diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json index 0902970659d..3d452cf3adf 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4459", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-21T19:15:09.373", - "lastModified": "2024-03-12T04:15:07.807", + "lastModified": "2024-03-13T15:15:49.370", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1250", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4459", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5663.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5663.json new file mode 100644 index 00000000000..efb09fc4320 --- /dev/null +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5663.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-5663", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:08.110", + "lastModified": "2024-03-13T16:15:08.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/news-announcement-scroll/tags/9.0.0/news-announcement-scroll.php#L261", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2987837/news-announcement-scroll#file2", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b29113d6-7a9a-4e10-a446-147ec146ac93?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json index 4516ca4c097..c5c3f79c0e1 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6546", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T20:15:08.260", - "lastModified": "2024-03-12T03:15:06.823", + "lastModified": "2024-03-13T15:15:49.863", "vulnStatus": "Modified", "descriptions": [ { @@ -192,6 +192,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1253", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6546", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6785.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6785.json new file mode 100644 index 00000000000..a317664fc16 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6785.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6785", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:08.407", + "lastModified": "2024-03-13T16:15:08.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038209%40download-manager%2Ftrunk&old=3022104%40download-manager%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6809.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6809.json new file mode 100644 index 00000000000..214ec3cd4f4 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6809.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6809", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:08.640", + "lastModified": "2024-03-13T16:15:08.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/beepress/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6825.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6825.json new file mode 100644 index 00000000000..452768d7ed2 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6825.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-6825", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:08.850", + "lastModified": "2024-03-13T16:15:08.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6880.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6880.json new file mode 100644 index 00000000000..e15633a1865 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6880.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6880", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:09.093", + "lastModified": "2024-03-13T16:15:09.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://help.visualcomposer.com/release-notes/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/622b9b46-774d-4251-9a79-73e5b398de57?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6954.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6954.json new file mode 100644 index 00000000000..d4b972c9ee4 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6954.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6954", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:09.300", + "lastModified": "2024-03-13T16:15:09.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6957.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6957.json new file mode 100644 index 00000000000..60eed54f808 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6957.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6957", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:09.517", + "lastModified": "2024-03-13T16:15:09.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041316%40fluentform%2Ftrunk&old=3025740%40fluentform%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6969.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6969.json new file mode 100644 index 00000000000..392687f6d36 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6969.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6969", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:09.703", + "lastModified": "2024-03-13T16:15:09.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/user-shortcodes-plus/trunk/includes/Shortcodes/UserMeta.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7015.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7015.json new file mode 100644 index 00000000000..b52e231e09a --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7015.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-7015", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:09.900", + "lastModified": "2024-03-13T16:15:09.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://filemanagerpro.io/changelog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94750424-bb52-4236-962e-aa8cbdeb1459?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json index 189b59a3653..28eeef73813 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7192", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T19:15:11.510", - "lastModified": "2024-03-12T03:15:07.273", + "lastModified": "2024-03-13T15:15:50.313", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1250", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-7192", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json new file mode 100644 index 00000000000..5c1150f5b3a --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0161", + "sourceIdentifier": "security_alert@emc.com", + "published": "2024-03-13T16:15:10.143", + "lastModified": "2024-03-13T16:15:10.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0326.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0326.json new file mode 100644 index 00000000000..925a6d6b2ae --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0326.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0326", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:10.410", + "lastModified": "2024-03-13T16:15:10.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0368.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0368.json new file mode 100644 index 00000000000..1d3402059b2 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0368.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0368", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:10.623", + "lastModified": "2024-03-13T16:15:10.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", + "source": "security@wordfence.com" + }, + { + "url": "https://developers.hubspot.com/docs/api/webhooks#scopes", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0369.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0369.json new file mode 100644 index 00000000000..8d2bd8558c1 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0369.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0369", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:10.837", + "lastModified": "2024-03-13T16:15:10.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0377.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0377.json new file mode 100644 index 00000000000..650c973b221 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0377.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0377", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:11.070", + "lastModified": "2024-03-13T16:15:11.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0385.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0385.json new file mode 100644 index 00000000000..56cde188880 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0385.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0385", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:11.293", + "lastModified": "2024-03-13T16:15:11.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0447.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0447.json new file mode 100644 index 00000000000..0fba8d93955 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0447.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0447", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:11.483", + "lastModified": "2024-03-13T16:15:11.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0449.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0449.json new file mode 100644 index 00000000000..63b88f48f8a --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0449.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0449", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:11.707", + "lastModified": "2024-03-13T16:15:11.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0591.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0591.json new file mode 100644 index 00000000000..54310b6e658 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0591.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0591", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:11.917", + "lastModified": "2024-03-13T16:15:11.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0592.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0592.json new file mode 100644 index 00000000000..d237140877e --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0592.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0592", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:12.147", + "lastModified": "2024-03-13T16:15:12.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0614.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0614.json new file mode 100644 index 00000000000..fad241451b3 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0614.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0614", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:12.357", + "lastModified": "2024-03-13T16:15:12.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://advisory.abay.sh/cve-2024-0614", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0631.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0631.json new file mode 100644 index 00000000000..b5de8be24c6 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0631.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0631", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:12.573", + "lastModified": "2024-03-13T16:15:12.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json index 010486cf1d6..08898282a3d 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0646", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-17T16:15:47.190", - "lastModified": "2024-03-12T21:15:57.700", + "lastModified": "2024-03-13T15:15:50.503", "vulnStatus": "Modified", "descriptions": [ { @@ -189,6 +189,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1278", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0681.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0681.json new file mode 100644 index 00000000000..7446da857e2 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0681.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0681", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:12.767", + "lastModified": "2024-03-13T16:15:12.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0683.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0683.json new file mode 100644 index 00000000000..31411772e4c --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0683.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0683", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:12.973", + "lastModified": "2024-03-13T16:15:12.973", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0687.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0687.json new file mode 100644 index 00000000000..3cbd170aa84 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0687.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0687", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:13.203", + "lastModified": "2024-03-13T16:15:13.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Restrict User Access \u2013 Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0700.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0700.json new file mode 100644 index 00000000000..05828c959e2 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0700.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0700", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:13.403", + "lastModified": "2024-03-13T16:15:13.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/simple-tweet/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0827.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0827.json new file mode 100644 index 00000000000..46679abe0be --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0827.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0827", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:13.610", + "lastModified": "2024-03-13T16:15:13.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0828.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0828.json new file mode 100644 index 00000000000..289affc9e79 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0828.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0828", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:13.833", + "lastModified": "2024-03-13T16:15:13.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0829.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0829.json new file mode 100644 index 00000000000..20c47175dde --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0829.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0829", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:14.067", + "lastModified": "2024-03-13T16:15:14.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0830.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0830.json new file mode 100644 index 00000000000..3d1d1df22e2 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0830.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0830", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:14.307", + "lastModified": "2024-03-13T16:15:14.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0839.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0839.json new file mode 100644 index 00000000000..82c0b33a7bf --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0839.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0839", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:14.537", + "lastModified": "2024-03-13T16:15:14.