From 76426896dd6c64407e65f8a66d34a03943412188 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 11 Dec 2024 13:05:07 +0000 Subject: [PATCH] Auto-Update: 2024-12-11T13:01:43.009958+00:00 --- CVE-2024/CVE-2024-105xx/CVE-2024-10511.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-110xx/CVE-2024-11008.json | 60 ++++++++++++ CVE-2024/CVE-2024-110xx/CVE-2024-11053.json | 6 +- CVE-2024/CVE-2024-114xx/CVE-2024-11401.json | 78 +++++++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11737.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-118xx/CVE-2024-11840.json | 60 ++++++++++++ CVE-2024/CVE-2024-120xx/CVE-2024-12004.json | 68 +++++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12283.json | 64 +++++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12294.json | 64 +++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12325.json | 76 +++++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12363.json | 56 +++++++++++ CVE-2024/CVE-2024-495xx/CVE-2024-49532.json | 10 +- CVE-2024/CVE-2024-495xx/CVE-2024-49533.json | 10 +- CVE-2024/CVE-2024-495xx/CVE-2024-49534.json | 10 +- CVE-2024/CVE-2024-542xx/CVE-2024-54269.json | 56 +++++++++++ CVE-2024/CVE-2024-86xx/CVE-2024-8602.json | 26 ++--- README.md | 31 ++++-- _state.csv | 29 ++++-- 18 files changed, 864 insertions(+), 40 deletions(-) create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10511.json create mode 100644 CVE-2024/CVE-2024-110xx/CVE-2024-11008.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11401.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11737.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11840.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12004.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12283.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12294.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12325.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12363.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54269.json diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10511.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10511.json new file mode 100644 index 00000000000..ab2f0f681c6 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10511.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-10511", + "sourceIdentifier": "cybersecurity@se.com", + "published": "2024-12-11T09:15:05.293", + "lastModified": "2024-12-11T09:15:05.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface\nwhen someone on the local network repeatedly requests the /accessdenied URL." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@se.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-01.pdf", + "source": "cybersecurity@se.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11008.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11008.json new file mode 100644 index 00000000000..9e48b39f1a3 --- /dev/null +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11008.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11008", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T11:15:04.947", + "lastModified": "2024-12-11T11:15:04.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Members \u2013 Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3199682/members", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f6ad375-da04-4b56-8077-e26c148e7527?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json index 523a8573927..b4b2f372641 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11053.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11053", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2024-12-11T08:15:05.307", - "lastModified": "2024-12-11T08:15:05.307", + "lastModified": "2024-12-11T10:15:05.397", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -24,6 +24,10 @@ { "url": "https://hackerone.com/reports/2829063", "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11401.