024-10800,0,0,0dd1814e4342cfb0179e28dd38b05f48cad0cbf4e7eb00568e002ae865f41ae9,2024-11-19T17:08:44.767000 CVE-2024-10801,0,0,3a88e665dce12d6cd350c00c6be6179e940c16e7a45bcfb9cfdce8ce89fd3527,2024-11-12T13:56:24.513000 @@ -243425,6 +243428,7 @@ CVE-2024-11078,0,0,abad9b33001ef60199c52815d5891e21a7644c7086b795500231800d403c0 CVE-2024-11079,0,0,d1a710289b6254268300773c7c9b113893f43edc23893d87d06dbeefe81deb1d,2024-11-12T13:55:21.227000 CVE-2024-1108,0,0,72e8aa7ee320c630f0cd3020b574b902dcf572a1d2888f0afb29692e74e18247,2024-02-22T19:07:37.840000 CVE-2024-11081,0,0,868ddada0bf262c198b91d0f6dc5cc082627c1fafb1bc6c0669f2cc02fb00c28,2024-11-20T18:15:22.340000 +CVE-2024-11082,1,1,f9fa5a63fbb16e18e205a5f1c4fad7a7bb7dee27246b1154c77f92ef456bebf4,2024-11-28T10:15:05.973000 CVE-2024-11083,0,0,bc280aad8fef018f536f8d1331cbb1e835fce43231b9160a360ce13a697106cf,2024-11-27T06:15:17.707000 CVE-2024-11085,0,0,36aaba845c0a90c554661f4023115a3f46c67d2a691dfc21b49793447a4b6d8f,2024-11-18T17:11:17.393000 CVE-2024-11086,0,0,f4d7f35e95dad05e023fed49ac9e59da09a947f51bc79e0e10dc6b97e93d7482,2024-11-20T13:15:04.020000 @@ -243440,6 +243444,7 @@ CVE-2024-1110,0,0,2a7a998b7b1ccd0c64d40f28b7bfefdfe0681031ac010f23e86b81b22a7f4d CVE-2024-11100,0,0,f07ccb7cc897bda2a057cc3519e9430aab72a4403683b1022f65cd547ed95dbc,2024-11-18T18:52:35.447000 CVE-2024-11101,0,0,fecf553128f4638268fa024e6276f5cc2ebbf852720cc0f4771411ed72cdced8,2024-11-18T18:57:28.193000 CVE-2024-11102,0,0,88e2fa76c554435f43b00e3147490e82f9443563770031e4e0e02fffdf1e8f33,2024-11-18T20:00:09.120000 +CVE-2024-11103,1,1,a51cdb068b11fe628a19cd4900b36ba534b649082422fe0178821b2f3c2a2ce1,2024-11-28T10:15:06.197000 CVE-2024-1111,0,0,f15445887f26214e7eb2759298bdfed96c32a982bdf7c3d908e39f1fc291a984,2024-05-17T02:35:14.527000 CVE-2024-11110,0,0,000ef0a836163547344d61057e2afa4f64e5f9dd83ad5df47d28cb2d74707a89,2024-11-13T17:01:16.850000 CVE-2024-11111,0,0,fd78be4f05b5afcb904da45e3cd3ab3544fda1a04fdb50e4f8908744456d80b4,2024-11-13T17:01:16.850000 @@ -243492,6 +243497,7 @@ CVE-2024-11198,0,0,51d6daea956d8949d0eebe7d036d8836a4c8d5c266ea899d7a1d4229a0290 CVE-2024-11199,0,0,1b252293dc51d6f43d3121b045d01eb3c6301ad12927e01a257a520b4287caef,2024-11-23T10:15:03.897000 CVE-2024-1120,0,0,4ae965ad3da5f8a3235e6e58dd82dd504b21e474d229ae465351f9f2ed6318d2,2024-03-01T14:04:04.827000 CVE-2024-11202,0,0,51d8d259b86d0f0a0aaf1b7832edde09bf21ffb4ef806afcd5ff2c031b036ac7,2024-11-26T08:15:03.710000 +CVE-2024-11203,1,1,51c484c857cf59c3f813a2e3506116f16f445f710b53772d92de1b4f877cc338,2024-11-28T09:15:04.007000 