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/feedwordpress/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0871.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0871.json new file mode 100644 index 00000000000..11261113ba2 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0871.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0871", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:14.750", + "lastModified": "2024-03-13T16:15:14.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0896.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0896.json new file mode 100644 index 00000000000..6978d44a49a --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0896.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0896", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:14.943", + "lastModified": "2024-03-13T16:15:14.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0897.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0897.json new file mode 100644 index 00000000000..a2ca341ad86 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0897.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0897", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:15.343", + "lastModified": "2024-03-13T16:15:15.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0898.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0898.json new file mode 100644 index 00000000000..761025dbb3d --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0898.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0898", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:15.593", + "lastModified": "2024-03-13T16:15:15.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/chat-bubble/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0976.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0976.json new file mode 100644 index 00000000000..1874b8d0c50 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0976.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0976", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:15.827", + "lastModified": "2024-03-13T16:15:15.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1038.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1038.json new file mode 100644 index 00000000000..54617e1fce1 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1038.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1038", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:16.050", + "lastModified": "2024-03-13T16:15:16.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1071.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1071.json new file mode 100644 index 00000000000..a82b101ba16 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1071.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-1071", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:16.293", + "lastModified": "2024-03-13T16:15:16.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/ultimate-member/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1074.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1074.json new file mode 100644 index 00000000000..d1bc1070315 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1074.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1074", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:16.503", + "lastModified": "2024-03-13T16:15:16.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php#L34", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/modules/audio/includes/frontend.php?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1080.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1080.json new file mode 100644 index 00000000000..25bb7d99910 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1080.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1080", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:16.717", + "lastModified": "2024-03-13T16:15:16.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/heading/includes/frontend.php#L1", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1083.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1083.json new file mode 100644 index 00000000000..26fee48ccfb --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1083.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1083", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:16.940", + "lastModified": "2024-03-13T16:15:16.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1126.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1126.json new file mode 100644 index 00000000000..6d37552d656 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1126.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1126", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:17.267", + "lastModified": "2024-03-13T16:15:17.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1127.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1127.json new file mode 100644 index 00000000000..8c1fb606e24 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1127.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1127", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:17.507", + "lastModified": "2024-03-13T16:15:17.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk//includes/service/class-ep-ajax.php#L1994", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1158.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1158.json new file mode 100644 index 00000000000..5cff59a2330 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1158.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1158", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:17.740", + "lastModified": "2024-03-13T16:15:17.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/admin/admin-ajax.php?rev=2820257#L80", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1176.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1176.json new file mode 100644 index 00000000000..517d4ffbff0 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1176.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1176", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:17.933", + "lastModified": "2024-03-13T16:15:17.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The HT Easy GA4 \u2013 Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1203.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1203.json new file mode 100644 index 00000000000..ce2174b5f4b --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1203.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1203", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:18.150", + "lastModified": "2024-03-13T16:15:18.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1850", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1234.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1234.json new file mode 100644 index 00000000000..9feebfddb24 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1234.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1234", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:18.390", + "lastModified": "2024-03-13T16:15:18.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1237.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1237.json new file mode 100644 index 00000000000..75193e546ed --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1237.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1237", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:18.617", + "lastModified": "2024-03-13T16:15:18.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.24/inc/widgets-manager/widgets/class-navigation-menu.php#L1951", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034938%40header-footer-elementor&new=3034938%40header-footer-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82644c46-205b-4005-bba8-6b3e45769639?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1291.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1291.json new file mode 100644 index 00000000000..c895aa34a6c --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1291.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1291", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:18.807", + "lastModified": "2024-03-13T16:15:18.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1293.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1293.json new file mode 100644 index 00000000000..7321b19d21a --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1293.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1293", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:19.043", + "lastModified": "2024-03-13T16:15:19.043", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1296.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1296.json new file mode 100644 index 00000000000..ad04cd51b0c --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1296.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1296", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:19.257", + "lastModified": "2024-03-13T16:15:19.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/post.php#L529", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L196", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=#file4", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1311.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1311.json new file mode 100644 index 00000000000..934a9a82072 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1311.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1311", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:19.450", + "lastModified": "2024-03-13T16:15:19.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L254", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/zip/archiver.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1321.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1321.json new file mode 100644 index 00000000000..686f3c9587b --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1321.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1321", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:19.663", + "lastModified": "2024-03-13T16:15:19.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1358.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1358.json new file mode 100644 index 00000000000..e30a4f62e44 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1358.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1358", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:19.870", + "lastModified": "2024-03-13T16:15:19.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php#L89", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1363.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1363.json new file mode 100644 index 00000000000..b9f624671b9 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1363.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1363", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:20.130", + "lastModified": "2024-03-13T16:15:20.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Easy Accordion \u2013 Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044803%40easy-accordion-free&new=3044803%40easy-accordion-free&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1365.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1365.json new file mode 100644 index 00000000000..f2eaf2c8d4f --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1365.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1365", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:20.417", + "lastModified": "2024-03-13T16:15:20.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039876%40yml-for-yandex-market%2Ftrunk&old=3036732%40yml-for-yandex-market%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1370.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1370.json new file mode 100644 index 00000000000..f44d4a7aa12 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1370.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1370", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:20.687", + "lastModified": "2024-03-13T16:15:20.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1380.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1380.json new file mode 100644 index 00000000000..b2d720a8aa8 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1380.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1380", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:20.903", + "lastModified": "2024-03-13T16:15:20.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1383.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1383.json new file mode 100644 index 00000000000..50e2bdbadc8 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1383.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1383", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:21.163", + "lastModified": "2024-03-13T16:15:21.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backup-mainwp/trunk/wpvivid-backup-mainwp.php#L525", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040939%40wpvivid-backup-mainwp&new=3040939%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8430ed-6aeb-46a3-8c42-59646845706e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1391.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1391.json new file mode 100644 index 00000000000..d22e289a5db --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1391.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1391", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:21.387", + "lastModified": "2024-03-13T16:15:21.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eae_custom_overlay_switcher\u2019 attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/bg-slider/module.php#L255", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/bg-slider/module.php#L255", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1392.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1392.json new file mode 100644 index 00000000000..366c9a49fa6 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1392.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1392", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:21.590", + "lastModified": "2024-03-13T16:15:21.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/dual-button/widgets/dual-button.php#L885", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/dual-button/widgets/dual-button.php#L885", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1393.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1393.json new file mode 100644 index 00000000000..29142ee092d --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1393.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1393", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:21.770", + "lastModified": "2024-03-13T16:15:21.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1409.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1409.json new file mode 100644 index 00000000000..cb7d467ef4e --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1409.