diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3740.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3740.json new file mode 100644 index 00000000000..f693509b657 --- /dev/null +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3740.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3740", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:04.987", + "lastModified": "2024-11-15T11:15:04.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/1625470476437-chatwoot/chatwoot", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3741.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3741.json new file mode 100644 index 00000000000..ea520193264 --- /dev/null +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3741.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3741", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:05.327", + "lastModified": "2024-11-15T11:15:05.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/1625474692857-chatwoot/chatwoot", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json new file mode 100644 index 00000000000..f860950e9a0 --- /dev/null +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3742", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:05.547", + "lastModified": "2024-11-15T11:15:05.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/1625472546121-chatwoot/chatwoot", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json b/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json new file mode 100644 index 00000000000..3937f9e5833 --- /dev/null +++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3838", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:05.763", + "lastModified": "2024-11-15T11:15:05.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-38xx/CVE-2021-3841.json b/CVE-2021/CVE-2021-38xx/CVE-2021-3841.json new file mode 100644 index 00000000000..cc969b1cb85 --- /dev/null +++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3841.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3841", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:05.980", + "lastModified": "2024-11-15T11:15:05.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/1625506791178-Sylius/Sylius", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json new file mode 100644 index 00000000000..7c82b33df32 --- /dev/null +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3902", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:06.190", + "lastModified": "2024-11-15T11:15:06.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/a6071c07-806f-429a-8656-a4742e4191b1", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3986.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3986.json new file mode 100644 index 00000000000..6f4e2f2bb48 --- /dev/null +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3986.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3986", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:06.400", + "lastModified": "2024-11-15T11:15:06.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3987.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3987.json new file mode 100644 index 00000000000..89b6e30a096 --- /dev/null +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3987.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3987", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:06.610", + "lastModified": "2024-11-15T11:15:06.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3988.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3988.json new file mode 100644 index 00000000000..6a843c325c0 --- /dev/null +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3988.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3988", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:06.877", + "lastModified": "2024-11-15T11:15:06.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3991.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3991.json new file mode 100644 index 00000000000..f565b306ce1 --- /dev/null +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3991.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-3991", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:07.173", + "lastModified": "2024-11-15T11:15:07.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-12xx/CVE-2022-1226.json b/CVE-2022/CVE-2022-12xx/CVE-2022-1226.json new file mode 100644 index 00000000000..35dcac5bfa6 --- /dev/null +++ b/CVE-2022/CVE-2022-12xx/CVE-2022-1226.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2022-1226", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:07.527", + "lastModified": "2024-11-15T11:15:07.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/phpipam/phpipam/commit/50e36b9e4fff5eaa51dc6e42bc684748da378002", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/3fdcf653-fe26-4592-94a1-98ce664618ec", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-18xx/CVE-2022-1884.json b/CVE-2022/CVE-2022-18xx/CVE-2022-1884.json new file mode 100644 index 00000000000..9c1c4331818 --- /dev/null +++ b/CVE-2022/CVE-2022-18xx/CVE-2022-1884.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2022-1884", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:07.803", + "lastModified": "2024-11-15T11:15:07.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0109.