diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10678.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10678.json new file mode 100644 index 00000000000..acd0435d148 --- /dev/null +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10678.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10678", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-13T06:15:24.850", + "lastModified": "2024-12-13T06:15:24.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/9342c6a1-4f9a-45f3-911d-0dfee4657243/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10939.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10939.json new file mode 100644 index 00000000000..46b3e070c52 --- /dev/null +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10939.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10939", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-12-13T06:15:25.120", + "lastModified": "2024-12-13T06:15:25.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/fcf50077-b360-4b63-bece-9806b4bc8bea/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11767.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11767.json new file mode 100644 index 00000000000..d74e8c40a18 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11767.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11767", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T05:15:05.843", + "lastModified": "2024-12-13T05:15:05.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/newsmanapp/trunk/newsmanapp.php#L1054", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/newsmanapp/trunk/newsmanapp.php#L1075", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205721/newsmanapp/trunk/newsmanapp.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22a02e75-4ab1-48fb-b618-b1dff2fcd97f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11809.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11809.json new file mode 100644 index 00000000000..b240fcc4aa5 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11809.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11809", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T05:15:07.127", + "lastModified": "2024-12-13T05:15:07.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3205727%40primer-mydata%2Ftrunk&old=3188823%40primer-mydata%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aca092cf-9482-468e-8dd4-af04e25bcf33?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11833.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11833.json new file mode 100644 index 00000000000..2838dd5bd91 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11833.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11833", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:25.233", + "lastModified": "2024-12-13T06:15:25.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.9, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11834.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11834.json new file mode 100644 index 00000000000..eb3f2b5277f --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11834.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11834", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:25.440", + "lastModified": "2024-12-13T06:15:25.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.9, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11835.