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1409", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:21.947", + "lastModified": "2024-03-13T16:15:21.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038677%40wp-user-avatar&new=3038677%40wp-user-avatar&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53e16bca-7c85-4d56-8233-b3b53f793b39?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1413.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1413.json new file mode 100644 index 00000000000..2c2222525c0 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1413.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1413", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:22.113", + "lastModified": "2024-03-13T16:15:22.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1414.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1414.json new file mode 100644 index 00000000000..fbc1f5555fd --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1414.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1414", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:22.287", + "lastModified": "2024-03-13T16:15:22.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1422.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1422.json new file mode 100644 index 00000000000..6bd1fad0a46 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1422.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1422", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:22.457", + "lastModified": "2024-03-13T16:15:22.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1452.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1452.json new file mode 100644 index 00000000000..0f574ed0689 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1452.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1452", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:22.643", + "lastModified": "2024-03-13T16:15:22.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L140", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L70", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1462.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1462.json new file mode 100644 index 00000000000..0756fff4ff8 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1462.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1462", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:22.830", + "lastModified": "2024-03-13T16:15:22.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1479.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1479.json new file mode 100644 index 00000000000..0790373f586 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1479.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1479", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.013", + "lastModified": "2024-03-13T16:15:23.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1484.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1484.json new file mode 100644 index 00000000000..8a1b6c29030 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1484.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1484", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.203", + "lastModified": "2024-03-13T16:15:23.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041769%40ameliabooking%2Ftrunk&old=3037721%40ameliabooking%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1489.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1489.json new file mode 100644 index 00000000000..cee6e2684f3 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1489.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1489", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.377", + "lastModified": "2024-03-13T16:15:23.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039989%40sms-alert%2Ftrunk&old=3032487%40sms-alert%2Ftrunk&sfp_email=&sfph_mail=#file19", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1497.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1497.json new file mode 100644 index 00000000000..b43e52b27bd --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1497.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1497", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.547", + "lastModified": "2024-03-13T16:15:23.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php#L1219", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1499.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1499.json new file mode 100644 index 00000000000..1e2adeebb2f --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1499.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1499", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.723", + "lastModified": "2024-03-13T16:15:23.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1037", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1505.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1505.json new file mode 100644 index 00000000000..4289e629ff1 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1505.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1505", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:23.893", + "lastModified": "2024-03-13T16:15:23.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1535.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1535.json new file mode 100644 index 00000000000..cbb36e56a41 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1535.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1535", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.090", + "lastModified": "2024-03-13T16:15:24.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L952", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3047008/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1536.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1536.json new file mode 100644 index 00000000000..19abc9a00a4 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1536.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1536", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.270", + "lastModified": "2024-03-13T16:15:24.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Event_Calendar.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1537.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1537.json new file mode 100644 index 00000000000..91a06e8b4a3 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1537.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1537", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.440", + "lastModified": "2024-03-13T16:15:24.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Data_Table.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81a48c61-4191-4252-9230-9df8fc5e3443?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1541.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1541.json new file mode 100644 index 00000000000..8f1593ba645 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1541.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1541", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.600", + "lastModified": "2024-03-13T16:15:24.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.2.21/includes/blocks/class-kadence-blocks-advanced-heading-block.php#L418", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1585.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1585.json new file mode 100644 index 00000000000..ec8d2a68169 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1585.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1585", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.780", + "lastModified": "2024-03-13T16:15:24.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/utils/util.php#L555", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/metform/tags/3.8.3&old=3047398&new_path=/metform/tags/3.8.4&new=3047398&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/342d6941-6987-4756-b554-1699128b9108?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1640.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1640.json new file mode 100644 index 00000000000..d2db4f947b9 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1640.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1640", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:24.957", + "lastModified": "2024-03-13T16:15:24.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3048523/bit-form/trunk/includes/Frontend/Ajax/FrontendAjax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1642.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1642.json new file mode 100644 index 00000000000..c7a2e8d1a02 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1642.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1642", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:25.127", + "lastModified": "2024-03-13T16:15:25.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mainwp/tags/4.6.0.1/pages/page-mainwp-post-page-handler.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3042125/mainwp/trunk/pages/page-mainwp-post-page-handler.php?old=3017011&old_path=mainwp/trunk/pages/page-mainwp-post-page-handler.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2d9569-a551-46f5-8581-464b9f35b71c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1668.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1668.json new file mode 100644 index 00000000000..5dc4db3901e --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1668.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1668", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:25.510", + "lastModified": "2024-03-13T16:15:25.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's \"password\" field)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://gist.github.com/Xib3rR4dAr/91bd37338022b15379f393356d1056a1", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1680.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1680.json new file mode 100644 index 00000000000..4d9209af100 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1680.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1680", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:25.773", + "lastModified": "2024-03-13T16:15:25.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3041548/premium-addons-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2d0b38-8241-456f-a79b-5d31132b3233?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1684.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1684.json new file mode 100644 index 00000000000..adb0e91c08d --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1684.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1684", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:25.947", + "lastModified": "2024-03-13T16:15:25.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/934bf839-152d-4d10-9ac8-c64cf042dc18?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1690.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1690.json new file mode 100644 index 00000000000..59234009430 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1690.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1690", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:26.127", + "lastModified": "2024-03-13T16:15:26.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The TeraWallet \u2013 Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3043412/woo-wallet/trunk/includes/class-woo-wallet-ajax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1691.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1691.json new file mode 100644 index 00000000000..f351aef3abd --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1691.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1691", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:26.333", + "lastModified": "2024-03-13T16:15:26.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1723.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1723.json new file mode 100644 index 00000000000..7fb71d2e3b9 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1723.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1723", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:26.510", + "lastModified": "2024-03-13T16:15:26.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon']." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.6/widgets/features/tpl/default.php#L90", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044174%40so-widgets-bundle%2Ftrunk&old=3040814%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e63c566d-744b-42f5-9ba6-9007cc60313a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1751.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1751.json new file mode 100644 index 00000000000..33592d234d6 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1751.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1751", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:26.683", + "lastModified": "2024-03-13T16:15:26.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.6.1/classes/Utils.php#L4555", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1763.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1763.json new file mode 100644 index 00000000000..3bc6d89c74a --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1763.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1763", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:26.863", + "lastModified": "2024-03-13T16:15:26.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042283%40wp-social&new=3042283%40wp-social&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1772.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1772.json new file mode 100644 index 00000000000..7146675223c --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1772.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1772", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.040", + "lastModified": "2024-03-13T16:15:27.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php#L138", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1793.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1793.json new file mode 100644 index 00000000000..64573fd7602 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1793.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-1793", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.207", + "lastModified": "2024-03-13T16:15:27.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://glimmer-handball-dae.notion.site/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L962", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L970", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L972", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042751%40aweber-web-form-widget&new=3042751%40aweber-web-form-widget&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1806.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1806.json new file mode 100644 index 00000000000..2a0a686fa92 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1806.