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0109.json new file mode 100644 index 00000000000..d8fe7120be7 --- /dev/null +++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0109.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-0109", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:08.097", + "lastModified": "2024-11-15T11:15:08.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0737.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0737.json new file mode 100644 index 00000000000..46a7c7399b5 --- /dev/null +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0737.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-0737", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:08.363", + "lastModified": "2024-11-15T11:15:08.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2332.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2332.json new file mode 100644 index 00000000000..4965e35dd80 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2332.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-2332", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:08.643", + "lastModified": "2024-11-15T11:15:08.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4348.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4348.json new file mode 100644 index 00000000000..4661f7fecb7 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4348.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2023-4348", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T12:15:14.397", + "lastModified": "2024-11-15T12:15:14.397", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4679.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4679.json new file mode 100644 index 00000000000..552d818f5e7 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4679.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-4679", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:08.917", + "lastModified": "2024-11-15T11:15:08.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed3faaac", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0787.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0787.json new file mode 100644 index 00000000000..58cabf411b5 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0787.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-0787", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:09.213", + "lastModified": "2024-11-15T11:15:09.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0875.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0875.json new file mode 100644 index 00000000000..e3d232c7d38 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0875.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-0875", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:09.490", + "lastModified": "2024-11-15T11:15:09.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10443.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10443.json new file mode 100644 index 00000000000..3fbb318b150 --- /dev/null +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10443.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10443", + "sourceIdentifier": "security@synology.com", + "published": "2024-11-15T11:15:09.750", + "lastModified": "2024-11-15T11:15:09.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@synology.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@synology.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_18", + "source": "security@synology.com" + }, + { + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_19", + "source": "security@synology.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10534.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10534.json new file mode 100644 index 00000000000..e37528e051e --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10534.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-10534", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-11-15T11:15:10.100", + "lastModified": "2024-11-15T11:15:10.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.6, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1856", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1097.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1097.json new file mode 100644 index 00000000000..b60401279ef --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1097.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-1097", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:10.550", + "lastModified": "2024-11-15T11:15:10.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/6dd501f6-6047-4ddb-8b14-f0fc53cdc28e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json new file mode 100644 index 00000000000..56026453b01 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11182", + "sourceIdentifier": "security@eset.com", + "published": "2024-11-15T11:15:10.410", + "lastModified": "2024-11-15T11:15:10.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An XSS issue was discovered in \n\nMDaemon Email Server before version\u00a024.5.1c. An attacker can send an HTML e-mail message \nwith \nJavaScript in an img tag. This could\n allow a remote attacker\n\nto load arbitrary JavaScript code in the context of a webmail user's browser window." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@eset.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@eset.