From dc4c4e870d349644c00503c694243e1d8531b5bf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 10 Oct 2024 04:03:16 +0000 Subject: [PATCH] Auto-Update: 2024-10-10T04:00:16.934414+00:00 --- CVE-2024/CVE-2024-281xx/CVE-2024-28125.json | 23 ++++++- CVE-2024/CVE-2024-489xx/CVE-2024-48957.json | 25 +++++++ CVE-2024/CVE-2024-489xx/CVE-2024-48958.json | 25 +++++++ CVE-2024/CVE-2024-70xx/CVE-2024-7048.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-84xx/CVE-2024-8477.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-85xx/CVE-2024-8513.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-87xx/CVE-2024-8729.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-89xx/CVE-2024-8987.json | 64 ++++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9022.json | 72 +++++++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9057.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9064.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9065.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9066.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9067.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9072.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-90xx/CVE-2024-9074.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9205.json | 64 ++++++++++++++++++ CVE-2024/CVE-2024-93xx/CVE-2024-9377.json | 68 +++++++++++++++++++ CVE-2024/CVE-2024-94xx/CVE-2024-9457.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9518.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9519.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9520.json | 68 +++++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9522.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9581.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-96xx/CVE-2024-9685.json | 64 ++++++++++++++++++ README.md | 42 ++++++++---- _state.csv | 40 +++++++++--- 27 files changed, 1488 insertions(+), 23 deletions(-) create mode 100644 CVE-2024/CVE-2024-489xx/CVE-2024-48957.json create mode 100644 CVE-2024/CVE-2024-489xx/CVE-2024-48958.json create mode 100644 CVE-2024/CVE-2024-70xx/CVE-2024-7048.json create mode 100644 CVE-2024/CVE-2024-84xx/CVE-2024-8477.json create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8513.json create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8729.json create mode 100644 CVE-2024/CVE-2024-89xx/CVE-2024-8987.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9022.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9057.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9064.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9065.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9066.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9067.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9072.json create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9074.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9205.json create mode 100644 CVE-2024/CVE-2024-93xx/CVE-2024-9377.json create mode 100644 CVE-2024/CVE-2024-94xx/CVE-2024-9457.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9518.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9519.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9520.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9522.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9581.json create mode 100644 CVE-2024/CVE-2024-96xx/CVE-2024-9685.json diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28125.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28125.json index 99a6329252f..4a4c4793536 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28125.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28125.json @@ -2,13 +2,20 @@ "id": "CVE-2024-28125", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-03-18T08:15:06.347", - "lastModified": "2024-08-28T16:35:19.333", + "lastModified": "2024-10-10T02:15:02.830", "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "vultures@jpcert.or.jp", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands." + "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation." }, { "lang": "es", @@ -40,6 +47,16 @@ ] }, "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48957.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48957.json new file mode 100644 index 00000000000..93a37b53deb --- /dev/null +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48957.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-48957", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-10T02:15:02.990", + "lastModified": "2024-10-10T02:15:02.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libarchive/libarchive/pull/2149", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48958.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48958.json new file mode 100644 index 00000000000..1d276a5293d --- /dev/null +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48958.