From 8c51e546ca2fa4f1e4bf3b5b2742437a1d0197d3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 1 Oct 2024 10:03:16 +0000 Subject: [PATCH] Auto-Update: 2024-10-01T10:00:16.923213+00:00 --- CVE-2024/CVE-2024-74xx/CVE-2024-7432.json | 60 +++++++++++++ CVE-2024/CVE-2024-74xx/CVE-2024-7433.json | 60 +++++++++++++ CVE-2024/CVE-2024-74xx/CVE-2024-7434.json | 60 +++++++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7869.json | 60 +++++++++++++ CVE-2024/CVE-2024-82xx/CVE-2024-8288.json | 68 ++++++++++++++ CVE-2024/CVE-2024-83xx/CVE-2024-8324.json | 64 +++++++++++++ CVE-2024/CVE-2024-84xx/CVE-2024-8430.json | 60 +++++++++++++ CVE-2024/CVE-2024-85xx/CVE-2024-8548.json | 104 ++++++++++++++++++++++ CVE-2024/CVE-2024-86xx/CVE-2024-8632.json | 64 +++++++++++++ CVE-2024/CVE-2024-86xx/CVE-2024-8675.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8718.json | 64 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8720.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8727.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8728.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8786.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8793.json | 60 +++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8799.json | 60 +++++++++++++ CVE-2024/CVE-2024-89xx/CVE-2024-8989.json | 72 +++++++++++++++ CVE-2024/CVE-2024-89xx/CVE-2024-8990.json | 72 +++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9018.json | 64 +++++++++++++ CVE-2024/CVE-2024-91xx/CVE-2024-9106.json | 60 +++++++++++++ CVE-2024/CVE-2024-91xx/CVE-2024-9108.json | 60 +++++++++++++ CVE-2024/CVE-2024-91xx/CVE-2024-9119.json | 60 +++++++++++++ CVE-2024/CVE-2024-91xx/CVE-2024-9145.json | 86 ++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9209.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9220.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9224.json | 64 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9228.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9241.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9265.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9267.json | 64 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9269.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9272.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9274.json | 60 +++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9289.json | 60 +++++++++++++ CVE-2024/CVE-2024-93xx/CVE-2024-9304.json | 60 +++++++++++++ README.md | 46 ++++++---- _state.csv | 58 +++++++++--- 38 files changed, 2363 insertions(+), 27 deletions(-) create mode 100644 CVE-2024/CVE-2024-74xx/CVE-2024-7432.json create mode 100644 CVE-2024/CVE-2024-74xx/CVE-2024-7433.json create mode 100644 CVE-2024/CVE-2024-74xx/CVE-2024-7434.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7869.json create mode 100644 CVE-2024/CVE-2024-82xx/CVE-2024-8288.json create mode 100644 CVE-2024/CVE-2024-83xx/CVE-2024-8324.json create mode 100644 CVE-2024/CVE-2024-84xx/CVE-2024-8430.json create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8548.json create mode 100644 CVE-2024/CVE-2024-86xx/CVE-2024-8632.json create mode 100644 CVE-2024/CVE-2024-86xx/CVE-2024-8675.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8718.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8720.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8727.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8728.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8786.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8793.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8799.json create mode 100644 CVE-2024/CVE-2024-89xx/CVE-2024-8989.json create mode 100644 CVE-2024/CVE-2024-89xx/CVE-2024-8990.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9018.json create mode 100644 CVE-2024/CVE-2024-91xx/CVE-2024-9106.json create mode 100644 CVE-2024/CVE-2024-91xx/CVE-2024-9108.json create mode 100644 CVE-2024/CVE-2024-91xx/CVE-2024-9119.json create mode 100644 CVE-2024/CVE-2024-91xx/CVE-2024-9145.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9209.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9220.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9224.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9228.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9241.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9265.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9267.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9269.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9272.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9274.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9289.json create mode 100644 CVE-2024/CVE-2024-93xx/CVE-2024-9304.json diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7432.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7432.json new file mode 100644 index 00000000000..5d962c910d9 --- /dev/null +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7432.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-7432", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:02.453", + "lastModified": "2024-10-01T08:15:02.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/themes/unseen-blog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a14b86f-a5c8-4ec2-9940-68a37a6c4a86?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7433.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7433.json new file mode 100644 index 00000000000..e8f7fb428c2 --- /dev/null +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7433.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-7433", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:02.727", + "lastModified": "2024-10-01T08:15:02.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/themes/empowerment/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d96d38a-7f0e-4e47-ba49-727705eaaac6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7434.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7434.json new file mode 100644 index 00000000000..c4f79a86e97 --- /dev/null +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7434.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-7434", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:02.943", + "lastModified": "2024-10-01T08:15:02.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/themes/ultrapress/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9cf97a6-38bb-4499-98f0-ca2b7111f654?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7869.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7869.json new file mode 100644 index 00000000000..64f0e7b9ac7 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7869.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-7869", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:03.167", + "lastModified": "2024-10-01T08:15:03.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/123-chat-videochat/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d4469e4-5d99-4a56-bde8-9a0aaca7794f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8288.