CVE-2024-11206,0,0,4dabdbee4189d67c14faab7077a38bbebaaf9a0412b9485b8ea9f96e93b55b84,2024-11-15T13:58:08.913000 CVE-2024-11207,0,0,98c51622a761e0f4191d7b9bd2fdd9da6fc0915a6a97cca51529b9e5f809abed,2024-11-15T13:58:08.913000 CVE-2024-11208,0,0,eece2216dd32411003d7f73e496d57c02295784efeef0aa80d5e4c5d3e98a4f6,2024-11-19T19:38:51.637000 @@ -243567,6 +243573,7 @@ CVE-2024-11320,0,0,043dd45fc8afc6a3f6d5124b009a260902c28d8e6731495b55f0e622c6d08 CVE-2024-1133,0,0,b8b851364368259dd533f1c71b437f741276dcf99770b03558b5d9cd5d3f095a,2024-02-29T13:49:29.390000 CVE-2024-11330,0,0,1c458fab138aae3f3b89b170e15e7403fdc2fbe304c8cf0cbc41ae122ec08539,2024-11-23T07:15:03.737000 CVE-2024-11332,0,0,21d8101c0dd73a7dc8b4a9b045dbbf7a2c40f682ad21bdcbf98ef68d6b970235,2024-11-23T05:15:06.520000 +CVE-2024-11333,1,1,7bd6c29c4bbfb5c77858b460729ae0ecbf03de7fe91a74338bffbe34088cea25,2024-11-28T09:15:04.170000 CVE-2024-11334,0,0,f7fc893b8a37cca506fd20fe68edd8509ed855f99666ff9db346702f3632cf66,2024-11-26T17:33:49.477000 CVE-2024-1134,0,0,92ca7b611a6a52333e888fa3a581b5dbc5c29b22a5e7e62eb553cb40e2cb6d77,2024-05-24T13:03:05.093000 CVE-2024-11342,0,0,bac43c65bfe7c40167758b1f761e157674244a484facce7f4cc928fc94d88934,2024-11-26T04:15:04.030000 @@ -243577,6 +243584,7 @@ CVE-2024-11360,0,0,659b24fc81e4938ca0374fdfc531183f0da8359af24c60f66cd39ca705cc7 CVE-2024-11361,0,0,51b4837c758190b2e89b9741bdbd5713d8df3163c1cfcf1bc7c03ae151745655,2024-11-23T05:15:06.673000 CVE-2024-11362,0,0,599844bd1e179abb8b921862d85c28565007a2c44d214b4e47236193a9a93da1,2024-11-23T04:15:08.617000 CVE-2024-11365,0,0,0e66126dac632663f20d3d9475ab7eeeaaf1783cab23902c99ae23613a9ecef6,2024-11-26T17:43:23.240000 +CVE-2024-11366,1,1,0f9b628cb0a6551e49c2b0bbc5d2c17299a846d436784571555ac2d2a27d1c85,2024-11-28T09:15:04.313000 CVE-2024-1137,0,0,7770507df04fd140e1caae778f76cfb6c15abcb49e56639ed0158e45600edd60,2024-10-31T15:35:20.503000 CVE-2024-11370,0,0,dd87b64b129f6809c8edd7b234994b231659964606722e4f84f6ae489936a5a5,2024-11-26T17:53:22.707000 CVE-2024-11371,0,0,85695f69ddb998fd54276702b9a185a3c971e606e7563fb96aaec381d1eef5d0,2024-11-26T18:01:57.250000 @@ -243602,9 +243610,11 @@ CVE-2024-11418,0,0,1127e4fb83ac3b30a1c36f88e01c5bf8c71390c841aa598dea17c87ce6d3a CVE-2024-1142,0,0,444665e5d63ad8c810b6738875a9c2a9c27bc01781467ef31bed70fec17787e6,2024-03-21T12:58:51.093000 CVE-2024-11426,0,0,2b83b72f632671d15edef71a2fe1b0898a6bd6d43d5d87a70cb93682f02396e8,2024-11-23T05:15:07.153000 CVE-2024-1143,0,0,b8d0c26da5a42e6a02317cbe9672f530b65f02168ce7a3fde71211ebe1a9550d,2024-02-09T19:08:27.423000 +CVE-2024-11431,1,1,b8bb7503cec0f1c97409d5d96fa693f0c0a3c2fbf2f6e1d737e15cdb7da79d5d,2024-11-28T09:15:04.470000 CVE-2024-1144,0,0,546e0bd85767acb1f88a8198b87bd681b7ca87705a2ab38d3ca6ac16bba85f8b,2024-03-19T13:26:46 CVE-2024-11446,0,0,58ee3306e8d72a71b4c73e9400de7c4b9a7a44ede260329876f7cb058e66c8ed,2024-11-23T07:15:04.820000 CVE-2024-1145,0,0,fa713ba5e7e18de90151eee1a4726d9f9f0863a5fccb48575e3f29ec11b8835c,2024-03-19T13:26:46 +CVE-2024-11458,1,1,6849bad28a4b41fcdd85ffcf4846b0c6058567a8a7be243965c5d4ff08dab5b5,2024-11-28T09:15:04.640000 CVE-2024-1146,0,0,c681ac136637104b7d43e23a49d30f381f11dad3f3f7ec48919504256a9e5b2a,2024-03-19T13:26:46 CVE-2024-11463,0,0,ec04c7e81fa0a01468a3fa77b8e3ee0a2d478d739fbf8b7cd12d4c8bed3fd0d3,2024-11-23T04:15:08.893000 CVE-2024-1147,0,0,5da69e40e8a720c3c3c366cde1a8363ffbcff6346e82168cfd4c7602d33328bd,2024-03-21T12:58:51.093000 @@ -243714,6 +243724,7 @@ CVE-2024-11588,0,0,08d454ed1206ff32bb2bf5c765516083d1abb53c857b8252091f3b93bd106 CVE-2024-11589,0,0,3170acb65b71c8fd2a04ce505dabd6df44667cf95fc2d1e7b9e2886d75ccb49c,2024-11-22T22:02:50.957000 CVE-2024-1159,0,0,6093cf6c5c8fc4abf001ccc0f4d05ab0de1f6859d26926dcd40937cbf24b911d,2024-10-09T13:22:23.253000 CVE-2024-11590,0,0,774b1627b6824a4e80a1bfff5268cbcebe4e3eb976240c43dc803f9849094a79,2024-11-22T22:00:59.297000 +CVE-2024-11599,1,1,c9d7450c52a93a88ead68e9d5a1c5f8de3f9607aa8e9d07aad6ae8009c2d113d,2024-11-28T10:15:06.657000 CVE-2024-1160,0,0,085b82908f6b87beff38b7f8c7254bbc834479faa1a73be56bbaab017ffb8dfc,2024-10-09T13:30:12.563000 CVE-2024-1161,0,0,17300377fb9940d2e98cf1b56279a3b48a0607eeac56262a31a73cab7a59f6ad,2024-06-06T13:57:52.483000 CVE-2024-11612,0,0,43a8546b6f6704b744b4ad0e6cd3f837ef8030a4f6b6c5a5933b6bba0c215919,2024-11-22T21:15:17.387000 @@ -243764,6 +243775,8 @@ CVE-2024-11677,0,0,bec0246a25d1d0f879cebd6a36394d0ed570224b28f9e2943efe30510e8f5 CVE-2024-11678,0,0,e780942a86d65f83e2cb7cc5d04e0a3676e4919574029bbf616d3d9c8bbb8b98,2024-11-26T02:15:18.090000 CVE-2024-1168,0,0,b74b0b0c267c02c66f0f474186eac7335d29517290a9638a292d9de8edcd7c5d,2024-07-11T02:52:36.687000 CVE-2024-11680,0,0,e59e07fcd0f2caeb9f7525587364f8cd5a94ad91992448a2d5730a3a3fe6f61e,2024-11-26T10:15:04.540000 +CVE-2024-11684,1,1,9f2fe09eb8e335ba8391a949cbf48c636db8bb7de80a47009590f5cdfa3e8218,2024-11-28T09:15:04.793000 +CVE-2024-11685,1,1,2626aaa1c85fe00c7037f15a9af93889a5b226726b04ceaddbef8ece377d16ab,2024-11-28T09:15:04.950000 CVE-2024-1169,0,0,a43d6b50f47e310e039f1575550f9d1fe159a31a77f5a57027ebd3dc489ff540,2024-03-07T13:52:27.110000 