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-48958", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-10T02:15:03.057", + "lastModified": "2024-10-10T02:15:03.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libarchive/libarchive/pull/2148", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-70xx/CVE-2024-7048.json b/CVE-2024/CVE-2024-70xx/CVE-2024-7048.json new file mode 100644 index 00000000000..bb7b271a10d --- /dev/null +++ b/CVE-2024/CVE-2024-70xx/CVE-2024-7048.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7048", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-10-10T02:15:03.113", + "lastModified": "2024-10-10T02:15:03.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8477.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8477.json new file mode 100644 index 00000000000..0a6efbab7a2 --- /dev/null +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8477.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8477", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T03:15:02.300", + "lastModified": "2024-10-10T03:15:02.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3165451/mailin/tags/3.1.88/page/page-home.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e070b422-9036-4362-832b-43fd4838f394?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8513.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8513.json new file mode 100644 index 00000000000..8c792743186 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8513.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8513", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:03.323", + "lastModified": "2024-10-10T02:15:03.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/qa-heatmap-analytics/trunk/class-qahm-admin-page-config.php#L801", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8729.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8729.json new file mode 100644 index 00000000000..e6cb4bf9978 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8729.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8729", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:03.550", + "lastModified": "2024-10-10T02:15:03.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/easy-social-share-buttons/trunk/includes/class-easy-social-share-buttons-settings.php#L271", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8987.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8987.json new file mode 100644 index 00000000000..4c164293bfd --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8987.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8987", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:03.757", + "lastModified": "2024-10-10T02:15:03.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.0/includes/public/core/functions/general/youzify-profile-functions.php#L910", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/youzify/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9022.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9022.json new file mode 100644 index 00000000000..e215a88f557 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9022.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-9022", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T03:15:02.523", + "lastModified": "2024-10-10T03:15:02.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/capture0x/Poll-Plugin-SQL-Injection-", + "source": "security@wordfence.com" + }, + { + "url": "https://packetstormsecurity.com/files/179414/WordPress-Poll-2.3.6-SQL-Injection.html", + "source": "security@wordfence.com" + }, + { + "url": "https://total-soft.com/wp-poll/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/poll-wp/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9057.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9057.json new file mode 100644 index 00000000000..217727301c1 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9057.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9057", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:03.960", + "lastModified": "2024-10-10T02:15:03.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018feed_id\u2019 attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/curatorio/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/953d64f2-a514-48e9-9ab3-f9a793ad953a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9064.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9064.json new file mode 100644 index 00000000000..24783f774cc --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9064.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9064", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:04.163", + "lastModified": "2024-10-10T02:15:04.