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8288.json new file mode 100644 index 00000000000..71f16476c74 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8288.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-8288", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:02.850", + "lastModified": "2024-10-01T09:15:02.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Guten Post Layout \u2013 An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/guten-post-layout/trunk/src/blocks/post-grid/post-grid.php#L27", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/guten-post-layout/trunk/src/blocks/post-grid/post-grid.php#L300", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/guten-post-layout/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d6d9852-424a-4d98-9926-e849bef99c2d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8324.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8324.json new file mode 100644 index 00000000000..949a70600e1 --- /dev/null +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8324.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8324", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:03.293", + "lastModified": "2024-10-01T09:15:03.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018get_slider\u2019 function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/xo-liteslider/tags/3.8.6/inc/class-xo-slider.php#L247", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/xo-liteslider/tags/3.8.6/inc/class-xo-slider.php#L315", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be51c54d-b0f7-42b2-b9b3-1b5832e10a6b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8430.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8430.json new file mode 100644 index 00000000000..108b11ca851 --- /dev/null +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8430.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8430", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:03.790", + "lastModified": "2024-10-01T09:15:03.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/spice-starter-sites/tags/1.2.5/spice-starter-sites.php#L1123", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec52337f-bdd1-4632-853b-da86d64751e7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8548.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8548.json new file mode 100644 index 00000000000..6609582c113 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8548.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-8548", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:03.400", + "lastModified": "2024-10-01T08:15:03.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8632.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8632.json new file mode 100644 index 00000000000..39b9b076e4d --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8632.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8632", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:03.610", + "lastModified": "2024-10-01T08:15:03.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L342", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L439", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8675.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8675.json new file mode 100644 index 00000000000..178f7562240 --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8675.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8675", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:03.820", + "lastModified": "2024-10-01T08:15:03.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/soumettre-fr/trunk/admin/class-soumettre-admin.php#L276", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad05b088-977e-4f24-b843-dc65f1aa60e9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8718.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8718.json new file mode 100644 index 00000000000..7aefd94f60d --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8718.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8718", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:04.030", + "lastModified": "2024-10-01T08:15:04.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gravity-forms-toolbar/tags/1.7.0/admin/form.php#L25", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gravity-forms-toolbar/tags/1.7.0/admin/form.php#L44", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d1c6daf-1799-4f8a-81e3-ef3968f41b8e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8720.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8720.json new file mode 100644 index 00000000000..729eb070f7e --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8720.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8720", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:04.237", + "lastModified": "2024-10-01T08:15:04.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The RumbleTalk Live Group Chat \u2013 HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/rumbletalk-chat-a-chat-with-themes/trank/public/class-rumbletalk-public.php#L128", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e620ae8-03fc-43b5-8e8f-5b0884e8eefb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8727.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8727.json new file mode 100644 index 00000000000..74fb1dd7060 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8727.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8727", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:04.433", + "lastModified": "2024-10-01T08:15:04.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/includes/class-dkpdf-settings.php#L420", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8728.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8728.json new file mode 100644 index 00000000000..813d48b4d20 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8728.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8728", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:04.637", + "lastModified": "2024-10-01T08:15:04.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/easy-load-more/trunk/includes/class-easy-load-more-settings.php#L268", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d890e7a5-ea9f-40e5-9549-a6f26421b043?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8786.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8786.json new file mode 100644 index 00000000000..03a7d06b323 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8786.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8786", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:04.300", + "lastModified": "2024-10-01T09:15:04.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/auto-featured-image-from-title/trunk/auto-featured-image-from-title.php#L822", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2bf6102-458f-4930-8880-baa96afb1c15?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8793.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8793.json new file mode 100644 index 00000000000..303c655c7f8 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8793.