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11401.json new file mode 100644 index 00000000000..074293311f1 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11401.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11401", + "sourceIdentifier": "cve@rapid7.com", + "published": "2024-12-11T10:15:06.013", + "lastModified": "2024-12-11T10:15:06.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/862.html", + "source": "cve@rapid7.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11737.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11737.json new file mode 100644 index 00000000000..1bcf8312878 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11737.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-11737", + "sourceIdentifier": "cybersecurity@se.com", + "published": "2024-12-11T10:15:06.677", + "lastModified": "2024-12-11T10:15:06.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of\nconfidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@se.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-03.pdf", + "source": "cybersecurity@se.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11840.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11840.json new file mode 100644 index 00000000000..1b165002836 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11840.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11840", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T11:15:06.453", + "lastModified": "2024-12-11T11:15:06.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3202982/unusedcss", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8ff4ec-9b40-4d59-b3b0-382f91042a4a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12004.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12004.json new file mode 100644 index 00000000000..50c6567d006 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12004.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12004", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T09:15:05.500", + "lastModified": "2024-12-11T09:15:05.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-order-notes/trunk/wpc-order-notes.php#L416", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205072/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/woo-order-notes/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05f40082-30ed-45f7-81d5-d5334a51fcea?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12283.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12283.json new file mode 100644 index 00000000000..245c3b01f1a --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12283.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12283", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T09:15:05.697", + "lastModified": "2024-12-11T09:15:05.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018x1\u2019 parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3204551/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-pipes/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3aa56fc7-8d48-4149-afa7-8f9885de0674?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12294.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12294.json new file mode 100644 index 00000000000..f85d94100b7 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12294.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12294", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T11:15:06.623", + "lastModified": "2024-12-11T11:15:06.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/last-viewed-posts/trunk/inc/namespace.php#L131", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205041/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db838a3f-6afa-4686-8e6a-01edab2dcc96?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12325.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12325.json new file mode 100644 index 00000000000..0452812b31f --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12325.