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/inline-svg-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9065.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9065.json new file mode 100644 index 00000000000..8eb9bb17237 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9065.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9065", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:04.363", + "lastModified": "2024-10-10T02:15:04.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9066.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9066.json new file mode 100644 index 00000000000..b41de6f88d2 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9066.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9066", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:04.567", + "lastModified": "2024-10-10T02:15:04.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/marketing-and-seo-booster/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52144ff6-0617-496c-8159-ec5d7bc86f60?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9067.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9067.json new file mode 100644 index 00000000000..e2535980849 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9067.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9067", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T03:15:02.740", + "lastModified": "2024-10-10T03:15:02.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-attachments.php#L1183", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9072.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9072.json new file mode 100644 index 00000000000..f58ccb7f061 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9072.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9072", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:04.773", + "lastModified": "2024-10-10T02:15:04.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GDPR-Extensions-com \u2013 Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/gdpr-consent-manager/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9074.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9074.json new file mode 100644 index 00000000000..985892d887f --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9074.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9074", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T03:15:02.963", + "lastModified": "2024-10-10T03:15:02.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/advanced-blocks-pro/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f419d14a-90d1-445a-b629-c2e978c3ab81?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9205.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9205.json new file mode 100644 index 00000000000..802bd40f689 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9205.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9205", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:04.980", + "lastModified": "2024-10-10T02:15:04.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/maximum-products-per-user-for-woocommerce/tags/4.2.8/includes/class-alg-wc-mppu-users.php#L836", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3164534/maximum-products-per-user-for-woocommerce/tags/4.2.9/includes/class-alg-wc-mppu-users.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9377.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9377.json new file mode 100644 index 00000000000..ff0470e67c7 --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9377.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9377", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:05.183", + "lastModified": "2024-10-10T02:15:05.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L216", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L220", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3164996/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9457.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9457.json new file mode 100644 index 00000000000..0b397e98954 --- /dev/null +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9457.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9457", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:05.390", + "lastModified": "2024-10-10T02:15:05.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/cssjockey-add-ons/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9518.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9518.json new file mode 100644 index 00000000000..717cfc6d81a --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9518.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9518", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:05.590", + "lastModified": "2024-10-10T02:15:05.