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html", + "source": "security@eset.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11237.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11237.json new file mode 100644 index 00000000000..977282aa873 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11237.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2024-11237", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-15T12:15:14.670", + "lastModified": "2024-11-15T12:15:14.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 7.8 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Zephkek/TP-Thumper", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Zephkek/TP-Thumper/blob/main/poc.c", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.284672", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.284672", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.438408", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tp-link.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1240.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1240.json new file mode 100644 index 00000000000..819124e6855 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1240.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-1240", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-11-15T11:15:10.773", + "lastModified": "2024-11-15T11:15:10.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8979.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8979.json index b4969645f9b..d92ec843cab 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8979.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8979.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client." + }, + { + "lang": "es", + "value": "Los complementos Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders para Elementor son vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 6.0.9 incluida a trav\u00e9s de la funci\u00f3n 'init_content_lostpassword_user_email_controls'. Esto permite que los atacantes autenticados, con acceso de nivel de autor y superior, extraigan datos confidenciales, incluidos los nombres de usuario y las contrase\u00f1as de cualquier usuario, incluidos los administradores, siempre que ese usuario abra la notificaci\u00f3n por correo electr\u00f3nico para solicitar un cambio de contrase\u00f1a y las im\u00e1genes no est\u00e9n bloqueadas por el cliente de correo electr\u00f3nico." } ], "metrics": { diff --git a/README.md b/README.md index d68525c01fb..4831f9c9b13 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-15T11:00:20.193184+00:00 +2024-11-15T13:00:20.359775+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-15T10:15:05.310000+00:00 +2024-11-15T12:15:14.670000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -269807 +269832 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `25` -- [CVE-2024-10311](CVE-2024/CVE-2024-103xx/CVE-2024-10311.json) (`2024-11-15T10:15:03.980`) -- [CVE-2024-45784](CVE-2024/CVE-2024-457xx/CVE-2024-45784.json) (`2024-11-15T09:15:14.897`) -- [CVE-2024-8978](CVE-2024/CVE-2024-89xx/CVE-2024-8978.json) (`2024-11-15T10:15:04.873`) -- [CVE-2024-8979](CVE-2024/CVE-2024-89xx/CVE-2024-8979.json) (`2024-11-15T10:15:05.310`) +- [CVE-2021-3740](CVE-2021/CVE-2021-37xx/CVE-2021-3740.json) (`2024-11-15T11:15:04.987`) +- [CVE-2021-3741](CVE-2021/CVE-2021-37xx/CVE-2021-3741.json) (`2024-11-15T11:15:05.327`) +- [CVE-2021-3742](CVE-2021/CVE-2021-37xx/CVE-2021-3742.json) (`2024-11-15T11:15:05.547`) +- [CVE-2021-3838](CVE-2021/CVE-2021-38xx/CVE-2021-3838.json) (`2024-11-15T11:15:05.763`) +- [CVE-2021-3841](CVE-2021/CVE-2021-38xx/CVE-2021-3841.json) (`2024-11-15T11:15:05.980`) +- [CVE-2021-3902](CVE-2021/CVE-2021-39xx/CVE-2021-3902.json) (`2024-11-15T11:15:06.190`) +- [CVE-2021-3986](CVE-2021/CVE-2021-39xx/CVE-2021-3986.json) (`2024-11-15T11:15:06.400`) +- [CVE-2021-3987](CVE-2021/CVE-2021-39xx/CVE-2021-3987.json) (`2024-11-15T11:15:06.610`) +- [CVE-2021-3988](CVE-2021/CVE-2021-39xx/CVE-2021-3988.json) (`2024-11-15T11:15:06.877`) +- [CVE-2021-3991](CVE-2021/CVE-2021-39xx/CVE-2021-3991.json) (`2024-11-15T11:15:07.173`) +- [CVE-2022-1226](CVE-2022/CVE-2022-12xx/CVE-2022-1226.json) (`2024-11-15T11:15:07.527`) +- [CVE-2022-1884](CVE-2022/CVE-2022-18xx/CVE-2022-1884.json) (`2024-11-15T11:15:07.803`) +- [CVE-2023-0109](CVE-2023/CVE-2023-01xx/CVE-2023-0109.json) (`2024-11-15T11:15:08.097`) +- [CVE-2023-0737](CVE-2023/CVE-2023-07xx/CVE-2023-0737.json) (`2024-11-15T11:15:08.363`) +- [CVE-2023-2332](CVE-2023/CVE-2023-23xx/CVE-2023-2332.json) (`2024-11-15T11:15:08.643`) +- [CVE-2023-4348](CVE-2023/CVE-2023-43xx/CVE-2023-4348.json) (`2024-11-15T12:15:14.397`) +- [CVE-2023-4679](CVE-2023/CVE-2023-46xx/CVE-2023-4679.json) (`2024-11-15T11:15:08.917`) +- [CVE-2024-0787](CVE-2024/CVE-2024-07xx/CVE-2024-0787.json) (`2024-11-15T11:15:09.213`) +- [CVE-2024-0875](CVE-2024/CVE-2024-08xx/CVE-2024-0875.json) (`2024-11-15T11:15:09.490`) +- [CVE-2024-10443](CVE-2024/CVE-2024-104xx/CVE-2024-10443.json) (`2024-11-15T11:15:09.750`) +- [CVE-2024-10534](CVE-2024/CVE-2024-105xx/CVE-2024-10534.json) (`2024-11-15T11:15:10.100`) +- [CVE-2024-1097](CVE-2024/CVE-2024-10xx/CVE-2024-1097.json) (`2024-11-15T11:15:10.550`) +- [CVE-2024-11182](CVE-2024/CVE-2024-111xx/CVE-2024-11182.json) (`2024-11-15T11:15:10.410`) +- [CVE-2024-11237](CVE-2024/CVE-2024-112xx/CVE-2024-11237.json) (`2024-11-15T12:15:14.670`) +- [CVE-2024-1240](CVE-2024/CVE-2024-12xx/CVE-2024-1240.json) (`2024-11-15T11:15:10.773`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-11211](CVE-2024/CVE-2024-112xx/CVE-2024-11211.json) (`2024-11-15T09:15:14.600`) +- [CVE-2024-8979](CVE-2024/CVE-2024-89xx/CVE-2024-8979.json) (`2024-11-15T10:15:05.310`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 