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-12325", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-11T12:15:19.200", + "lastModified": "2024-12-11T12:15:19.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/waymark/trunk/inc/Admin/Waymark_Settings.php#L1457", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/waymark/trunk/inc/Admin/Waymark_Settings.php#L1458", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/waymark/trunk/inc/Admin/Waymark_Settings.php#L1531", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/waymark/trunk/inc/Admin/Waymark_Settings.php#L1532", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205103/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4f24b32-58a0-4b10-b8ff-65e574966b6e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12363.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12363.json new file mode 100644 index 00000000000..1db3199f974 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12363.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12363", + "sourceIdentifier": "psirt@teamviewer.com", + "published": "2024-12-11T10:15:07.260", + "lastModified": "2024-12-11T10:15:07.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files.\u00a0TeamViewer Patch & Asset Management is part of TeamViewer Remote Management." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@teamviewer.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@teamviewer.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1008/", + "source": "psirt@teamviewer.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json index 9d055d1a8be..04bfef6e331 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json @@ -2,7 +2,7 @@ "id": "CVE-2024-49532", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.417", - "lastModified": "2024-12-10T20:15:18.417", + "lastModified": "2024-12-11T12:15:20.753", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -15,7 +15,7 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", @@ -38,7 +38,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,6 +51,10 @@ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-92.html", "source": "psirt@adobe.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2064", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json index 1ee1239cb0a..9d110081152 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json @@ -2,7 +2,7 @@ "id": "CVE-2024-49533", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.563", - "lastModified": "2024-12-10T20:15:18.563", + "lastModified": "2024-12-11T12:48:18.580", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -15,7 +15,7 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", @@ -38,7 +38,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,6 +51,10 @@ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-92.html", "source": "psirt@adobe.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2070", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json index 52aba59a08e..f35761a36bc 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json @@ -2,7 +2,7 @@ "id": "CVE-2024-49534", "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.743", - "lastModified": "2024-12-10T20:15:18.743", + "lastModified": "2024-12-11T12:48:19.230", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -15,7 +15,7 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", @@ -38,7 +38,7 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,6 +51,10 @@ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-92.html", "source": "psirt@adobe.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2076", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54269.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54269.json new file mode 100644 index 00000000000..97e750d0d33 --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54269.