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/functions/user-functions.php?rev=1604604#L47", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9519.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9519.json new file mode 100644 index 00000000000..7360b1c4840 --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9519.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9519", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:05.787", + "lastModified": "2024-10-10T02:15:05.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-post-metaboxes.php?rev=1627771#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9520.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9520.json new file mode 100644 index 00000000000..854e68e9d4b --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9520.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9520", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T03:15:03.177", + "lastModified": "2024-10-10T03:15:03.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L186", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L216", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L225", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9522.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9522.json new file mode 100644 index 00000000000..bcbccf61fe7 --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9522.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9522", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:06.013", + "lastModified": "2024-10-10T02:15:06.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-users-masquerade/trunk/masquerade.php?rev=1703860#L162", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9581.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9581.json new file mode 100644 index 00000000000..05ff1ec7f5e --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9581.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9581", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:06.227", + "lastModified": "2024-10-10T02:15:06.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/shortcodes-anywhere/trunk/core/shortcodeEverywhere.class.php#L15", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9685.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9685.json new file mode 100644 index 00000000000..401b8b2f1f3 --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9685.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9685", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-10T02:15:06.440", + "lastModified": "2024-10-10T02:15:06.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.3/index.php#L202", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3165615/notification-for-telegram", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b2e51f7cbcf..b32934daa24 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-10T02:00:17.130034+00:00 +2024-10-10T04:00:16.934414+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-10T01:15:11.127000+00:00 +2024-10-10T03:15:03.177000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265167 +265191 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `24` -- [CVE-2024-48941](CVE-2024/CVE-2024-489xx/CVE-2024-48941.json) (`2024-10-10T00:15:02.673`) -- [CVE-2024-48942](CVE-2024/CVE-2024-489xx/CVE-2024-48942.json) (`2024-10-10T00:15:02.737`) -- [CVE-2024-48949](CVE-2024/CVE-2024-489xx/CVE-2024-48949.json) (`2024-10-10T01:15:11.127`) +- [CVE-2024-48957](CVE-2024/CVE-2024-489xx/CVE-2024-48957.json) (`2024-10-10T02:15:02.990`) +- [CVE-2024-48958](CVE-2024/CVE-2024-489xx/CVE-2024-48958.json) (`2024-10-10T02:15:03.057`) +- [CVE-2024-7048](CVE-2024/CVE-2024-70xx/CVE-2024-7048.json) (`2024-10-10T02:15:03.113`) +- [CVE-2024-8477](CVE-2024/CVE-2024-84xx/CVE-2024-8477.json) (`2024-10-10T03:15:02.300`) +- [CVE-2024-8513](CVE-2024/CVE-2024-85xx/CVE-2024-8513.json) (`2024-10-10T02:15:03.323`) +- [CVE-2024-8729](CVE-2024/CVE-2024-87xx/CVE-2024-8729.json) (`2024-10-10T02:15:03.550`) +- [CVE-2024-8987](CVE-2024/CVE-2024-89xx/CVE-2024-8987.json) (`2024-10-10T02:15:03.757`) +- [CVE-2024-9022](CVE-2024/CVE-2024-90xx/CVE-2024-9022.json) (`2024-10-10T03:15:02.523`) +- [CVE-2024-9057](CVE-2024/CVE-2024-90xx/CVE-2024-9057.json) (`2024-10-10T02:15:03.960`) +- [CVE-2024-9064](CVE-2024/CVE-2024-90xx/CVE-2024-9064.json) (`2024-10-10T02:15:04.163`) +- [CVE-2024-9065](CVE-2024/CVE-2024-90xx/CVE-2024-9065.json) (`2024-10-10T02:15:04.363`) +- [CVE-2024-9066](CVE-2024/CVE-2024-90xx/CVE-2024-9066.json) (`2024-10-10T02:15:04.567`) +- [CVE-2024-9067](CVE-2024/CVE-2024-90xx/CVE-2024-9067.json) (`2024-10-10T03:15:02.740`) +- [CVE-2024-9072](CVE-2024/CVE-2024-90xx/CVE-2024-9072.json) (`2024-10-10T02:15:04.773`) +- [CVE-2024-9074](CVE-2024/CVE-2024-90xx/CVE-2024-9074.json) (`2024-10-10T03:15:02.963