CVE-2024-11691,0,0,7a53223ef1bbb0483180a0674c22f2ddfbf700b35cfbc415f7446deb28e06f8a,2024-11-27T16:15:12.330000 CVE-2024-11692,0,0,2e2a368d2bad10eec3d1f66bd6815192775038dd3ccc98b4295042a1e55ff9d0,2024-11-27T16:15:12.530000 @@ -243793,9 +243806,12 @@ CVE-2024-11744,0,0,00cf39a5ff638eb8540e5762c3b7d5f96d7e68d9cff105ba77a0024d8435d CVE-2024-11745,0,0,7dcacd2cf20ed5acc6af6d89bc5904d91f3ced648b148a25b404dd36098893ff,2024-11-26T21:15:06.733000 CVE-2024-1175,0,0,190484da8a43d8915393af59d3a99a603fc65c2c05796109a63c7e3028461e1e,2024-07-24T20:32:01.573000 CVE-2024-1176,0,0,3a9729597b8ae5d1f7a6b2981371f9af662d86aa4ba3ac1ac5a3a2992dbcfc6a,2024-03-13T18:16:18.563000 +CVE-2024-11761,1,1,eb52b6beba84d5e3aa94afd1e69b06248988bf9736924036fa502f3813b0779d,2024-11-28T09:15:05.090000 CVE-2024-1177,0,0,d9cdcff987bd78d6f32a7f8b0a8d2970109268852041331a890d212ad12ebb88,2024-02-13T14:06:04.817000 CVE-2024-1178,0,0,1ff4a71536018366c289bfb8a1aa1adef7208a3ae26719efcdb84bec870fcd3d,2024-03-05T13:41:01.900000 +CVE-2024-11786,1,1,6cf20be08bd72bdf18f1b37af5fd1777457199a33f3d53de54fd985237bb5f39,2024-11-28T09:15:05.243000 CVE-2024-11787,0,0,8884b7c43bffdc761343b898533952062d862c4863a9b6bcdc4c5c48c1360306,2024-11-28T00:15:04 +CVE-2024-11788,1,1,01a0a36704164a1ea673e9c9b149d51cdeaf30b14f663c5b5a2abc31455fcbdb,2024-11-28T09:15:05.393000 CVE-2024-11789,0,0,d06b95e66e5a22c78892acbd98b353175ae61fe9608345830498ff2e4f5fdb23,2024-11-28T00:15:04.153000 CVE-2024-1179,0,0,18b2d0d135c66f5f21d2d252edc06809b11030eef4b80a686f580bba7c87222c,2024-04-02T12:50:42.233000 CVE-2024-11790,0,0,7eb0efb57861215d25474c9177a9b5846faf133f14c18a77853199cc14929512,2024-11-28T00:15:04.297000 @@ -243833,7 +243849,7 @@ CVE-2024-1190,0,0,97174d698ee0a283db94af4be93c59e8a1814d898054ed7eb2fd6bfac02921 CVE-2024-1191,0,0,6e38ed7db5944087a721298d0ec64e89db09082a4119551dba4b0f62276916e5,2024-05-17T02:35:17.640000 CVE-2024-11918,0,0,3593929fa79fd2ff3075ff0960153853c146cae2b4c652e91826347f06e81c6b,2024-11-28T06:15:08.347000 CVE-2024-1192,0,0,2496c5c2bd24b6b1e653d79a0dbb975771788d1c54262403d529d1a596a31073,2024-05-17T02:35:17.743000 -CVE-2024-11925,1,1,8ba6e48179945e2c0807e717394a91dffc0cd6e22b1cec23e4da5d64788cadee,2024-11-28T07:15:05.267000 +CVE-2024-11925,0,0,8ba6e48179945e2c0807e717394a91dffc0cd6e22b1cec23e4da5d64788cadee,2024-11-28T07:15:05.267000 CVE-2024-1193,0,0,ffb9a4095d8f9913e32a4a9fb84e7d515c719215bffa9c1271257c84c947030d,2024-05-17T02:35:17.833000 