86ab40f3f13..886541eaeb9 100644 --- a/_state.csv +++ b/_state.csv @@ -179867,6 +179867,7 @@ CVE-2021-37391,0,0,612092213cbf3c7c8612c0c47f8c525d5a52fd73e735ce6c2b430c9b86b41 CVE-2021-37392,0,0,60b8dbff0c2d792a54d0cec2f57109e745df15412f48a80e1ebca647d9b97654,2021-08-06T16:21:28.697000 CVE-2021-37393,0,0,8aef86848c22832237243030c09554d5c294fe67bf36c767afe9af07ac38cfd0,2021-08-06T16:16:15.627000 CVE-2021-37394,0,0,3bedea4cd8c10cff8545c5ec47bc3c52f53035db41f301c1be09bcbd332575a2,2022-07-12T17:42:04.277000 +CVE-2021-3740,1,1,9a092637180243b4c6c48e61843067daad955a1bd8f7bd30ce4915aff4202dd2,2024-11-15T11:15:04.987000 CVE-2021-37400,0,0,b0d27ef29eb9b33b48de9bc66b3e1c03ad9217ada68e0e9fad53740c5cf9e509,2022-01-07T20:40:19.347000 CVE-2021-37401,0,0,59627adb2bdfa439df8627bb1689eacf7a0bb3291449d63f2dceab9e283ff994,2022-01-07T20:29:50.673000 CVE-2021-37402,0,0,cf2062259da087492fc8edbe731f8aff92da042f2b45087a0d323466afa22b5a,2022-02-10T17:57:02.027000 @@ -179874,6 +179875,7 @@ CVE-2021-37403,0,0,82552ed0c573f39bdd26ed69942611c847d9a9b43f6257e0cb1eb6c1b0bd8 CVE-2021-37404,0,0,5a0e9f6dc54189d8c836c0ab9c368f4d87fc3dcd07409437f67bddfe1436495c,2023-06-27T15:15:09.823000 CVE-2021-37405,0,0,99b66947fe60bfe7691d9d16217aae051bd21ca1d36b5350aafb451f141845f0,2024-05-17T01:59:13.510000 CVE-2021-37409,0,0,68d64f3f262bc3fe4112cc846cd3785f4b7627dd3a214f6863ba2f7b1e1497c6,2023-04-01T22:15:09.710000 +CVE-2021-3741,1,1,73fe354778441e7a1da2587ec2ae45c82217d9b82f9027d9960d61907dff8a66,2024-11-15T11:15:05.327000 CVE-2021-37412,0,0,c4ae4ff35985b522589284c8cdff1e75d55dc933d0298323169869b52cad8ce3,2023-01-24T15:40:30.060000 CVE-2021-37413,0,0,4cc7cba0bca0572fafb12dd6e2f19b3e6c044ad90d1c0308f827136dd04ea713,2022-06-01T19:36:47.227000 CVE-2021-37414,0,0,e94477ddecab7d5bc2d7e77a4e197ecb02bc86dc29db03c682fc50a0f087770e,2021-12-20T22:30:30.567000 @@ -179882,6 +179884,7 @@ CVE-2021-37416,0,0,2e6268d3c4aec7d053473a27b3499f3c904bb8afa46207b20648c1d9d3251 CVE-2021-37417,0,0,0af7afec4419ac71323dbe19fcafecf8b5620734ea16d7bba48e8df850d31058,2022-07-12T17:42:04.277000 CVE-2021-37418,0,0,146b4ef0e7964748fbc25b1e94686917c4647a3307c5708e67798876e0feddf4,2023-11-07T03:36:57.323000 CVE-2021-37419,0,0,9464053d73f212e534a6909af63b44d1c351a4729e973af190457c0a1d02f2c9,2022-03-18T20:43:55.713000 +CVE-2021-3742,1,1,6ddbfbfbe0ab51844a6edfd87dee0576462351074e136e00ef90db1dfb9e228f,2024-11-15T11:15:05.547000 CVE-2021-37420,0,0,b52aa49c12ed23f5fc454663899c9e989f90752f3b6225dd6ef1f0904854480f,2022-07-12T17:42:04.277000 CVE-2021-37421,0,0,72a802fc9066861ac62eb2ef177ad824c7c5b2ea14bb5783b3fe6f6887532709,2022-07-12T17:42:04.277000 CVE-2021-37422,0,0,04c08c63b243212678162abf332587426643acf6f890ec905ee35d9fbe2fb7d5,2021-09-17T18:11:03.127000 @@ -180601,6 +180604,7 @@ CVE-2021-38376,0,0,d4485ca92681558168e0fd9a80da3a4ca7d974684f50f50f1dbd03a5e1f21 CVE-2021-38377,0,0,48443da60f90ac4652bc515c5c3f88029b2bd62277bc482a3739e4f453b49065,2022-07-12T17:42:04.277000 CVE-2021-38378,0,0,432e746fcb98480b06b83fac0fe9649e434fa56a8d7663d16931ad26e7f975bd,2022-07-12T17:42:04.277000 CVE-2021-38379,0,0,b8dbd9bba6856ef42bc651ecfafd71af15e01cfb8b87f0442cabe4efd9091d1e,2021-11-04T13:37:43.773000 +CVE-2021-3838,1,1,a284de91f8b92b47fd992847a637bdf1fc39468a44b093c22dd03be4922d2dbd,2024-11-15T11:15:05.763000 CVE-2021-38380,0,0,966a303a4461fc8fabdefd21a52860a9a0545818ea34433392a6e6db9ea93c3d,2023-11-07T03:37:24.547000 CVE-2021-38381,0,0,f90987e628b6ca7ec620183d6ef4cd28fb101753b7f8f85a6534a6827c2cc9bb,2023-11-07T03:37:24.610000 CVE-2021-38382,0,0,56aeb4bbf5aec265fc686978fb16984a29124462e10ec9d950e4eb086e18c989,2023-11-07T03:37:24.670000 @@ -180633,6 +180637,7 @@ CVE-2021-38406,0,0,1a412ed4845c3e7db5ba8209c3a4d108b981fb433611867e224ac85224be4 CVE-2021-38407,0,0,890c190c0283a8e0a8f342b5c890f629a334ad53f0da1aaff56114e2a83bc435,2021-11-05T13:43:35.517000 CVE-2021-38408,0,0,cefdd68e1c399b8924048ad1c5dce3eac2e9d956e5a6317469b54e6ccef2b652,2021-09-20T12:44:57.193000 CVE-2021-38409,0,0,ac5681ac9ecb25d83290b8fe770f1a64c20ce909cd6e46bc422ea778311ca22f,2021-12-27T20:18:03 +CVE-2021-3841,1,1,0fe29dd87c104b93c4e6a58a163cfcc73459853fdc42a84d916846d9461c4fff,2024-11-15T11:15:05.980000 CVE-2021-38410,0,0,052e53829d51f2a2454940a2e213a88f9fe5d97f4595c4c33710b5a6c717b5b6,2022-08-04T02:48:06.450000 CVE-2021-38411,0,0,3f3ee8a81c8a60a013d7fdb503ae6a6cd21c95c21682c5d270adc23f92af62c0,2021-11-05T13:40:54.753000 CVE-2021-38412,0,0,cf3e8d210ed955e3f0b30bca33000f0de0090c42ecba6e720388ddafdb5fa783,2022-10-27T12:59:17.667000 @@ -181120,6 +181125,7 @@ CVE-2021-39016,0,0,88d7422235623a2db52d08ccbb930b8332e62a309f55b1a0bb58ad6b4c307 CVE-2021-39017,0,0,43da2de1e5021798d5e2da169cbabdb2f1ea3bc804f6e06fdd5bba1a80d8bbae,2023-08-08T14:22:24.967000 CVE-2021-39018,0,0,ccad4b84b3066dd393e4dd8123dc7a6269ea1c28676cd9811de926207c38696c,2022-07-18T19:27:57.433000 