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8793", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:04.770", + "lastModified": "2024-10-01T09:15:04.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-exporter/tags/2.7.2.1/includes/settings.php#L195", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8799.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8799.json new file mode 100644 index 00000000000..ffd13278a4f --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8799.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8799", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:05.220", + "lastModified": "2024-10-01T09:15:05.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/custom-banners/trunk/include/tgmpa/init.php#L96", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49618d9f-e6d8-40d5-b19f-7ce987939172?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8989.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8989.json new file mode 100644 index 00000000000..75d4e1decc1 --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8989.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-8989", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:04.840", + "lastModified": "2024-10-01T08:15:04.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/stars-testimonials-with-slider-and-masonry-grid/trunk/plugin.class.php#L1281", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3159818/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3159818/#file8", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/stars-testimonials-with-slider-and-masonry-grid/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b406f0b8-16b5-49ca-88d8-7717bef1ae61?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8990.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8990.json new file mode 100644 index 00000000000..ac83a353049 --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8990.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-8990", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:05.060", + "lastModified": "2024-10-01T08:15:05.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup.php#L1755", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3159868/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3159868/#file0", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/geo-mashup/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88e74cb2-7b6f-43ac-bb30-4763c5afe493?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9018.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9018.json new file mode 100644 index 00000000000..7cf7c8f0354 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9018.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9018", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:05.610", + "lastModified": "2024-10-01T09:15:05.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018key\u2019 parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-easy-gallery/trunk/wp-easy-gallery.php#L866", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-easy-gallery/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c4c632-66f2-4987-b7da-048dbe4a3044?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9106.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9106.json new file mode 100644 index 00000000000..45cdf2be190 --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9106.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9106", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:05.267", + "lastModified": "2024-10-01T08:15:05.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/add-ons/social-qq/class-xh-social-channel-qq.php?rev=2080785#L284", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9108.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9108.json new file mode 100644 index 00000000000..423a8137404 --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9108.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9108", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:05.480", + "lastModified": "2024-10-01T08:15:05.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06881386-3c92-426b-948d-58e8a8bee624?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9119.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9119.json new file mode 100644 index 00000000000..9fe78f9c008 --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9119.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9119", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:05.690", + "lastModified": "2024-10-01T08:15:05.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/svg-complete/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9145.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9145.json new file mode 100644 index 00000000000..c50c0a60d3a --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9145.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-9145", + "sourceIdentifier": "9947ef80-c5d5-474a-bbab-97341a59000e", + "published": "2024-10-01T08:15:05.913", + "lastModified": "2024-10-01T08:15:05.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a \"trusted folder\" within Visual Studio Code, and initiates a manual scan of the file." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "9947ef80-c5d5-474a-bbab-97341a59000e", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "9947ef80-c5d5-474a-bbab-97341a59000e", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://marketplace.visualstudio.com/items/WizCloud.wiz-vscode/changelog", + "source": "9947ef80-c5d5-474a-bbab-97341a59000e" + }, + { + "url": "https://marketplace.visualstudio.com/items/WizCloud.wizcli-vscode/changelog", + "source": "9947ef80-c5d5-474a-bbab-97341a59000e" + }, + { + "url": "https://www.wiz.io/security-advisories", + "source": "9947ef80-c5d5-474a-bbab-97341a59000e" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9209.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9209.json new file mode 100644 index 00000000000..90713289daf --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9209.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9209", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:06.110", + "lastModified": "2024-10-01T09:15:06.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/search-analytics/tags/1.4.9/admin/includes/class.stats-table.php#L153", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/275268d6-5b08-441d-9924-3c99682b27d4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9220.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9220.json new file mode 100644 index 00000000000..e456097ecf4 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9220.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9220", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:06.613", + "lastModified": "2024-10-01T09:15:06.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/lh-copy-media-file/trunk/lh-copy-media-file.php#L31", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9911e99e-0b3b-4be1-b8cd-28593b6d12ad?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9224.