`) +- [CVE-2024-9205](CVE-2024/CVE-2024-92xx/CVE-2024-9205.json) (`2024-10-10T02:15:04.980`) +- [CVE-2024-9377](CVE-2024/CVE-2024-93xx/CVE-2024-9377.json) (`2024-10-10T02:15:05.183`) +- [CVE-2024-9457](CVE-2024/CVE-2024-94xx/CVE-2024-9457.json) (`2024-10-10T02:15:05.390`) +- [CVE-2024-9518](CVE-2024/CVE-2024-95xx/CVE-2024-9518.json) (`2024-10-10T02:15:05.590`) +- [CVE-2024-9519](CVE-2024/CVE-2024-95xx/CVE-2024-9519.json) (`2024-10-10T02:15:05.787`) +- [CVE-2024-9520](CVE-2024/CVE-2024-95xx/CVE-2024-9520.json) (`2024-10-10T03:15:03.177`) +- [CVE-2024-9522](CVE-2024/CVE-2024-95xx/CVE-2024-9522.json) (`2024-10-10T02:15:06.013`) +- [CVE-2024-9581](CVE-2024/CVE-2024-95xx/CVE-2024-9581.json) (`2024-10-10T02:15:06.227`) +- [CVE-2024-9685](CVE-2024/CVE-2024-96xx/CVE-2024-9685.json) (`2024-10-10T02:15:06.440`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `1` -- [CVE-2024-23113](CVE-2024/CVE-2024-231xx/CVE-2024-23113.json) (`2024-10-10T01:00:01.433`) -- [CVE-2024-47823](CVE-2024/CVE-2024-478xx/CVE-2024-47823.json) (`2024-10-10T00:15:02.553`) -- [CVE-2024-9379](CVE-2024/CVE-2024-93xx/CVE-2024-9379.json) (`2024-10-10T01:00:01.433`) -- [CVE-2024-9380](CVE-2024/CVE-2024-93xx/CVE-2024-9380.json) (`2024-10-10T01:00:01.433`) +- [CVE-2024-28125](CVE-2024/CVE-2024-281xx/CVE-2024-28125.json) (`2024-10-10T02:15:02.830`) ## Download and Usage diff --git a/_state.csv b/_state.csv index eb86fe23772..78356453db8 100644 --- a/_state.csv +++ b/_state.csv @@ -245236,7 +245236,7 @@ CVE-2024-2311,0,0,4aac7ca25d4746b431ed7ccd5e7d3d99df50290a301a85fe7466f2339700b1 CVE-2024-23110,0,0,1ac4a7144e9209f9a89949f05fe1e7cc8c377744b32bfb607f177f1a970f34e1,2024-08-23T02:45:28.487000 CVE-2024-23111,0,0,752974f238ed1f3e5e428baa91d031d0aceea7be33f8a58b9a2a43bae855557c,2024-08-23T02:47:13.560000 CVE-2024-23112,0,0,95e5175d7388e29c67df9af8c672941dd9e221ee4e0a1ee87f756c639ee8dad2,2024-03-15T14:51:58.497000 -CVE-2024-23113,0,1,e4a22a572f804e3f962d65a633155804365118f9caaa4bc464f5658928aefd90,2024-10-10T01:00:01.433000 +CVE-2024-23113,0,0,e4a22a572f804e3f962d65a633155804365118f9caaa4bc464f5658928aefd90,2024-10-10T01:00:01.433000 CVE-2024-23114,0,0,7252a5a302093b43221ea76f9a6a29eda61311bf101ae44cd86a63862ce26956,2024-08-28T20:35:06.210000 CVE-2024-23115,0,0,7b60c057c6ecb2992362930744ce2990e40a5ef55d9da25b0609baa5f284fa28,2024-04-02T12:50:42.233000 CVE-2024-23116,0,0,b697b868738862e20bfb62cd043729402a6443f2a45a0bdae976d2a021726d27,2024-04-02T12:50:42.233000 @@ -249025,7 +249025,7 @@ CVE-2024-28120,0,0,31f0663194c3ae59508b649362ee2d5539147691a5912e9e045c000f7246f CVE-2024-28121,0,0,5d765bddd1522ef772672d7c5b7d192742701db6f681e7efbb273dbd45669d62,2024-03-13T21:16:00.460000 CVE-2024-28122,0,0,84073f6c96d7936717c065299f48850cb9a25df36eb3f8060c8dc4aa02997344,2024-03-11T01:32:39.697000 CVE-2024-28123,0,0,1f90dd93aca0d11a73a18e1eb6b5cda27a407eb4db9e34eaa0e325666a8f1c24,2024-03-21T12:58:51.093000 -CVE-2024-28125,0,0,7f0b2ff4edc64bb38a0ae0fa981d34a256be95c3adc6334cd99f96a6d79e27a8,2024-08-28T16:35:19.333000 +CVE-2024-28125,0,1,953399dc0066c168955135fde5f2c9781211fd2f93c7a22d357352e45ea3bb13,2024-10-10T02:15:02.830000 CVE-2024-28126,0,0,81385e85c5a93c53bb47fe916edfff61f701ac34a4427a9e5bf459631bdea34d,2024-03-26T12:55:05.010000 CVE-2024-28128,0,0,ff9121c55a5d465f19f3056b6278dc961489b664c0de60bae39143ce763e9dc9,2024-03-18T12:38:25.490000 CVE-2024-2813,0,0,d92b59c3edc51ec01f06a151ea9186c3488c58069c0b5769bb5f8edad6a74d59,2024-05-17T02:38:31.770000 @@ -261582,7 +261582,7 @@ CVE-2024-47817,0,0,a8978e2cff17b63ee249f998983f4eff08d98ca0b11639ba8434d107030ba CVE-2024-47818,0,0,598d35845d5c9531ef399cca4570ef2326935f542cd6df2c80239a96fe7c21e2,2024-10-07T22:15:04.037000 CVE-2024-4782,0,0,37dcdb14f7d23ae467b62646ac8eb504448e2a7781e3c175892c72dc54d3aebf,2024-08-19T13:00:23.117000 CVE-2024-47822,0,0,1bb3c8fcad68cf5925eb2c4b3afc1ce650c6df3f807783d5dffddd106c4ce49b,2024-10-08T18:15:31.170000 -CVE-2024-47823,0,1,8320742a660378f6a01ad741722ead2a09f9e6be07616ac2e9eda6ddd367cc9a,2024-10-10T00:15:02.553000 +CVE-2024-47823,0,0,8320742a660378f6a01ad741722ead2a09f9e6be07616ac2e9eda6ddd367cc9a,2024-10-10T00:15:02.553000 CVE-2024-47828,0,0,2ab43236050d709c1d1b37224db30aa1be8862c0e60a6ee5d60152971174cbfd,2024-10-09T19:15:14.423000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 CVE-2024-47832,0,0,b7e56eeac131fe4fefd7e3116d02da42a2ff171d36975cc192ba07793c3dca42,2024-10-09T19:15:14.647000 @@ -261709,10 +261709,12 @@ CVE-2024-4892,0,0,86d55410ceaf3ecac0b7906bf27b918d65f0ae499a5475505564f001e752da CVE-2024-4893,0,0,c4900f559bdc4a1c952ec15ffc0a407a7d0fc758594c29af597940962bf437f6,2024-05-15T16:40:19.330000 CVE-2024-48933,0,0,7de0f4bfffca5deb1c74453cbef6b33cc0a48f7c75ec32bb2f0f5296d55482aa,2024-10-09T23:15:11.017000 