CVE-2024-11933,0,0,3433d4a1e3008dbc27cbfa1dc50a084b7635bb7e5060f72b313d4ef9f8b985f0,2024-11-28T00:15:06.283000 CVE-2024-1194,0,0,2ada7ec0067a4a6c15e16c8b6d60d2605ff0ff50c80d53e3de0a5fe7493767f7,2024-05-17T02:35:17.933000 @@ -246328,6 +246344,8 @@ CVE-2024-22030,0,0,7649f8df839cdf611109a205f6f81a40cc0f118aa33ecdb05d4f85150a39b CVE-2024-22032,0,0,c2c6c9c7bc0fdf424ca78b54ebc4b1d682818afecac9558e9d76eeb541db4116,2024-10-16T16:38:14.557000 CVE-2024-22033,0,0,ccffa39a68e112f5d6eb2aa83c5f1e50b909492c7c03a2f678b9b33e92bbe7fe,2024-10-16T16:38:14.557000 CVE-2024-22034,0,0,1c2a42316189c87a4e7bc64615504136bd763c7b560b1d86d2fae22840d49e83,2024-10-16T16:38:14.557000 +CVE-2024-22037,1,1,6224a8b0a871e112fffe61339f5e8723519514dd7858d78d08da9ec568f1bcf3,2024-11-28T10:15:06.973000 +CVE-2024-22038,1,1,283f981681453a9b49ac181e0e0b972198d62d9a8464f32697a1268e474f169a,2024-11-28T10:15:07.567000 CVE-2024-22039,0,0,93b46f47ed43224423d7dcdd7cb5da88aa6d4c08cceaffd1397a4ad32f5be3ce,2024-05-14T16:16:04.450000 CVE-2024-2204,0,0,a1b09b74c91818340209a8ddf823ec1cf800d4476587d084b8cf03d19b7025dd,2024-03-15T12:53:06.423000 CVE-2024-22040,0,0,be358f199493e83f56d872322bfd43fdac4427b513b4fe755395a46f51c51b1d,2024-05-14T16:16:05.417000 @@ -256991,7 +257009,7 @@ CVE-2024-36461,0,0,1492820ff91f8a0ca552f77a0cc3204473eca2ddebdc07ea864ab1d5ead24 CVE-2024-36462,0,0,001a30dd1b16f7c59c0f76df5bb3efac865a294dd0797ea3f46bab58db0a946d,2024-08-12T13:41:36.517000 CVE-2024-36463,0,0,8978fef68553bf1e6ce880013b6b190eb1f68cf43eb103bdcce883e0058ad239,2024-11-26T15:15:31.827000 CVE-2024-36464,0,0,4468fd79d16e7d8211b260a93edc04e24fb911f84e0315710485e7f7b0f5d524,2024-11-27T14:15:17.830000 -CVE-2024-36466,1,1,fc5139194da97f267926071a8a90ee4d578b7c25922470e54c6cc24a1a7ce87a,2024-11-28T08:15:05.290000 +CVE-2024-36466,0,0,fc5139194da97f267926071a8a90ee4d578b7c25922470e54c6cc24a1a7ce87a,2024-11-28T08:15:05.290000 CVE-2024-36467,0,0,03651fe407f287b4f31d04330d78d3d0df58b2090b61d141abad7651b60f6bef,2024-11-27T07:15:09.080000 CVE-2024-36468,0,0,a1a69f17f127b9997e48c8eae8d787ef452ca48bf96357a7155896c9b8880e6a,2024-11-27T12:15:20.383000 CVE-2024-3647,0,0,e692fc1fd5d3cf9f103fd75a1aca6bf5cd926bde53ed2fb4c9f367b74741ee51,2024-05-02T18:00:37.360000 @@ -265502,6 +265520,8 @@ CVE-2024-4948,0,0,b89edbe3d3547ee2159af9ec22fd67b98f6c6885f88dc0c929a5ea68a98b8f CVE-2024-4949,0,0,5c7ef1902f4beea866d1c7d9373440674707dc0a06c9e278c0f4652ccc170adc,2024-07-03T02:08:21.370000 CVE-2024-4950,0,0,e5fcb740f07c681c8eb3b4901aae32c365007c0ebdd7c7b0ee473dbffae68af1,2024-07-03T02:08:22.150000 