CVE-2021-39019,0,0,469fabcf38af6844701fed49a6e80d48722d455ad28af8536243f61e3be90191,2022-07-18T19:18:23.533000 +CVE-2021-3902,1,1,be5ebc48fde4495743d06492bf058db2d27811e49e7e5cb1cee92f3cc629e6e1,2024-11-15T11:15:06.190000 CVE-2021-39020,0,0,f8a046ed21eb98ee1f2ce9e6feab22d062faea367e7e86b10085c29b6de05cd6,2022-05-13T17:16:25.233000 CVE-2021-39021,0,0,c20de8bb5efb66e3ec217f01f9525cf7c58f1792615ff1990e77c2bd1881bc03,2022-03-24T16:02:52.140000 CVE-2021-39022,0,0,12f9551c868b6c453d5c84008020f3db65f37eb2f4891591958baa35af27c010,2022-03-22T13:43:39.510000 @@ -181843,6 +181849,7 @@ CVE-2021-39856,0,0,b28d7eb0b7a5d39eaf23ac52dc09cb278f0e7689028bf36ed2fc3971582d7 CVE-2021-39857,0,0,1edb1b1ccf62746fa0da62a0bb737fb805f4b33f81197adfd22bca19c0f7d2f1,2023-11-07T03:37:48.580000 CVE-2021-39858,0,0,b28c2928ea13457807429906858d94adce9264a45ed2cc6a4355db39a8af6d60,2023-11-07T03:37:48.843000 CVE-2021-39859,0,0,983d64eb6a749b9e785340e4b1f0236aaa9d4cbffc4158e9a122ebb19e5056ae,2023-09-12T14:38:54.530000 +CVE-2021-3986,1,1,faa35981acac17c4c8be0a5ffa26c01782f49eb8c06ed42cea9dd8de64b10c4f,2024-11-15T11:15:06.400000 CVE-2021-39860,0,0,ae8998c31697bbdcf345e9d4ddfa2fed95711346b038579c6fe27d9a56e021bb,2022-02-05T02:17:52.057000 CVE-2021-39861,0,0,66551e624494d96e7c3d65854c95f53647ef34c93a78c99750c131046b1aace0,2022-02-05T02:17:54.577000 CVE-2021-39862,0,0,bf04081e341e83b6669a4fabac8cd0b2d30699c53f96872ce03a60d22ca567b3,2023-11-07T03:37:49.170000 @@ -181853,6 +181860,7 @@ CVE-2021-39866,0,0,6fabb561196e392a171b14d09332d010f59de8a7ed9880963cc586df8f988 CVE-2021-39867,0,0,cf1dad99c282faabc5cb3cf833ed6f5b91097d777779477ac24fd680f378127d,2021-10-12T19:08:05.167000 CVE-2021-39868,0,0,01bf76261c9d86e2825302310d8b1d110b2d4f6a0f91c6aea468c32be845a7f5,2021-10-12T19:47:47.650000 CVE-2021-39869,0,0,50c4bfd31656adba59cb9dc37b7b350e99a58491e593864693fd3f1525a21185,2022-06-28T14:11:45.273000 +CVE-2021-3987,1,1,653cc223038a4f581377fba1beee2c90d50dd03cce088792ac0dffc626f16824,2024-11-15T11:15:06.610000 CVE-2021-39870,0,0,f4d27e6e382702365ecb6b123ea92ce819b6bff3f3b19cf8c54ff152bc410640,2021-10-09T03:31:41.567000 CVE-2021-39871,0,0,9da9bbcde2429b6f2a3b8c36de5587428d893fba2ba1c35d4bc22836c49d3722,2021-10-12T19:52:42.127000 CVE-2021-39872,0,0,389f57b77d45e9d1425003b8b643833784e02c6171170491cb4db28b7e8fd74c,2021-10-12T18:24:40.737000 @@ -181863,6 +181871,7 @@ CVE-2021-39876,0,0,163386dcc440f8e6b66258fe9f8087aeebbd81b74bcfe526af8eddfb343a7 CVE-2021-39877,0,0,f9748be5890f45dbfe5a909268c2e810aed0fd7cef3df47f2f844678254c3d6c,2021-10-12T15:55:42.793000 CVE-2021-39878,0,0,9d9437315fc043e2589cca1b010554d7ecb9e451d3d2157288a1e88191aca38b,2021-10-12T17:15:02.807000 CVE-2021-39879,0,0,429da5caba14265b91489ac72fa37fdea760044ee3fb62e1cd11f34e878ac20f,2021-10-12T15:57:48.810000 +CVE-2021-3988,1,1,171261ff6144e33763486fda151d2cdb154ce9121966a7e83f6f662db25c3427,2024-11-15T11:15:06.877000 CVE-2021-39880,0,0,f43fbf46512fe0da98b08e588e5c97c52ff7199b5c05f615aa05257e460043bf,2022-10-19T18:25:02.617000 CVE-2021-39881,0,0,5445efe9c4c4cf5d576eca639b40a53c718d8c7b4fa50521ccc2d6c6aff6a28d,2021-10-09T03:31:08.827000 CVE-2021-39882,0,0,989fca2f5d44fb7d0c221b794ff55417ebd0a1be5be524bdad69ce4323e8c8b4,2021-10-12T18:39:13.573000 @@ -181895,6 +181904,7 @@ CVE-2021-39906,0,0,e04ad55a1100d2964d2fe24a0d9044d99aa4ff75b0959894c4e77599d608f CVE-2021-39907,0,0,fb47addbd6bbabad003567f698b756cafc4248e663cf3186ea0c076027d378af,2021-11-08T18:11:09.323000 CVE-2021-39908,0,0,f72dfff8f0de9ab8ced78ab85d925d77e9a0ab0762baa52bbd5bcb5844b20d7a,2022-09-30T12:58:54.010000 CVE-2021-39909,0,0,0eb46c843aee997f319542a3de59e07a425b198542987db6d18b92f2cd302bc6,2022-10-06T19:55:19.013000 +CVE-2021-3991,1,1,2c0c1d690747b8cd1411b4e82140fb9c82030486e981110c8444d185a683fb2f,2024-11-15T11:15:07.173000 CVE-2021-39910,0,0,282b0ca251be46e18bfa01121795127e6cadb5a2fbd4e673f7596e1fdc2179ea,2022-07-12T17:42:04.277000 CVE-2021-39911,0,0,b91f499ed64b9404e4620abe987fe34a286f26afde4bd21996a2f7b358c0c585,2022-10-06T20:14:22.410000 CVE-2021-39912,0,0,6b1571a12bafe3ca8eacf93314ab0c9c2bfaa878e8fb257fb7f993e04329f737,2021-11-08T18:38:05.060000 @@ -188703,6 +188713,7 @@ CVE-2022-1222,0,0,b3920337094656db702d78f1c526ab2ae12658b8e98c28c5c4ab7be3ad3344 CVE-2022-1223,0,0,637b2827dcaf7417e78dbd542a64935d1a8b67bacce03b5481a1f13bfe63287f,2023-08-02T09:15:12.567000 CVE-2022-1224,0,0,1f7e411e11108d7458b51eab22eb66a24149a5879c00141ef2f28fe0fafb05dc,2022-04-11T16:42:06.027000 CVE-2022-1225,0,0,5748f4f5345a9f6c3175311aa2738ab2bf9651a24ed3aa3e4677372333de4ca4,2022-04-11T16:44:30.957000 +CVE-2022-1226,1,1,dbb11adeff2274881a245eabb8643264f8b6cd64ad50fdf4980857da4a9ed05e,2024-11-15T11:15:07.527000 CVE-2022-1227,0,0,83b90259bbaaaa877c52c1a6a345ecac76277c5a49b8d7b2e55d5609ee2638a9,2024-06-28T16:15:03.017000 CVE-2022-1228,0,0,7d23d45a83435d1e3bd4ca47a231881fd502cebe5b74cef074758e121829a08b,2022-05-03T17:07:53.397000 CVE-2022-1229,0,0,224e2e97e97497a42291fdfe93e44428659fa5e137ea549dec7de44ffe085b98,2023-04-04T16:24:30.943000 @@ -189340,6 +189351,7 @@ CVE-2022-1876,0,0,983e56cac9f7021f952f9f938d45e035dc9acbf02c1272a86efe4cc4b468e0 CVE-2022-1881,0,0,7439c809094624c8b5fdbf022a11f3d774e6fefc61f4a028f8263bd6fe529332,2022-07-27T18:21:16.887000 CVE-2022-1882,0,0,3baaf779da64335ffad3abdda3c3850b06114d069bb0bf1a437e02c2ffe782b9,2023-11-07T03:42:15.460000 