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11835.json new file mode 100644 index 00000000000..6ad4b9b0b53 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11835.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11835", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:25.600", + "lastModified": "2024-12-13T06:15:25.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11836.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11836.json new file mode 100644 index 00000000000..97f874ef441 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11836.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11836", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:25.773", + "lastModified": "2024-12-13T06:15:25.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11837.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11837.json new file mode 100644 index 00000000000..2e74f23c1e1 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11837.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11837", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:25.940", + "lastModified": "2024-12-13T06:15:25.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac\u00a0 allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11838.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11838.json new file mode 100644 index 00000000000..de630c37c41 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11838.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11838", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:26.100", + "lastModified": "2024-12-13T06:15:26.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11839.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11839.json new file mode 100644 index 00000000000..f05ac61c343 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11839.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11839", + "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "published": "2024-12-13T06:15:26.273", + "lastModified": "2024-12-13T06:15:26.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", + "source": "5fea7123-217b-4b2d-ada8-8892719b43cd" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12574.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12574.json new file mode 100644 index 00000000000..97a6f852b25 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12574.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12574", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T05:15:07.310", + "lastModified": "2024-12-13T05:15:07.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/svg-shortcode/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b378256-2d9b-4aad-abfe-fecfc76f0bb4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12579.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12579.json new file mode 100644 index 00000000000..9c17e8b14fa --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12579.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12579", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T05:15:07.473", + "lastModified": "2024-12-13T05:15:07.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12581.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12581.json new file mode 100644 index 00000000000..4d3a945ae88 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12581.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12581", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T06:15:26.433", + "lastModified": "2024-12-13T06:15:26.