CVE-2024-4894,0,0,1906244d072f236ffca4e7ab82222b86cb7f201e42e01d4517f3ab933ca907f5,2024-05-15T16:40:19.330000 -CVE-2024-48941,1,1,a478a010fad052d976d7fee743b5553216cec10ffc9e36f57c76bed30d76a955,2024-10-10T00:15:02.673000 -CVE-2024-48942,1,1,afe00b24b361f1a17ca816956fa863245c8abdb1171f93cd4cfff531d632fd84,2024-10-10T00:15:02.737000 -CVE-2024-48949,1,1,a1844289d41db918a877296bf4ef92d8aa4561ffb6581c981df85622e133061c,2024-10-10T01:15:11.127000 +CVE-2024-48941,0,0,a478a010fad052d976d7fee743b5553216cec10ffc9e36f57c76bed30d76a955,2024-10-10T00:15:02.673000 +CVE-2024-48942,0,0,afe00b24b361f1a17ca816956fa863245c8abdb1171f93cd4cfff531d632fd84,2024-10-10T00:15:02.737000 +CVE-2024-48949,0,0,a1844289d41db918a877296bf4ef92d8aa4561ffb6581c981df85622e133061c,2024-10-10T01:15:11.127000 CVE-2024-4895,0,0,f6b1e62d3b5bd64aea52e6768b6c469e049c941759a77bf99aa3b85ad7e20caa,2024-05-24T01:15:30.977000 +CVE-2024-48957,1,1,73839f04a6a96165341d199482994aebc143de5e587bd601cbca83d8cc83ad7e,2024-10-10T02:15:02.990000 +CVE-2024-48958,1,1,22f78a57ccd420052c6be988d1a59561d6af96249b350c2e358e9eab60208ea4,2024-10-10T02:15:03.057000 CVE-2024-4896,0,0,20cc2dc19f323150528d4fb3a23b846b2e602fa65e075afe5dc2b86cb95d9c94,2024-05-22T12:46:53.887000 CVE-2024-4897,0,0,b80483aa02f533d1f5c4695afa1f7ec5dae4ecfa8b472cf561efa5d05f8ff11d,2024-07-02T17:44:45.700000 CVE-2024-4898,0,0,a64ada88476e7dbd5dca1f8ed9406bed15a3acb87fadbe7d9a4f3102502b7a67,2024-07-23T17:50:44.033000 @@ -263539,6 +263541,7 @@ CVE-2024-7037,0,0,b73ec5870d03d8f66bb84fbbe932020abb08e6efb8f99dbf4e1f1ab7eaa215 CVE-2024-7038,0,0,182f910a9ab2ef469a30f74b37ebb0cc91121622585133274525ddf4bf610a6c,2024-10-09T19:15:14.930000 CVE-2024-7041,0,0,688ed132bbfb1befffc795f35ed82a14fecd87e0cf303674c9fedf4eb1b11763,2024-10-09T20:15:09.683000 CVE-2024-7047,0,0,21985a71701c23251b30e756f6f2c4f75baa147c34a8c282b34b811aa42e2336,2024-08-26T16:07:27.837000 +CVE-2024-7048,1,1,12f3403896e9a4059ff750f1971d744793a0e26cafaae7be39b178ed44bc9bc4,2024-10-10T02:15:03.113000 CVE-2024-7050,0,0,f402c0a89ba2917236fe6639793bd54ee4751807250eba7a4dde84d4a362ffd7,2024-07-29T14:12:08.783000 CVE-2024-7051,0,0,d0158d1d3b2cdd12dcaf8ff0c61b0f7cdef559e08a0a05011bfe1940648c764c,2024-08-30T16:15:10.960000 CVE-2024-7054,0,0,c2f192d88d8b2a817d17540b8fda16fcd38e463cdb3b6d5e52e3cf243830add6,2024-08-20T15:44:20.567000 @@ -264618,6 +264621,7 @@ CVE-2024-8471,0,0,d4cac4daadf018326a13905f788e8fc27e503497a3cff6ab0ea980773a6f76 CVE-2024-8472,0,0,a896e0fd54ff62d16feed47be0f08dd27e23a8a4def269ca8073766b75918cef,2024-09-06T11:44:34.543000 CVE-2024-8473,0,0,0d318dfea88475fed5cabdbe761e188358c3ae35cd6d226ef3fe46f2f9041c00,2024-09-06T11:44:45.017000 CVE-2024-8476,0,0,092ef960d66528d11d9417cebbf68782d16f414858b72459c24698ae73498ac1,2024-10-02T17:31:00.583000 +CVE-2024-8477,1,1,ff7de7984dd1ad3081b0134262dcabab579701effecde74fd9bcafce3cebade4,2024-10-10T03:15:02.300000 CVE-2024-8478,0,0,175c7b9f94662d755813fa2228cd0539f44691d1180c4633af22a35129eb9a32,2024-09-26T15:53:44.297000 CVE-2024-8479,0,0,895a7d94fd595e323b99eff6522688473ca450b242af8c3d5ea382e2a282a9b2,2024-09-27T16:12:10.427000 CVE-2024-8480,0,0,73de76891190d432c360d36e1da93720f2abf11adbca08499bebf4ffb87eb2bd,2024-09-26T18:13:58.470000 @@ -264636,6 +264640,7 @@ CVE-2024-8504,0,0,8357da8291f04353fac31874868f2eb40b31e26be1555ef771437bf9554e80 CVE-2024-8505,0,0,1c04e90354babae2df3035dc354852183330b8445c04d1f2331a89a32b3e4a48,2024-10-07T19:26:53 CVE-2024-8508,0,0,095cff01fb00165e2108ed0a6b3f940edeffb7916515f1cc0f2ea48f2031a7c8,2024-10-04T13:50:43.727000 CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000 +CVE-2024-8513,1,1,d98435b2706063c11b28bf88842139d7c4c98cc86f2c1c46faa85dba552c7ef6,2024-10-10T02:15:03.323000 CVE-2024-8514,0,0,c58a76f0057441ba23f8e2f32e326770fb9d4e75db425aee0ab9e343556d5997,2024-10-02T19:59:17.080000 CVE-2024-8515,0,0,2860d4fc2403ef731ebb5d2e3d51ef0155fe3387c99bac76ffcaa85980c8d253,2024-10-02T19:22:00.953000 CVE-2024-8516,0,0,4c7cc8475226568ec7dcbebdfbb30107ff8998ef4ef82c2cfacac984d895c7fe,2024-10-02T19:22:44.933000 @@ -264774,6 +264779,7 @@ CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c496 CVE-2024-8725,0,0,bda4a6515a704fa51f2d759f535270e57676d8c1b87d3a5cc5dc6f9e3d99ebf6,2024-10-01T14:16:42.727000 CVE-2024-8727,0,0,cb79e2fb4f4e8ddff2e3cdbb1cbb30b7c8fce0689b3d497e10ebbff2e74dd2da,2024-10-04T13:51:25.567000 CVE-2024-8728,0,0,d061a0a3e4a793bdc334c9b032908af2152405a24e9b06b2723d960e58ba5c92,2024-10-04T13:51:25.567000 +CVE-2024-8729,1,1,fc477b37b149e5719e375aedbd4c7c226e72d87402cf56cd4225e50bcacb4fe8,2024-10-10T02:15:03.550000 CVE-2024-8730,0,0,ff380ede7d530472d7457d72280d0377e58fe499631b78029fd0dcbdd667a7f4,2024-09-26T19:58:33.353000 CVE-2024-8731,0,0,17c6adda5eb698d4c05886ce56b7c8d24eb85ac20af08445719f350b3f8c3e38,2024-09-26T19:43:33.110000 