CVE-2022-1883,0,0,10b029e5ce85ce2290987adcb3c5745aea973d33d0d3803bfa3a6beb774a6afd,2022-06-03T14:05:34.297000 +CVE-2022-1884,1,1,3f3a7c3aa1b09e7cf1db4005b1bf462fa64f7bc6201197278787cfbc0e7192ff,2024-11-15T11:15:07.803000 CVE-2022-1885,0,0,990571f5f58372d06c86739f0d8507a9bf4c77382683b628e53a4fb6b11f2c45,2022-07-06T18:07:38.497000 CVE-2022-1886,0,0,7934fa97f2a8af4a046d7bb9f14babcddc4a4e2348bcdab16ebde94dde55d5a5,2023-11-07T03:42:15.700000 CVE-2022-1887,0,0,c9859a4b8fe51696b2ace2c5b6406cbbf00272360b5c9ea988467e7b99e94416,2022-12-24T04:23:54.613000 @@ -212886,6 +212898,7 @@ CVE-2023-0105,0,0,2b12a003cd73110318e79298dd730b028944de31b3b2fd49ae09c6e6c34faf CVE-2023-0106,0,0,05e0d567b91f98b80dba4d8ef37e3d6d93df29ade7db9eb7d74b845f158d4370,2023-01-12T15:04:29.543000 CVE-2023-0107,0,0,cd205e669e16f38bc95e2290070f356c4fee19f825da4c33fef61ad635b5f6dd,2023-01-12T15:04:41.817000 CVE-2023-0108,0,0,70c8cf4e996128d54da9f7301a41fc8c246a66fdfe898b159018bdcb506d722d,2023-01-12T15:05:03.130000 +CVE-2023-0109,1,1,971d8b8b1cf549cc7bac24f9497f6a3568eae851d5d592ef878abf4b6136bc1d,2024-11-15T11:15:08.097000 CVE-2023-0110,0,0,b9a61a54a079a5cddcae7f57892e97a4bbf51450edf598dd8a9a1b1c401ebd1f,2023-01-12T15:05:16.323000 CVE-2023-0111,0,0,f766f05747dd6dfbc35868e0369bbe0def763377d79a8a4ea4e4bea44d32809b,2023-01-12T15:05:27.080000 CVE-2023-0112,0,0,66c21565a3c1e4d16d1c053665b40b7925a9b3641bc7aeaa413fbdfe779c924d,2023-01-12T15:05:37.157000 @@ -213488,6 +213501,7 @@ CVE-2023-0733,0,0,e09491ec0935323a2fec770c3ecd0ead271e6d263c55ec182afeeb068268d5 CVE-2023-0734,0,0,8d2fcc12463e0b1abec4a2a51b7df5516739ca6f45b2b04f9bbd78cb0aff604f,2023-03-09T20:55:01.123000 CVE-2023-0735,0,0,9fdced2b47db01a6a01919f52b5ed809a8d21724989b5bfa7955c49171c3b6f7,2023-02-15T19:24:41.473000 CVE-2023-0736,0,0,b3396876d05ebd2f1f90f4354a1dda6ed12cd8c3d0ffb089c43fbadd8845f1a2,2023-02-15T19:25:29.570000 +CVE-2023-0737,1,1,065075efc2b3f0b30dcd3e4d98b45ee5c76237f17b1ce7fddbf427e28a04f3ac,2024-11-15T11:15:08.363000 CVE-2023-0738,0,0,8b8dc61e92f27262b3aa279351d6ab8033f6bacb206b350b6e8e6ebc9af5389e,2023-04-17T16:57:07.133000 CVE-2023-0739,0,0,b1b26d0ce5c494e5d7ada0f8a588c86492d1c9f0144b5f459b8cc611b553c2cd,2023-03-02T02:15:41.857000 CVE-2023-0740,0,0,a07e1065e4de29dd41d3a7cadad7fafff7c778c739891464a73f725e2a440f3d,2023-02-15T20:20:37.850000 @@ -217440,6 +217454,7 @@ CVE-2023-2331,0,0,e433c8f28124f99de996fe1b6c3691e25c108649c8ab730059c257d74b0a50 CVE-2023-23313,0,0,5ab564b75d72781324830922b5feefff3026f2101be70bbaad014ca9b998958c,2023-11-07T04:07:40.137000 CVE-2023-23314,0,0,b80392fd9584b433a38a78e2530c4db30446fa40b35f645f6acfbdcc1e22626e,2023-01-30T19:31:41.750000 CVE-2023-23315,0,0,32244c72a2b7eabff29fdd785e8853617587d6b657a16b1b687badeb31ddeb6a,2023-03-10T02:31:23.757000 +CVE-2023-2332,1,1,c32d523c81d064bd3f563c779b55ffaabb13b1e4aa25d8a36d8112f982a1997c,2024-11-15T11:15:08.643000 CVE-2023-23324,0,0,95dd911b066baa0858b7b409d73bcd14ff22686691096373e30e8c5721aa2257,2023-12-05T12:39:44.770000 CVE-2023-23325,0,0,94e1a8e3ac75f1a3bc2a74e7374f6d9f0e838c3c3932b61fa7dac52d90f8e0d8,2023-12-05T12:48:15.773000 CVE-2023-23326,0,0,af8ef32c5b2a0d921fed756052ef1d0183c04f71130cb143f8686b6d4c026c5b,2023-03-16T15:56:41.620000 @@ -232992,6 +233007,7 @@ CVE-2023-43470,0,0,17d35487c84783e73551dd1e340a28fdad09c072567b02a75a72d522739fd CVE-2023-43472,0,0,a3008b309ff857d10385bb0be4ee0eb4e9b0900adc392c74326123abc8303cf0,2023-12-11T15:32:59.420000 CVE-2023-43477,0,0,0c74ac00cc1ee8f6c145de162b98bc7d8776c1dc19ab5c8a19701bfb74cb49ca,2023-09-22T18:37:02.227000 CVE-2023-43478,0,0,c43004e7643e046e5e2c9d48aa06e90357a6d95e192814361f05a486c7b542a0,2023-09-22T18:36:45.253000 +CVE-2023-4348,1,1,692cebc2724d39ef48703dff7796d1af38e61707ca753f487575c32468089efd,2024-11-15T12:15:14.397000 CVE-2023-43481,0,0,faa16b4f46dcdc0114be0dc9597ba626c5e87f23f98df512a29c2b5826b54935,2024-08-27T19:35:07.137000 CVE-2023-43482,0,0,8fdc0252f8a99d357c7a9ff8cfbddf8addb596669b2c0bcea99d45decc176060,2024-02-09T02:11:03.607000 CVE-2023-43484,0,0,b8e1fcf13fb67bd37267e8c1ecc07c5eb977d2a46ec3271926523495750a7a82,2023-09-27T20:25:34.200000 @@ -235308,6 +235324,7 @@ CVE-2023-46786,0,0,bf4916e892e13d9bd5f18249e97f7ed4aeb5247f2854f8c308efd96466799 CVE-2023-46787,0,0,eee6ea113b686659f2a66a8e2e38db99b180a9cdd992ed45b258359c2fbbafb0,2023-11-13T18:00:08.857000 CVE-2023-46788,0,0,fa89ddc1e582ea32e59694cd588090422058d73f3e55d49cdf4218b1d27bcb24,2023-11-13T18:00:01.510000 CVE-2023-46789,0,0,9fbdb411cccdb011e81628500fbc3b74a0a6d06d2a8237255e6accafa55442cd,2023-11-13T17:59:42.877000 +CVE-2023-4679,1,1,ebeb28b6071331717aa72697b138213a7ff55d425dea68ac1d3f48a6bf8a600f,2024-11-15T11:15:08.917000 CVE-2023-46790,0,0,7414a678623b3a8d31eda7749ee35a2bdf61169d6ade6fd91b06a5a0e4bffda9,2024-01-02T22:15:08.290000 CVE-2023-46791,0,0,4f7a7ce04b20ee1c59664fc3196bc82b7bf68c16659759baf914252cd593ed28,2024-01-02T22:15:08.367000 CVE-2023-46792,0,0,7e34df21be011e0e859102a1381c46b673dbda14e06d4aaaab00023b1fb66f87,2024-01-02T22:15:08.440000 @@ -242224,6 +242241,7 @@ CVE-2024-0782,0,0,dd227a8b469ce6630eb22142a87d0da772ecdb0285534b1bcdde3ca20e489d CVE-2024-0783,0,0,889b3aec94f8730e9264c4087d63efb1328316b4df2b41f572aa9ab243eedd51,2024-05-17T02:34:58.020000 CVE-2024-0784,0,0,05fccc58af077ffcd0eb7b186f39f412c8126936ae9b879608bee8086b2c9a33,2024-05-17T02:34:58.123000 