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://research.cleantalk.org/cve-2024-10637/", + "source": "security@wordfence.com" + }, + { + "url": "https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/406f3eaf-44a7-4e32-a620-8799eb74742a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21543.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21543.json new file mode 100644 index 00000000000..3f5dce6cb2a --- /dev/null +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21543.json @@ -0,0 +1,116 @@ +{ + "id": "CVE-2024-21543", + "sourceIdentifier": "report@snyk.io", + "published": "2024-12-13T05:15:07.653", + "lastModified": "2024-12-13T05:15:07.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/sunscrapers/djoser/issues/795", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/sunscrapers/djoser/pull/819", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/sunscrapers/djoser/releases/tag/2.3.0", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21544.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21544.json new file mode 100644 index 00000000000..09d4187918b --- /dev/null +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21544.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2024-21544", + "sourceIdentifier": "report@snyk.io", + "published": "2024-12-13T05:15:07.883", + "lastModified": "2024-12-13T05:15:07.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method.\rAn attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/spatie/browsershot/blob/1e212b596c104138550ed4ef1b9977d8df570c67/src/Browsershot.php%23L258-L269", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/spatie/browsershot/commit/fae8396641b961f62bd756920b14f01a4391296e", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d4674584446..4bc1ec63106 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-13T05:00:26.319077+00:00 +2024-12-13T07:00:30.929199+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-13T04:15:05.233000+00:00 +2024-12-13T06:15:26.433000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273537 +273553 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `16` -- [CVE-2019-25221](CVE-2019/CVE-2019-252xx/CVE-2019-25221.json) (`2024-12-13T04:15:04.713`) -- [CVE-2024-12300](CVE-2024/CVE-2024-123xx/CVE-2024-12300.json) (`2024-12-13T04:15:05.073`) -- [CVE-2024-12572](CVE-2024/CVE-2024-125xx/CVE-2024-12572.json) (`2024-12-13T04:15:05.233`) -- [CVE-2024-12603](CVE-2024/CVE-2024-126xx/CVE-2024-12603.json) (`2024-12-13T03:15:05.187`) +- [CVE-2024-10678](CVE-2024/CVE-2024-106xx/CVE-2024-10678.json) (`2024-12-13T06:15:24.850`) +- [CVE-2024-10939](CVE-2024/CVE-2024-109xx/CVE-2024-10939.json) (`2024-12-13T06:15:25.120`) +- [CVE-2024-11767](CVE-2024/CVE-2024-117xx/CVE-2024-11767.json) (`2024-12-13T05:15:05.843`) +- [CVE-2024-11809](CVE-2024/CVE-2024-118xx/CVE-2024-11809.json) (`2024-12-13T05:15:07.127`) +- [CVE-2024-11833](CVE-2024/CVE-2024-118xx/CVE-2024-11833.json) (`2024-12-13T06:15:25.233`) +- [CVE-2024-11834](CVE-2024/CVE-2024-118xx/CVE-2024-11834.json) (`2024-12-13T06:15:25.440`) +- [CVE-2024-11835](CVE-2024/CVE-2024-118xx/CVE-2024-11835.json) (`2024-12-13T06:15:25.600`) +- [CVE-2024-11836](CVE-2024/CVE-2024-118xx/CVE-2024-11836.json) (`2024-12-13T06:15:25.773`) +- [CVE-2024-11837](CVE-2024/CVE-2024-118xx/CVE-2024-11837.json) (`2024-12-13T06:15:25.940`) +- [CVE-2024-11838](CVE-2024/CVE-2024-118xx/CVE-2024-11838.json) (`2024-12-13T06:15:26.100`) +- [CVE-2024-11839](CVE-2024/CVE-2024-118xx/CVE-2024