CVE-2024-8732,0,0,fdb5356750581bee2cd15ce9454648108e6d01424f144ebcf561e47c2245eaa8,2024-09-26T20:01:02.290000 @@ -264890,6 +264896,7 @@ CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000 CVE-2024-8983,0,0,b5ad10e9e9fe7aabd9cdc2054c7af15f8a7e59c36886f8fb214efeae5019cab1,2024-10-09T16:35:09.290000 CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000 +CVE-2024-8987,1,1,20679c7ee3bd75b4c00ee0e75d48234984a160ba55ab32d39f91c1f49d4bcfe0,2024-10-10T02:15:03.757000 CVE-2024-8989,0,0,caae46233d26ee2b67df93becf3adf518208e6bbacfb542b8b2dd6d9f605994c,2024-10-04T13:51:25.567000 CVE-2024-8990,0,0,ebe58ed4a084d59384bf44303a373b31562e7163a1320c584d218212811f287c,2024-10-04T13:51:25.567000 CVE-2024-8991,0,0,36ea31132f642cce3da65bf6a2c52220b14f1ba567442136b19c870ca92cc82c,2024-10-04T18:56:30.583000 @@ -264906,6 +264913,7 @@ CVE-2024-9011,0,0,31757df34dd4fee90035c8c1e734eec12ab6ab10926115bc714ff7e9ad5eea CVE-2024-9014,0,0,a8e29b928e7c02e09a31b50dee33eaa8cea5cb50c9cc022c5089f67468915a88,2024-09-26T13:32:55.343000 CVE-2024-9018,0,0,e176c873e94bd3e2c4b29c05a28da23ed581266b7e7463040882baa285f3a6c4,2024-10-07T19:20:48.293000 CVE-2024-9021,0,0,93698023032d4eb246e479be9f6d24aecd12130762d8d7646a36600ee90ad452,2024-10-09T16:35:09.457000 +CVE-2024-9022,1,1,6a59c8133caa2bc019becd023a05070174808d767645fdcdc68735523f5830ee,2024-10-10T03:15:02.523000 CVE-2024-9023,0,0,8856d7ffdca739d2c0d1b85fb1ee05faeaf6947167077ac20feaa24f6c509db2,2024-10-01T14:39:38.370000 CVE-2024-9024,0,0,29f2f073ee82aef300cee3fd954ac6dc4243aa67d5082fca2a65737992da04c1,2024-10-02T18:02:59.683000 CVE-2024-9025,0,0,8c34a0621e4e149deefb96042ae2c7c0174789fb7b5db2c9c1ef1c4077be46cb,2024-10-01T13:44:23.667000 @@ -264929,12 +264937,19 @@ CVE-2024-9043,0,0,585c2a6b7b38dff44f8f31bab3e4cca50893ebff20d4d599fedd4ef31bc82e CVE-2024-9048,0,0,f4eeb8fc17937a04134cb85e4ff1d8e798c7887dad672c6adf3a86ffdd0c5d34,2024-09-30T13:00:48.613000 CVE-2024-9049,0,0,43c64cc2e53580aadfacb0d92c10ebf9c72fa78495b0a90bf4d0f0f029260a77,2024-10-04T18:53:10.910000 CVE-2024-9054,0,0,0d14c343d616ebc19e493649349714efeb90a8268a2c04aa86a752fc9f9af719,2024-10-07T17:48:28.117000 +CVE-2024-9057,1,1,169ed92c5ff8863dc5040febb079ff6f502559a8d506f1187777931e7a4f2cb8,2024-10-10T02:15:03.960000 CVE-2024-9060,0,0,362dff7d92c4f79cdb773c7965db43bbd7eb0923ce5f0445c06b15d2c9fc0e79,2024-10-04T13:51:25.567000 CVE-2024-9063,0,0,df96d256cb802a721004c9ac9223f80a26c192f9136fb3599130ecff1f9d6c94,2024-09-25T01:15:48.670000 +CVE-2024-9064,1,1,b57dbda2d8b6e6e2613e0a67e5e06b2eac08677d047933c3ac819b27eebfd0bc,2024-10-10T02:15:04.163000 +CVE-2024-9065,1,1,b8a922350a4a838c9e0d83d782af52166b937204fb0c86c038ebe16331853fbb,2024-10-10T02:15:04.363000 +CVE-2024-9066,1,1,7153219b99c051f0df9d026aca0db4258cfb089d3a5e6d69ce38a15936d134bf,2024-10-10T02:15:04.567000 +CVE-2024-9067,1,1,474e0176cbb3073b56ad556d89f71dcfb33318f7ce1c709c99fd2bbaaf9f7ac0,2024-10-10T03:15:02.740000 CVE-2024-9068,0,0,01b6ceee3583b3b207ab2eeaf4c2684cbe8e9990b1a6178aa8ad730654493f98,2024-10-02T19:55:50.547000 CVE-2024-9069,0,0,904bb0393747d55de1840c322bbad7ae9d27b3e14c3398a0999f4d003e7be886,2024-10-02T19:37:49.777000 CVE-2024-9071,0,0,6a3b91964e28255133515a40cea9164b7d6e82b1113f289183d17f39a22489d5,2024-10-08T16:21:04.180000 +CVE-2024-9072,1,1,890808fe8f9a61e1feaf10dbc487db17380ddfd871219ec1ad57e516b1a84eff,2024-10-10T02:15:04.773000 CVE-2024-9073,0,0,e1a3718934b1c8aa8070be1e5efd6407ed841e421f9f505c84906bd05d8d4d7e,2024-10-02T19:32:43.047000 +CVE-2024-9074,1,1,ef714e4c7a3d893c1a0e98bda98af9ba77482a2249f9ee1796de6f1a797a3b67,2024-10-10T03:15:02.963000 CVE-2024-9075,0,0,3b33ab99769a9c852230df8e8b6083f862011911d6a5bcadbdc727ad6f83ab66,2024-09-30T15:27:39.313000 CVE-2024-9076,0,0,8c57021a64484b6edbf7ffabe5a971516c1732fccafbf97d4089a67e7015212f,2024-09-27T16:14:04.977000 CVE-2024-9077,0,0,b59a81d09978bed17f369329899086dd9d16ca13d3114e4823b03c2ad7c75c03,2024-09-27T16:31:52.923000 @@ -264995,6 +265010,7 @@ CVE-2024-9199,0,0,0d70434db3b8e5067294d8da03c36e695141f2bf7d8322fbb68a3bc3177abf CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000 CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000 CVE-2024-9204,0,0,8709d8f31d12084fc2eba23d41169bb9ba345e1a3d3bed7d676463fdbec26c9b,2024-10-04T13:50:43.727000 +CVE-2024-9205,1,1,8f5042f553febf92ff6071e329e5e704407918673ce8e329d989f95eb94a9cfe,2024-10-10T02:15:04.980000 CVE-2024-9207,0,0,5836b45f1e3b6f3c0b90cd0a57c81bf3d815110bb015ec2874126aceaef92c8b,2024-10-08T11:15:13.870000 CVE-2024-9209,0,0,02f8d10156b55c480185cf79dd6fdc61c3ca58517fd3619bf848f85895c40b93,2024-10-07T19:20:32.777000 CVE-2024-9210,0,0,3a96d77d31ae9d7d03fb36944bbc08403b6a23f29847ff9570c75435783fa55d,2024-10-08T15:34:42.060000 @@ -265071,9 +265087,10 @@ CVE-2024-9360,0,0,9328fb4e6135929e3835e5c835fd869b8491fb46bae32eb4c5f02c6fc86a74 