CVE-2024-0786,0,0,09a89f715683ba83fe81b0a3f3fbdcf9cf5cb4fbf3001ded7457bfdf3b510a57,2024-02-28T14:06:45.783000 +CVE-2024-0787,1,1,26407bee5ab2fbf8a9ba0619061ab93718841bd094af01c5b9c7138a4aecc492,2024-11-15T11:15:09.213000 CVE-2024-0788,0,0,77f61568ad57c437194aa13eed7b7f4a244f0c473b6deae4d7ecf1e9a4375c8f,2024-09-05T23:15:11.527000 CVE-2024-0789,0,0,dd4dfae2cf9c1e14c885c435e4946684b1e28fce4e56958a0b475f730b1ce5ce,2024-06-20T12:44:01.637000 CVE-2024-0790,0,0,faf5037c158d063c7d3783eeaaf8baa8e520d90b8a2f56f0b34167c00c86529b,2024-02-13T19:42:38.757000 @@ -242305,6 +242323,7 @@ CVE-2024-0871,0,0,2a81c9221f676df23b70ee25b96f92b79bd7fe2d47d83d3cf9575aeab8537e CVE-2024-0872,0,0,59570f703919134c83976c0a589bd002a09343b74061ad8cfeb778f494366fb8,2024-04-10T13:24:00.070000 CVE-2024-0873,0,0,0d017532f0822fb01a43bd5a5b6fb8ed2d6c3075b76ac0b6436fcb6d890c9423,2024-04-10T13:24:00.070000 CVE-2024-0874,0,0,e6fb28781735bc896300880a10982c06b4a0d863ac3f7c9c0e53997a057bc6f4,2024-09-11T22:15:01.933000 +CVE-2024-0875,1,1,adcea9cd3522b697e8642f0a8bcf59306b7f88e100065d52e51cfdd8f2125c56,2024-11-15T11:15:09.490000 CVE-2024-0879,0,0,40ca4d922e04a74721c93cda9d6ef307a09b39f845db5f9dd6db6b694e034cf2,2024-01-31T19:16:07.630000 CVE-2024-0880,0,0,44431bf4f01e73978bc2a282db63f61857269e71b91d3e3d902140e76c6dd1ce,2024-05-17T02:35:00.317000 CVE-2024-0881,0,0,1252bf71170a54b7a474d354bacf2afe464c57991281e1919b7ffd68baf1e1ed,2024-10-31T15:35:20.223000 @@ -242626,7 +242645,7 @@ CVE-2024-10300,0,0,ca0242a4c58ba5eb41987558653c1fad0eefdb856c34de56d3278680f413c CVE-2024-10301,0,0,43e47cf56bc671ed7b90e0f04f420138e8362a6d949261d9acbcdf888c921aa2,2024-10-25T18:47:54.033000 CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700d4,2024-05-17T02:35:11.843000 CVE-2024-10310,0,0,3b0decb54117e1f6369f0c8a49822eb1c6d4be5cb40b8b5a9079fd842cd0c653,2024-11-04T13:06:20.190000 -CVE-2024-10311,1,1,ff823e385531d022dff247aff5d10a6d888caf3f614cd8f33de094ad8e6d1020,2024-11-15T10:15:03.980000 +CVE-2024-10311,0,0,ff823e385531d022dff247aff5d10a6d888caf3f614cd8f33de094ad8e6d1020,2024-11-15T10:15:03.980000 CVE-2024-10312,0,0,d10f0012149342545ee317e492eeaf284c6b634b254526457f270c7ce4937a16,2024-10-29T14:34:04.427000 CVE-2024-10313,0,0,0a692e743da8a6f5929e9a5e61a16c962249b9fbffffedea4a154098bf7390c0,2024-10-25T12:56:07.750000 CVE-2024-10314,0,0,4ff424a08f54d46f95f43c7d51534e0e6342cc7a5b817ec1e4e580680bb1c702,2024-11-12T13:55:21.227000 @@ -242729,6 +242748,7 @@ CVE-2024-10438,0,0,927b1217e569151a95177fd0867aa44fd49cf458bed4e6241532df7fa8516 CVE-2024-10439,0,0,3741efcec87ce897773441ba8b13058a649924c1100d6b93c1ffe7465b37c5dc,2024-10-31T00:35:36.173000 CVE-2024-1044,0,0,aabb10708db1db153d691de2620429bf76b48269bc86aae28cbf6b6a3c047729,2024-02-29T13:49:29.390000 CVE-2024-10440,0,0,9134bb1aaa59624e138e5f8b3325f09bddc2e56431561ccb4c3e021d68fff1ce,2024-10-31T00:34:23.870000 +CVE-2024-10443,1,1,3db059ce2ddf1ab354d8151c79beb5096218bb11f128a02f7693510ac3551dc1,2024-11-15T11:15:09.750000 CVE-2024-10446,0,0,deea975d5a7cce536c2612b9366552ab52fe1c83fa7bd626ef5b6cf23fd62b64,2024-11-01T16:39:25.890000 CVE-2024-10447,0,0,20a77c16977cd86421b31dc7f8e87f37efdc79e51d4f78a901539c52dec6ae6c,2024-10-31T01:23:46.300000 CVE-2024-10448,0,0,321c290fa10bd947d8b384a53dafbe5d4ff4b7a0a6522b833253529007c67a27,2024-11-01T18:26:55.980000 @@ -242781,6 +242801,7 @@ CVE-2024-10529,0,0,0345fe1a98579e0c46e6718b2719e0f35e2b675397c4baba2f79359ae71dc CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000 CVE-2024-10530,0,0,44b1f61a9c6f6aa30b3b0d0f98cecd2a1b5d01908b2709a3a311951be1b1552b,2024-11-13T17:01:16.850000 CVE-2024-10531,0,0,5f58651087e63c6b2a12c6f7bdf9268a38a5c1f35ee89b5b7476b1d8409f73e4,2024-11-13T17:01:16.850000 +CVE-2024-10534,1,1,fc58dfc669da9dbee073b4d32e6c9b5fa8546baa71f180d39f6cbb6e76ee5a3f,2024-11-15T11:15:10.100000 CVE-2024-10535,0,0,14a566633b856f0bcfd07185d246772590c919ba8cb5a244786d38adaffa8830,2024-11-08T21:19:27.540000 CVE-2024-10538,0,0,4258e87072a64a27fee35a0841a3c5095b5fad35eea820564ce6eaffa01f0137,2024-11-14T13:27:00.400000 CVE-2024-1054,0,0,f8e7e53b5707aaecdfe1ea6fba53413ba04bed5cdf673762252b510775f984b1,2024-02-29T13:49:29.390000 @@ -243018,6 +243039,7 @@ CVE-2024-10966,0,0,3df47cfeba07424dbca1650d45cf844f6cc1bcda5f1462544d39e404a912c CVE-2024-10967,0,0,045953be48e7bafc650cdaba1889b3cce653fc03383c0343e3292851109279a3,2024-11-08T19:01:03.880000 CVE-2024-10968,0,0,f600c79ff6183eb1b51f4003b01ba4a417fb853b88c9cd1f3e9f06879ffd32fe,2024-11-08T19:01:03.880000 CVE-2024-10969,0,0,34fb384baf8f9b6070297fa30997eac3a4fc91278070bd97f872695ea721a856,2024-11-08T19:01:03.880000 +CVE-2024-1097,1,1,316dcfa7f0cf7c7a0bf995ac2dfc528b8acfcdbcea4a052de4f42883255d518e,2024-11-15T11:15:10.550000 CVE-2024-10971,0,0,48718e7d6163afe0c28e377c2f658daad2fd70d420b988ed3e01fe2fd9d4a70c,2024-11-13T17:01:58.603000 CVE-2024-10975,0,0,f38693c9a402e208f0de21f91edcefa5c1f789073d3e380787ea5dd138f197fa,2024-11-08T19:01:03.880000 CVE-2024-10976,0,0,3b148dc4518f7a8e1d6912ce588f9c1895060c7a721621b8fea7a6516e1bc558,2024-11-14T13:15:03.793000 @@ -243127,6 +243149,7 @@ CVE-2024-11168,0,0,5e610ba56b770f0c45b8e5f1da8a18409af80ecc6fd32d397017d56ba5ace CVE-2024-1117,0,0,0eff4d8f06fdd3645727772834638be79e19128758cbe94b2a8e7a297167b8d0,2024-05-17T02:35:15.090000 CVE-2024-11175,0,0,2129c1cdddb364757f82b16fba301982b34bdf0dfeb6c2bb6f48aa85e142eee1,2024-11-13T17:01:16.850000 