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9224.json new file mode 100644 index 00000000000..05ecfe51e41 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9224.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9224", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:07.190", + "lastModified": "2024-10-01T09:15:07.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L113", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L35", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9228.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9228.json new file mode 100644 index 00000000000..4edfbca15dd --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9228.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9228", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:07.750", + "lastModified": "2024-10-01T09:15:07.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Loggedin \u2013 Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/loggedin/tags/1.3.1/includes/class-loggedin-admin.php#L255", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59707c64-a34c-45bc-bbbe-d447fe2ca6ab?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9241.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9241.json new file mode 100644 index 00000000000..a33d4ce1766 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9241.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9241", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:08.287", + "lastModified": "2024-10-01T09:15:08.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/pdf-image-generator/tags/1.5.6/pdf-image-generator.php#L329", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1454af30-319a-44b7-a83e-2d774cfbc8d1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9265.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9265.json new file mode 100644 index 00000000000..5e808a09709 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9265.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9265", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:08.810", + "lastModified": "2024-10-01T09:15:08.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c099f401-4b05-4532-8e31-af1b1dea7eca?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9267.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9267.json new file mode 100644 index 00000000000..4874851f20d --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9267.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9267", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:06.103", + "lastModified": "2024-10-01T08:15:06.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy WordPress Subscribe \u2013 Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/opt-in-hound/trunk/includes/subscribers/views/view-submenu-page-subscribers.php#L17", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/opt-in-hound/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b91ec428-8444-4304-8901-4bc3ef146e3e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9269.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9269.json new file mode 100644 index 00000000000..5dfa18df499 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9269.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9269", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:06.313", + "lastModified": "2024-10-01T08:15:06.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/relogo/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12515236-753e-49e8-b8c8-b0c8831c6005?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9272.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9272.json new file mode 100644 index 00000000000..f9dff730448 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9272.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9272", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:06.510", + "lastModified": "2024-10-01T08:15:06.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/r-animated-icon/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56fd8166-da22-4a0b-a23f-41817acba6df?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9274.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9274.json new file mode 100644 index 00000000000..e8ac9251056 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9274.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9274", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:06.723", + "lastModified": "2024-10-01T08:15:06.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/elastik-page-builder/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/315687d4-9125-440b-9d53-81d71e56d4ef?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9289.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9289.json new file mode 100644 index 00000000000..fc938c9d15d --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9289.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9289", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T09:15:09.320", + "lastModified": "2024-10-01T09:15:09.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/wordpress-woocommerce-affiliate-program/23580333", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed19835f-2718-41d8-95af-47c8b9589529?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9304.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9304.json new file mode 100644 index 00000000000..3b128030226 --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9304.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9304", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-01T08:15:06.943", + "lastModified": "2024-10-01T08:15:06.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/locateandfilter/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a10ee67a-7f5f-43dd-8f5c-c0e92706c453?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index efaddf0555e..fbfffc43fdc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-01T08:00:18.031558+00:00 +2024-10-01T10:00:16.923213+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-01T07:15:06.263000+00:00 +2024-10-01T09:15:09.320000+00:00 ``` ### Last Data Feed Release @@ -33,30 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -264188 +264224 