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1806", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.380", + "lastModified": "2024-03-13T16:15:27.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.15.0/src/ShortcodeParser/EditProfileTag.php#L76", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1843.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1843.json new file mode 100644 index 00000000000..fc1f732a7f7 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1843.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1843", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.550", + "lastModified": "2024-03-13T16:15:27.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-auto-affiliate-links/trunk/aal_ajax.php#L79", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044067%40wp-auto-affiliate-links&new=3044067%40wp-auto-affiliate-links&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1854.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1854.json new file mode 100644 index 00000000000..206d4e877e9 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1854.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1854", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.717", + "lastModified": "2024-03-13T16:15:27.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1862.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1862.json new file mode 100644 index 00000000000..064c8356a04 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1862.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1862", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:27.893", + "lastModified": "2024-03-13T16:15:27.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-add-to-cart-custom-redirect/tags/1.2.13/woocommerce-custom-redirect.php#L204", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.13&old=3047408&new_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.14&new=3047408&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1894.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1894.json new file mode 100644 index 00000000000..cfc39c5d077 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1894.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1894", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.067", + "lastModified": "2024-03-13T16:15:28.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L67", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L74", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/burst-statistics/tags/1.5.6.1&old=3049793&new_path=/burst-statistics/tags/1.5.7&new=3049793&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1935.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1935.json new file mode 100644 index 00000000000..db0870fe8cf --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1935.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1935", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.260", + "lastModified": "2024-03-13T16:15:28.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018parent_url\u2019 parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.5/resources/views/rafflepress-giveaway.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/rafflepress/tags/1.12.5&old=3043286&new_path=/rafflepress/tags/1.12.7&new=3043286&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1950.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1950.json new file mode 100644 index 00000000000..374cad17f8a --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1950.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1950", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.427", + "lastModified": "2024-03-13T16:15:28.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-meta-box.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7&old=3045923&new_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.8&new=3045923&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8636bf-229a-42a5-a19c-332679613dd2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1951.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1951.json new file mode 100644 index 00000000000..bfc0f60d9f5 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1951.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1951", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.597", + "lastModified": "2024-03-13T16:15:28.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-adl-metabox.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/logo-showcase-ultimate/tags/1.3.8&old=3045923&new_path=/logo-showcase-ultimate/tags/1.3.9&new=3045923&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1985.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1985.json new file mode 100644 index 00000000000..2496bb42e77 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1985.json @@ -0,0 +1,79 @@ +{ + "id": "CVE-2024-1985", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.753", + "lastModified": "2024-03-13T16:15:28.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L103", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L112", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L121", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L130", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L139", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L157", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L85", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L95", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045036%40simple-membership%2Ftrunk&old=3021218%40simple-membership%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1996.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1996.json new file mode 100644 index 00000000000..9676a16ab3e --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1996.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1996", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:28.930", + "lastModified": "2024-03-13T16:15:28.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1997.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1997.json new file mode 100644 index 00000000000..0c75f8c1fc3 --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1997.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1997", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:29.110", + "lastModified": "2024-03-13T16:15:29.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2000.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2000.json new file mode 100644 index 00000000000..644324e1cda --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2000.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2000", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:30.717", + "lastModified": "2024-03-13T16:15:30.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee517de-a47e-47c9-8322-92ce772191b0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2006.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2006.json new file mode 100644 index 00000000000..ebad36eb88c --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2006.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-2006", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:30.897", + "lastModified": "2024-03-13T16:15:30.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/post-grid-carousel-ultimate/trunk/includes/classes/metabox.php#L43", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/post-grid-carousel-ultimate/tags/1.6.7&old=3045923&new_path=/post-grid-carousel-ultimate/tags/1.6.8&new=3045923&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1b234-862b-41a0-ab63-a986f8023613?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2020.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2020.json new file mode 100644 index 00000000000..87d8248ac81 --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2020.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2020", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:31.063", + "lastModified": "2024-03-13T16:15:31.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the professional version or higher." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/calculated-fields-form/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2028.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2028.json new file mode 100644 index 00000000000..d0516459535 --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2028.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2028", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:31.233", + "lastModified": "2024-03-13T16:15:31.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2030.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2030.json new file mode 100644 index 00000000000..2dff4bfeb46 --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2030.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-2030", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:31.407", + "lastModified": "2024-03-13T16:15:31.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/templates/leads-table.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3046066/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json index c945739bebc..efc8fc7329f 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json @@ -2,12 +2,12 @@ "id": "CVE-2024-2057", "sourceIdentifier": "cna@vuldb.com", "published": "2024-03-01T12:15:48.670", - "lastModified": "2024-03-10T02:16:08.657", + "lastModified": "2024-03-13T16:15:31.580", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372." + "value": "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2106.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2106.json new file mode 100644 index 00000000000..a8ebdbcfbdb --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2106.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-2106", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:31.703", + "lastModified": "2024-03-13T16:15:31.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2126.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2126.json new file mode 100644 index 00000000000..424d19bcbf5 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2126.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2126", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:31.867", + "lastModified": "2024-03-13T16:15:31.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3046442/themeisle-companion", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2172.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2172.json new file mode 100644 index 00000000000..ee25b0d44c7 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2172.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-2172", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.043", + "lastModified": "2024-03-13T16:15:32.043", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/miniorange-malware-protection/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2194.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2194.json new file mode 100644 index 00000000000..592d344b962 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2194.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2194", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.220", + "lastModified": "2024-03-13T16:15:32.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047756%40wp-statistics&new=3047756%40wp-statistics&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e44e4bdd-d84e-4315-9232-48a3b240242d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2237.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2237.json new file mode 100644 index 00000000000..0cbe3051567 --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2237.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2237", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.403", + "lastModified": "2024-03-13T16:15:32.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2238.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2238.json new file mode 100644 index 00000000000..e58230b9488 --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2238.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2238", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.577", + "lastModified": "2024-03-13T16:15:32.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2239.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2239.json new file mode 100644 index 00000000000..90e5695f9cc --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2239.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2239", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.750", + "lastModified": "2024-03-13T16:15:32.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://premiumaddons.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2252.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2252.json new file mode 100644 index 00000000000..feb1cb8361d --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2252.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2252", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:32.920", + "lastModified": "2024-03-13T16:15:32.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/droit-elementor-addons/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2286.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2286.json new file mode 100644 index 00000000000..8760a2d6d42 --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2286.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2286", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:33.090", + "lastModified": "2024-03-13T16:15:33.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047987%40sky-elementor-addons&new=3047987%40sky-elementor-addons&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2293.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2293.json new file mode 100644 index 00000000000..3137d57bf6d --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2293.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-2293", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-13T16:15:33.287", + "lastModified": "2024-03-13T16:15:33.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/site-reviews/trunk/views/partials/listtable/filter.php#L5", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/site-reviews/tags/6.11.4&old=3049214&new_path=/site-reviews/tags/6.11.7&new=3049214&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/823418d9-a231-4306-8575-2937a491509f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23124.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23124.json index 79ae022e79b..ebda609d8cc 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23124.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23124.json @@ -2,12 +2,12 @@ "id": "CVE-2024-23124", "sourceIdentifier": "psirt@autodesk.com", "published": "2024-02-22T03:15:08.027", - "lastModified": "2024-02-22T19:07:27.197", + "lastModified": "2024-03-13T15:15:50.783", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A maliciously crafted STP file when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" + "value": "A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" }, { "lang": "es", @@ -31,6 +31,10 @@ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "source": "psirt@autodesk.com" + }, + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", + "source": "psirt@autodesk.