CVE-2024-49501,0,0,b68f4d3131dd45c8240c685b13eebbf7042a3a95ee975ccc7d0b4e65e2269371,2024-11-01T12:57:03.417000 +CVE-2024-49502,1,1,de794b9f00f357be2f823110b5a1bb0624c6b2c0a198b805261f8a47c0b81534,2024-11-28T10:15:07.880000 +CVE-2024-49503,1,1,7be4d99bcef0481d0a72307dd2225456866946145a250177eb6a9ff486b2840e,2024-11-28T10:15:08.220000 CVE-2024-49504,0,0,2e8c07a3d5b6cc4cf4aeb93fec92da324d48f2c4466f3bd2d80a3124f5cc6bdc,2024-11-13T19:35:15.447000 CVE-2024-49505,0,0,9043ef27c37e59f459aeeab47ae7eba861f2336e99a41d3f55a370c360aa9647,2024-11-14T15:13:09.100000 CVE-2024-49506,0,0,39d0483959d375d37b062bb43df42a9c9bc5d129a8ec557cc5515feb795bef9a,2024-11-13T17:01:16.850000 @@ -267242,6 +267262,7 @@ CVE-2024-5226,0,0,343bea1ef6104d1a60d532c3087e707033a7d2cea2eb006f3e8cf7d609df11 CVE-2024-52268,0,0,ea9ce8fc39b5cc2a56555dd9c667efdad9c8d1fb9ef5135ccde9e9b88f547032,2024-11-19T15:57:03.780000 CVE-2024-5227,0,0,782d407fd59442ae1cd49577c63d7b8236dddc237a48b5fa6a3df2e3ceec540d,2024-05-24T01:15:30.977000 CVE-2024-5228,0,0,d7fb18ef663e7fbb963ee04e575f2bc258b900955c0912600676521519fad837,2024-05-24T01:15:30.977000 +CVE-2024-52283,1,1,f59df4d918f6034e17961b306063745063af3cc2eb28f2a813fc1b7331b63f1f,2024-11-28T10:15:08.543000 CVE-2024-52286,0,0,a006a0be971b0e96964504e5809b0d7c6410ed1592b8c4976d82ae2953104dc3,2024-11-12T13:55:21.227000 CVE-2024-52288,0,0,8f949332b60260488906ff1b8c70f9a1209d9b10278c3c334faa6ae7259272ba,2024-11-12T13:55:21.227000 CVE-2024-5229,0,0,787c92e076dbd9dca682f832ee22f0e31b439c91ed2d6b58a8c544f86d4189c3,2024-07-03T02:08:42.827000 @@ -270082,6 +270103,7 @@ CVE-2024-8054,0,0,f7372d07d80e2782b99a1ec78381d10ed3eddb2361d69efd0f5544951feb68 CVE-2024-8056,0,0,7d94e922f5f6064358baece439e000bb5b536e03070693d567d210e7b17a441d,2024-09-27T21:29:42.600000 CVE-2024-8059,0,0,bdae740e9708e98c12d1deb7f7b4958a4e9e21cc3d70a47ecc6f19d9246061d0,2024-09-14T11:47:14.677000 CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000 +CVE-2024-8066,1,1,8fe824d85857418dce9ca597110a31f2340a27a4622dc971799ea3f1f8210aa9,2024-11-28T09:15:05.547000 CVE-2024-8067,0,0,21c0729ad9dc772677b9fbf75bb24db3bcf4512001a88b1eef9d39bf31f69153,2024-09-26T13:32:02.803000 CVE-2024-8068,0,0,ff67245b19b7d21d2afc67837ac2c93ac177fb5d356e87334bd3a1d9d5ea42fa,2024-11-22T16:15:34.680000 CVE-2024-8069,0,0,9cc484ce45e2ef692951fa94c7892a728fd1a2b63d61cf30849697510352a1fb,2024-11-13T17:01:16.850000 @@ -270564,6 +270586,7 @@ CVE-2024-8667,0,0,7a3b19d0bf0d1fd1a7cae46e1fcf7d6eaf00a43e65e5504b8195d4a48801a6 