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `36` -- [CVE-2024-8107](CVE-2024/CVE-2024-81xx/CVE-2024-8107.json) (`2024-10-01T07:15:06.263`) -- [CVE-2024-8421](CVE-2024/CVE-2024-84xx/CVE-2024-8421.json) (`2024-10-01T06:15:02.357`) +- [CVE-2024-8720](CVE-2024/CVE-2024-87xx/CVE-2024-8720.json) (`2024-10-01T08:15:04.237`) +- [CVE-2024-8727](CVE-2024/CVE-2024-87xx/CVE-2024-8727.json) (`2024-10-01T08:15:04.433`) +- [CVE-2024-8728](CVE-2024/CVE-2024-87xx/CVE-2024-8728.json) (`2024-10-01T08:15:04.637`) +- [CVE-2024-8786](CVE-2024/CVE-2024-87xx/CVE-2024-8786.json) (`2024-10-01T09:15:04.300`) +- [CVE-2024-8793](CVE-2024/CVE-2024-87xx/CVE-2024-8793.json) (`2024-10-01T09:15:04.770`) +- [CVE-2024-8799](CVE-2024/CVE-2024-87xx/CVE-2024-8799.json) (`2024-10-01T09:15:05.220`) +- [CVE-2024-8989](CVE-2024/CVE-2024-89xx/CVE-2024-8989.json) (`2024-10-01T08:15:04.840`) +- [CVE-2024-8990](CVE-2024/CVE-2024-89xx/CVE-2024-8990.json) (`2024-10-01T08:15:05.060`) +- [CVE-2024-9018](CVE-2024/CVE-2024-90xx/CVE-2024-9018.json) (`2024-10-01T09:15:05.610`) +- [CVE-2024-9106](CVE-2024/CVE-2024-91xx/CVE-2024-9106.json) (`2024-10-01T08:15:05.267`) +- [CVE-2024-9108](CVE-2024/CVE-2024-91xx/CVE-2024-9108.json) (`2024-10-01T08:15:05.480`) +- [CVE-2024-9119](CVE-2024/CVE-2024-91xx/CVE-2024-9119.json) (`2024-10-01T08:15:05.690`) +- [CVE-2024-9145](CVE-2024/CVE-2024-91xx/CVE-2024-9145.json) (`2024-10-01T08:15:05.913`) +- [CVE-2024-9209](CVE-2024/CVE-2024-92xx/CVE-2024-9209.json) (`2024-10-01T09:15:06.110`) +- [CVE-2024-9220](CVE-2024/CVE-2024-92xx/CVE-2024-9220.json) (`2024-10-01T09:15:06.613`) +- [CVE-2024-9224](CVE-2024/CVE-2024-92xx/CVE-2024-9224.json) (`2024-10-01T09:15:07.190`) +- [CVE-2024-9228](CVE-2024/CVE-2024-92xx/CVE-2024-9228.json) (`2024-10-01T09:15:07.750`) +- [CVE-2024-9241](CVE-2024/CVE-2024-92xx/CVE-2024-9241.json) (`2024-10-01T09:15:08.287`) +- [CVE-2024-9265](CVE-2024/CVE-2024-92xx/CVE-2024-9265.json) (`2024-10-01T09:15:08.810`) +- [CVE-2024-9267](CVE-2024/CVE-2024-92xx/CVE-2024-9267.json) (`2024-10-01T08:15:06.103`) +- [CVE-2024-9269](CVE-2024/CVE-2024-92xx/CVE-2024-9269.json) (`2024-10-01T08:15:06.313`) +- [CVE-2024-9272](CVE-2024/CVE-2024-92xx/CVE-2024-9272.json) (`2024-10-01T08:15:06.510`) +- [CVE-2024-9274](CVE-2024/CVE-2024-92xx/CVE-2024-9274.json) (`2024-10-01T08:15:06.723`) +- [CVE-2024-9289](CVE-2024/CVE-2024-92xx/CVE-2024-9289.json) (`2024-10-01T09:15:09.320`) +- [CVE-2024-9304](CVE-2024/CVE-2024-93xx/CVE-2024-9304.json) (`2024-10-01T08:15:06.943`) ### CVEs modified in the last Commit -Recently modified CVEs: `9` +Recently modified CVEs: `0` -- [CVE-2023-46144](CVE-2023/CVE-2023-461xx/CVE-2023-46144.json) (`2024-10-01T07:15:02.540`) -- [CVE-2024-41176](CVE-2024/CVE-2024-411xx/CVE-2024-41176.json) (`2024-10-01T07:15:03.147`) -- [CVE-2024-43389](CVE-2024/CVE-2024-433xx/CVE-2024-43389.json) (`2024-10-01T07:15:03.560`) -- [CVE-2024-43390](CVE-2024/CVE-2024-433xx/CVE-2024-43390.json) (`2024-10-01T07:15:04.083`) -- [CVE-2024-43391](CVE-2024/CVE-2024-433xx/CVE-2024-43391.json) (`2024-10-01T07:15:04.530`) -- [CVE-2024-43392](CVE-2024/CVE-2024-433xx/CVE-2024-43392.json) (`2024-10-01T07:15:04.953`) -- [CVE-2024-43393](CVE-2024/CVE-2024-433xx/CVE-2024-43393.json) (`2024-10-01T07:15:05.443`) -- [CVE-2024-6876](CVE-2024/CVE-2024-68xx/CVE-2024-6876.json) (`2024-10-01T07:15:05.890`) -- [CVE-2024-8445](CVE-2024/CVE-2024-84xx/CVE-2024-8445.json) (`2024-10-01T06:15:02.650`) ## Download and Usage diff --git a/_state.csv b/_state.csv index de91edda76c..69ecd39bbbb 100644 --- a/_state.csv +++ b/_state.csv @@ -234551,7 +234551,7 @@ CVE-2023-4614,0,0,48582db52caa833023c22becbfe97b66601953ec6bd1ee30a7b5e9ca1820d1 CVE-2023-46141,0,0,c5f273a16ddecbce5dba1c7f57708a733529e7eb71e0ea3caf81e42882abba20,2023-12-21T17:14:56.770000 CVE-2023-46142,0,0,3fb6a0861e35fc09ecd0298ad20e5d7a8d5b6455fb61a2037ae1846cac22d64c,2023-12-21T17:15:15.170000 CVE-2023-46143,0,0,e3bc6bf1bb4c8c0f9d3ac70e1c134375256c14ec8394d0b3c4d1d049a67021ad,2023-12-21T17:15:46.577000 -CVE-2023-46144,0,1,28e54b912c0831ce77f02362c8d0cb49ff749450334118efa496438fceb2310a,2024-10-01T07:15:02.540000 +CVE-2023-46144,0,0,28e54b912c0831ce77f02362c8d0cb49ff749450334118efa496438fceb2310a,2024-10-01T07:15:02.540000 CVE-2023-46145,0,0,349c8808057410d251a89302413901d028ae7fdfdc2fab73cab5d33fd808c463,2024-05-17T18:36:05.263000 CVE-2023-46146,0,0,674968e0b09709c1de659f46455142d49d86eaca8817754c044e40c734f63cb6,2024-09-16T13:40:24.777000 CVE-2023-46147,0,0,b82be5e5d045675023a8fc4f0aac846ce0e3426dc9461912b9f889c9950e280c,2024-09-16T14:11:43.620000 @@ -257828,7 +257828,7 @@ CVE-2024-41172,0,0,7f370211b6a2ed7e58844e8bf12bc0dae731f676537ceaaec3667e5da63dc CVE-2024-41173,0,0,2a967ba5e095ab1e47f786a956c1f076df7830bb3f39a08c0b36771178149730,2024-09-12T14:52:20.820000 CVE-2024-41174,0,0,46f7512448f854e48ad9da184e7c8ef9b0c8ebf22c2d6d526796b00f1d907a8d,2024-09-12T14:33:54.917000 CVE-2024-41175,0,0,35e860a2d31eb21e3779e1686be69664a02d6ab1bab83d6168914f472f9b9f73,2024-09-12T14:25:10.307000 -CVE-2024-41176,0,1,54a27b7d242a59ee004d70d03c3c2f94f53556ca2727d85ff4c509bc25fb8e36,2024-10-01T07:15:03.147000 +CVE-2024-41176,0,0,54a27b7d242a59ee004d70d03c3c2f94f53556ca2727d85ff4c509bc25fb8e36,2024-10-01T07:15:03.147000 CVE-2024-41178,0,0,5da27e6bd4cfecb3274c0413ac77a628456bf2e70cb97b3347c2830cb191bae8,2024-08-01T13:58:24.173000 CVE-2024-4118,0,0,261b7c2db2db4c5bd0863007ba022afd6141eeb3c40d43094e801a457a5edb93,2024-06-04T19:20:30.147000 CVE-2024-41184,0,0,460d3d6d07916ac0f7c6ce162599c802c196ea0f25bca5ddf54b8e8b249634fe,2024-08-02T05:15:47.217000 @@ -259157,12 +259157,12 @@ CVE-2024-43385,0,0,9f5d38d74a52e4aff95c66a9fe01102de802f5b76b33bec488a6c4b7e7096 CVE-2024-43386,0,0,bc2a848fad787eef345813d2c4720d9d2393c8e1df983aa7b4f1b2025bcec15b,2024-09-27T19:33:22.077000 CVE-2024-43387,0,0,4ccf94a52793dd24dc0376add620cfdf8d8ec8b86efb2e3a9e2719aaace5a025,2024-09-27T19:33:37.497000 CVE-2024-43388,0,0,3a919f125f0d033e58d76594811e5e9eda62fdacecf5b54a65461d36b7a50c81,2024-09-27T19:32:48.683000 -CVE-2024-43389,0,1,40bac5f42e49b4f928d773122acf92c0e227abcdb9ce9d6f6ecf3322182450ec,2024-10-01T07:15:03.560000 +CVE-2024-43389,0,0,40bac5f42e49b4f928d773122acf92c0e227abcdb9ce9d6f6ecf3322182450ec,2024-10-01T07:15:03.560000 CVE-2024-4339,0,0,240ed7230e0a6e458ae0cd6534f1dc024d6c16f3537e0357643e823e6aa09596,2024-05-14T16:11:39.510000 -CVE-2024-43390,0,1,8d9acab4763dee913e02b982e6f2e7c4da6de627398ae2e58565c91696ad6dfd,2024-10-01T07:15:04.083000 -CVE-2024-43391,0,1,beb52d75af1ca2e051422364b0d066ee98e8e66a0e2a2826f84a624a57c5d1aa,2024-10-01T07:15:04.530000 -CVE-2024-43392,0,1,9eb1651e4862013b9015d62a0d55c31a661dc5148edd61e3e284f4dd02058e4c,2024-10-01T07:15:04.953000 -CVE-2024-43393,0,1,0b4e4752b1d1624f63c9f36234acbde90cd0d47d6abeb2bcd5368b0a996ac98c,2024-10-01T07:15:05.443000 +CVE-2024-43390,0,0,8d9acab4763dee913e02b982e6f2e7c4da6de627398ae2e58565c91696ad6dfd,2024-10-01T07:15:04.083000 +CVE-2024-43391,0,0,beb52d75af1ca2e051422364b0d066ee98e8e66a0e2a2826f84a624a57c5d1aa,2024-10-01T07:15:04.530000 +CVE-2024-43392,0,0,9eb1651e4862013b9015d62a0d55c31a661dc5148edd61e3e284f4dd02058e4c,2024-10-01T07:15:04.953000 +CVE-2024-43393,0,0,0b4e4752b1d1624f63c9f36234acbde90cd0d47d6abeb2bcd5368b0a996ac98c,2024-10-01T07:15:05.443000 CVE-2024-43395,0,0,e2392bf6475b12db51f31adf2ecd9f40f62cf7ccf326ac732a93b8b209786a49,2024-08-19T13:00:23.117000 CVE-2024-43396,0,0,d3e4db1d56053a512790a84d8c3ae6e21035877ac8c09fe39077f7231484b09e,2024-09-03T18:19:33.167000 CVE-2024-43397,0,0,5caa94926889523c153ff1aaf47669fe6c71771da877710063b3b97c2bc5d0dc,2024-08-26T18:28:42.230000 @@ -262648,7 +262648,7 @@ CVE-2024-6870,0,0,b8787438d65804a2db5bbc8c04084c34ae58bc1819956a7afefdca8ed2b919 CVE-2024-6872,0,0,9eb628e3a6d1ea0380e94dd099512f5a2f74ddb0ba75bf9a102e83ab13e260f5,2024-08-05T12:41:45.957000 CVE-2024-6873,0,0,8e5db8bfa0491746f29814d1d8249a1850325cbcdbd09b52dbf90709e95d212c,2024-08-01T16:45:25.400000 CVE-2024-6874,0,0,805a0b27cbdf811d96209b292e2d5909e967f9d3161226db1f6fe45d6b995555,2024-09-10T15:27:04.190000 -CVE-2024-6876,0,1,583f30283a5d24592d6b6307c031cb111ef10b29cd5778033f08bcc8e7270d88,2024-10-01T07:15:05.890000 +CVE-2024-6876,0,0,583f30283a5d24592d6b6307c031cb111ef10b29cd5778033f08bcc8e7270d88,2024-10-01T07:15:05.890000 CVE-2024-6877,0,0,02c2ad8b7328ed9f86319b9c0a10ec2b70408d6e2f96471b9aea8deebf9f2ed4,2024-09-25T18:57:54.607000 CVE-2024-6878,0,0,f5582059b5d1bf17731a698db689103b20b34785921cd291277cac7bea80d487,2024-09-20T12:30:17.483000 CVE-2024-6879,0,0,6dd99f7574923c6a0220f28a1253b4ac8ff29b09a2650b86b7b021e79b9e4f08,2024-08-28T15:35:24.120000 @@ -263080,6 +263080,9 @@ CVE-2024-7423,0,0,683032207cd0b1b10abe49d0a408feb34a406022ce5c9940510e7ae64734c4 CVE-2024-7426,0,0,6a71007700c4116b380e5f6e6a7f1695f7459185616f96253328245521427764,2024-09-30T14:17:51.317000 CVE-2024-7427,0,0,db7ee0ecad2784af038bf44c17fdbe281451988802f60a362e8cf5f513055a51,2024-08-23T18:46:31.730000 CVE-2024-7428,0,0,6dbc394d0d800a640022319856b0e52c143a4490c0eebfb1fe7dd2cce04fb45f,2024-08-23T18:46:31.730000 +CVE-2024-7432,1,1,e8c6980a5de949268c22b41f4a294a2122522b07700201e933a89167a22f2bf2,2024-10-01T08:15:02.453000 +CVE-2024-7433,1,1,1f36438e32a329d426ce3b1a344fd708160f730e4dd49f098610bf45f4b8ee41,2024-10-01T08:15:02.727000 +CVE-2024-7434,1,1,637194103f3b7db513b02082bb024dbbfefe9f606ab31523040243a3a42a17b6,2024-10-01T08:15:02.943000 CVE-2024-7435,0,0,66fc1a447d06c1e8d0a9056fadb7b0070b6d69677ecdcc565c829d3d11041847,2024-09-03T12:59:02.453000 CVE-2024-7436,0,0,77bc4c95d4063144d84cdea1af238ebd00099087f7001defb370c91c51096e64,2024-09-11T14:41:56.753000 CVE-2024-7437,0,0,246b693ce6552391d868b958ff9b746dcace18b15d81fb9e08c275fb53819b64,2024-09-11T14:39:10.557000 @@ -263422,6 +263425,7 @@ CVE-2024-7864,0,0,8cb55f9c6813f7ebb3e411de07404fd2812a548c1112fcc9ece6be38f8f1e9 CVE-2024-7866,0,0,4c0cb0c858c0ff2de3d3bc9c6187348080bb51d5934bb16167513e626d441be5,2024-08-20T19:23:02.780000 CVE-2024-7867,0,0,cc4e8e2cbae6cc9c2393332b56b3dc1a7160836d4b3b7919e8d1234e73599a3b,2024-08-28T21:59:33.973000 CVE-2024-7868,0,0,c4ea1bb97a13baa8d231995b3d29c0db15f328b428d9b25a1a7a0b4c8b9c1d1a,2024-09-11T12:40:01.817000 +CVE-2024-7869,1,1,45609c63caff2a26adcc7ef2195d5ac5e058ebc9157c26bc66abdd8f75364a4a,2024-10-01T08:15:03.167000 CVE-2024-7870,0,0,4141f264a23149fdea486ca620816f1c3f41138cabf6c23297e955fee3254fb2,2024-09-04T13:05:36.067000 CVE-2024-7871,0,0,d47ede6ca23d1578a9b705a8257da890832c1e69392e6414a190c6fb054ce14f,2024-09-04T17:34:14.630000 CVE-2024-7873,0,0,206d8282726d748a6a41b367b674a966213f9d6e3053dc261b740ef29ffe8ab7,2024-09-20T12:30:51.220000 @@ -263573,7 +263577,7 @@ CVE-2024-8103,0,0,77d380cca7da7a9ea520d1266aaf7f8f8fa25bf0cd8d701002339aafa2f0f3 CVE-2024-8104,0,0,e0dd7af2b8170ad0cb122178cc67d0512cc1eb1562d671a3c4e0173a78c8b550,2024-09-05T13:28:06.817000 CVE-2024-8105,0,0,fdab1a8bdde46d997c9a9800b483d676df23e449425d94531660960b3c42e376,2024-09-09T21:35:17.320000 CVE-2024-8106,0,0,918839130e1d38968c976a0bfdbedb93d4d38744e55b3c51d6882ceb90663b73,2024-09-05T13:05:52.540000 -CVE-2024-8107,1,1,788b47747c80bea0b0fc54cf26df2214d345b7e328d1fbd193f93f6f4f832fad,2024-10-01T07:15:06.263000 +CVE-2024-8107,0,0,788b47747c80bea0b0fc54cf26df2214d345b7e328d1fbd193f93f6f4f832fad,2024-10-01T07:15:06.263000 CVE-2024-8108,0,0,8f1cde3e4e080de95c0957ccbabc0a49f644f40a04612484228affb54375e534,2024-09-19T13:37:32.203000 CVE-2024-8110,0,0,35b29aa278bc186f939dacbb87981e7b3283cd41ccc0818c634be4d5c87818aa,2024-09-20T12:31:20.110000 CVE-2024-8112,0,0,68d19c324dfb08f42fbaae63f6c41217ad9d464e632ed1f450780261e0cb818a,2024-09-12T18:23:22.507000 @@ -263696,6 +263700,7 @@ CVE-2024-8281,0,0,6e64aec5696815efe009b246052ca974dfd6e9415a9b5d9826067281cc5ba1 CVE-2024-8283,0,0,63c897f82dabc8d84136a694d903018ce23d93f10e485ba2d6b5e962b5c03172,2024-09-30T12:45:57.823000 CVE-2024-8285,0,0,b03f6a28365b23ccdd28cfaabc1a4440173ac6451ac16c91954a645332d3ac9d,2024-09-25T18:48:21.620000 CVE-2024-8287,0,0,a69e7cb2d3c0316abfeaff67da311f8b23d877ec163f8b4d2f35a96004b37bbb,2024-09-24T15:52:38.047000 +CVE-2024-8288,1,1,6cb904cd7e1f4abc1a8bdb293706226bea2d11c5ae05634444833f3b0c873d05,2024-10-01T09:15:02.850000 CVE-2024-8289,0,0,900bfbd861154484ed59254bdbec992d28a9742381ab830cf631e50b7fa985ab,2024-09-05T17:41:58.350000 CVE-2024-8290,0,0,63d92c77191032f40cbea4b8210ec288fe5f42eda168ed122e114c38be3ba3ea,2024-09-26T13:32:02.803000 CVE-2024-8291,0,0,bef998780f6620f6853e2fbe1c217978f29dbad19bd579536275bf3c982f8c1b,2024-09-30T15:59:11.073000 @@ -263719,6 +263724,7 @@ CVE-2024-8319,0,0,19bee7e43deb1719502aef7eb4c05b0fb28cffea0ae04999821f01ddbcc0e2 CVE-2024-8320,0,0,67cff6908a40f6de0a5d55f45cee63784fe7b54f56159b5877dcd792142b0c2f,2024-09-12T21:51:58.960000 CVE-2024-8321,0,0,595129502821252825346a9a34e636ff1fd5806e1274bb50a0e529e9f41ab2d6,2024-09-12T21:53:22.677000 CVE-2024-8322,0,0,b55b95a67ef7974aa4139f663f04b216243350777f41a8ecf84d71c9fac2a097,2024-09-12T21:56:43.673000 +CVE-2024-8324,1,1,4fd8e5a587aad0782d1e2a2d777adbc10231fd0a1a8d2218f6d298b7dd04f412,2024-10-01T09:15:03.293000 CVE-2024-8325,0,0,6acbe28b7e23bada826026212a2fb1b0115adaa2c5e690e584f377990b0f6742,2024-09-04T13:05:36.067000 CVE-2024-8327,0,0,6596679653e59e232d9a636653bb7ef76ebcd0b7674f3704360634000a96dff3,2024-09-04T17:11:23.533000 CVE-2024-8328,0,0,108819f537a57d4b33892521031f4d00462659f72abf40066992dd6f06ea1545,2024-09-04T17:11:19.827000 @@ -263789,9 +263795,10 @@ CVE-2024-8415,0,0,ab2184731c9f97a955dc07eba7cdff71ad9ccc33249e750d3db8dd063bdd30 CVE-2024-8416,0,0,135a04ecfe4373dd7e99d043d76128d31e33f9197f002be9000b3ee4a6fb8417,2024-09-06T16:38:44.053000 CVE-2024-8417,0,0,8580cbd844a53cf335c90d7b0b427ee4c081c6060c525d72a654406a58e7a040,2024-09-19T19:53:12.383000 CVE-2024-8418,0,0,45db7c5e32209561e336e52f972f2bde6e59f6364560666284054dcf874b8fe1,2024-09-17T20:15:06.710000 -CVE-2024-8421,1,1,baa012ceabfe4a98c027974c6cb50310b5e1c6dd28d23e9e37c50e0d90a41b43,2024-10-01T06:15:02.357000 +CVE-2024-8421,0,0,baa012ceabfe4a98c027974c6cb50310b5e1c6dd28d23e9e37c50e0d90a41b43,2024-10-01T06:15:02.357000 CVE-2024-8427,0,0,57dcbf97b68dfdac544ef9faf52bed3587edeaacde16f067da96879677802837,2024-09-11T17:41:18.733000 CVE-2024-8428,0,0,224fe311bf12d06d4c690b8d9ea3bc4f42261bcb370dc3457883b86fb932f74d,2024-09-26T21:58:45.393000 +CVE-2024-8430,1,1,de3b67a4916feceb0eaac5d01380b94825ca04564095cedc02abe04981e18fc5,2024-10-01T09:15:03.790000 CVE-2024-8432,0,0,8868d9b36bd238df6f75f7287d6bafac4ff3b898eed233d7b4ed5ce985d677d0,2024-09-27T12:58:58.433000 CVE-2024-8434,0,0,a7dd938925c560d2c4358a00a748e9c070db95d94d7906c441d33bc026b679c8,2024-09-26T13:32:02.803000 CVE-2024-8436,0,0,0d153a053863f3621c53c1e26deb2ddde74385c0ccdd737c792b34eb9af883c1,2024-09-26T13:32:02.803000 @@ -263800,7 +263807,7 @@ CVE-2024-8439,0,0,b4eacb6a11dc14d7212cfdbe9629a765b4f24ad00bc9c4fc2289184c4fdae5 CVE-2024-8440,0,0,8dcfa58740a8b45172e18897b2d796d55a68f35b9034374864c3da0c6b77c079,2024-09-25T19:34:19.683000 CVE-2024-8441,0,0,0efac0f95475c5b753f85a6e07784bad0c26116c06bdd47c81e7d9e5f2143687,2024-09-12T21:53:43.387000 CVE-2024-8443,0,0,3c60ad7b83386f919c8526ae161201f0c09636191f73ee0cc137a0cb5f793af8,2024-09-26T14:34:03.157000 -CVE-2024-8445,0,1,a7f7ba812fc058686a7ce9617c544a5ef0aa1db28a47ee616a0e4041709a6c78,2024-10-01T06:15:02.650000 +CVE-2024-8445,0,0,a7f7ba812fc058686a7ce9617c544a5ef0aa1db28a47ee616a0e4041709a6c78,2024-10-01T06:15:02.650000 CVE-2024-8448,0,0,a5ecbda13e54e62f08aad0fb96b46ee6676b77e076cfa11ddb79678d5c149797,2024-09-30T12:45:57.823000 CVE-2024-8449,0,0,abd472db671ae2c583e74e98c342c94b8a5a9f987684dd21bb2b434bdad834ec,2024-09-30T12:45:57.823000 CVE-2024-8450,0,0,2f10ea74f337b4e5e3d54aecde245c4e719ad338c5a035141a0dccc4aed1fbcf,2024-09-30T12:45:57.823000 @@ -263855,6 +263862,7 @@ CVE-2024-8543,0,0,1827ebc325d7546f1e75a8e16ffad13bc42c9eac828d9fdcb95bbdde0c532b CVE-2024-8544,0,0,029a23631e96ee15c1045dd3fa22aca85d39405998de7d891aefcd30e632fd70,2024-09-27T12:57:21.617000 CVE-2024-8546,0,0,21c437f0d9de25e8960a2d9fbc9927a015111c992509c4b53747f59b9615f4f7,2024-09-26T13:32:02.803000 CVE-2024-8547,0,0,29fe82b8c0ab38b765e0be3ae3ce18e6ec7de58c1b556459781d617a88c52c89,2024-09-30T12:45:57.823000 +CVE-2024-8548,1,1,cca495c452a8db9d34b67e92dde5b83e8275bbf017fdb41e2dc638aa49309d62,2024-10-01T08:15:03.400000 CVE-2024-8549,0,0,26824bba4a7be5d3e1980cceb3f14676382c512f326742b207079a7edab4cb14,2024-09-26T13:32:02.803000 CVE-2024-8552,0,0,6594d79506dd28071c715cfa6c7597507b339576bdff1f377ea688092ea69413,2024-09-26T13:32:02.803000 CVE-2024-8554,0,0,46c32adbe15332664cfc930fe8c32bff96db8190902ab789492b593fa03348f1,2024-09-10T13:52:23.250000 @@ -263905,6 +263913,7 @@ CVE-2024-8624,0,0,1732629a73b0f7a73256425937c92b86f35ca441eabdeb398d592189eec066 CVE-2024-8628,0,0,eae51dc9330e4c3449bbbf5b2aafba06ad0db1b999ee8c88380618befb3102be,2024-09-26T16:42:16.700000 CVE-2024-8630,0,0,171e223312e05c108be17689ae4f899562cfc4dd591123d96527e97a9f5e9c7e,2024-09-30T12:45:57.823000 CVE-2024-8631,0,0,ec0f3e499204fe8b3096f23de4c15b4f57ab537964111dc6b7313fbad5d35ea5,2024-09-14T15:22:31.717000 +CVE-2024-8632,1,1,f172cc8ff5cb9fd95e95849b1f701d969353d04f602f42c70851f5333736bf3d,2024-10-01T08:15:03.610000 CVE-2024-8633,0,0,b5b3cb7bf92993a95877e5bb9de5f9fe762b28b46c227d23bc70c2891d4703fa,2024-09-26T13:32:02.803000 CVE-2024-8635,0,0,7a33169aa1c56166fecdf7f4d906662353a5e22f1362c34800f026c91df08470,2024-09-14T15:24:45.657000 CVE-2024-8636,0,0,0c59a94a620a4c5a9ca1b46d0e9c59ab3787ae337f0eaa0364c7e33937f31aa2,2024-09-13T14:35:08.313000 @@ -263935,6 +263944,7 @@ CVE-2024-8665,0,0,f6c99a5ec710565eecc74e7ed4fc9df52dc9e331e2cca577b8f47d511b3aa8 CVE-2024-8668,0,0,c353986416e0a4c46c78ecf60b727782bfce62870f6e122356299be7e7438e9c,2024-09-26T13:32:02.803000 CVE-2024-8669,0,0,a540528fa4f0bbb5defe17259c589787942e6df5d18ff3bf79d91bf53c9aac43,2024-09-27T16:08:15.487000 CVE-2024-8671,0,0,44eb9fc4ae83bda74c805da6c8f69132f0b0ddef607b7afc290779058022b5c0,2024-09-26T16:38:24.447000 +CVE-2024-8675,1,1,4e67a00d00eda6d3913dc1b843cec7abe2f647dde9eaf0f5b9e89fc8ca663b54,2024-10-01T08:15:03.820000 CVE-2024-8678,0,0,889d21ef247546a6f2ba4419351284ba9f2f3727a17d89355bbfe7a36fdacaf2,2024-09-26T13:32:02.803000 CVE-2024-8680,0,0,f92fa58a804f571c1e7bcf32a74c84f918657d6176f24d169d6d6fd1db54ec14,2024-09-27T13:53:47.910000 CVE-2024-8681,0,0,2484646e871f9b5ca6a59ede5b5ef399a66580b77d3877c591e127c40a1ace52,2024-09-30T12:46:20.237000 @@ -263963,9 +263973,13 @@ CVE-2024-8713,0,0,77e6eb32497c4838ab6eff0729860dc19e9280431833bec790cbdd0c191045 CVE-2024-8714,0,0,2bf1d2039d26904f97b1e8fc522abe5916905f0e0d26ed18e01afb2d802fce13,2024-09-26T20:06:46.330000 CVE-2024-8715,0,0,304c326f65febbbc8f7632ccde75c6cb540626ca7b3f92b1e87ea6c962675cd3,2024-09-30T12:45:57.823000 CVE-2024-8716,0,0,1bb41aeeebe4e896420adf3cdaff53e3d88a64a7e4d1f07d25f8bcb2da122bf8,2024-09-26T17:03:05.487000 +CVE-2024-8718,1,1,52332c777c4318a883c04078e91634a6ef8ae6a5900124887917d48dd5005b5e,2024-10-01T08:15:04.030000 +CVE-2024-8720,1,1,289b8fb0fc4d8050af052d36e1efbd05b6c287bfb2c648706b6f45f067f38dc4,2024-10-01T08:15:04.237000 CVE-2024-8723,0,0,778d0a0398aed78fe986c3e106c93b2232e3d42b0102981078399ce3c143c0f8,2024-09-26T13:32:02.803000 CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c49676,2024-09-27T15:56:00.073000 CVE-2024-8725,0,0,e7161ff8e5bddb34d8cb70331e4764a7c296e8dd27bc773fb9d18a06e20edb11,2024-09-26T13:32:02.803000 +CVE-2024-8727,1,1,dbb2d03b3a0ceaa8f4191f7e51c855a7d6e37cf9570fe18e85d885b4a36917be,2024-10-01T08:15:04.433000 +CVE-2024-8728,1,1,4c3b895218a9215bbba5cc18fc76f8f771ca28b92ff840e97f9e5836a58a2ef9,2024-10-01T08:15:04.637000 CVE-2024-8730,0,0,ff380ede7d530472d7457d72280d0377e58fe499631b78029fd0dcbdd667a7f4,2024-09-26T19:58:33.353000 CVE-2024-8731,0,0,17c6adda5eb698d4c05886ce56b7c8d24eb85ac20af08445719f350b3f8c3e38,2024-09-26T19:43:33.110000 CVE-2024-8732,0,0,fdb5356750581bee2cd15ce9454648108e6d01424f144ebcf561e47c2245eaa8,2024-09-26T20:01:02.290000 @@ -263997,12 +264011,15 @@ CVE-2024-8780,0,0,390f3cd9aeaa4212ebd65fe7e603fc1df2783bc2afd801c860ac757dc6f099 CVE-2024-8782,0,0,ec0da4baac22ae9eceb8ce2507375e0a71b6a51926de3cc40576bcd259fd7175,2024-09-19T01:46:07.003000 CVE-2024-8783,0,0,b434dfc5f50cf2811a1f5688ac574f745dec48e5af54cf5f568ce8560b0e2702,2024-09-19T01:38:57.033000 CVE-2024-8784,0,0,7bc5ed86fd42122481efd27561493828acec6a50cb9d34c0b1c40453c943431f,2024-09-19T01:38:35.177000 +CVE-2024-8786,1,1,76e564ac65d5a50b3044629ff82d809b4d486cea166ab2e4fb6f9972a580d321,2024-10-01T09:15:04.300000 CVE-2024-8788,0,0,0c1c31433060e0573e6670d95af66fa7676c5096baf38d35fa0fd856e69a1acd,2024-09-30T12:45:57.823000 CVE-2024-8791,0,0,fb5b0ac36efac34bc9b2b46a1f471f8bc629f8b19dafbbe4161ffb4834ecffd5,2024-09-26T16:25:34.120000 +CVE-2024-8793,1,1,acf44e3c3be625419fa9a69cf4331a61ce393d1a39a3030b553b223d637c6858,2024-10-01T09:15:04.770000 CVE-2024-8794,0,0,71d6f226610d884ee512fa4051f8594e0cafa29b4878c9ac672c3de2ccd4c022,2024-09-26T16:23:46.740000 CVE-2024-8795,0,0,f7b3fc89482c22947a1a26e63d2f04d7dee1f77ad827021897b332709b04072d,2024-09-26T16:46:55.587000 CVE-2024-8796,0,0,3072a1878c469640ca1580f40189a95dca902784c81c016c261f3bdcec04f58c,2024-09-30T14:10:38.937000 CVE-2024-8797,0,0,bc71120ba9c562037001bef5ed49069a2fb96f9263b3c8e2a617e34946a91f4d,2024-09-27T14:02:23.700000 +CVE-2024-8799,1,1,00121647efdfbda1953f2b1e9dcd564fbf00607f157bcfec6188d74e35b1233b,2024-10-01T09:15:05.220000 CVE-2024-8801,0,0,b5bc4f982a594acb6aaf56b2e8a82653b32de0b2ae7bfdf440e37c28bdd34de7,2024-09-30T14:23:46.140000 CVE-2024-8803,0,0,1e21e2187793442a371c4b65c97d90253ace224e18e6d0a30f5421631b4c2a19,2024-09-26T13:32:02.803000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 @@ -264064,6 +264081,8 @@ CVE-2024-8974,0,0,d4bcc9476e440aef15c3a18c780e18e6939f5911111a1f36c9f70c7d14bcd4 CVE-2024-8975,0,0,6182f1c2aabebf93149118ffbf69a7c7fbdd0fa2fe06938640fbc8c09a95a52c,2024-09-26T17:15:04.283000 CVE-2024-8981,0,0,a6dff398f54eed438863305f0063a0cfe917abfa14511ee9bceae99f41bf945c,2024-10-01T03:15:02.470000 CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000 +CVE-2024-8989,1,1,6ab2546ec964e99a431fecbc3726785c0f1928620ca5ffdda7abd4a623d7c876,2024-10-01T08:15:04.840000 +CVE-2024-8990,1,1,5f3121a9544cb00fa60db849505a5187b12f6013895f285bda1d0b2e597f3595,2024-10-01T08:15:05.060000 CVE-2024-8991,0,0,09885cc5ee50368e772186dae89932abe94e78de6f22233b671ca629cda9542e,2024-09-30T12:46:20.237000 