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23672.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23672.json new file mode 100644 index 00000000000..b08a9617d63 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23672.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-23672", + "sourceIdentifier": "security@apache.org", + "published": "2024-03-13T16:15:29.287", + "lastModified": "2024-03-13T16:15:29.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24549.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24549.json new file mode 100644 index 00000000000..5d16498f093 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24549.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-24549", + "sourceIdentifier": "security@apache.org", + "published": "2024-03-13T16:15:29.373", + "lastModified": "2024-03-13T16:15:29.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25097.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25097.json new file mode 100644 index 00000000000..5c4acf9adaa --- /dev/null +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25097.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-25097", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-03-13T16:15:29.450", + "lastModified": "2024-03-13T16:15:29.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pdf-viewer-by-themencode/wordpress-tnc-pdf-viewer-plugin-2-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25099.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25099.json new file mode 100644 index 00000000000..9e0dbb06393 --- /dev/null +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25099.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-25099", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-03-13T16:15:29.650", + "lastModified": "2024-03-13T16:15:29.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/paytium/wordpress-paytium-mollie-payment-forms-donations-plugin-4-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25101.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25101.json new file mode 100644 index 00000000000..faf647b04cd --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25101.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-25101", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-03-13T16:15:29.847", + "lastModified": "2024-03-13T16:15:29.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik \u2013 Spam Blacklist allows Stored XSS.This issue affects Maspik \u2013 Spam Blacklist: from n/a through 0.10.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-10-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25153.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25153.json new file mode 100644 index 00000000000..07dc887a6c1 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25153.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-25153", + "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "published": "2024-03-13T15:15:50.913", + "lastModified": "2024-03-13T15:15:50.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-472" + } + ] + } + ], + "references": [ + { + "url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + }, + { + "url": "https://www.fortra.com/security/advisory/fi-2024-002", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25154.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25154.json new file mode 100644 index 00000000000..ee82e98a6b2 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25154.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-25154", + "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "published": "2024-03-13T15:15:51.307", + "lastModified": "2024-03-13T15:15:51.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.\u00a0\u00a0" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + }, + { + "url": "https://www.fortra.com/security/advisory/fi-2024-003", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25155.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25155.json new file mode 100644 index 00000000000..547dfd65e57 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25155.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-25155", + "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "published": "2024-03-13T15:15:51.700", + "lastModified": "2024-03-13T15:15:51.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag.\u00a0" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + }, + { + "url": "https://www.fortra.com/security/advisory/fi-2024-003", + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26630.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26630.json new file mode 100644 index 00000000000..83178252ff0 --- /dev/null +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26630.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26630", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-03-13T16:15:30.047", + "lastModified": "2024-03-13T16:15:30.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: cachestat: fix folio read-after-free in cache walk\n\nIn cachestat, we access the folio from the page cache's xarray to compute\nits page offset, and check for its dirty and writeback flags. However, we\ndo not hold a reference to the folio before performing these actions,\nwhich means the folio can concurrently be released and reused as another\nfolio/page/slab.\n\nGet around this altogether by just using xarray's existing machinery for\nthe folio page offsets and dirty/writeback states.\n\nThis changes behavior for tmpfs files to now always report zeroes in their\ndirty and writeback counters. This is okay as tmpfs doesn't follow\nconventional writeback cache behavior: its pages get \"cleaned\" during\nswapout, after which they're no longer resident etc." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a75cb05d53f4a6823a32deb078de1366954a804", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba60fdf75e89ea762bb617be578dc47f27655117", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe7e008e0ce728252e4ec652cceebcc62211657c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-274xx/CVE-2024-27441.json b/CVE-2024/CVE-2024-274xx/CVE-2024-27441.json new file mode 100644 index 00000000000..df3582137ce --- /dev/null +++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27441.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-27441", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T15:15:52.083", + "lastModified": "2024-03-13T15:15:52.083", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28669.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28669.json new file mode 100644 index 00000000000..5609b536afc --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28669.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28669", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.100", + "lastModified": "2024-03-13T16:15:30.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/10.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28670.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28670.json new file mode 100644 index 00000000000..dc07bc0f2c1 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28670.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28670", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.147", + "lastModified": "2024-03-13T16:15:30.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/9.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28671.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28671.json new file mode 100644 index 00000000000..caea187e3ae --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28671.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28671", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.197", + "lastModified": "2024-03-13T16:15:30.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/7.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28672.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28672.json new file mode 100644 index 00000000000..c53fce5cf0b --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28672.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28672", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.247", + "lastModified": "2024-03-13T16:15:30.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/3.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28673.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28673.json new file mode 100644 index 00000000000..257d44ad897 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28673.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28673", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.297", + "lastModified": "2024-03-13T16:15:30.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/4.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28676.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28676.json new file mode 100644 index 00000000000..a00e2e4ff21 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28676.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28676", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.347", + "lastModified": "2024-03-13T16:15:30.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/18.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28677.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28677.json new file mode 100644 index 00000000000..8d1035f5f20 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28677.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28677", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.390", + "lastModified": "2024-03-13T16:15:30.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/14.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28678.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28678.json new file mode 100644 index 00000000000..ac438f557b3 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28678.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28678", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.440", + "lastModified": "2024-03-13T16:15:30.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/15.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28679.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28679.json new file mode 100644 index 00000000000..3020523c3dc --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28679.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28679", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.483", + "lastModified": "2024-03-13T16:15:30.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/19.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28680.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28680.json new file mode 100644 index 00000000000..2725f479ffe --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28680.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28680", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.530", + "lastModified": "2024-03-13T16:15:30.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/11.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28681.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28681.json new file mode 100644 index 00000000000..9e0ecbe259a --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28681.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28681", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.570", + "lastModified": "2024-03-13T16:15:30.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/17.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28682.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28682.json new file mode 100644 index 00000000000..8eaeabd0040 --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28682.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28682", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.620", + "lastModified": "2024-03-13T16:15:30.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/13.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28683.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28683.json new file mode 100644 index 00000000000..657f2d1b9cf --- /dev/null +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28683.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28683", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-13T16:15:30.667", + "lastModified": "2024-03-13T16:15:30.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/777erp/cms/blob/main/20.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 184298fcec1..50ffc2a3e79 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-13T15:01:33.926379+00:00 +2024-03-13T17:00:43.603853+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-13T14:28:45.217000+00:00 +2024-03-13T16:15:33.287000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -241280 +241419 