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54269", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-11T10:15:07.790", + "lastModified": "2024-12-11T10:15:07.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/notibar/vulnerability/wordpress-notibar-plugin-2-1-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8602.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8602.json index 41c01fbb3cf..a7ca1e672b0 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8602.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8602.json @@ -2,7 +2,7 @@ "id": "CVE-2024-8602", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2024-10-14T14:15:12.400", - "lastModified": "2024-10-15T12:57:46.880", + "lastModified": "2024-12-11T09:15:05.890", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -22,16 +22,16 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:X/RE:L/U:Green", - "baseScore": 4.4, + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, "baseSeverity": "MEDIUM", - "attackVector": "LOCAL", + "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", - "privilegesRequired": "HIGH", - "userInteraction": "ACTIVE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", "vulnerableSystemConfidentiality": "LOW", - "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemIntegrity": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", @@ -51,12 +51,12 @@ "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", - "safety": "NEGLIGIBLE", - "automatable": "NO", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", - "vulnerabilityResponseEffort": "LOW", - "providerUrgency": "GREEN" + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" } } ] @@ -77,6 +77,10 @@ { "url": "https://esteuer.ewv-ete.ch/fileadmin/esta/2024-10-09-update/24_09_esta_newsletter_de.pdf", "source": "vulnerability@ncsc.ch" + }, + { + "url": "https://mkiesel.ch/posts/swiss-tax-adventures-1/", + "source": "vulnerability@ncsc.ch" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 17a3c32f7b2..5e2a2c11221 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-11T09:01:02.545548+00:00 +2024-12-11T13:01:43.009958+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-11T08:15:06.423000+00:00 +2024-12-11T12:48:19.230000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273161 +273172 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `11` -- [CVE-2024-11053](CVE-2024/CVE-2024-110xx/CVE-2024-11053.json) (`2024-12-11T08:15:05.307`) -- [CVE-2024-52537](CVE-2024/CVE-2024-525xx/CVE-2024-52537.json) (`2024-12-11T08:15:05.747`) -- [CVE-2024-53289](CVE-2024/CVE-2024-532xx/CVE-2024-53289.json) (`2024-12-11T08:15:06.010`) -- [CVE-2024-53290](CVE-2024/CVE-2024-532xx/CVE-2024-53290.json) (`2024-12-11T08:15:06.250`) -- [CVE-2024-53292](CVE-2024/CVE-2024-532xx/CVE-2024-53292.json) (`2024-12-11T08:15:06.423`) +- [CVE-2024-10511](CVE-2024/CVE-2024-105xx/CVE-2024-10511.json) (`2024-12-11T09:15:05.293`) +- [CVE-2024-11008](CVE-2024/CVE-2024-110xx/CVE-2024-11008.json) (`2024-12-11T11:15:04.947`) +- [CVE-2024-11401](CVE-2024/CVE-2024-114xx/CVE-2024-11401.json) (`2024-12-11T10:15:06.013`) +- [CVE-2024-11737](CVE-2024/CVE-2024-117xx/CVE-2024-11737.json) (`2024-12-11T10:15:06.677`) +- [CVE-2024-11840](CVE-2024/CVE-2024-118xx/CVE-2024-11840.json) (`2024-12-11T11:15:06.453`) +- [CVE-2024-12004](CVE-2024/CVE-2024-120xx/CVE-2024-12004.json) (`2024-12-11T09:15:05.500`) +- [CVE-2024-12283](CVE-2024/CVE-2024-122xx/CVE-2024-12283.json) (`2024-12-11T09:15:05.697`) +- [CVE-2024-12294](CVE-2024/CVE-2024-122xx/CVE-2024-12294.json) (`2024-12-11T11:15:06.623`) +- [CVE-2024-12325](CVE-2024/CVE-2024-123xx/CVE-2024-12325.json) (`2024-12-11T12:15:19.200`) +- [CVE-2024-12363](CVE-2024/CVE-2024-123xx/CVE-2024-12363.json) (`2024-12-11T10:15:07.260`) +- [CVE-2024-54269](CVE-2024/CVE-2024-542xx/CVE-2024-54269.json) (`2024-12-11T10:15:07.790`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +- [CVE-2024-11053](CVE-2024/CVE-2024-110xx/CVE-2024-11053.json) (`2024-12-11T10:15:05.397`) +- [CVE-2024-49532](CVE-2024/CVE-2024-495xx/CVE-2024-49532.json) (`2024-12-11T12:15:20.753`) +- [CVE-2024-49533](CVE-2024/CVE-2024-495xx/CVE-2024-49533.json) (`2024-12-11T12:48:18.580`) +- [CVE-2024-49534](CVE-2024/CVE-2024-495xx/CVE-2024-49534.json) (`2024-12-11T12:48:19.230`) +- [CVE-2024-8602](CVE-2024/CVE-2024-86xx/CVE-2024-8602.json) (`2024-12-11T09:15:05.890`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 