-11839.json) (`2024-12-13T06:15:26.273`) +- [CVE-2024-12574](CVE-2024/CVE-2024-125xx/CVE-2024-12574.json) (`2024-12-13T05:15:07.310`) +- [CVE-2024-12579](CVE-2024/CVE-2024-125xx/CVE-2024-12579.json) (`2024-12-13T05:15:07.473`) +- [CVE-2024-12581](CVE-2024/CVE-2024-125xx/CVE-2024-12581.json) (`2024-12-13T06:15:26.433`) +- [CVE-2024-21543](CVE-2024/CVE-2024-215xx/CVE-2024-21543.json) (`2024-12-13T05:15:07.653`) +- [CVE-2024-21544](CVE-2024/CVE-2024-215xx/CVE-2024-21544.json) (`2024-12-13T05:15:07.883`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index ea020561b4a..0fb8dce2ff4 100644 --- a/_state.csv +++ b/_state.csv @@ -138547,7 +138547,7 @@ CVE-2019-25218,0,0,04c5d570997ef927a9bd596c732917ebde12fc8075593691e05353daa2052 CVE-2019-25219,0,0,1cb37836ebcc5b11769d9904fbdfa2fec545979ad1eccec7a99d4f7ebed29908,2024-11-01T12:57:35.843000 CVE-2019-2522,0,0,638737140f258e11051ee5bbdf0348d4d75583dff335dd9bacaf5548d0e7c058,2024-11-21T04:41:02.287000 CVE-2019-25220,0,0,d816e7498110be9fdee3cfe309ef71779578ebdc0da778db7a8c501d80ff8668,2024-11-18T17:35:01.780000 -CVE-2019-25221,1,1,311321c57b74993c67efeb64d8fad475a35b5a007c60ff20f6318d5b66da502f,2024-12-13T04:15:04.713000 +CVE-2019-25221,0,0,311321c57b74993c67efeb64d8fad475a35b5a007c60ff20f6318d5b66da502f,2024-12-13T04:15:04.713000 CVE-2019-2523,0,0,8dbf09cc09a9d36d5d379aecf44a233c56df498cda1cca6ed13442ba59e0191b,2024-11-21T04:41:02.417000 CVE-2019-2524,0,0,e78029c84d578c9195f9dc77e1bc1d99a41eb834e1b9ea40680656159ff29559,2024-11-21T04:41:02.543000 CVE-2019-2525,0,0,45bc199935b7701dbac60abc55ae16ce2ad0edb17c245390c2e47faaca8aac93,2024-11-21T04:41:02.660000 @@ -243424,6 +243424,7 @@ CVE-2024-10673,0,0,7f3730c2f092c3dd29d3ac6c30c2d960534151f96414decc18c8cd50ac98c CVE-2024-10674,0,0,a7313216037c380fb9dfc5e5cbb480327712c6b02180efb4c5d327cb4a9f0829,2024-11-12T13:56:24.513000 CVE-2024-10675,0,0,a1b72770f2f1c98f4646c50d1ca93c6027b9b9a70a1889383ddd8c1ffee1aaf0,2024-11-21T13:57:24.187000 CVE-2024-10676,0,0,6887bcf7e7ad4dff7b3acb5ccb4703ef99e151f3c3b6329edf86e56346e5bebb,2024-11-12T13:56:24.513000 +CVE-2024-10678,1,1,f9a66f8ade7015e6f08af522ed2430b7bbdeeb80feb00dc2726c8f5095dfc8fe,2024-12-13T06:15:24.850000 CVE-2024-1068,0,0,19fff8aed0f63e6149ffcd4b412aacdd7ffcb6468d1d60a7391f61d942a540cd,2024-11-21T08:49:43.460000 CVE-2024-10681,0,0,51cc5de1cc43e4859a7c22bfa25780d7c2d9551d7e52fdeded0bbacf68d87ea6,2024-12-06T10:15:04.533000 CVE-2024-10682,0,0,a7e8df655c8e75ce2215a7ec3bf41218b640524758c0db7f945bc19c5ad286f0,2024-11-21T13:57:24.187000 @@ -243630,6 +243631,7 @@ CVE-2024-1093,0,0,a72c5ec761a2a6bbe9fbe0cd33f83ddedd36c1921567176890d3627671f513 CVE-2024-10933,0,0,13097ab8d5d13d6fd090605f874ed50533a9a61b28c0d36521f33f3189a5c8b5,2024-12-05T20:15:21.417000 CVE-2024-10934,0,0,6dae70f2d9b047711f71d589675cbcb98ce87c40154b32c6e0f536ad5d783b6a,2024-11-18T17:11:56.587000 CVE-2024-10937,0,0,64ce1590e73ee01f5e9be4a5c832c7764053a351d87f2b20d151b43b8e14bb5d,2024-12-05T09:15:04.377000 +CVE-2024-10939,1,1,c6c000770125bbde43e77c1343e1f74c08760a2058b939420ec15b735d264a9f,2024-12-13T06:15:25.120000 CVE-2024-1094,0,0,4f6b2c2580413352eb02acf345a730d51f35d7640cec3afbef03e4f7e048ad8b,2024-11-21T08:49:46.967000 CVE-2024-10941,0,0,13c9aa5648736117eddcc05b7c7bbd41bd256da81c39332a1bd9e9e846bf4626,2024-11-08T19:01:25.633000 CVE-2024-10943,0,0,26f3128d989fcb7c084f6a2785233e142b456ba7fa2bbfa2225352075f798149,2024-11-13T17:01:58.603000 @@ -244252,6 +244254,7 @@ CVE-2024-11760,0,0,5cfb5d180120c1875ad31a782b3cbd78a6ea2212cd7c91767b7a154b08a9b CVE-2024-11761,0,0,d23dfba4fec168c27495db29e782d019068846a5ade59e5c067fdb06c9bbac7b,2024-11-28T09:15:05.090000 CVE-2024-11765,0,0,bbcbd7fc77b6a0fb82cd27e551903b294aa23044b4d11991ca37229d7ea8585b,2024-12-12T06:15:21.570000 CVE-2024-11766,0,0,ddbc95560ca1a03f1533d2e46b0802f8fb1d46853ac4aebc4f71e98f40f98426,2024-12-12T06:15:21.757000 +CVE-2024-11767,1,1,9f5aa91d1c2761db892ed68721541ab721ab50e39e1c5b0b5c905b945a5ed2ca,2024-12-13T05:15:05.843000 CVE-2024-11769,0,0,7c09ce15e3c33c67c82c4f8389595c27e00e07d607e16c4d909baefd0cbdfd8b,2024-12-04T08:15:06.680000 CVE-2024-1177,0,0,50204f0e1e82280f8898460ad80abf26f09df69c8b4bae2f8e7f259925f88097,2024-11-21T08:49:58.233000 CVE-2024-11772,0,0,8798de1b89615d4c1d5ee148ccb63311b2f2b6f0733c8b34822ca99faf169909,2024-12-10T19:15:19.817000 @@ -244284,6 +244287,7 @@ CVE-2024-11803,0,0,644472c8797730bc30cd63b92f05bcde358630be8a0ae341ba8c4c7843fb1 CVE-2024-11804,0,0,2183e14d034e87c288a87450e458c5289f509d8eb4643ef4cf7c7bfc476f1b48,2024-12-12T05:15:09.910000 CVE-2024-11805,0,0,a5f68fcc3ec71060a3e1fcbfe1152276ddf9a9708302280ee1d096e56cb69ebb,2024-12-03T08:15:06.553000 CVE-2024-11807,0,0,5b0564826b05464c314eefc84d6d7fdc2dbd57c9a7cdeff75f8e6a6bda0d85b9,2024-12-04T03:15:05.083000 +CVE-2024-11809,1,1,1c50a93e010e8348f7dc1177084ddb957cd543b39b4fa90aeac5a1bccb8af288,2024-12-13T05:15:07.127000 CVE-2024-1181,0,0,75e84367823a14869b96be5d2a44185a42194134ed6d728c2cc873c3b47fce46,2024-11-21T08:49:58.703000 CVE-2024-11813,0,0,47a3a35561cd3c4cfbe2425cc2aa9f8596afbe4dae47aa0811b6748805370891,2024-12-04T03:15:05.227000 CVE-2024-11814,0,0,2a13f9fe8be8eabbe1cb3354ac6af91e2a65c049708e435975b8ce27567d551d,2024-12-04T10:15:05.007000 @@ -244295,6 +244299,13 @@ CVE-2024-11820,0,0,851b7a45884f50f3792038cee6a0dd94b1414d7c7c3cad4aa15d26efb61c7 CVE-2024-11823,0,0,39aa0fbc102b8a9648f017c9098019c8c94234f421f38dd89f51eddc70f54f40,2024-12-06T09:15:07.463000 CVE-2024-11828,0,0,2182fcc94d5c2924b387611eabcc64629aff0d6ea201e85bc92b19a7228cc503,2024-12-12T21:07:04.270000 CVE-2024-1183,0,0,65ecfa5c3d2b221c19281f6b798c6cc7087d171223e10f3dd191314d09620aec,2024-11-21T08:49:58.950000 +CVE-2024-11833,1,1,400c0bc8f7bed746cef05b7eb9344d2eed64ee376938496522edd2a73efd06a9,2024-12-13T06:15:25.233000 +CVE-2024-11834,1,1,b4223c3487600139b2dc6f34da392d0877b89f37153f0f6d2ce4b7f993ed7954,2024-12-13T06:15:25.440000 +CVE-2024-11835,1,1,58df7f1e073686cecda4af7fd302cbb6e3fec61392e0dce5022c4636e2d9dd85,2024-12-13T06:15:25.600000 +CVE-2024-11836,1,1,988fea72336fd4af3f007a4cd262813c61e36630d7fec3fa5a77e33ee538af88,2024-12-13T06:15:25.773000 +CVE-2024-11837,1,1,9f06bcabecdef9b57a34b6da2765b2487c153566098637bb2ee53dbd097d4a62,2024-12-13T06:15:25.940000 +CVE-2024-11838,1,1,17a76d8102c8b69f78d5de60dc08c141ef46e12e1a8500f27ee840b0f6f79f51,2024-12-13T06:15:26.100000 +CVE-2024-11839,1,1,bbff68b25f48266780eefedd6913fb32aa14190957006b88aef8a16b87b5c44b,2024-12-13T06:15:26.273000 CVE-2024-1184,0,0,2df19971af19652a2c9010665a81893140f6f37a453740869a5d55aaa9937e61,2024-11-21T08:49:59.067000 CVE-2024-11840,0,0,09e01e238ec312d53d671f8cf876f09242b194b014906fd4d44fc65beb910377,2024-12-11T11:15:06.453000 CVE-2024-11844,0,0,04412f8d1e89e121c8013622c692022d4f804bc36ac5e0beee05cf8987e8ae7f,2024-12-03T09:15:04.473000 @@ -244487,7 +244498,7 @@ CVE-2024-1229,0,0,8ad8bfe76844e757ec6d08a1bad2f097b99b608e965943a6e4928e217dfee4 CVE-2024-12292,0,0,e027faa06b5953369db62292a4b64efc1354409048616ace4830c061b024cddd,2024-12-12T12:15:22.470000 