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `139` -* [CVE-2023-52608](CVE-2023/CVE-2023-526xx/CVE-2023-52608.json) (`2024-03-13T14:15:07.240`) -* [CVE-2024-1507](CVE-2024/CVE-2024-15xx/CVE-2024-1507.json) (`2024-03-13T14:15:07.347`) -* [CVE-2024-1508](CVE-2024/CVE-2024-15xx/CVE-2024-1508.json) (`2024-03-13T14:15:07.540`) -* [CVE-2024-2247](CVE-2024/CVE-2024-22xx/CVE-2024-2247.json) (`2024-03-13T14:15:07.870`) -* [CVE-2024-26629](CVE-2024/CVE-2024-266xx/CVE-2024-26629.json) (`2024-03-13T14:15:07.717`) -* [CVE-2024-28429](CVE-2024/CVE-2024-284xx/CVE-2024-28429.json) (`2024-03-13T13:15:47.837`) -* [CVE-2024-28430](CVE-2024/CVE-2024-284xx/CVE-2024-28430.json) (`2024-03-13T13:15:47.897`) -* [CVE-2024-28431](CVE-2024/CVE-2024-284xx/CVE-2024-28431.json) (`2024-03-13T13:15:47.943`) -* [CVE-2024-28432](CVE-2024/CVE-2024-284xx/CVE-2024-28432.json) (`2024-03-13T13:15:47.987`) -* [CVE-2024-28665](CVE-2024/CVE-2024-286xx/CVE-2024-28665.json) (`2024-03-13T13:15:48.033`) -* [CVE-2024-28666](CVE-2024/CVE-2024-286xx/CVE-2024-28666.json) (`2024-03-13T13:15:48.080`) -* [CVE-2024-28667](CVE-2024/CVE-2024-286xx/CVE-2024-28667.json) (`2024-03-13T13:15:48.127`) -* [CVE-2024-28668](CVE-2024/CVE-2024-286xx/CVE-2024-28668.json) (`2024-03-13T13:15:48.170`) -* [CVE-2024-28675](CVE-2024/CVE-2024-286xx/CVE-2024-28675.json) (`2024-03-13T14:15:07.770`) -* [CVE-2024-28684](CVE-2024/CVE-2024-286xx/CVE-2024-28684.json) (`2024-03-13T14:15:07.820`) +* [CVE-2024-2286](CVE-2024/CVE-2024-22xx/CVE-2024-2286.json) (`2024-03-13T16:15:33.090`) +* [CVE-2024-2293](CVE-2024/CVE-2024-22xx/CVE-2024-2293.json) (`2024-03-13T16:15:33.287`) +* [CVE-2024-23672](CVE-2024/CVE-2024-236xx/CVE-2024-23672.json) (`2024-03-13T16:15:29.287`) +* [CVE-2024-24549](CVE-2024/CVE-2024-245xx/CVE-2024-24549.json) (`2024-03-13T16:15:29.373`) +* [CVE-2024-25097](CVE-2024/CVE-2024-250xx/CVE-2024-25097.json) (`2024-03-13T16:15:29.450`) +* [CVE-2024-25099](CVE-2024/CVE-2024-250xx/CVE-2024-25099.json) (`2024-03-13T16:15:29.650`) +* [CVE-2024-25101](CVE-2024/CVE-2024-251xx/CVE-2024-25101.json) (`2024-03-13T16:15:29.847`) +* [CVE-2024-25153](CVE-2024/CVE-2024-251xx/CVE-2024-25153.json) (`2024-03-13T15:15:50.913`) +* [CVE-2024-25154](CVE-2024/CVE-2024-251xx/CVE-2024-25154.json) (`2024-03-13T15:15:51.307`) +* [CVE-2024-25155](CVE-2024/CVE-2024-251xx/CVE-2024-25155.json) (`2024-03-13T15:15:51.700`) +* [CVE-2024-26630](CVE-2024/CVE-2024-266xx/CVE-2024-26630.json) (`2024-03-13T16:15:30.047`) +* [CVE-2024-27441](CVE-2024/CVE-2024-274xx/CVE-2024-27441.json) (`2024-03-13T15:15:52.083`) +* [CVE-2024-28669](CVE-2024/CVE-2024-286xx/CVE-2024-28669.json) (`2024-03-13T16:15:30.100`) +* [CVE-2024-28670](CVE-2024/CVE-2024-286xx/CVE-2024-28670.json) (`2024-03-13T16:15:30.147`) +* [CVE-2024-28671](CVE-2024/CVE-2024-286xx/CVE-2024-28671.json) (`2024-03-13T16:15:30.197`) +* [CVE-2024-28672](CVE-2024/CVE-2024-286xx/CVE-2024-28672.json) (`2024-03-13T16:15:30.247`) +* [CVE-2024-28673](CVE-2024/CVE-2024-286xx/CVE-2024-28673.json) (`2024-03-13T16:15:30.297`) +* [CVE-2024-28676](CVE-2024/CVE-2024-286xx/CVE-2024-28676.json) (`2024-03-13T16:15:30.347`) +* [CVE-2024-28677](CVE-2024/CVE-2024-286xx/CVE-2024-28677.json) (`2024-03-13T16:15:30.390`) +* [CVE-2024-28678](CVE-2024/CVE-2024-286xx/CVE-2024-28678.json) (`2024-03-13T16:15:30.440`) +* [CVE-2024-28679](CVE-2024/CVE-2024-286xx/CVE-2024-28679.json) (`2024-03-13T16:15:30.483`) +* [CVE-2024-28680](CVE-2024/CVE-2024-286xx/CVE-2024-28680.json) (`2024-03-13T16:15:30.530`) +* [CVE-2024-28681](CVE-2024/CVE-2024-286xx/CVE-2024-28681.json) (`2024-03-13T16:15:30.570`) +* [CVE-2024-28682](CVE-2024/CVE-2024-286xx/CVE-2024-28682.json) (`2024-03-13T16:15:30.620`) +* [CVE-2024-28683](CVE-2024/CVE-2024-286xx/CVE-2024-28683.json) (`2024-03-13T16:15:30.667`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `6` -* [CVE-2024-21899](CVE-2024/CVE-2024-218xx/CVE-2024-21899.json) (`2024-03-13T14:25:02.043`) -* [CVE-2024-21900](CVE-2024/CVE-2024-219xx/CVE-2024-21900.json) (`2024-03-13T14:24:02.157`) -* [CVE-2024-21901](CVE-2024/CVE-2024-219xx/CVE-2024-21901.json) (`2024-03-13T14:23:12.393`) +* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2024-03-13T15:15:49.370`) +* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-03-13T15:15:49.863`) +* [CVE-2023-7192](CVE-2023/CVE-2023-71xx/CVE-2023-7192.json) (`2024-03-13T15:15:50.313`) +* [CVE-2024-0646](CVE-2024/CVE-2024-06xx/CVE-2024-0646.json) (`2024-03-13T15:15:50.503`) +* [CVE-2024-2057](CVE-2024/CVE-2024-20xx/CVE-2024-2057.json) (`2024-03-13T16:15:31.580`) +* [CVE-2024-23124](CVE-2024/CVE-2024-231xx/CVE-2024-23124.json) (`2024-03-13T15:15:50.783`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e2f5baeb3c4..63d45647fb3 100644 --- a/_state.csv +++ b/_state.csv @@ -231172,7 +231172,7 @@ CVE-2023-4454,0,0,fe899221eb203df39954aedfaeaf87bdb09afc80eb2c22102da392016705c3 CVE-2023-4455,0,0,9528a57f6832fe8e6664fdc368bd3e3314370da9062831e095663a0c221f98f6,2023-08-24T21:11:31.950000 CVE-2023-4456,0,0,6d9cdb4689534916ddff63b61413f1e522c8383cf07c0239a48f4e3d5fbfcc73,2023-11-07T04:22:38.447000 CVE-2023-4457,0,0,ac60e11809ded7eaccf037584c3d03207cafdbc7826e19cec4254350e1a52269,2023-10-20T15:17:32.870000 -CVE-2023-4459,0,0,bf45434920a6175e1dada457e21dd3c827d6b3c0bb9f933071469a74b210b28c,2024-03-12T04:15:07.807000 +CVE-2023-4459,0,1,38a43d126f90b707f80b21b71a35a2d4cde68e46fc836a8443cd37a94b9f4319,2024-03-13T15:15:49.370000 CVE-2023-4460,0,0,f93ac0cc9ec04f47ebf64d59feccc55ae86604f5338e23e11a38cdb78ed4a09c,2023-12-07T20:31:47.693000 CVE-2023-4462,0,0,e8652c1af7020b20d4e3bb76958b75c6ac3b649c3c41d7ee1dc182189606bfe8,2024-02-29T01:41:49.647000 CVE-2023-4463,0,0,5778177a2ad3e8beb0474c5e239ee34824ff50d1b13cdbaaaee9b92ed30b0081,2024-02-29T01:41:49.787000 @@ -235968,7 +235968,7 @@ CVE-2023-52604,0,0,30f1c16cb3a0cb2fe47a6d739ea3857d9514f4a42f5108accddc2ff67ca64 CVE-2023-52605,0,0,b5af21151183e023d24583c3bc040b304802944a7a957d88eaa5a84d6f115872,2024-03-06T15:18:08.093000 CVE-2023-52606,0,0,af178db0080c3115d91a437ab5b42adac2141a98dadd572d3736b5223567f757,2024-03-06T15:18:08.093000 CVE-2023-52607,0,0,cd279ac76807826cb38ca9326be0382c8b742bd78a6b07422163f9ab0e29e5d3,2024-03-06T15:18:08.093000 -CVE-2023-52608,1,1,cf7b7e55e8f4282fe3aa5b5ec270126b4956cd8a6e010ac62f6f0d8d8eda977e,2024-03-13T14:28:45.217000 +CVE-2023-52608,0,0,cf7b7e55e8f4282fe3aa5b5ec270126b4956cd8a6e010ac62f6f0d8d8eda977e,2024-03-13T14:28:45.217000 CVE-2023-5261,0,0,b9a5d5c1665b23d8f490ac5c803287da98c60050898a52b85f908d7910feaa98,2024-02-29T01:42:14.327000 CVE-2023-5262,0,0,894fcd8d03366c3f74f7ca422533c84f8d2347a01347f60fdf2b57148937c32b,2024-02-29T01:42:14.413000 CVE-2023-5263,0,0,f725be7f729eda7e17d61afdbcbca4a8848bfa1b71076de4cfece717f5e6d50f,2024-02-29T01:42:14.507000 @@ -236323,6 +236323,7 @@ CVE-2023-5659,0,0,2756c30d7e7b13769c90bfa771ff25a41ea63089aebc74da0ec2ef61d3bebc CVE-2023-5660,0,0,876d3552316a7a63e9adb7cf04e715a91b18de5a87ef021e3994dcd75ea650d1,2023-11-14T19:47:12.697000 CVE-2023-5661,0,0,89f45d084505708ce50d325026bb6d99f40b9a0a23948ececcea909baa278aaf,2023-11-14T19:46:49.487000 CVE-2023-5662,0,0,a781c385baae6acf43b649131b9c032126fb56f82d58840dd0f993dd295e23d1,2023-11-28T19:26:56.350000 +CVE-2023-5663,1,1,80895d200c983a1c46fbf62c0ec205c58a808f72f5dc20eb9a6c3f21c27eac3a,2024-03-13T16:15:08.110000 CVE-2023-5664,0,0,5806f86808a446c2df093c8fdec87964f8677ab1bf13b271d7f3fd3ff40f720b,2023-11-28T19:23:15.107000 CVE-2023-5665,0,0,9202fc2ad5454c2d60fa80cf7916a5c9746158672f11c21e5c7492085f35bdd6,2024-03-05T20:23:44.463000 CVE-2023-5666,0,0,e3a4a27e54caed7889269f9af4305d73159f0ef24de314fff6231ace7a494b3d,2023-11-13T14:50:14.593000 @@ -237054,7 +237055,7 @@ CVE-2023-6538,0,0,3a39b4ad035054d825d9bc8e0c8cc78afbd8a886d818da82d3bd686b80edb3 CVE-2023-6540,0,0,e8a4000d3c1c7c36a8e07e1b70f09f28354d68ee96913653b539560cbc6666cf,2024-01-10T20:23:28.493000 CVE-2023-6542,0,0,3003b22c56226936503fcbd3e01db5b83c31e11bacc81c5b330ec2a4d5df4705,2023-12-18T20:00:10.587000 CVE-2023-6545,0,0,e8fad407643f309508d7beca42d5ec4316241428ccdf0ffe16ab6d5de81adac9,2024-02-15T11:15:10.127000 -CVE-2023-6546,0,0,b7bb5a619bac1163964fea995919b9d905814602067719a0be2c489542130a1c,2024-03-12T03:15:06.823000 +CVE-2023-6546,0,1,ee2cbfa1016077b2d62cef83cc8dfd4583e818b4ccaa57bad115b543c396fa76,2024-03-13T15:15:49.863000 CVE-2023-6547,0,0,2916ee27da61a814e8994bd469cb1aad4b6a948d5260e9e94d921cc96ef53cf1,2023-12-14T19:31:10.497000 CVE-2023-6548,0,0,d72f1da21f4679c438af227a53a72909321a82fbe8a6c1ba2869cadbc4cb4979,2024-01-25T16:45:58.287000 CVE-2023-6549,0,0,4628b4d9b2a1d597253023171a98e3f518f7c4c3f05994e40027582299785db0,2024-01-24T20:48:33.600000 @@ -237233,6 +237234,7 @@ CVE-2023-6780,0,0,c975aeded48a1c45e1e6c7e65991f1af9ab6c42dbbd046267a6c775b1423a7 CVE-2023-6781,0,0,606133b53d71d301d434687c95e9541c45256035c97457e3cef427e3e2fa86e7,2024-01-18T16:24:52.810000 CVE-2023-6782,0,0,9d49a53aeef1daeb1b880b1c10125bd540373eabc0b6ef10f8f3d1b558ba4034,2024-01-18T16:11:09.587000 CVE-2023-6784,0,0,8a2dc120c2f7c09cd65b30de205a120bba14591ed7954e6b475e7a765c9d6768,2023-12-28T20:16:01.087000 +CVE-2023-6785,1,1,62b13775a35b047240e6e3f2e36489669efb05e3396fd089c882dfa719a8894d,2024-03-13T16:15:08.407000 CVE-2023-6788,0,0,50e116b22f39b4eda80be0e0174e50805515a5317ae162b416827d632334043b,2024-01-11T23:33:05.333000 CVE-2023-6789,0,0,58210ee945774473d3672ef0a5317f3e9fd1821a6536ceabc670f03a82b8c1b1,2023-12-18T18:54:39.670000 CVE-2023-6790,0,0,59d4d6839301f4b4ea57b622791c925b2ceacc81b1978d57ea06e29921fd8384,2023-12-18T18:53:56.697000 @@ -237249,11 +237251,13 @@ CVE-2023-6804,0,0,13181dda2bed07f7dad9eedba96ea43dcf935ca425f805f78f341a3addfecf CVE-2023-6806,0,0,68d5cc1d96ec25c7ab186323c9b5003516462d40f7f679e830f007d1bc0e4958,2024-02-29T13:49:47.277000 CVE-2023-6807,0,0,8211ca38107dc4f9b4127c6352451c7045672cf7336c16fcb14315bbd9ab0669,2024-02-27T14:21:27.377000 CVE-2023-6808,0,0,453d7720ba5e9cbfc061121430ec5679037ea2f22b990571ad72c0ac48f6ec8b,2024-02-09T16:49:29.023000 +CVE-2023-6809,1,1,8514f3385b79e1b83c98971ac4da6c7bde1cab7b15399048849ec4bf520bee34,2024-03-13T16:15:08.640000 CVE-2023-6814,0,0,92ddf9fba0f0cc4e5890f88faba8c1759e6a7f8de161ccd5e91df12b32e36fc8,2024-03-12T12:40:13.500000 CVE-2023-6815,0,0,d97387eb71cb43fe6e993223b0683dbb82353c2109d50f7b045bdf1d8b203f4e,2024-02-14T04:15:08.497000 CVE-2023-6816,0,0,e7839a0ba60fd8f45333ca3d0c1da185b693b7e81293656670d077cc9777a76a,2024-03-07T17:15:12.180000 CVE-2023-6817,0,0,15a873d76f1c7613f3959855e73f950459b6718d3731740781c6b052a6a56c9a,2024-02-08T16:15:47.270000 CVE-2023-6824,0,0,8c6e875229d872169eb2bfb9390a02ca75cb4bc4bc222093fdb4ebb6a0125835,2024-01-23T15:35:27.123000 +CVE-2023-6825,1,1,0217a0d5a023addd90e5a17ad0ca387458a7c4bd4961422d9188791ed6590939,2024-03-13T16:15:08.850000 CVE-2023-6826,0,0,8033a5c072d463793e3b1a3dcb626312fffc26b8ea88b724da5c112e96daece5,2023-12-21T04:49:03.117000 CVE-2023-6827,0,0,988eddb07dea4ee34d5815cfaeee7982cc14aa24005b0c6e429672b5f26c034c,2023-12-21T04:48:37.823000 CVE-2023-6828,0,0,5f4e621a26f675509a21b4e2930f2bceb4ddb7b7fd69c98ea769a7d538bb6377,2024-01-17T21:25:53.597000 @@ -237300,6 +237304,7 @@ CVE-2023-6874,0,0,20d55c881c8740c1c9c245c80d2419e8fd6fe7a8ac50e023c72f933e5bdbc8 CVE-2023-6875,0,0,fa50f826ef562493657259922f0d672e1042b5b70e3533a566fc049edbe41c1f,2024-01-18T16:11:25.827000 CVE-2023-6878,0,0,c06c28c6ac809dd95b68d213aef696c4411990fd4045334f25f507941978e9dc,2024-01-18T16:34:53.617000 CVE-2023-6879,0,0,c08e575832036ecb7220ddc25f6a81feccb5763236592178949cea3294fefa99,2024-02-02T02:27:15.863000 +CVE-2023-6880,1,1,79a280a527ce0741e33aba0651f09d2caf48e09f75f7fcb760ff26849fc493d1,2024-03-13T16:15:09.093000 CVE-2023-6881,0,0,e2fa72ccc2c7b1a0de949cd7d130e507a939834678981c3c2e67af40e360543f,2024-02-29T13:49:47.277000 CVE-2023-6882,0,0,ef73d97452dd13eaf6ae54f106fd4d1394234f25bb71b31d7301f410dc27755e,2024-01-18T16:43:49.213000 CVE-2023-6883,0,0,80e75ec1884e690c24c0955cd950efeeb350cd30e5dea723aaf58d8eaca00ca8,2024-01-17T00:02:05.660000 @@ -237363,10 +237368,13 @@ CVE-2023-6944,0,0,b453ccc11666e3e20f635934304e12206f6d1751449fa49547d4c54d9fe58e CVE-2023-6945,0,0,88fee1f1aba5d74fe080e24b300ad1b855872f44616a28b8ea905f4270bf07a3,2024-02-29T01:42:49.380000 CVE-2023-6946,0,0,6d15d49849355e757559f9bf6499dd17a73c47e11df17a484f0afc7b82a71381,2024-02-03T00:24:34.007000 CVE-2023-6953,0,0,a4eae60c09f86b37536b6072986cf2d081babcc1cdd107376a1ba9bb2012ddfc,2024-02-22T03:39:59.017000 +CVE-2023-6954,1,1,b4ca7c78f0fb2f673cf2581a6cd0d05255eccc003a4acb33c51fbceef8992e5d,2024-03-13T16:15:09.300000 CVE-2023-6955,0,0,7a80cfe846d10fcea6780b4ae01cccd9684aeac6ad97c3a3415c4424a672be7e,2024-01-18T21:16:42.053000 +CVE-2023-6957,1,1,fe5c54e19af233197a69967881dfeed410257f2993086282699283f1a4b52a98,2024-03-13T16:15:09.517000 CVE-2023-6958,0,0,360585034baba3dde8bbd2b4edec3a36320e0765453af141d99ea526bd11ab61,2024-01-24T20:47:14.900000 CVE-2023-6959,0,0,3499bdabf9b48447bf05d447c84d13393f065f476750e301dd4268abb320735c,2024-02-14T17:01:57.227000 CVE-2023-6963,0,0,231e665c342f619449883ebe35105e509b0377505f1217d0d32ee087d0bccd84,2024-02-14T17:05:16.533000 +CVE-2023-6969,1,1,bfdc1ef412d567cfd2f2577a3d0946ede66c8d51ddef8b469b5f3b07804b79d0,2024-03-13T16:15:09.703000 CVE-2023-6970,0,0,0f9239778a6c6425e613c8adeae37463c6bdd10b4d16dd22430636510b0bbc4a,2024-01-24T20:48:25.003000 CVE-2023-6971,0,0,bd92b4c1151003ed67c8a3a56085ce8d6d8a6a975925971af5779bd843d6694d,2023-12-29T06:21:25.760000 CVE-2023-6972,0,0,d124e0d81fb61de417e8f5fb0db438af2f3c62c432b584cb09149b6b29586725,2023-12-29T06:21:32.633000 @@ -237393,6 +237401,7 @@ CVE-2023-6998,0,0,7ec8e3aeb835c2df2ba7b5ff2a1ecfa2cc1cb25e89b11d6e99a0cc8f67bf0b CVE-2023-7002,0,0,2dc2580f71e015beddee7ae90d6990c6677577b66a04d62e43aaaf4d0ced9b0e,2023-12-29T06:21:43.197000 CVE-2023-7008,0,0,ad3b40ffe6c699bb7a49851c6e98199306f1a6097c053464db67f33f6ffec5c0,2024-01-27T03:15:07.933000 CVE-2023-7014,0,0,873dd0a51ae8f440703328d4c3435a1c07218aebd2ebb2d1a46bc2ca046b3736,2024-02-15T15:07:55.347000 +CVE-2023-7015,1,1,92b6b2fba8e678de991649ef80f137f9b841b98b4cdef52b05cfad4581026247,2024-03-13T16:15:09.900000 CVE-2023-7016,0,0,c356f20c01f7e26ea29197f72468ff216157ab97f3ab1ecaf5545cab15f28e0a,2024-02-27T14:19:41.650000 CVE-2023-7018,0,0,850c128e59f7ed6322bc5aab8413f5452c3723fa33c88002180d2fd190e940ce,2023-12-30T03:13:12.367000 CVE-2023-7019,0,0,9feff7331537d4d7db9f6a1201b2e8b258c33f74e22da94c40dcaebc5add2c26,2024-01-17T22:28:36.323000 @@ -237539,7 +237548,7 @@ CVE-2023-7188,0,0,852cd48c16fe0b4232c1cc1e9892899282c0d5a5fa43f1b8f320174637d432 CVE-2023-7189,0,0,58a77aeec688a533f21ed0a4a9d71eb0705fbd19c0515c4ff17f03cfd1fda1ea,2024-02-29T01:42:59.443000 CVE-2023-7190,0,0,525bdeccc55a9711a53be90441300e5c3c4140cb068f0b2822d05bced8bf600b,2024-02-29T01:42:59.540000 CVE-2023-7191,0,0,e88be4c11ad575ba542d73410e05ca9713d2c182f91e9bea29393daea35a5564,2024-02-29T01:42:59.630000 -CVE-2023-7192,0,0,181ee4a5a0b49288bd3f6e7466496f6f14d5b44e6f3b1c720d9f7bd54af045cc,2024-03-12T03:15:07.273000 +CVE-2023-7192,0,1,31cb4f2964d285c5642b818e442c491450b2d2f782a22b53435e6ee28d74a86f,2024-03-13T15:15:50.313000 CVE-2023-7193,0,0,a8537a9a993f65c4193859072543f394186e6722552129f1f6417c478374bc9d,2024-02-29T01:42:59.733000 CVE-2023-7194,0,0,c12012004827cd0bc34ce11f51f4d80b4388d10ba3ae2687522e188646b70ac8,2024-01-25T02:02:01.610000 CVE-2023-7198,0,0,5606627204fd1346b6fe26c836439a1783648ce0b7fc4e92446c427eb2e96f6a,2024-02-27T14:20:06.637000 @@ -237623,6 +237632,7 @@ CVE-2024-0069,0,0,fcda9c827a68481a563f617244a09b1d788f56c62c31734c572fbfe1a75ea7 CVE-2024-0070,0,0,f5edfa828dbd64ca40da0463d8d67355f807a2f6d8ea2e049578dd15434f1821,2023-11-28T00:15:07.183000 CVE-2024-0155,0,0,a75d6b44d8976b9f082fed092efd11db077fc0559b3b5c46ef337c5d8f761d3f,2024-03-04T13:58:23.447000 CVE-2024-0156,0,0,978a8cd7f1acaeac5930d83f177d0fbfbff728a7123e5197399066e9731cb1b4,2024-03-04T13:58:23.447000 +CVE-2024-0161,1,1,14266b0d3f26d2e86ffb1ba57f947989ac5365ff4b964c96760220bac8c2e552,2024-03-13T16:15:10.143000 CVE-2024-0164,0,0,87046aa57283fc0c507eeca0330549471a06e79290e6651b1979838d082fcc30,2024-02-15T16:55:31.620000 CVE-2024-0165,0,0,756d1cc2a62207543a71af36b0ed1435b13b7372dc06571e71175c76a81f4fe6,2024-02-15T16:55:25.687000 CVE-2024-0166,0,0,0811625d2870644f8360eef8a2c7e0f61b30171de4bcea041a7491a30a639f86,2024-02-15T16:55:20.360000 @@ -237759,6 +237769,7 @@ CVE-2024-0322,0,0,f003608f9da3ec1648c0e4f307050dc6ab4b6ca20256691e011ce03800284f CVE-2024-0323,0,0,f48e0992322b3c28e991a3ec21c4b44d65562b238bd5b3cc5c0b974f447ae3ce,2024-02-13T15:38:16.320000 CVE-2024-0324,0,0,e2fadca67c7baa89b005ec266da519e463257e78c6e5f4f4c456a560ae3dc7a8,2024-02-13T18:53:03.170000 CVE-2024-0325,0,0,f8c2cba1f1f0c331a488b75f13dbe50ab43d383eb139fa13e3114624f20a0b62,2024-02-09T19:48:49.967000 +CVE-2024-0326,1,1,4403165710731ca10cf155d773d28360fbbe8be9fcccbbbbefc3470d9e9d3b41,2024-03-13T16:15:10.410000 CVE-2024-0333,0,0,78afbb7eeda64eef1807e49052b7da2d0a6435f70b81c6cbf5d31bb9f61e73da,2024-01-18T19:39:16.620000 