CVE-2024-1118,0,0,6c399aaded9e96cfac900ecbd30e202d5a6a42d5625667c3de9725b65dc62fc3,2024-02-10T04:13:01.030000 +CVE-2024-11182,1,1,4bb7044c32e7d203f4621472bcf4c9354b62a723acec245f304b3cf0eb5267e6,2024-11-15T11:15:10.410000 CVE-2024-1119,0,0,5426bc48e63724893c52e881a8535fb7954cf4e6383fc287bdb9896410f7d3a0,2024-03-20T13:00:16.367000 CVE-2024-11193,0,0,444d5e431a5f364ce974b83b336c1383f189c8a9ea01d483f54d9727862b851c,2024-11-14T15:35:06.770000 CVE-2024-1120,0,0,4ae965ad3da5f8a3235e6e58dd82dd504b21e474d229ae465351f9f2ed6318d2,2024-03-01T14:04:04.827000 @@ -243136,13 +243159,14 @@ CVE-2024-11208,0,0,7acfc0d5ed23c52da09f59a7646b9c68ba6eb5051d4ac6d41bbd6289d3dca CVE-2024-11209,0,0,c160f1217e298cfc2b4ea4c66bd7fff6bc5de06dc33ddcb58badda8b6cd0450a,2024-11-14T14:15:18.090000 CVE-2024-1121,0,0,19a454e1b0b19f003a8998da71d81afc60a591ff2c6ec5f42743662bb8a72434,2024-02-13T19:42:57.107000 CVE-2024-11210,0,0,12da7228515f229535c7fc4b9759273057c94d0101b79ad3990f20080e45a07d,2024-11-14T15:15:07.800000 -CVE-2024-11211,0,1,3886c776e3040976f2d9d483fe55782570fe2f7d343ab982e6a1ff369b159942,2024-11-15T09:15:14.600000 +CVE-2024-11211,0,0,3886c776e3040976f2d9d483fe55782570fe2f7d343ab982e6a1ff369b159942,2024-11-15T09:15:14.600000 CVE-2024-11212,0,0,7736079fe4badb5fe2ea2d1c57eef7d38e804fef27e3d434bde972654548323a,2024-11-14T15:15:08.360000 CVE-2024-11213,0,0,6310690398aef42147c21046e139b47a34bc0077fad5bc3ed389a644e6432516,2024-11-14T16:15:18.450000 CVE-2024-11214,0,0,ccb4f12fd6859941f79db491e8820bb2f8c1cbacb38f9854647bd5e4e95dace1,2024-11-14T16:15:18.707000 CVE-2024-11215,0,0,bbd6ed73a8be7440fbca0415213d736ba6de2cfe8e7fb84b25483d78ebfdebb6,2024-11-14T14:15:18.367000 CVE-2024-1122,0,0,0daea6a9b881beb2ea9e563443c7905c114cf68ea1093ef9f6fd6cdf2c48aad7,2024-02-15T19:17:26.630000 CVE-2024-1123,0,0,b973e4c54de6f241a32cf221a70e04068421d86df4d000867b2228a54e55ef35,2024-03-11T01:32:39.697000 +CVE-2024-11237,1,1,cb7bbda335a27301a3e6ba3926f5b080dc5afd6e88d1ca9ed1a7516f5f52402e,2024-11-15T12:15:14.670000 CVE-2024-1124,0,0,913ac2351f43d83be68411d873bf568715eb455fa7fe6219a9189bc1238726a9,2024-03-11T01:32:39.697000 CVE-2024-1125,0,0,f1d015036f4cdda32f03ba210c93a8838e991a1e1d168cce1bd81d56428097c5,2024-03-11T01:32:39.697000 CVE-2024-1126,0,0,719cb9688eaad755b04db0e390abb1a9b0b6a5e25f632a929e6736322faf9c06,2024-03-13T18:16:18.563000 @@ -243255,6 +243279,7 @@ CVE-2024-1236,0,0,9d7e383554119a6eb8995bc3e3c594237fc2517d15212a162d538fac1156aa CVE-2024-1237,0,0,971489c96af173cd98795b7c46411895a847e87f027eb141f5511aec59ad2e5a,2024-03-13T18:16:18.563000 CVE-2024-1238,0,0,9f0a38233429658f32f8a976db71d716904de01ac4f7f996eed98f40cb8ba7b5,2024-04-01T01:12:59.077000 CVE-2024-1239,0,0,db432ab525693f47cc78135d0c2cedd8ee6bd0f1495c321fd41dc0e5a9f890b0,2024-03-17T22:38:29.433000 +CVE-2024-1240,1,1,bdb43b0978ed3d6e4d002880a2bdeadb8ceff6a87c91179aaa463d24ef127aab,2024-11-15T11:15:10.773000 CVE-2024-1241,0,0,96fd44c6e5fabc6d4bff3dcf2753825594889b1a8245005a991dd6eafde3d621,2024-04-23T12:52:09.397000 CVE-2024-1242,0,0,77f2f4c11df61eb6748d46bb4a1f43701b90877f99a1028521d6b0a2e093dca9,2024-02-29T13:49:29.390000 CVE-2024-1245,0,0,9f0a6683f1d5096645febd5b42c6e25cc14953b1062510f4b421bd46b5a5a4fe,2024-02-15T04:44:27.987000 @@ -262609,7 +262634,7 @@ CVE-2024-45771,0,0,754a0f27219aa2eb6179ec627ac31099e8e2882043a643cfa7921ddb03dbb CVE-2024-45772,0,0,d4fcff511ac9c702d11d2981d4f53f578a5b533222a07c5c21d8a62a8451fded,2024-10-04T13:20:58.327000 CVE-2024-45773,0,0,fa80a32ca25578799d772108a6e7f2b87164fbdfd3820c41dab7e96e6c83084e,2024-09-30T12:45:57.823000 CVE-2024-4578,0,0,de2bf1ab8b65cf8119579f63d8e64a9383c9519828d1fae8ddac21d6dcb5605a,2024-06-27T19:25:12.067000 -CVE-2024-45784,1,1,7df02e48fd20d4891516a0ad23c130e8093c5cabebef12010ed53de3713bf60d,2024-11-15T09:15:14.897000 +CVE-2024-45784,0,0,7df02e48fd20d4891516a0ad23c130e8093c5cabebef12010ed53de3713bf60d,2024-11-15T09:15:14.897000 CVE-2024-45785,0,0,edaf655206685301bfa1d23b3961ca90e190821a2f1da23140bfad50572d7731,2024-11-06T17:08:40.507000 CVE-2024-45786,0,0,1027a4a71b54e4ed926e7c4d82608ed7bf7290e7e8486a1ac94d8f7e4edfad02,2024-09-18T20:12:47.337000 CVE-2024-45787,0,0,46f8564066b3f70e712610c0aca9059d9bda6862d53c941af56b2ef72737a51d,2024-09-18T18:15:07.650000 @@ -269159,8 +269184,8 @@ CVE-2024-8970,0,0,ac6a340d484c123a9130b7a8da1b91e0090b1836f7865857c5a2324dbb60a4 CVE-2024-8974,0,0,47fcb9de64a47ab7d6fd39981189c5f91c3407e2aae34c6aae2197da9ba195e7,2024-10-04T17:30:18.803000 CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000 CVE-2024-8977,0,0,5252c9de61b84aeddd3ec48f8829f82be03db26645b8f09321099ae149149381,2024-10-16T17:10:13.220000 -CVE-2024-8978,1,1,6fe35329c6e39a1c98f2e36c7371e3dfbe04fa7b1debe5f3e7fafd8f309095f4,2024-11-15T10:15:04.873000 -CVE-2024-8979,1,1,3ea26375d0d3f8c3384c0db604d953a89857ef51881446650efc105ce8490e3b,2024-11-15T10:15:05.310000 +CVE-2024-8978,0,0,6fe35329c6e39a1c98f2e36c7371e3dfbe04fa7b1debe5f3e7fafd8f309095f4,2024-11-15T10:15:04.873000 +CVE-2024-8979,0,1,3b0847b3edd3752c396227a7e40f56b4d47ef0d1725031a1ca52cecc92440e0f,2024-11-15T10:15:05.310000 CVE-2024-8980,0,0,34622dfc36a70206b20752d1026a226663789c42eaaff2958041a445f566dbba,2024-10-30T14:46:14.127000 CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000 CVE-2024-8983,0,0,a5894726a3c72e301955e62952254bf05f92543b19c3d4bf59f7d30236266e8c,2024-10-10T12:57:21.987000