CVE-2024-12294,0,0,c80c38451ddc3a567e7758d3362278a970e04ba14ecece8e507b66c499c77553,2024-12-11T11:15:06.623000 CVE-2024-1230,0,0,4e58704ea3cd6d96f1b95bf7630f56ca27fd7e9cf7f7c464007165035f04082e,2024-11-21T08:50:06.710000 -CVE-2024-12300,1,1,699335afc6b60ce8f75d8e5292b0de9023ec03e7dc3d726459e0a0c42acf76bb,2024-12-13T04:15:05.073000 +CVE-2024-12300,0,0,699335afc6b60ce8f75d8e5292b0de9023ec03e7dc3d726459e0a0c42acf76bb,2024-12-13T04:15:05.073000 CVE-2024-12305,0,0,591beb549e2fd130a4eb51689f906f54cfd4f9ef094b292b5ebd58de367d8b56,2024-12-09T09:15:04.970000 CVE-2024-12306,0,0,7a6ad19881298b2491617643bd5219a8f3696a7257d332ef3f9d18eb332eeb87,2024-12-09T09:15:05.293000 CVE-2024-12307,0,0,23aacf8c044133a030d70d78a0f87e6b3da2eadc1bf68e4a395d80d759eab88c,2024-12-09T09:15:05.433000 @@ -244570,11 +244581,14 @@ CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b2 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 CVE-2024-1257,0,0,7cc030c8f0ebfb33a80da788a5513945114551aaaa2999db4fa614a5f6b08a9b,2024-11-21T08:50:10.443000 CVE-2024-12570,0,0,55c8778ae52085a06019b95421840b0ea1343cca5de17e3c27e61710e2f13cc0,2024-12-12T12:15:22.660000 -CVE-2024-12572,1,1,34129db9c33eecd2b2ac243db0a2f51d7be08fff7793d1c2147b501507591f87,2024-12-13T04:15:05.233000 +CVE-2024-12572,0,0,34129db9c33eecd2b2ac243db0a2f51d7be08fff7793d1c2147b501507591f87,2024-12-13T04:15:05.233000 +CVE-2024-12574,1,1,cd64e5c6acfbc2001e449c794a77f29c15120ff149ae10a4a58ebcc5a40e8b07,2024-12-13T05:15:07.310000 +CVE-2024-12579,1,1,3eeb6f5a7d75fd4b84c0338d8badc8feb93f7dfd7c0753fc05e5113ec1cad16f,2024-12-13T05:15:07.473000 CVE-2024-1258,0,0,debedad37d9addee2213fe56690e6af35567d54f911af42012dde5a258793ebd,2024-11-21T08:50:10.573000 +CVE-2024-12581,1,1,63b42d274abe5ff6fab4e046f026b25c5bfe866ba46f47bdf0ce6ab1471cc5a7,2024-12-13T06:15:26.433000 CVE-2024-1259,0,0,20758d1bd1b7d5c9a9cfa7609b802ac82aa264b25c107b9463c99ee9056f246a,2024-11-21T08:50:10.730000 CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f8244,2024-11-21T08:50:10.880000 -CVE-2024-12603,1,1,05f555b32dd614ac077ebf9b933027296b1c2a9642df9299a2387226bc4503eb,2024-12-13T03:15:05.187000 +CVE-2024-12603,0,0,05f555b32dd614ac077ebf9b933027296b1c2a9642df9299a2387226bc4503eb,2024-12-13T03:15:05.187000 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000 CVE-2024-1262,0,0,b26d9641a8cbc2c5642fa36dfff4a6fef92b6772e7113385af431217d75dfe5b,2024-11-21T08:50:11.167000 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000 @@ -246657,6 +246671,8 @@ CVE-2024-2154,0,0,0457c00e24736b547ac4f7f247e75fccaa09d13ea0de83ed7c8761e6cfd867 CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000 CVE-2024-21541,0,0,5334d81827b035e812e898c211255fb4104fa0827d052caba8f8153293e7f7ad,2024-11-19T16:20:37.887000 CVE-2024-21542,0,0,71d7ac2f297762d496c833f12b77f71c133bcff4cded6f12936512da06dfadcb,2024-12-10T05:15:07.567000 +CVE-2024-21543,1,1,942aecc11d2e411db7673ff5ac29e7bbfdf4ac36ae84aab1ab795f1e11fab08c,2024-12-13T05:15:07.653000 +CVE-2024-21544,1,1,f92338e27ca7cfe45e2d65ce8b8aef7fb384b6b1640f3fb7308ca92fea06faf1,2024-12-13T05:15:07.883000 CVE-2024-21545,0,0,12417d057214273e4a76243ffeaf97d513746844d668a1420616fa022f5af746,2024-09-26T13:32:02.803000 CVE-2024-2155,0,0,1def2d989b10107bcc4deca9404884628c1ba17bdc1993a4df13bb309b4ac8eb,2024-11-21T09:09:09.070000 CVE-2024-21550,0,0,6b574e14ae55a92be9fd93a1bb9ebb56cb79876aa6e47f41fbbb48bbd5163e82,2024-08-13T17:33:13.537000