CVE-2024-0338,0,0,92ebcd39fdf784ffd65dac214cbee1488e55baa90d10e33cf90090e1ac97448b,2024-02-09T19:28:45.703000 CVE-2024-0340,0,0,9a8ba654f67676e86e1f05467157251dcb3a161f2f141df45cb7a58fee558581,2024-01-16T18:49:46.600000 @@ -237787,17 +237798,21 @@ CVE-2024-0362,0,0,b571901a8343e436a3b7fc3ec3e5af8a60cfc1205e907f5c474279f072e4b3 CVE-2024-0363,0,0,03fb45033c55740dc5dd048d569fe6383adea70e7e47ed2bc3caf5aa8271f608,2024-02-29T01:43:09.807000 CVE-2024-0364,0,0,0f7d659b92c9cb4be29d14c88171badeeafa3ce16c765169b8d89d198348561e,2024-02-29T01:43:09.900000 CVE-2024-0366,0,0,af4d10b442ad47433312fcf6d3b66f2427eab18d448eda39b91a6642c2d3ba01,2024-02-13T17:05:59.177000 +CVE-2024-0368,1,1,fda4e3a0eb5945113cf2698b9f2743c113cd4fd27483c603e4b2e4ac2442fae3,2024-03-13T16:15:10.623000 +CVE-2024-0369,1,1,78e25f54585d3dca60cfb0d53a0686162ef766f0cd3640a41f5a54d2714905a0,2024-03-13T16:15:10.837000 CVE-2024-0370,0,0,144df0ac103aa96914c6d9f8ced884dbbde3e04c0153525468c430357c5c06d8,2024-02-09T17:30:35.817000 CVE-2024-0371,0,0,a139f54c94137c24136debf0883dc7aee475cdb62b7738cadfed1bd027163549,2024-02-10T02:13:01.613000 CVE-2024-0372,0,0,18826f915f0bc09bfb51bafc2d8b83a2d53235dbbf608422fa68103f3cb8fe9d,2024-02-10T02:19:07.437000 CVE-2024-0373,0,0,e84d2ec214e6cf6d6530785b5a74d258c7c8442b5d909b69597e97fd4e61d68c,2024-02-10T02:20:26.317000 CVE-2024-0374,0,0,f37caf26fbd3e90b22e4e273dd9fd96488e9a00e4f132f831c14a53163be15a6,2024-02-10T02:27:25.150000 +CVE-2024-0377,1,1,81f30a65a1e4849b73e7032ff2fda6b2effad403b9c48ba7b14810e928d47148,2024-03-13T16:15:11.070000 CVE-2024-0378,0,0,2a7c0e8a2de2405637dec66fcc2bb4be6f1d9e9fa06edff4095a793c2c855a40,2024-03-04T13:58:23.447000 CVE-2024-0379,0,0,b7c07f84353d8cf76d2a45d4dd5ee621dc2b08fe7b240b330a4ed8a8adde7981,2024-02-29T13:49:29.390000 CVE-2024-0380,0,0,3f3894f5083e9ad8feafa10eee28775174e246729c7af4fbf8093c7f92398568,2024-02-07T23:31:49.193000 CVE-2024-0381,0,0,cc404e9ab60526f4cfd2cba8d7ea8cb6a7e1eef465808eab04f8e02e2e2ed4df,2024-01-24T20:48:35.827000 CVE-2024-0382,0,0,ab33ccbf2aeb6736aa9a498513aba9dba3b237c3d9fe3e776d686fd399098525,2024-02-07T23:32:02.143000 CVE-2024-0384,0,0,5eba97ede5e4794d92f0b763409403bdfcbde410a2df433510faaeddc85a4fb3,2024-02-07T23:32:14.717000 +CVE-2024-0385,1,1,a4039c59d03b00989a81b7a3d4f2ceab1704e4136f534b0ad78e3a51e78d366e,2024-03-13T16:15:11.293000 CVE-2024-0386,0,0,8d804ee9a3a51d016220166b449c94366950fc2260124c0222047bc30a6e9571,2024-03-13T12:33:51.697000 CVE-2024-0387,0,0,23bc6e3476c46e45c0f1cab9e646ec38242c781b5838e9b0de1712412e6d8882,2024-02-26T16:32:25.577000 CVE-2024-0389,0,0,72b9f5269adae6a8b489d96d3cadfcb14eda75cc21b32e2278bad2966709f2e2,2024-02-29T01:43:10.310000 @@ -237842,7 +237857,9 @@ CVE-2024-0440,0,0,8078b1cff3acad9f2713004449055332544c3c2b469a48b045f4c578226754 CVE-2024-0442,0,0,c80e23ed630fb3b1fa8ee9b165d0a05497b9e2c970bcbba2ff974a70ef1b76dc,2024-02-29T13:49:29.390000 CVE-2024-0443,0,0,20c6a1b4d75d03888e8779520f4450bb5123e5b9b5704f47d04b9ead34885fe6,2024-01-18T20:16:39.840000 CVE-2024-0446,0,0,177f0f6fa9da6f41d147a83b94c4a1a182c538433bae32bd44fabede9ad39c08,2024-03-01T05:15:08.440000 +CVE-2024-0447,1,1,0fe62c20640a49a6a6a030416d123a1ca57bc1032d98d61972cd57821105f5e3,2024-03-13T16:15:11.483000 CVE-2024-0448,0,0,34d135a6c32b742f6287060adde7fa7a1eec7917b9f747a74526de46b9fe8477,2024-02-13T18:33:30.020000 +CVE-2024-0449,1,1,2447739d293cd15557268b8c3f623f204dbb766e6e81d6c1e673c967f6ddff48,2024-03-13T16:15:11.707000 CVE-2024-0454,0,0,810f9e73f945a577a0ff7132f31c0f57509a3b365a63653925f66b4427090389,2024-01-22T16:10:47.897000 CVE-2024-0455,0,0,ad0560da6bb8e515170fb5f5abe4324ffa964b23a03e1a8f57d4bad150093bdc,2024-02-26T16:32:25.577000 CVE-2024-0456,0,0,b7149a60bcad100dc614ada7456561f1d7527e1b845005213074d4fe4b957d52,2024-01-31T20:12:00.077000 @@ -237973,6 +237990,8 @@ CVE-2024-0586,0,0,1da6c9cc73a40c340fe22aaa76f93ff10ee25c955238e3456b7a453a0c4fb8 CVE-2024-0587,0,0,cfa091110ac70477c0692ee9c8862c7e798daf43a8e5d4a58640e068c5ddce5f,2024-01-30T02:04:15.073000 CVE-2024-0589,0,0,609b73335080a50660d01dda7e7f80e47997482ead80737f0ecff98f5492292f,2024-02-03T00:19:14.737000 CVE-2024-0590,0,0,6be9d21bd3ef8c9da138d5bfa1fcf6e7d25e7054ebe3c18e0908a5447bb203f4,2024-02-29T13:49:29.390000 +CVE-2024-0591,1,1,15f9b0b36588444d3b6a92bac0709f9d6fce5c82927d2b4cf9772f7f326881c0,2024-03-13T16:15:11.917000 +CVE-2024-0592,1,1,fd61d04e9d82cac80fa865fc5271eae599d1a0b218ee26cd52a58b412dfa2676,2024-03-13T16:15:12.147000 CVE-2024-0593,0,0,89e7bfb235791aea777eb080b5993143b44f503194888c19b9c73b88eae869f6,2024-02-22T19:07:27.197000 CVE-2024-0594,0,0,60077e504dbbc890300ba3e96330ae555ec39c3816d3dd082cc5d28cf0cd6393,2024-02-15T18:40:20.453000 CVE-2024-0595,0,0,af15af2ea25dae8e87d2cb0077ff60ffffba24a68e71adf6bfae2d8b34b81c14,2024-02-16T21:34:39.327000 @@ -237989,6 +238008,7 @@ CVE-2024-0607,0,0,9beeb746cd98632c4d39e34813bf71362cde5e3bcbf8ce825270638a5c729f CVE-2024-0610,0,0,96d45759cb80d01da210013921cb551bcc13d13875b46a62058200811ceeb121,2024-02-20T19:50:53.960000 CVE-2024-0611,0,0,e8d5c678d8e0f2db584aea799e3abc2415a5009a5b474e92a3afa5e51bb61896,2024-03-04T13:58:23.447000 CVE-2024-0612,0,0,f45ae51b8f6c5210151793a0b2eefcd60eef7a03143c6abc9ca13bbd8c1be4e3,2024-02-13T15:26:17.997000 +CVE-2024-0614,1,1,3b49b54d6c22ffa2636cb1cd536bf45d88450612bdfd5c54f36c7c6cae1ac77a,2024-03-13T16:15:12.357000 CVE-2024-0616,0,0,5a1b2adbdd0dc62dcc44e528769c170a2aba236bf5fd26d1feae80111302d5bc,2024-02-29T13:49:29.390000 CVE-2024-0617,0,0,2b29c9dcb902adb6d7fa2a7239592f59172aa71b48eb580467357783ec488280,2024-02-02T05:07:58.277000 CVE-2024-0618,0,0,d2f3e36418148fff4d6561d37ee90895c751d19c805420890718b517a62e3679,2024-02-01T04:15:46.393000 @@ -238000,12 +238020,13 @@ CVE-2024-0624,0,0,193a94c59e6aef2611f3b709bfcfdfe730e53076589746822f137984322f4a CVE-2024-0625,0,0,e6db3236f3f3d4946f9c7470ea75c8f4fd101b44f963c82c90bc3a0f21b31db9,2024-02-02T05:08:07.047000 CVE-2024-0628,0,0,6929f2a7a44b9bc6b3b457ec8d478ddb1d9368f01ad7383ad0399a751f886828,2024-02-13T19:18:46.020000 CVE-2024-0630,0,0,49e9d42e1e8004a90a8d62b54ea8a5d5f6ebecab9fac26e6e82dc914d2e02636,2024-02-13T15:42:35.563000 +CVE-2024-0631,1,1,090b2faea01355a042077680563a2b64108cf136e1bf140b34f281065b283f8a,2024-03-13T16:15:12.573000 CVE-2024-0639,0,0,70e6108a4833d98566f9bceea8a86b5fbfb00264d1679279f76ea7c5de48b4aa,2024-02-14T13:15:08.107000 CVE-2024-0641,0,0,a011c2128d997633c3943566b2966020fb742742c755347ad42b0febd95e3094,2024-02-14T13:15:08.363000 CVE-2024-0642,0,0,a90bcf6571ee802087327f525ede816b704f8421563c66e3216693601bbf1072,2024-01-24T19:29:41.893000 CVE-2024-0643,0,0,aa848a8e1b8cfe92b510534ff6e1f903f998e7f6bc6404cff677acb1bb355f8f,2024-01-24T19:27:40.553000 CVE-2024-0645,0,0,e3ff0667dc75a2979d99db4153cc7d61b0ceb0c517f4cea54262eeab768eb5f4,2024-01-24T19:24:06.717000 -CVE-2024-0646,0,0,f2a78614a32819d4cbc20fc1d4755689f2378ca167d665ff617b66a50666d959,2024-03-12T21:15:57.700000 +CVE-2024-0646,0,1,a1ca47ab9f4761b7236f4a9b227507af07f7e13962ba5a859982b5128ea6fe7f,2024-03-13T15:15:50.503000 CVE-2024-0647,0,0,0332e6d59eefdc64eb05b07e4fa46b058d042ccaea99c8f45f753fe35b015cbb,2024-02-29T01:43:23.930000 CVE-2024-0648,0,0,a4f5a25e8c9710190b25da008c97da5d141e1a6619a4b29f822c0647da977a03,2024-02-29T01:43:24.013000 CVE-2024-0649,0,0,1ed5652bc1679829cc2258e6f05d507deca75bc30838839b4d286f0055698888,2024-02-29T01:43:24.097000 @@ -238032,10 +238053,13 @@ CVE-2024-0676,0,0,8035a70d9b2fb746a1bd04ffd363a65316fee85917c37a6970742638f1f218 CVE-2024-0678,0,0,d4513764182925a7beff3dca613d5ae43b7369b91ed7260364178958e575f636,2024-02-13T16:36:49.713000 CVE-2024-0679,0,0,8a49001025167b3e9f55342bea2e1267eccb9c6e5c97a643ba434b70dbbc9a02,2024-01-26T18:30:55.493000 CVE-2024-0680,0,0,c61f66a499a19a2354582f6bc4b4298f3b023aac1cf519d4a7427982c7cc9f60,2024-02-28T14:06:45.783000 +CVE-2024-0681,1,1,20fe24a5fc5a78321e05bf8f8ab7fd327090dcda9f0daaa1380e770185873ab3,2024-03-13T16:15:12.767000 CVE-2024-0682,0,0,dec194c074212349de810f32e16200760416bf8555695ce78aaf8cb3eeaa1bf0,2024-02-28T14:06:45.783000 +CVE-2024-0683,1,1,c6b5616d66e8ee7b4edfdb2ab5d9d8298bdcf93f4f918ff19b9b7d32f16964ba,2024-03-13T16:15:12.973000 CVE-2024-0684,0,0,f76f8126bdb106c7088a2ae4bdf8a78dccb85885d5e8a9c1b908cf0c9d13ddd0,2024-02-14T00:26:13.380000 CVE-2024-0685,0,0,d297ea0416496a62ae34956e9600d6bd4852ecbb283238e9dd2afb3133f71ebf,2024-02-12T22:15:07.950000 CVE-2024-0686,0,0,e2395a9a6bfad8e6b532409ed23be32a655dbdc8b37702eb0b5a7e38bca81617,2024-03-04T15:15:07.050000 +CVE-2024-0687,1,1,7ff3390e4e154c2a8ae2806ff135b91c3d5f49048020cc80df5fbaf9eecb1561,2024-03-13T16:15:13.203000 CVE-2024-0688,0,0,7eaac9a2de6d69f1cb58283e226002ce225f7b8e6f1ac3cc910e6b5444d44cb9,2024-01-31T19:13:36.847000 CVE-2024-0689,0,0,e8abaf15fa27af1a073f8481684fcf15ab2bfb4f51f069638047ee794872f44b,2024-02-29T13:49:29.390000 CVE-2024-0690,0,0,80ac030be9ffc0302906dc3683fab299503a42ed4c0ed35d8305d2e3d91490b8,2024-02-14T00:27:00.660000 @@ -238048,6 +238072,7 @@ CVE-2024-0696,0,0,c382f01b13e5814082b4bf74b25552d149bc780e80a2550967219012a51a3b CVE-2024-0697,0,0,aada5e17547d9f7ef92de4ba1cebacbfecad7932ee90d59810e376a9a8c3c3d4,2024-02-01T04:15:27.597000 CVE-2024-0698,0,0,26fd89750031284e5ee69f171e162b68f1e7e6f84557f348817ad2839884dd19,2024-03-05T13:41:01.900000 CVE-2024-0699,0,0,ff5003e8eac9fcb8347ca09cbd26a22bab57836a1e60f2966e1c563e707d8f11,2024-02-13T16:54:27.823000 +CVE-2024-0700,1,1,0213ae14c59edcbd6bb6cc5d6cd51e70553ee16e4c9f04994ce5dbfb728ad249,2024-03-13T16:15:13.403000 CVE-2024-0701,0,0,871fe15702cfdaedc6f6c0195193614f55781419fe9ad96b244dbf0c8a074bdb,2024-02-13T17:03:49.577000 CVE-2024-0702,0,0,7566fb691d85bab6ccda9d662d05ffb105227a4d0e56df57827f3abb896bb493,2024-02-29T13:49:29.390000 CVE-2024-0703,0,0,adfabd4933df003a745ee91c4878e4eb0243a5c5991f4dffba9d94e4c1691954,2024-01-29T22:42:17.067000 @@ -238149,6 +238174,10 @@ CVE-2024-0822,0,0,f0d03b223c25850830b62db3595d4728a822efa091e187df2417c03c793bd8 CVE-2024-0823,0,0,a63a05b2a58b2f56e53480af56c377c69cf08327cb1f1db6940a24172c959e48,2024-02-13T19:40:20.973000 CVE-2024-0824,0,0,ee54bc5a89bdd6db6ee84c2f2693d0df2457876a968075ae1f91006433bf9238,2024-02-01T04:15:36.430000 CVE-2024-0825,0,0,ad200bd4399a3e0a50525149c4729e522a544cb97f56dae341e24ea594a7c473,2024-03-05T13:41:01.900000 +CVE-2024-0827,1,1,ce349adf4d7567423342ddbadc7c8362003d040c1ed15a40673a06d72a9e746f,2024-03-13T16:15:13.610000 +CVE-2024-0828,1,1,ffe024bd21fb909f67464fbf7f5eb2ffe6776186ff373009fe611fca9385ae74,2024-03-13T16:15:13.833000 +CVE-2024-0829,1,1,fe9050c575964960e67333d651fd14b44872cd72fb6e61645f3d3925e4441686,2024-03-13T16:15:14.067000 +CVE-2024-0830,1,1,7fad8a390c0d9322196a702d82ea8371ecb4bfb87117abc0255c1f645fa79b96,2024-03-13T16:15:14.307000 CVE-2024-0831,0,0,74eee4c1b750531e6edbe503be264fb8b9342194dc51e7ad8d79663f59d5b2f5,2024-02-23T16:15:46.980000 CVE-2024-0832,0,0,c97681654ea7ad9d0e75a249cadd356127f334a771f47f87062b72dcc5fdbee1,2024-02-09T17:12:45.853000 CVE-2024-0833,0,0,21953ac29db39d3d431da9485fbf71a7c90e1dfabb2c43474a943cc1e83c08be,2024-02-09T17:05:04.153000 @@ -238156,6 +238185,7 @@ CVE-2024-0834,0,0,1de570e1c62c91b37fa6b13cc658cb8ee11766494d05fd85797c80b0207469 CVE-2024-0835,0,0,c934ec5d7606ad5f900960d7dbb96ab8e607e2ef98294fd841cf5c33d2f7e156,2024-02-13T19:40:01.267000 CVE-2024-0836,0,0,cff9cee5658e1a082735d66c71633ef3211ac4a498b2c18e84528c62a9215e33,2024-02-05T20:47:03.430000 CVE-2024-0838,0,0,750cfef1dcd91eae11f8b5a6a61cd6539548c5bc40a3555ae9b953739ebeebae,2024-02-29T13:49:29.390000 +CVE-2024-0839,1,1,0da00f0b0b373d42440c8aaad38dd524c724e4e5af0f03ddcf5ce09052c4f528,2024-03-13T16:15:14.537000 CVE-2024-0841,0,0,00c1a87332bcc448f20d823e8d7d15c699f2b88301134bf45ff680384c84d247,2024-02-02T15:38:25.947000 CVE-2024-0842,0,0,2d4febcc0a5bd3f6b5f6eeeb222e1bdadfd7499df5c95fd0f9cc7e2a10a87dbd,2024-02-15T19:11:14.253000 CVE-2024-0844,0,0,9b0ede7ee0379ed34aa516e6f2cba464e96d05ae45278d47c03f7b0b4baaf7d5,2024-02-08T16:15:39.903000 @@ -238167,6 +238197,7 @@ CVE-2024-0859,0,0,ebdbbfb62fdac702a888e13ac2f08cf009b152778d43282d960af2d2fbc4e2 CVE-2024-0861,0,0,896e71725cbfb614341352655e0b66e7def84c2617b58556401d4278cc8b74b9,2024-03-04T20:26:41.663000 CVE-2024-0864,0,0,17024975930493e251806bb80b57b820a57bfd49c0ac48954296f7125d5de83a,2024-02-29T13:49:29.390000 CVE-2024-0869,0,0,39eb12d4def5ace38cccd71318a17cc1945f05a59b2d0897303b6745b871b84d,2024-02-13T19:45:09.783000 +CVE-2024-0871,1,1,264fb85332705bea68e6fccb77e6a69d9f31709dbbda21a6e6094a9a32fc7d73,2024-03-13T16:15:14.750000 CVE-2024-0879,0,0,71dbf86688bbf3d39fdd16f3840204e31946256b985438bb8d263e8d387364ad,2024-01-31T19:16:07.630000 CVE-2024-0880,0,0,c0d34b87498449cd5347eddb2b0884a4cbb68738ea4dbe7ec78d5493358a5d02,2024-02-29T01:43:29.880000 CVE-2024-0882,0,0,c47430e882e6495885aec337e89c3eb7dfb0353d0237fb3b6203bc9d4d7b7c71,2024-02-29T01:43:29.970000 @@ -238180,6 +238211,9 @@ CVE-2024-0889,0,0,754107c48946486e8bcf79a644d606332971da4d0fe90a02b6d28a3907972b CVE-2024-0890,0,0,3a3072b4d451948808953d391383a5041718bc72266918b3affecc497bdb9c9a,2024-02-29T01:43:30.693000 CVE-2024-0891,0,0,d0c9b641288f0b6ee0bb29d4b0ac72ec2790b4534088061de25ec18ee5361a6c,2024-02-29T01:43:30.777000 CVE-2024-0895,0,0,6a76c7f2f120789a65253031d7521e1f62411bd227b5e6c7a4bb77914289251e,2024-02-12T17:03:38.533000 +CVE-2024-0896,1,1,60a98fe76e219a7be10c509720cf1561202de51de7686e25aa1bbf91b6be488f,2024-03-13T16:15:14.943000 +CVE-2024-0897,1,1,527b9b8155df3047002f139c13e3a247a603aa405d3aa0f72a3984676a3dae3b,2024-03-13T16:15:15.343000 +CVE-2024-0898,1,1,0f3247ed08c2053e6dba0d4465127583af77cca270093e94a38d490668674d70,2024-03-13T16:15:15.593000 CVE-2024-0903,0,0,4e5a944405938a6def0adf008001af709d311e38e0572265081d65abf85ff9fb,2024-02-22T19:07:27.197000 CVE-2024-0906,0,0,2cb73c39a2e6fe8ef5222442ed25db55924374576f26540dbc47cb2f830bdc5d,2024-03-12T12:40:13.500000 CVE-2024-0907,0,0,701cea52331df058a887458bc81b02e5da4430df695e176c30a1053289070946,2024-02-29T13:49:29.390000 @@ -238231,6 +238265,7 @@ CVE-2024-0968,0,0,405cac9259ff18223780d28df261a7e718bd8e406dfcf4dfd9be17bdabf389 CVE-2024-0969,0,0,b70a3e678841d5c3e905a1a4d78ee61bc51fd818aa668b1889827f06c393559b,2024-02-13T19:44:42.503000 CVE-2024-0971,0,0,10711fc5fd019982dab0af4d04cad68f7d925a8d90883facb336aae2462a64e3,2024-03-04T22:58:00.967000 CVE-2024-0975,0,0,91c0791baf9b48c9c245a77636f61287ad592fe47de1863701c5fe6e61c0d6cd,2024-02-28T14:06:45.783000 +CVE-2024-0976,1,1,2cc1e683a03419bf8609791b66407882e4f216095985d9016b7dd758847371ec,2024-03-13T16:15:15.827000 CVE-2024-0977,0,0,265a9a088dbf9179612f3eba4d6866f7160bf19014cca832dc6a54c521c233b7,2024-02-14T18:46:52.707000 CVE-2024-0978,0,0,bd9486fab4a038f4e847f9788adcccd45ac34e1994eb8b3f3f5dba77cc4513b0,2024-02-29T13:49:29.390000 CVE-2024-0983,0,0,bb1cce9780d9afeb412811ada7cb9acefd8863ec35c930bdc009e174d02d368f,2024-02-29T13:49:29.390000 @@ -238285,6 +238320,7 @@ CVE-2024-1034,0,0,a6b1cb9f72d10ba0a7082464713fd68bb6095a20d9a97e083a607d05935f5c CVE-2024-1035,0,0,af300fd17cc128673b93d59ab1acd1f4ecd2a5621cce5dfa16f4e382d5968749,2024-02-29T01:43:38.137000 CVE-2024-1036,0,0,9cc7ff4b64b9a2081e828e672f1a5d24950520b000ac0c5e03f1bbae1070467c,2024-02-29T01:43:38.253000 