5dde5db56ad..69b2a35d0aa 100644 --- a/_state.csv +++ b/_state.csv @@ -243284,6 +243284,7 @@ CVE-2024-10508,0,0,3c8ca455116090fc18d0350a110b8bb6a6e21d65af46a84fffdf80725f5b3 CVE-2024-10509,0,0,f0b7ecf89c97695400b3d4347ae46c239dcae25c8470ed90af5bd1df1138e483,2024-11-01T20:52:15.573000 CVE-2024-1051,0,0,47e83543cdb00e91b0b2e6dfcb71fb878c597c188c0668b9ed609335433c9d66,2024-11-21T08:49:41.187000 CVE-2024-10510,0,0,1a1b225dc371f891ed5076d52ce3977c9397cc1b9a9aecca92726347c481951f,2024-11-29T16:15:08.733000 +CVE-2024-10511,1,1,ee07b0caff70deca8b41bd3b6ccd18f16e3d99411cca536c66b66eed04915414,2024-12-11T09:15:05.293000 CVE-2024-10515,0,0,14324a428dd077d8f7bb8b90151b521be92a127d3fed7cf5017dbabd68aea528,2024-11-21T13:57:24.187000 CVE-2024-10516,0,0,41abef9bd4588b7c0f5163eb6fc95284400f27617ce541752b60c8df384ecab0,2024-12-06T14:15:19.667000 CVE-2024-10519,0,0,0f4b4a1e9d73c1dc5e7d90ae91171b7454c700ee85af6548970583aa8f68f73b,2024-11-23T10:15:03.600000 @@ -243664,6 +243665,7 @@ CVE-2024-11004,0,0,30fe68a257b05692750323b521c5f518985bf9c969788c60d49e72cf40cd2 CVE-2024-11005,0,0,975391e22047d3945c6f3bb53e7adad1d72b5dc3bc794e99654eb1b89426f12f,2024-11-22T17:15:06.803000 CVE-2024-11006,0,0,0e93ac1b0efb24ee7d808883c78ff1d229849a32cacc57a86392940297a299c2,2024-11-22T17:15:06.913000 CVE-2024-11007,0,0,62a2e0757d628f20a5e5c0dd4a347b28f717af7d2afebfa5668d63b84e88b9e1,2024-11-22T17:15:07.010000 +CVE-2024-11008,1,1,1880244f1f67b5841f1d2e94dcf73ce7501d11084552d8b71465fd847ea3803b,2024-12-11T11:15:04.947000 CVE-2024-11009,0,0,f480d27ee8261f76524c7f6e635dd05967cd1bee3828280624cb8a929fc9e083,2024-11-27T12:15:19.383000 CVE-2024-11010,0,0,df432a6ddcc96473c4608b251cddef86854ccd41b5717633ded9b47b86325565,2024-12-10T00:15:21.207000 CVE-2024-11013,0,0,1584e7889c2d3a99777654ed0e3acd92f4aff58e9059c4aeb7efc6520ecfc42a,2024-11-29T08:15:03.923000 @@ -243693,7 +243695,7 @@ CVE-2024-11048,0,0,ee0614f8b92ffed3e1b3dc74317f3bf75a0ccca022aff193893f1abe1be52 CVE-2024-11049,0,0,f15d3cde98533895db175c6daeef740cd643f4fe5ea44a8fb9695d76fbd71539,2024-11-23T01:41:19.207000 CVE-2024-11050,0,0,97b09a9297d22ccf4873559fbbb697493b98dfb210b831947a035d7cd550348b,2024-11-23T01:38:15.047000 CVE-2024-11051,0,0,0c5db2f4a5372b3789ea13ae4e153849a79584f39670640750e498cda1bc9950,2024-12-02T15:14:56.087000 -CVE-2024-11053,1,1,f97a782d1d0744db3b415b5d6686597f61f4d9077b420d6b219fff7a4ed61429,2024-12-11T08:15:05.307000 +CVE-2024-11053,0,1,bc78603271bb633e85e4d1f56d4ae4eb8b7e4725f8dc4f33de4f337018994a76,2024-12-11T10:15:05.397000 CVE-2024-11054,0,0,62fc21be220f83b3b99662a715e1e46c9921295e254139d37846c3d822e7f7f0,2024-11-14T02:43:36.197000 CVE-2024-11055,0,0,361b4525d8d554dca9b7af21fbdc2732ba2b4cb91ff03c9d581c539d68f515b7,2024-11-14T15:18:45.933000 CVE-2024-11056,0,0,9d9d3c33a7dea9c205bece3d4c8bdb949d23390d0100cf526cee841daf2a71cc,2024-11-14T15:21:09.907000 @@ -243941,6 +243943,7 @@ CVE-2024-11395,0,0,2c785115768091bea44fe3e26e4ea70367c535f8cb96f9ee4af4a34ca2f81 CVE-2024-11398,0,0,6bc73f661401a8dde5698cef66f54bb03a0cf44e7d4372165a54805de1061f29,2024-12-04T07:15:05.983000 CVE-2024-1140,0,0,e367e373e330a6c319ba1be412de101ae17a95b0fed1ad3fa83bac6f1faa29f8,2024-11-21T08:49:53.403000 CVE-2024-11400,0,0,f0d968b1fcd82e57778ae527db41a43291e92e150d389e79eb9e311a943ae3a4,2024-11-25T15:02:53.013000 +CVE-2024-11401,1,1,6d7b37cf0ef78794f5a23da0580b81099a6aeb56da350b9df4b8f1e9f4d48208,2024-12-11T10:15:06.013000 