CVE-2024-8668,0,0,90710183c7816e44ddec8f6349762659d94ce20b0ef640d6ca49967da8f41533,2024-10-07T17:28:08.987000 CVE-2024-8669,0,0,a540528fa4f0bbb5defe17259c589787942e6df5d18ff3bf79d91bf53c9aac43,2024-09-27T16:08:15.487000 CVE-2024-8671,0,0,44eb9fc4ae83bda74c805da6c8f69132f0b0ddef607b7afc290779058022b5c0,2024-09-26T16:38:24.447000 +CVE-2024-8672,1,1,82b2fec8b0a35c8968184a192d14e5155284847dccd2adee1f5cc61427799817,2024-11-28T10:15:08.870000 CVE-2024-8675,0,0,0a13cc68010596bf1c90ba4332bda0b184424e4f46fdbd60b8270080d14a1a03,2024-10-04T13:51:25.567000 CVE-2024-8676,0,0,008b8e88841e8e64c3780ae3f5bcff892325720d29977e289c60212a896ca60d,2024-11-26T20:15:34.260000 CVE-2024-8678,0,0,4b823977a9ffc10932161c4fd2e6fd149c78199fa23b7389b49b67f658769603,2024-10-02T19:06:48.983000 @@ -270876,7 +270899,7 @@ CVE-2024-9072,0,0,81168f3116bc02a61483e8d752a1f15a01be61e0e1a83d0d4aa1eb8d8c2b4e CVE-2024-9073,0,0,e1a3718934b1c8aa8070be1e5efd6407ed841e421f9f505c84906bd05d8d4d7e,2024-10-02T19:32:43.047000 CVE-2024-9074,0,0,0e1eccb04e7c5c4fdade756ad012a6e9839e6af13738a5187a6d3c7700e1146e,2024-10-15T14:37:08.363000 CVE-2024-9075,0,0,3b33ab99769a9c852230df8e8b6083f862011911d6a5bcadbdc727ad6f83ab66,2024-09-30T15:27:39.313000 -CVE-2024-9076,0,1,50f3b2e850e1c70e1e2b0833c924c280606376ae3b8d694932fa456fde790739,2024-11-28T07:15:05.570000 +CVE-2024-9076,0,0,50f3b2e850e1c70e1e2b0833c924c280606376ae3b8d694932fa456fde790739,2024-11-28T07:15:05.570000 CVE-2024-9077,0,0,b59a81d09978bed17f369329899086dd9d16ca13d3114e4823b03c2ad7c75c03,2024-09-27T16:31:52.923000 CVE-2024-9078,0,0,be3172dd4e65e7eeaa3d66d68e97344c6792d7c8b4c40a20e2e757753b59f979,2024-09-26T16:31:55.437000 CVE-2024-9079,0,0,25ca6406c86368536fe0e9b4a059eb8068711d8aca15a35c51c558d3f8b216c6,2024-09-26T16:32:12.103000 @@ -271305,6 +271328,7 @@ CVE-2024-9665,0,0,04b6141ce06ed545079528bb7a2c55c3fdf6ae8b65a883ca69ec97f15b9b8f CVE-2024-9666,0,0,e2a3540bab71afda1dcc140eb145bf53e593e90f0e4c2cb6e0cec9154f378aa1,2024-11-25T08:15:10.943000 CVE-2024-9667,0,0,db0574de12822738c38c8016441ce46841c68ee532fe6a4e072cebc9412ff13d,2024-11-08T15:27:25.697000 CVE-2024-9668,0,0,f818a6b8cdaa67cfd4295b3c202a4554201abb8c6b4c20c52c4343e3261d3200,2024-11-19T15:55:00.840000 +CVE-2024-9669,1,1,e43a2c242ce502e5f4277c8ca066e05cabf58a1b45c60ed2305e161be02c71b0,2024-11-28T09:15:05.710000 CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b76328,2024-10-15T12:57:46.880000 CVE-2024-9671,0,0,dcd055e44b7247318281ffcf463a48411c85db46fb1b3636a2e13ae3cf953bfe,2024-11-25T18:17:11.960000 CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000