CVE-2024-8996,0,0,1db2f409b274638c0f9c246162c3dd0fbc2dbe210d25860090dd9c3c8a087a10,2024-09-26T17:15:04.373000 CVE-2024-9001,0,0,3414d6649893c69be27afcf1e3dc2327433e2ecaa7ac9013879a0b1b05bf0f03,2024-09-24T16:14:30.190000 @@ -264075,6 +264094,7 @@ CVE-2024-9008,0,0,52622a85f30c63eabac86e540eb777bb56ea4ab0b052ff445cc04b0bad1ec8 CVE-2024-9009,0,0,8ca9aa7668c5d5c77c4f8dc75f965a1fc61562deadeb769eddb6e3d475ae864f,2024-09-25T17:46:59.077000 CVE-2024-9011,0,0,31757df34dd4fee90035c8c1e734eec12ab6ab10926115bc714ff7e9ad5eeaab,2024-09-25T17:48:14.820000 CVE-2024-9014,0,0,a8e29b928e7c02e09a31b50dee33eaa8cea5cb50c9cc022c5089f67468915a88,2024-09-26T13:32:55.343000 +CVE-2024-9018,1,1,7e4cc53232e01438a4fee218a1a2899aac8e0271cd2222ff64914c9456965ad6,2024-10-01T09:15:05.610000 CVE-2024-9023,0,0,791ecf17c09683ef3ebffb71174cce8e121540e79fef0c6a3bb0a2d8d2ba42c0,2024-09-30T12:45:57.823000 CVE-2024-9024,0,0,a169982dad174bdcc00c2c78e9efcbc44e6a47176e89361fcc86b05c73e5527a,2024-09-26T13:32:02.803000 CVE-2024-9025,0,0,4a3763d182986e8a9ef475614c0f7e993d3440f162fb5fd30f9debf5502d2386,2024-09-26T13:32:02.803000 @@ -264120,8 +264140,11 @@ CVE-2024-9091,0,0,3bfc998290a11bc8fab6cf9f3d600eed6ee69250246e343c9bb59fcaa6e75f CVE-2024-9092,0,0,1c2c646de9ea2ba79bd5c01f3c6adbd97c309ff9880a784404443eb5dc670a7e,2024-09-27T16:23:56.710000 CVE-2024-9093,0,0,9c381a723dcd5a5c3a6becb1e39558bfddcf6d2d39bab32327672c3bb7182479,2024-09-27T16:26:27.163000 CVE-2024-9094,0,0,0e308d006c94a8d09d0a4caea6001ec02d11744a78c5f3fdfc5f94ed1a0ea22c,2024-09-27T15:54:09.463000 +CVE-2024-9106,1,1,b4be78e84ae8affb4a6d454a9d1990e653bbd687f661444a18343032f03a5c6f,2024-10-01T08:15:05.267000 +CVE-2024-9108,1,1,b104d3449df77c856d6774bc902449a0006458d06f65471d2757d674caf86c47,2024-10-01T08:15:05.480000 CVE-2024-9115,0,0,677b007e44c6a6850476d54cab99d703d388e1f6185b1413799fecf3ba008a07,2024-09-26T13:32:02.803000 CVE-2024-9117,0,0,96ff801e5a2869848fd4e3dd25cc9a878f8aef2f8675658f7019828cd326dfe8,2024-09-26T13:32:02.803000 +CVE-2024-9119,1,1,73a4506c64bc55136a82fd67049c5f1a65495ab03a2bb02fdd68a84266b1cfd8,2024-10-01T08:15:05.690000 CVE-2024-9120,0,0,741803f92bc286dd2201245dc8ffb354e00af92f2ccee9f63963d21a0888db6b,2024-09-26T13:32:02.803000 CVE-2024-9121,0,0,eed3fa8b5aa214ac1e28e4851470b90d1a58e721a279141f5883437250a9a8a8,2024-09-26T13:32:02.803000 CVE-2024-9122,0,0,8303a0c1b693e1f9637d76c62abb1e6e7e78f3941c479dc3e2dfaa8a5c17fa42,2024-09-26T13:32:02.803000 @@ -264132,6 +264155,7 @@ CVE-2024-9130,0,0,5bd25b655f8e7a913dbf125185040ed90a768cc24bf73a5555fb1985c6ebc2 CVE-2024-9136,0,0,3a2123a7313620918321ccc10071ef5907ddec267af09127e6959a072bce8ae3,2024-09-30T12:45:57.823000 CVE-2024-9141,0,0,1186d93c71ba2b76e7029b0455d3828535e51a6f22b721a65c3963a052cae512,2024-09-26T13:32:02.803000 CVE-2024-9142,0,0,f41ad411b11065ca581c6c09a7cdbabb7231f7d077f84444580389a46c43e76b,2024-09-26T13:32:02.803000 +CVE-2024-9145,1,1,6ec68101174eef6ea8d6a443ccd44e10d28aa0d3a7c8706b3cf313003f831f12,2024-10-01T08:15:05.913000 CVE-2024-9148,0,0,54e87e3f2b6f69d5080b11c080fcfce17264899c6147cd6032f168b6e8923e92,2024-09-30T17:34:12.760000 CVE-2024-9155,0,0,e7852dec1d1a0cf6fb02c65df23cf83432ff26399350f16bb6b49f28f4d3005e,2024-09-30T12:46:20.237000 CVE-2024-9158,0,0,409612c4b8cb4a3f347d3e6118bf18cfe60f695c2a9fbb2e38a16b5a656c0709,2024-09-30T17:15:05.407000 @@ -264147,8 +264171,18 @@ CVE-2024-9198,0,0,dc0289b7baa714eeb93a27fa0b615eecbc27114f3616c98feb15bac80300ac CVE-2024-9199,0,0,3ca7b00968012de33482b7967da315774f8cea9a5b3070fbe655db855473b739,2024-09-26T13:32:02.803000 CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000 CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000 +CVE-2024-9209,1,1,7d3bad6781486e2f4da7df129717b8a491edccf73b369d5a2d34b95179369883,2024-10-01T09:15:06.110000 +CVE-2024-9220,1,1,6f67adeba0c71de630c7e77880260d455139ec3e28b2bcf4d37b6c2e1b517adb,2024-10-01T09:15:06.613000 +CVE-2024-9224,1,1,daeac54c8a106a2cdf4131c378f84c7cfa1b831c70c575638327c37ab147ad9b,2024-10-01T09:15:07.190000 +CVE-2024-9228,1,1,9405c3cfc45dca66268ec52ff9d3afd2509e4b32bf0c50779cb731b661651911,2024-10-01T09:15:07.750000 +CVE-2024-9241,1,1,c97fba2c7aa884bcdd52fc5811a712b361d655a1df561d8ca3d939dedb183a39,2024-10-01T09:15:08.287000 +CVE-2024-9265,1,1,a960537dfc00aa7287cda3b344edaa9968d5f1c511cd23e19840dec685ffedab,2024-10-01T09:15:08.810000 +CVE-2024-9267,1,1,dc0e2a16aa688a38c35f6b9ffae7fc1a73b41beb5eb56dfb80ff17744ee58cdd,2024-10-01T08:15:06.103000 CVE-2024-9268,0,0,7e7771d589d5219f5f8e1d4b856d8a4ecc833e195b34661fddc76da01954ef5a,2024-09-27T17:15:14.497000 +CVE-2024-9269,1,1,17a005cc0d3d32766c2354e4e21cb5a6af989b17ac72800bc0de449fb0f65c28,2024-10-01T08:15:06.313000 +CVE-2024-9272,1,1,3bcc3e0378e59bc6d6daede197b60eb874d387818f18424bcf6330089754e28e,2024-10-01T08:15:06.510000 CVE-2024-9273,0,0,d541667891e816199f828382e531f52a986321fd7f85b5856a4bc94c161620a8,2024-09-27T17:15:14.550000 +CVE-2024-9274,1,1,cc5814507328948ef506c997bdd3cfe686c60b8346a4520f66a47bfd431a0fe5,2024-10-01T08:15:06.723000 CVE-2024-9275,0,0,2d363e7e722e63cd2661e2a98149b3adb868d16d23141b985f0c74f5c5c9c2f4,2024-09-30T12:45:57.823000 CVE-2024-9276,0,0,f734c634e0a6a6bec2ec58d8e7062cd3473bc99a18d0bd4e8d6373e8c6062747,2024-09-30T12:45:57.823000 CVE-2024-9277,0,0,f1e655f47eee936d686b54fb8b9515ecc545b62a1b1d9dc4ecb649b1a6422fb1,2024-09-30T12:45:57.823000 @@ -264159,6 +264193,7 @@ CVE-2024-9281,0,0,c535ba93d476c27150ada599110947211096684c7f9bbe8d00abfb427ea61a CVE-2024-9282,0,0,28da861d055c9625e1f872cd5351aaa1e1bfe131c026ad30a30cf3906bc154e7,2024-09-30T12:45:57.823000 CVE-2024-9283,0,0,a5233c3b589826e3e09dfcafb866e56b060b301af37e2de0e699930a9008fdfe,2024-09-30T12:45:57.823000 CVE-2024-9284,0,0,e077aa9b3331db7cd8049b8d7f3273d870b80909d1916943a385cf9659e49d1c,2024-09-30T12:45:57.823000 +CVE-2024-9289,1,1,5a6ef07324af885b8b6ee8509695949d93228d97c4f373664f14e04aa2e1395c,2024-10-01T09:15:09.320000 CVE-2024-9291,0,0,b88fea8223aa63c1df245ec34d5a9ae6249acdcbf799f14cbc2ab52d8c1fa2a6,2024-09-30T12:45:57.823000 CVE-2024-9293,0,0,cfc68c60c376b348e2db1dfc60e29304979c6f29bbb8e9627dd9fb163636b5c5,2024-09-30T12:45:57.823000 CVE-2024-9294,0,0,df4e8ca812056069ce686ccc519c918f454c6a35b9074b986ab12abfbd42a42d,2024-09-30T12:45:57.823000 @@ -264169,6 +264204,7 @@ CVE-2024-9298,0,0,f6a0d8d5b76d1aca4b69e13596b3400394f23f0dc87d91cebd3e86c263b5e9 CVE-2024-9299,0,0,2773a88eca4ad2b201e410f54eb34e7be4ec55a7df5adc0de816905a9bc67c8b,2024-09-30T12:45:57.823000 CVE-2024-9300,0,0,88b79df48ae91214ef2b5e7a373c5f9d2b02a0d6ce5a7c0140d5fcd61004ba7d,2024-09-30T12:45:57.823000 CVE-2024-9301,0,0,73ba33e42a5a66e63775d86ddfdf57e7a04bcd9ceda925406fc4894f153c084a,2024-09-30T12:45:57.823000 +CVE-2024-9304,1,1,77296627b4e73471315e7e445cf2a4183f5c2120111f84509ea16b607bc5907e,2024-10-01T08:15:06.943000 CVE-2024-9315,0,0,6afda6e8d97f7cdbf8ace9f41e8c225dffbff5865ed3f741b65fa4f76a307c30,2024-09-30T12:45:57.823000 CVE-2024-9316,0,0,af6982dcd9c7f4909113b26e934c15a53c63fefb9a4ab04a604458d8e878131e,2024-09-30T12:45:57.823000 CVE-2024-9317,0,0,3c9218a807df8c095b3daeae2a193534fba5ac123ab4c2c0d37100757693fc05,2024-09-30T12:45:57.823000