CVE-2024-11402,0,0,e7ae3fa2fa6e79198d2bcac530a6805477d44c934650be2a141e6ae6e94c93ed,2024-11-28T11:15:17.613000 CVE-2024-11403,0,0,b3df7bf41156ce41154983c83b0636a1aa7e44c18278702ab49ee5bf72bcc6ee,2024-11-25T14:15:06.310000 CVE-2024-11404,0,0,0e1883534fa0b703d3bb5764163f7c50e7ea172c78345c28aae1aacd9300a1e5,2024-11-21T13:57:24.187000 @@ -244190,6 +244193,7 @@ CVE-2024-11729,0,0,2827c895dedc0ed4dd965773a11bae36af1e873ca6340b82c6f253a207f9b CVE-2024-1173,0,0,c4d4cdf7c6a3868eb9e98cb8ff74e2d000c2d6f84447d896138ac8342670c9eb,2024-11-21T08:49:57.650000 CVE-2024-11730,0,0,1c75a29ac86330ee59ce7e562964d19e5b2f34b817b5e3f64dd6b06aec3955ea,2024-12-06T11:15:08.033000 CVE-2024-11732,0,0,6786f7c223dbf5c7abf2566386e4c9fbb35edf5a2ada6569df25893c7ff24b7c,2024-12-03T08:15:06.383000 +CVE-2024-11737,1,1,adbb619cbb79a807a6b16c33974d09efae1c89dafcbf1284cac41939ec6cf676,2024-12-11T10:15:06.677000 CVE-2024-11738,0,0,5803102c629088a1a2da01b2d25c2140a03e3f90be532f5ab04ee726320c55e3,2024-12-06T15:15:07.723000 CVE-2024-1174,0,0,6b46be4d722ab187c094170b7547b36656d9ec8ed90fcec0cd49c5c30bebda75,2024-11-21T08:49:57.790000 CVE-2024-11742,0,0,159958446bfcddf210e603d44dd5e0653c4d00985f509f964ecd8fded8c95573,2024-12-04T21:04:48.830000 @@ -244241,6 +244245,7 @@ CVE-2024-11823,0,0,39aa0fbc102b8a9648f017c9098019c8c94234f421f38dd89f51eddc70f54 CVE-2024-11828,0,0,602aa5ef7af00586aa736b8ffe32cf96277c2dc1be2f8a5d747f0e8c798e383a,2024-11-26T19:15:22.910000 CVE-2024-1183,0,0,65ecfa5c3d2b221c19281f6b798c6cc7087d171223e10f3dd191314d09620aec,2024-11-21T08:49:58.950000 CVE-2024-1184,0,0,2df19971af19652a2c9010665a81893140f6f37a453740869a5d55aaa9937e61,2024-11-21T08:49:59.067000 +CVE-2024-11840,1,1,09e01e238ec312d53d671f8cf876f09242b194b014906fd4d44fc65beb910377,2024-12-11T11:15:06.453000 CVE-2024-11844,0,0,04412f8d1e89e121c8013622c692022d4f804bc36ac5e0beee05cf8987e8ae7f,2024-12-03T09:15:04.473000 CVE-2024-1185,0,0,78290528f068dedb8140a9e577b3dd14843a1270282e7453db0a3904a48bc34c,2024-11-21T08:49:59.223000 CVE-2024-11853,0,0,34e99eba0841fa956ba4d7c4a308f8505540f1a8e5d486ec7f2fdd3d46494b2f,2024-12-03T08:15:06.710000 @@ -244313,6 +244318,7 @@ CVE-2024-12000,0,0,e45e46bd9049a7c2eac2343a939848eded6d5b005c7247796df205afc6eac CVE-2024-12001,0,0,75bbf94d31b41f422ac1216beeda365d0b924dd232e408edb33262f11bb39f10,2024-12-10T23:16:24.893000 CVE-2024-12002,0,0,642bad4c124467ff4f581f355ddf310f5dadc994966ff22ccdf8e42852d0744f,2024-12-10T23:21:19.827000 CVE-2024-12003,0,0,e39ee63656708893dab4dc4b108494b2da97ab05cd1b7a687dd08b180fa7d4d8,2024-12-06T09:15:07.630000 +CVE-2024-12004,1,1,7e4e24a5d67ea69d4a4f30f000844c0ff592f0fb4af7e0aa61274a2e2a55f08c,2024-12-11T09:15:05.500000 CVE-2024-12007,0,0,8e607a1eddf324cb0db7978994624ff72f4892cd536259d2d33593eb53a4d98b,2024-12-11T03:16:24.473000 CVE-2024-1201,0,0,ede9ef00e40c3771a17b2608d045b2ee9c35ff3d800bb0d000b60662409e157c,2024-11-21T08:50:01.647000 CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000 @@ -244396,8 +244402,10 @@ CVE-2024-1226,0,0,b8e723228c95f73a75e74922943d4c7b5983bd824925379e4a1dadf0498e92 CVE-2024-1227,0,0,2b74966c63acb4b53db9100814c0ea98b900c2b18de594c13a326b21bfb265c8,2024-11-21T08:50:06.103000 CVE-2024-12270,0,0,39bcf28b0c7f0c2cc7925c4c71867c3d58c667f7e488518c8c9808ae3acf42cd,2024-12-07T10:15:06.200000 CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44ef,2024-11-21T08:50:06.280000 +CVE-2024-12283,1,1,dca4df71f894f590cb0f5d26cfe1803e25114c809f761c64773c44a35cabeb38,2024-12-11T09:15:05.697000 CVE-2024-12286,0,0,fd7295e26214e392d9cfe3b72df0f6a777b0e479184a2a0c173af7d7cc4270a2,2024-12-10T18:15:27.150000 CVE-2024-1229,0,0,8ad8bfe76844e757ec6d08a1bad2f097b99b608e965943a6e4928e217dfee4df,2024-11-21T08:50:06.520000 +CVE-2024-12294,1,1,c80c38451ddc3a567e7758d3362278a970e04ba14ecece8e507b66c499c77553,2024-12-11T11:15:06.623000 