CVE-2024-9368,0,0,e7a9c605e0cbf9cdb1d319aa8ea22e93a6f5e80855432922ca5e53112d3a4bc4,2024-10-04T13:50:43.727000 CVE-2024-9372,0,0,10044aa8051896e85376f9c9a7c998e54b899918a5f49add6f2a59ddb1044af6,2024-10-04T13:50:43.727000 CVE-2024-9375,0,0,a9c3ca594e219c636214fd2ce314e67161e6c9af25ea164279fc4bb791df9806,2024-10-04T13:50:43.727000 +CVE-2024-9377,1,1,4a89ac4c83337a7a9ccaf558b0409650e99efa90268cc0ac164076d6155ed4f2,2024-10-10T02:15:05.183000 CVE-2024-9378,0,0,ced37e1766b174eaa8afe905f70c6bc3776421764713e21471018e4984150c99,2024-10-07T20:15:08.697000 -CVE-2024-9379,0,1,703ba59f46c27b4c9a81634b7ffa6a16d24f7bdc67c63aab96b4a5148055591a,2024-10-10T01:00:01.433000 -CVE-2024-9380,0,1,2037d2a4a238cf512644b0219683af760fbe6f206c09635b8a946c319ea8a207,2024-10-10T01:00:01.433000 +CVE-2024-9379,0,0,703ba59f46c27b4c9a81634b7ffa6a16d24f7bdc67c63aab96b4a5148055591a,2024-10-10T01:00:01.433000 +CVE-2024-9380,0,0,2037d2a4a238cf512644b0219683af760fbe6f206c09635b8a946c319ea8a207,2024-10-10T01:00:01.433000 CVE-2024-9381,0,0,cc48b0c94354735826bd90917d8a4f1bd25f02a01e3be77523bffb72c1d63efa,2024-10-08T17:15:57.183000 CVE-2024-9384,0,0,4f253b4f2066223670f6dee57b053f19faa6b05364caf5542c3a801535a8dd5a,2024-10-04T13:50:43.727000 CVE-2024-9385,0,0,d5290e9b463ce80e3cb0a2758c2b2174c3a3323b0c1b53b476f1fa2df6ded1c1,2024-10-07T17:48:28.117000 @@ -265106,6 +265123,7 @@ CVE-2024-9445,0,0,0c93ce7f42df628ab9963b0c4991253722d7526551714beaaf6a06be3b0d53 CVE-2024-9449,0,0,a97c6d10c8b04c0b2ba9306e37a8440eda5112028d07f60f30bea1d9431c3f84,2024-10-09T07:15:09.833000 CVE-2024-9451,0,0,61aa4f71fe0ab792c97d101a7739a4f3bc5141915892cc9a79adc1735531429e,2024-10-09T08:15:05.160000 CVE-2024-9455,0,0,ca7310e762dfcd09cbb5f1358b0e3644684d54725bcf9d8ec53a1dfcee667610,2024-10-07T17:48:28.117000 +CVE-2024-9457,1,1,a3f81fbef1dd7d1dbff3e68c1be3f38dbcfd9e33811950a5188886c9a9173cce,2024-10-10T02:15:05.390000 CVE-2024-9460,0,0,d6ff22c922d7573d861145a9f9c7a3aa2a44b6806bef76282f2615732b02479a,2024-10-08T14:33:42.703000 CVE-2024-9463,0,0,f13497b8f0b60e6e27c9901c2789e15050e4fdbc20807f021c8855b382953be1,2024-10-09T23:15:11.290000 CVE-2024-9464,0,0,99a593d9b1195cd84d5c7e8c5dc3bbb5dc83cf53b5dd3defc462e16b4dd2a56e,2024-10-09T23:15:11.457000 @@ -265124,6 +265142,10 @@ CVE-2024-9484,0,0,09a6a45178e5434bfb1cb0415a67ebc11284aea03e94bd83c401b848478b5c CVE-2024-9513,0,0,8bf69fcd896ef2c6d740d4e3fb7359c13bcd3037f3f5c5ca172d72ee575fdaa7,2024-10-07T21:15:19.450000 CVE-2024-9514,0,0,a0c385c9cad31170054b57880ea14385102aa94e9ee1a9b5619f4982b4ac92e4,2024-10-09T11:19:25.577000 CVE-2024-9515,0,0,b319f60f83e92c55aa0a25714009b76d6e0da4210ce3c744b2eab53a0f6a8b5b,2024-10-09T11:19:00.897000 +CVE-2024-9518,1,1,12cf0bbbe97993dd60c18f4d19afa6b8cc84a5b6c06f21e0b53a100caa362576,2024-10-10T02:15:05.590000 +CVE-2024-9519,1,1,921de206056af820936bb74b3effaaf734fd6f653f2b085bcdfda79d009a0057,2024-10-10T02:15:05.787000 +CVE-2024-9520,1,1,c1c09f899eebf7c90772b78752ca6c33c9376395ddfcda172125a827cbf882b2,2024-10-10T03:15:03.177000 +CVE-2024-9522,1,1,900d9df82fccd7b2eaab46f9f611ccf58726137620e69b26363e3d18819e0003,2024-10-10T02:15:06.013000 CVE-2024-9528,0,0,d6fcaf4387a113a292c5be1e6315aa1024df0cc79a828aebf7bc2fe429a4bc75,2024-10-07T17:48:28.117000 CVE-2024-9532,0,0,b7f2aba05edad35ecf41f43ec9640effe332d3189a3ed38d97f2bf49866ac50d,2024-10-09T11:18:49.027000 CVE-2024-9533,0,0,483ea201fb3f13623de51b6a803ec3c9d4b4a9f8d222ab5b1546c8a9a88ca771,2024-10-09T11:18:34.560000 @@ -265158,6 +265180,7 @@ CVE-2024-9573,0,0,58c75dd5695e86f3dd5971604e3d0b5f4fa9518dd900d56e54c2dcc37c5c33 CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df72,2024-10-08T18:45:13.147000 CVE-2024-9575,0,0,5319fb13c91be15843abb76d87e6d17457d37aebb68186f1a71e2b47b9eefe17,2024-10-09T14:35:13.220000 CVE-2024-9576,0,0,349b41d5d275d2b69494dd85fe115130849861d9cddaab63cccbcfe5be8a03f5,2024-10-07T17:47:48.410000 +CVE-2024-9581,1,1,ef6b4fcb9791fefb373c8eb2076fff904758b37ce78821eb9f889a1bd5051ed7,2024-10-10T02:15:06.227000 CVE-2024-9602,0,0,13c5133d85587ec02f04ab3df6b135286d0f9133ef132335e7faeadbfb7036e6,2024-10-09T17:35:16.980000 CVE-2024-9603,0,0,5064a175167ae9dbaab5d5f0ba6b6e0d26b4de70a429a695addd7ebd760abbdf,2024-10-09T16:35:09.623000 CVE-2024-9620,0,0,0379fb1d0864218f96bae79eafc674616cceed6a1d6b1c374718286d73008692,2024-10-08T17:15:57.357000 @@ -265166,3 +265189,4 @@ CVE-2024-9622,0,0,c63b888866eff50e6fa5697d58bf1e64edc668dfb35cefc907fc3210c84ae5 CVE-2024-9671,0,0,f49c886ce75776b8468067e0383f68033c06188472cd5b55ea14fd7e423e32a2,2024-10-09T15:15:17.513000 CVE-2024-9675,0,0,32e8840bd27965b8df5e5b7176aa0ce26bda0a9f22dcbac8c66cb0601f52b1b1,2024-10-09T15:15:17.837000 CVE-2024-9680,0,0,1073a61fe81991e41ed256928cc5d8d5bc03a3ffd6b7dabd943fe9be59020a5c,2024-10-09T16:35:10.390000 +CVE-2024-9685,1,1,587a16c28fef49a7c446d42e2f8c2399f7acfb5c44d717d8aa46528c6e160880,2024-10-10T02:15:06.440000