CVE-2024-1230,0,0,4e58704ea3cd6d96f1b95bf7630f56ca27fd7e9cf7f7c464007165035f04082e,2024-11-21T08:50:06.710000 CVE-2024-12305,0,0,591beb549e2fd130a4eb51689f906f54cfd4f9ef094b292b5ebd58de367d8b56,2024-12-09T09:15:04.970000 CVE-2024-12306,0,0,7a6ad19881298b2491617643bd5219a8f3696a7257d332ef3f9d18eb332eeb87,2024-12-09T09:15:05.293000 @@ -244405,6 +244413,7 @@ CVE-2024-12307,0,0,23aacf8c044133a030d70d78a0f87e6b3da2eadc1bf68e4a395d80d759eab CVE-2024-1231,0,0,b14e8b0a07bc5ec367647c5978c3a1256f30a8a16700580e77b0e0e8d9654fdc,2024-11-21T08:50:06.870000 CVE-2024-1232,0,0,0724dcbb02c95ade7614aaa3e49113b53bf4da94f0e9ec3c91efd2f39f26e0e2,2024-11-21T08:50:07.030000 CVE-2024-12323,0,0,cda0016ec5c0b14f1438c5124cf1a1a11494fb26a27490c50b47e2260e80d4bf,2024-12-10T15:15:07.300000 +CVE-2024-12325,1,1,71dcfc0e1510c4d112935e942e5da24f635d661929d4a007be66df22f4234e9f,2024-12-11T12:15:19.200000 CVE-2024-12326,0,0,f960296d4c7a80b2aa28fc7f84f75a77ad31211d0d7e9b5df25b051a57e66633,2024-12-06T21:15:05.957000 CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000 CVE-2024-1234,0,0,6b4d1ae0b8159c98fb379447cf95a21f71a7514cfa9af5f48616ab89e3a52cca,2024-11-21T08:50:07.567000 @@ -244427,6 +244436,7 @@ CVE-2024-12358,0,0,c693e0849f917c8e8b82ecbabaa009531cb87832861cfd247370c207501db CVE-2024-12359,0,0,c89d1a1aa75e792ebb41728457dc48f1f26a200ebabc2671ae04aee3d706d446,2024-12-10T23:34:02.110000 CVE-2024-1236,0,0,98cf8c8d0d2027d41420e47ce0e54a62c55b6c82b55779fb1975380b5e094f29,2024-11-21T08:50:07.797000 CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000 +CVE-2024-12363,1,1,0a491da0a2abbcf7984025bbc6c43b56fe1619f44d47ff309424ed17b404b173,2024-12-11T10:15:07.260000 CVE-2024-12369,0,0,020d729c045c8eaa8f498306958a74fd2b364bdb1cd395ef2460e8703f80119a,2024-12-09T21:15:08.203000 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000 CVE-2024-1238,0,0,61e2d99ce6e3dfa86afb8331abcc236f68b5fa34f245659f4f6216db5239b32e,2024-11-21T08:50:08.053000 @@ -266377,9 +266387,9 @@ CVE-2024-49528,0,0,63319d635eea06771d746aaef2fa7b933b9c0f0420f665631edc0ca867ae1 CVE-2024-49529,0,0,bc912441c1467e88d09c1eebc868707893b19843941c8a4da84053631d70d7a6,2024-12-03T14:37:05.960000 CVE-2024-49530,0,0,afafe2f9e708a0df7b6d673b385a03bf08c9e6f95dcc179119b1592790dc1dc9,2024-12-10T20:15:18.107000 CVE-2024-49531,0,0,43539ba71c9f721c1ff762780d88d45522d85ce331f91d895b58432f07e6d879,2024-12-10T20:15:18.270000 -CVE-2024-49532,0,0,9d1b9b0ce859c1d811e40a145a253b8ac17e8ce809f6d790ab23d88b89f25e5c,2024-12-10T20:15:18.417000 -CVE-2024-49533,0,0,75968618599fd3437292a06f84769b4df1570448be7e5d716f073cc32a878c69,2024-12-10T20:15:18.563000 -CVE-2024-49534,0,0,2de7ddeb964d1e2f1108f1d599e0866d435c778aa898e98642e7d656c11b74cf,2024-12-10T20:15:18.743000 +CVE-2024-49532,0,1,4e372532dd8c4ca18ce90209f001d470d219b9faa378c4c94ed7fff494be9829,2024-12-11T12:15:20.753000 +CVE-2024-49533,0,1,b7fa46411acc29bb525767df2f82a6876ab053bff5d4249298e29189fc8eb8b6,2024-12-11T12:48:18.580000 +CVE-2024-49534,0,1,f5a65280f6923cb0001383f4d54b21a1bbdd11660c383cbfc1fbc3f07f52c595,2024-12-11T12:48:19.230000 CVE-2024-49535,0,0,e52b71be2403d7e7c7ec6df87555241b12f0d6af2e7ed28d403cc9e5574871ea,2024-12-10T20:15:18.923000 CVE-2024-49536,0,0,3226abc075af5af9440f5cdc9a3a66360f030ce3d405055960c0bca748fe4e92,2024-11-19T21:21:45.640000 CVE-2024-49537,0,0,9069a21f9ad82f63c2008fa214d1f0de46072a9dfd4ccd673ef0f8c9a149a49e,2024-12-10T21:15:16.500000 @@ -268439,7 +268449,7 @@ CVE-2024-52530,0,0,78f036a07a80d7c50933eab4b5ec3e54640dd9a8e9ce77e883bfb2118e573 CVE-2024-52531,0,0,8eedc16d1aadf080c6f2b302997fd47ee6a376af2a4466e43fcf9633d24182c6,2024-11-12T19:35:15.807000 CVE-2024-52532,0,0,54c3190a0eeff653a8f66dda7fd5b580cc7aa4648618e83320436fca355bcda1,2024-11-12T19:35:16.970000 CVE-2024-52533,0,0,1eb71d89b0eb5dd4c4750374cbcae2f7fe6179355aa90c3882a1d10864ff06bd,2024-12-06T14:15:21.400000 -CVE-2024-52537,1,1,c7d16023137224defd31bdd0eb25afbc798fa2f3219673f3c411d9cba6342fff,2024-12-11T08:15:05.747000 +CVE-2024-52537,0,0,c7d16023137224defd31bdd0eb25afbc798fa2f3219673f3c411d9cba6342fff,2024-12-11T08:15:05.747000 CVE-2024-52538,0,0,835fe849e7f7ee42eebe03855b29cf6227ad70f158455508984b13f2a2b9a4c9,2024-12-10T11:15:07.690000 CVE-2024-5254,0,0,b08a56d01443c9abf44ee33ecfae9cdfa73a8d20318044fcd2f5caa1e9d31f2e,2024-11-21T09:47:17.063000 CVE-2024-52544,0,0,c58d604e70e1d52d10e6c46ba91f7cf731eb4ad32c0c46522333c5ba2eb214aa,2024-12-03T21:15:07.390000 @@ -268828,10 +268838,10 @@ CVE-2024-53282,0,0,7c15b09f47539f2801b9ffd5119e50b7caab692bd395943ee3e6dd74694f6 CVE-2024-53283,0,0,fce78cde726b7a65b1fbdf73ae6f09a3f73353b419256d77bfdc27d25fc2bdd1,2024-12-09T04:15:05.073000 CVE-2024-53284,0,0,45eec706662496fabc9e8cb42b80581fe3303e2b7ad39a80f66810b843e633b6,2024-12-09T04:15:05.220000 CVE-2024-53285,0,0,e84db3deebb14a58d6854f327cd3b7c086afe148e543eaafbb15e4ea1a4cbc6b,2024-12-09T04:15:05.387000 -CVE-2024-53289,1,1,7dcc458da9f0f8218167876f51d4d0104a23c840dca0c7b84bd846e9c083cd24,2024-12-11T08:15:06.010000 +CVE-2024-53289,0,0,7dcc458da9f0f8218167876f51d4d0104a23c840dca0c7b84bd846e9c083cd24,2024-12-11T08:15:06.010000 CVE-2024-5329,0,0,daffb0d0cde1b0a7abdef85d122cb231171a58845d7b7cc2d00de14c5f127b92,2024-11-21T09:47:26.100000 -CVE-2024-53290,1,1,7c516cb10b6f0f64cadbb3d7f181f815cbb1aac805f9abbbecfb2f32971dd35c,2024-12-11T08:15:06.250000 -CVE-2024-53292,1,1,d0528d9cf9f44bd38b64700af004b04aa6efa3f1ffae50781438f1387e229f77,2024-12-11T08:15:06.423000 +CVE-2024-53290,0,0,7c516cb10b6f0f64cadbb3d7f181f815cbb1aac805f9abbbecfb2f32971dd35c,2024-12-11T08:15:06.250000 +CVE-2024-53292,0,0,d0528d9cf9f44bd38b64700af004b04aa6efa3f1ffae50781438f1387e229f77,2024-12-11T08:15:06.423000 CVE-2024-5330,0,0,d644a32144d291678dd5bb7f21b934bb851a049e1a1dcad7ed14bbc2171615fb,2024-11-21T22:46:26.800000 CVE-2024-5331,0,0,ad9f3e021008e1f906a9999a71be6645de37906a8f88b5de79caa7d877855b39,2024-11-21T23:07:26.067000 CVE-2024-5332,0,0,1bf02601401a5cfa3a271a75853b96cdcfd3e0b6b58677457c39ef4ba15b4069,2024-11-21T09:47:26.403000 @@ -269265,6 +269275,7 @@ CVE-2024-54254,0,0,6bd242e91a77ad9f90586d1c5e750c7c7ef35caa4861ebccd75667e5bfdd8 CVE-2024-54255,0,0,d518bbc292d8d1ed45e1085d8351cd8eb89783a225379287ae001a806a27b758,2024-12-09T13:15:44.007000 CVE-2024-5426,0,0,5ea29bfa6e12ae428a874da685da80617819a2a2873f1c2f03b3a2184d9a719d,2024-11-21T09:47:37.890000 CVE-2024-54260,0,0,77b8fbae5dfcc4dde97d03f134d079c69e76d5819885d9eb9375c0c7f0405e6d,2024-12-09T13:15:44.153000 +CVE-2024-54269,1,1,0bc9974eaf651dbbd6c977f144059de52f484482978cc1afb739ac8f56279a96,2024-12-11T10:15:07.790000 CVE-2024-5427,0,0,0e5a4a243a6c356d48858411e10959c0d2b5ef3e2a4a055bc1bad76f470ca7d5,2024-11-21T09:47:38.020000 CVE-2024-5428,0,0,5169bb0837062392ce64ea8c5c88b5f92f711aab81af161892590a75207e24aa,2024-12-09T22:51:14.763000 CVE-2024-5429,0,0,c5c127d3962dc4b6ee503ad5fd97fce8ef1325aee9713e37b6918218af05ded4,2024-10-18T12:53:04.627000 @@ -272067,7 +272078,7 @@ CVE-2024-8598,0,0,17bb7382ca41b399712cc44723ca89862306ddc2f56284b931416f3f7d8e7e CVE-2024-8599,0,0,13d0ff884a73c291b4096f8b78ca27030351114c1d87f3c5c05bf8cf4b35984f,2024-11-01T16:17:25.073000 CVE-2024-8600,0,0,467df8817b963ff6dd4943ad648cb11c98233a9da8dfa53fb316598e73a6889f,2024-11-01T16:17:19.680000 CVE-2024-8601,0,0,3acaee371a9188d72925a2deaf0ff4d7e630c2dd4f9352ccbd013d52f89a3544,2024-09-17T17:54:39.767000 -CVE-2024-8602,0,0,ab9d1f046168793a1c9a3736c1c61cab4a6f6cf6e26f0ca649a328bba985536e,2024-10-15T12:57:46.880000 +CVE-2024-8602,0,1,4be711d34a664a8b5e0b3d37ce84c88b22a5259bad96166dd05534c7898940cb,2024-12-11T09:15:05.890000 CVE-2024-8604,0,0,b0f4bef2cd9a719a1e9111dc84cb9eb65623a02bb8b15e8ab1025f3d735a01a0,2024-09-10T19:14:57.017000 CVE-2024-8605,0,0,18cd92611e13242841985be931e73363b96d6240a8d360002f41aa2863d0fe3b,2024-09-13T15:31:52.140000 CVE-2024-8606,0,0,d6634fb8da7243ac8a8022d5719888e145acab992bdb7a29d6a427971fe505a6,2024-09-30T15:32:34.647000