CVE-2024-1037,0,0,56c2bf173cbe35f7be1fd85a7f9349da5a53d5f062ad199ec4c7889ed66fa316,2024-02-14T19:09:45.253000 +CVE-2024-1038,1,1,2e7891a2454693e4310999273c30701695922716dc78b417ff25d776c23a64ef,2024-03-13T16:15:16.050000 CVE-2024-1039,0,0,fcf0861bef489b5eff5c054a39bb477e60662674e08063be1298e11081d962dd,2024-02-07T14:09:47.017000 CVE-2024-1040,0,0,4a229b12b9bec4f157eabcd482ba70b3993780f28c426bbbec4dc92dbb534a56,2024-02-07T17:11:40.623000 CVE-2024-1043,0,0,82eb9da32724920430d6fd3b3ecc6517ba8400ed5f6318a5095034474cc2fa78,2024-02-29T13:49:29.390000 @@ -238307,14 +238343,18 @@ CVE-2024-1066,0,0,dee5d81e7a0b9b9fb8a137a3449558003e1ae30b794977ba6cb78edfb4b822 CVE-2024-1068,0,0,8c5c1a5e6b7a7fd62eb78fa52cdb81800fcee20641b14e12d58139523edf1aed,2024-03-12T12:40:13.500000 CVE-2024-1069,0,0,0ebc319d571e78332ab4eff9b8d2044317e8f13e0a6fe2abded578b1be7998e0,2024-02-06T20:11:52.587000 CVE-2024-1070,0,0,0fe9fc048ecfd5e5b18e56b806bd86c817a733e0960c330bc7eea079d9a31fba,2024-02-29T13:49:29.390000 +CVE-2024-1071,1,1,379ae080f457c7d5ee4733b8ef72cd30d5a938844ffeedba64ee28b5907fef58,2024-03-13T16:15:16.293000 CVE-2024-1072,0,0,32fe471ba00a9e765c56a143079ee3e98644ebc38ce83029c2cc4a8bc2496463,2024-02-13T19:44:28.620000 CVE-2024-1073,0,0,adaf97fc5155b3c580417fc4779c1ce9fb6459b581a763739c6822c5178eb839,2024-02-07T20:56:30.313000 +CVE-2024-1074,1,1,92939bc1ad79dfee393f150afd52366ff0052688b5e7dbd3af842c46cf3b2eb2,2024-03-13T16:15:16.503000 CVE-2024-1075,0,0,1a2b469e57d35fd84b679f6fccb1281a6feade2a72464af7e7a4de99488a9956,2024-02-13T19:43:13.480000 CVE-2024-1077,0,0,e9f68f289e9abed92d15ff856c2fcc321bbcef63d9600b92166ab0eb9a1d34f2,2024-02-05T20:49:00.927000 CVE-2024-1078,0,0,6c9dee916fa3df09a1f7e03c1b0577e56d8c16195545070c4376ae3f631ca16e,2024-02-14T18:39:51.437000 CVE-2024-1079,0,0,6ac7286a778516cf89549df1a9d53e18b60d41d010ca37479fb08260829225dd,2024-02-14T19:33:09.977000 +CVE-2024-1080,1,1,663279f28804607249eab8afc95097af3b1acce396048145ee53d740e6b1edc5,2024-03-13T16:15:16.717000 CVE-2024-1081,0,0,625817d78b53bf8851104b61406bece91ee0fb6735836a147845b9d876d430e0,2024-02-22T19:07:27.197000 CVE-2024-1082,0,0,ae3ce9e9137f48bb8ed6e73705e5e3d60bc52b901f04050c52fd85d44a002695,2024-02-13T19:45:42.327000 +CVE-2024-1083,1,1,ef29b073683fc6284b00f97f8d97e8f503677a6755ca21bd71ecfd0177c53f71,2024-03-13T16:15:16.940000 CVE-2024-1084,0,0,51b7424ad38af0869b092fa36e3eaa18924349738a3af48c112cd79935a58280,2024-02-13T19:45:42.327000 CVE-2024-1085,0,0,649a4a278db01305790c1d25d5fb8d26a8b328f3c410af99f7747f493230845c,2024-02-05T20:41:40.513000 CVE-2024-1086,0,0,76364c1a0561e24ba662e70d690c606d4d289022065a8987b7a128b2d8eec769,2024-02-06T02:15:08.303000 @@ -238349,6 +238389,8 @@ CVE-2024-1122,0,0,e3c7c1ad4304e630c1635693614bd197bceba74362044ae36b2d3b19524aad CVE-2024-1123,0,0,23d765cd8b91b92a239fcd568f1c466ac5436cb638631106d5be2933a35aafe3,2024-03-11T01:32:39.697000 CVE-2024-1124,0,0,0893875b91d8196c656aa4b04876270ba1207ee825f17df87dfb20a840c0c826,2024-03-11T01:32:39.697000 CVE-2024-1125,0,0,9fb4c517dd376986087320b94f37c5184bcfd1a9f0cd59bf56d838884388e1ca,2024-03-11T01:32:39.697000 +CVE-2024-1126,1,1,5520150cc7f904afa6525597a8f7193a15e6b0e94c8bb8f71fbc70eb5141d45d,2024-03-13T16:15:17.267000 +CVE-2024-1127,1,1,8f274637db2d5153a91a8220c7eecdbbbd0c6de5893280b1fc6fbd661566ecf7,2024-03-13T16:15:17.507000 CVE-2024-1128,0,0,23e0a7ac2eb24205bc0e57b1035d2ffc364cb8e77360b281fd3875c8acaa6717,2024-02-29T13:49:29.390000 CVE-2024-1129,0,0,9e26e4f963c1529e8b107dd7310b33bd78874e7f902263578d3990ceccc8167b,2024-02-29T13:49:29.390000 CVE-2024-1130,0,0,66f1630830ed1d095eb852a3f063099a0dc3b2263f9c4f8743191411b15cbd61,2024-02-29T13:49:29.390000 @@ -238365,6 +238407,7 @@ CVE-2024-1151,0,0,9228ed7d5915ff157a1f719259771d692c1e75b64670d2aac60410feae41cc CVE-2024-1155,0,0,1167d19953a3a32cabeabf9e14e690d378726db690ec76aa5ecee1a1399ef6af,2024-02-20T19:50:53.960000 CVE-2024-1156,0,0,e8ca40ae57a5245e56589626eb336461a47ac1d828ff8a54b8ef99dd841f1a69,2024-02-20T19:50:53.960000 CVE-2024-1157,0,0,c47361e1397b03eed535508c9ec506a27255415c46de202eb894db1bcf5cb3c7,2024-02-13T14:01:00.987000 +CVE-2024-1158,1,1,797755613585d4a2def75fa22a0a900b14116db0aa411cf2b16bd06f447db97f,2024-03-13T16:15:17.740000 CVE-2024-1159,0,0,d0250faef462038e0120055a7c1a6779f3d892d3b8c2c1aaf5ccce9550779728,2024-02-13T14:01:00.987000 CVE-2024-1160,0,0,c82942832f2bf6c3ff41a88402b9dca5a934aaf9eae2920b01f254b593b20d40,2024-02-13T14:01:00.987000 CVE-2024-1162,0,0,5f2954147a2ad0bfda8f51ea41ff0a374d1e4a1c83a2e06e1e47465f3c5f70b8,2024-02-08T14:22:37.180000 @@ -238376,6 +238419,7 @@ CVE-2024-1170,0,0,28e007eb08de072a55649f29bf7589c2796d871c448b8356619ac1f85922e3 CVE-2024-1171,0,0,f25e3d7f5d436466d222c049dd44d9d9c4de9cd4b8c724517b1d0f8ba6e530a5,2024-02-29T13:49:29.390000 CVE-2024-1172,0,0,73235f5d82028834804fb952e111ae59428c0a6eab9702540e471d262b39348e,2024-02-29T13:49:29.390000 CVE-2024-1174,0,0,555bf74716377de48f0b0503bce3291ee24504d70fbc5a562c00808b9867b224,2024-03-01T22:22:25.913000 +CVE-2024-1176,1,1,f4b55bb05acf4a66d116a7257ca0ce33c3fc6a27a7d371d47ac1a80ea8647817,2024-03-13T16:15:17.933000 CVE-2024-1177,0,0,2975630ef7f8a77b7876a87ad1120fd917ca4ca2d762e9d0ae54267a750cb012,2024-02-13T14:06:04.817000 CVE-2024-1178,0,0,2956184307d83e7ee9b0f4a4e78f3d9e7b6aa234978af8029ac9021a0be5d94e,2024-03-05T13:41:01.900000 CVE-2024-1184,0,0,6dd85e7811347053a6990f820920a1de8f81463205716e3d2eca1c137f90aa5d,2024-02-29T01:43:41.907000 @@ -238396,6 +238440,7 @@ CVE-2024-1198,0,0,271f04d78cfeb82d66b8f493c977ad6adb60ac6da18a2acb3b1812219f7155 CVE-2024-1199,0,0,c645d1d18a01724ceac9e0380f091c2090c1bb451259acbbc2342b9d99e1d00f,2024-02-29T01:43:43.497000 CVE-2024-1200,0,0,62e1a43ab05696536830ca7d4d7dca2a939e817193bb12fedf0d4b8a4282be5f,2024-02-29T01:43:43.583000 CVE-2024-1201,0,0,ff74f12e6106529eaffb9117e70c6f3a10b2b8f55039a19edec6d706d4090510,2024-02-09T19:27:29.517000 +CVE-2024-1203,1,1,0a284c9f766efa6e52b29e48209b363f2f7b350d25877cc1a9e0e47d77cca812,2024-03-13T16:15:18.150000 CVE-2024-1206,0,0,66f71d0178ca943b1ad3a63588ccb790c3ad8cdeb703570cb8cafd39f7bfa26b,2024-02-29T13:49:29.390000 CVE-2024-1207,0,0,f1e39aa9f4fae080615ceb22c991bb5ab1be6b272e49830e77e13729606230d5,2024-02-15T02:05:42.313000 CVE-2024-1208,0,0,7e0109a09c5ba1d6e6a9f64f9c7aecb2b417af4e8a24fc45a7c7da25d8b985ff,2024-02-13T14:06:24.090000 @@ -238411,8 +238456,10 @@ CVE-2024-1224,0,0,f5377a59802b4c28898eed36128680d24ab17fb508c502610abb50cb4d44c2 CVE-2024-1225,0,0,48e8aaacf87c1f1ce817a462226bd45c66b45e1434a262109b41e4c91072a987,2024-02-29T01:43:44.277000 CVE-2024-1226,0,0,866d071ad8625704064a7fde58b7b8a2a90c5873a4eb7f372776142f1a28cf32,2024-03-12T16:02:33.900000 CVE-2024-1227,0,0,64f5d4ef0a213262037d71235b7e71294b2ff46719cfe02f58025fc218002443,2024-03-12T16:02:33.900000 +CVE-2024-1234,1,1,0cf90c613977e0dc426e496eebdcc7463238307d957e233e836c09ce14c5fb5d,2024-03-13T16:15:18.390000 CVE-2024-1235,0,0,bd3111aea128fd790d8e4dcd61b3806ac7cc01e876f9c218beaf77957a9d5d7b,2024-02-29T13:49:29.390000 CVE-2024-1236,0,0,7018028a282921e4202e93cd9b915a62e29eb4b99c0b29d7f7e92ea4f0c33ed4,2024-02-29T13:49:29.390000 +CVE-2024-1237,1,1,7f6291b3f7fe41650a843ee4989ec9be6533ba2607f14d3f46adf5b5a4e9fd64,2024-03-13T16:15:18.617000 CVE-2024-1242,0,0,c3a9f0d7d2241d4a94482083093c45d7f3e32a35dbbd90f86c5401bdd23fe57e,2024-02-29T13:49:29.390000 CVE-2024-1245,0,0,2e59378dab8a209b430a7bdf5dfa1ad37455bcba638f93f331bd6727be23a3f7,2024-02-15T04:44:27.987000 CVE-2024-1246,0,0,668589ae819ff5835ff63858d61771ccdb54522dbf26239874e373ac001fe82c,2024-02-15T04:44:35.470000 @@ -238447,7 +238494,10 @@ CVE-2024-1284,0,0,a542ed7ad2fc69d5fc164ea1e42af4493449dbb177723d14d8b566e1164717 CVE-2024-1285,0,0,28973f93f478182e90f48ce4a0ab09f79299ff357ec1bba187e439c23a074432,2024-03-05T13:41:01.900000 CVE-2024-1288,0,0,e4429f5c87e8d5c2c8ae36fb4d938db187d89d635ebd489625ff72646c839fc3,2024-02-29T13:49:29.390000 CVE-2024-1290,0,0,4f8878c45d861938550b0a7e302552a7984ffeb7dd902631117e51f430d22d39,2024-03-12T12:40:13.500000 +CVE-2024-1291,1,1,52b32d135bccff9ebadccb1af38d820d6cfe93119e9391ae94491af8cfe816a9,2024-03-13T16:15:18.807000 +CVE-2024-1293,1,1,e45f182430486f3cb699da285d79f47270637450ea2b21caf3c2fbf1d1623007,2024-03-13T16:15:19.043000 CVE-2024-1294,0,0,9641429abe5a940a43824ce0a1ebfc70cc6e8bb9d03222022ce919558da2baa7,2024-02-29T13:49:29.390000 +CVE-2024-1296,1,1,96689bfe1279e8f0065d01e942bac1324d9ad2c25d548192e3998227f4495199,2024-03-13T16:15:19.257000 CVE-2024-1297,0,0,1fc219bb038ab422185a999365115aff94759fe3e5ff94e3dc4180f1d6bc82d0,2024-02-20T19:50:53.960000 CVE-2024-1299,0,0,952d3e1978bc9a123968ee45cc4c039cf2f6a96c36b8ac699d5424c827f802f2,2024-03-07T13:52:27.110000 CVE-2024-1301,0,0,ad76e593d116a58eeaf318bfd22383ec748ba7dfe41e7fb39acf2b71f8bc8595,2024-03-12T17:46:17.273000 @@ -238455,12 +238505,14 @@ CVE-2024-1302,0,0,0d92f40493f04fb89736b5d4813cc04155db2e6292914bd81a508f53301b17 CVE-2024-1303,0,0,2c083eedd4995023cbd1b7a6bdebb4abb78e7f89b28ee91bf701625b1108f30f,2024-03-12T17:46:17.273000 CVE-2024-1304,0,0,23d5e2bb07c854af4ae93b68007adeaedc627b6e96a90278cd036489c699420d,2024-03-12T17:46:17.273000 CVE-2024-1309,0,0,acfb53c6d447a6b86b3bdf24622423c45f297a6d44de7497c3ae2ae97c7f87f6,2024-02-13T15:16:05.223000 +CVE-2024-1311,1,1,31bba5cf7085e34dba2f8e22890c087d8c761725cde4c45950f3ae1f1de309fb,2024-03-13T16:15:19.450000 CVE-2024-1312,0,0,663659c34940a4e82708fc60c7161257042c7f9bd582badd425cca624f8b6adc,2024-02-15T05:03:16.077000 CVE-2024-1316,0,0,71137ee023059efde9ea6dfce3b572409e6580b9426330a66bdb1f551ebc3e20,2024-03-05T13:41:01.900000 CVE-2024-1317,0,0,677d2e22c876d1f8a2362f14eec614350ca5518b287bd87de6939bf8afc48e88,2024-02-29T13:49:29.390000 CVE-2024-1318,0,0,422c230b919b2aed39d902af5834079d78461435b9de398b39e0ef988ed8aaa2,2024-02-29T13:49:29.390000 CVE-2024-1319,0,0,4e669b4210ff650707325897da6b55c2caa5cb41a85cef69c41685513463c6d1,2024-03-05T13:41:01.900000 CVE-2024-1320,0,0,1287a1050641822197591216327ed52e90e5584b31c11cf080b7c8075dfd9ddc,2024-03-11T01:32:39.697000 +CVE-2024-1321,1,1,f293f573495af2a3aec2b484f66e38b9162d808c861da4dc284db8644892c8e7,2024-03-13T16:15:19.663000 CVE-2024-1322,0,0,55eb557d746bd5b316565e48cf52968ab1ba8b0aa245d5ad47a485b7878e6771,2024-02-29T13:49:29.390000 CVE-2024-1323,0,0,f857e29b0540aed96943a25b1179a5166e6aff501672f2c505f52ee84f4e77cb,2024-02-27T14:20:06.637000 CVE-2024-1328,0,0,170c1f134b7c1cc323cdf2a8e98021369f31203dcfb3a0aeb70d869d5dfa5df5,2024-03-12T12:40:13.500000 @@ -238484,24 +238536,33 @@ CVE-2024-1353,0,0,853663be0a3764d75bc90d77c3fa1fa06bab948d2070b8859d35c2dce2f75d CVE-2024-1354,0,0,7e9a958865e30c89765260c45d4ae133e4c586a23883dff6b33b804192a001d2,2024-03-05T20:22:24.573000 CVE-2024-1355,0,0,dd36a54ac939524c987827d5cb09797409e1063b770f9d9a2dc86b1a7287f5d9,2024-03-05T20:22:38.100000 CVE-2024-1356,0,0,006a2f6dfff4352ae3ba24ba5214951c5372a0a8f840d4bddd3e210bc6737588,2024-03-06T15:18:08.093000 +CVE-2024-1358,1,1,aa448ff750228cbe6cb882cbfb1016a4599685c6a5a3bbecb6899368d16befa6,2024-03-13T16:15:19.870000 CVE-2024-1359,0,0,709fa5d5f426354abf236525051c41916ab3da3c1737b61ccd8944f2befceb44,2024-03-05T20:22:49.650000 CVE-2024-1360,0,0,c38d2c5ac11d100cefb5af1387d1e4e25b28335fbaa6d0c6e411837b2ffbcd64,2024-02-23T16:14:43.447000 CVE-2024-1361,0,0,93d6142e634961db79d5b23a80f1f61ba806dc890c3dd55d9eac3f4c0577b093,2024-02-23T16:14:43.447000 CVE-2024-1362,0,0,40ae4820191210e9711d19790c4057fec96e362046a81c93d7e2036883f30b10,2024-02-23T16:14:43.447000 +CVE-2024-1363,1,1,b10b0ae39602f28b741334cfe7cf9dbe2c8cd1859a9b43e2412e0a0424562920,2024-03-13T16:15:20.130000 +CVE-2024-1365,1,1,f7b572892e854e6e084736500f81a61c1453cd471810f585806eb1a03d5f21a8,2024-03-13T16:15:20.417000 CVE-2024-1366,0,0,756ad513683fafdc81816d71f6f2330e90069e645d4d10220a75762d063de9d0,2024-03-07T13:52:27.110000 CVE-2024-1367,0,0,c7d0c61b44ec49f91e60f0f66492f38fa7ca52e01168f39d5ee8a77f3ed2b955,2024-02-15T06:23:39.303000 CVE-2024-1368,0,0,4942898dc0cda867f223a3a338598e98ff3b4ceab62d7bcc8729f71cf52128cb,2024-02-28T14:06:45.783000 CVE-2024-1369,0,0,3b9400e51aa638758466cd578c61a464d544a6e8f00f7ecbfeaefa54887b9eb9,2024-03-05T17:42:45.630000 +CVE-2024-1370,1,1,3bac804e92ebda784047b9161e5d44222ad70109b1622b8ff27710490c2bffa6,2024-03-13T16:15:20.687000 CVE-2024-1372,0,0,fd6a0b0bdbecc63f56aef495458a3c5dd8f2e76f436e6cb5f113766b10bba4a3,2024-03-05T17:12:04.487000 CVE-2024-1373,0,0,6182eba24b857bc2b56524dd4b982074bd00b00d58fe9873ed20ec6b67a1b251,2024-03-11T10:15:49.383000 CVE-2024-1374,0,0,7fe6e2944b2df04d1912da5645567f3da2009d2f734eda817ead1dbb0beca205,2024-03-06T15:26:34.817000 CVE-2024-1377,0,0,76e2b469816a5f01575bd35c8b248dabb148d14ddf8df784749e6781cc820f88,2024-03-07T13:52:27.110000 CVE-2024-1378,0,0,861a3323ec8efaeb758681460069e84c3f0f238c20d369cc8b41f972b8f59fb9,2024-03-01T23:02:21.513000 +CVE-2024-1380,1,1,d0036fec473ec04f0408cc61ee96b94d58fa736d706fef9a9fa1b4d1bf7841c0,2024-03-13T16:15:20.903000 CVE-2024-1381,0,0,48394c6ab0dac4e6c12374aa19d0d984c4a1f4fc60395305bced07e1e3dd5bde,2024-03-05T13:41:01.900000 CVE-2024-1382,0,0,eadf9bcf07f33f456d30153fea1d47c75e560cdef58bba2704e859f9e7013dff,2024-03-07T13:52:27.110000 +CVE-2024-1383,1,1,467d52114a87dd0be157c99e3670c193837514cf72f9785c3b6c35177b2383f6,2024-03-13T16:15:21.163000 CVE-2024-1388,0,0,9f4f35daf92433c068c4ad0e3cff9f0fc31d7e6b5e8f690807686322bd29d2ae,2024-02-28T14:06:45.783000 CVE-2024-1389,0,0,62d171117c191cb5fc110201c06be5328bba09160ed0dc883ad2c72ee32b12f1,2024-02-29T13:49:29.390000 CVE-2024-1390,0,0,760bcdaac2db269a3249aaa20e58e1659b2977bdb995748ef5e46a1ecb85447f,2024-02-29T13:49:29.390000 +CVE-2024-1391,1,1,712de05d4e094b6b3424e466d16910635664ef6dd28b1f8d1a3f702a9b37b7dc,2024-03-13T16:15:21.387000 +CVE-2024-1392,1,1,02b770c8f1eb4be7db968bec5bdc86532f23b0391bcf0cb1df7217628d2dbd2a,2024-03-13T16:15:21.590000 +CVE-2024-1393,1,1,3c8f7ec9957b95962d1fcfd583c532c9710e531c34151da34d25adcde1e23f14,2024-03-13T16:15:21.770000 CVE-2024-1397,0,0,e6d8c9c2beca75d3fdc5f918cb423cf21913a9c807f46126d5b49c29c7bd60f0,2024-03-13T12:33:51.697000 CVE-2024-1398,0,0,7a7783e481aa897afa83bd125da0d53c431d5a5a9d43f1ade8b1e715449f59a0,2024-03-04T13:58:23.447000 CVE-2024-1400,0,0,295a10f36c3e13d694d09cafc6872c0c48f9e2b4c87da0889327ecdac7abe4ac,2024-03-12T12:40:13.500000 @@ -238511,11 +238572,15 @@ CVE-2024-1404,0,0,1b49ab95872e7aebf44ce53f8bd207dc74e587353a926692e694bcd6ae3118 CVE-2024-1405,0,0,3d09a229f734c3d62073fd3fca46f0f14dd9b0beb7a393eda4ddd2f48077244e,2024-02-29T01:43:49.767000 CVE-2024-1406,0,0,4018ea0b3e838ba7d5440649980e065581ae2ff96f6d0f8aa31a401b288445e1,2024-02-29T01:43:49.860000 CVE-2024-1408,0,0,ca3b04233eec2be4662614cb76615845bd09ccf1b21baa349fd39f723b121764,2024-02-29T13:49:29.390000 +CVE-2024-1409,1,1,b8de1856a3ccfb9a7f3b7c1b1f8ed6ca4e4d9542a89d14f166b19aa738338bcd,2024-03-13T16:15:21.947000 CVE-2024-1410,0,0,535308bfcb5b14b9cf6546577fa611ecf7473e04ab146e149a1b5e72425241fd,2024-03-13T12:33:51.697000 CVE-2024-1411,0,0,030f897eed6e6219f0d1c0b9b3349832bbb4c8ad1dac44c5a94f383da8f08bf9,2024-02-29T13:49:29.390000 +CVE-2024-1413,1,1,77c00ba81fb8c1c8487b3ac8062fbcffeddb36664a1092608f5cbea63cfd51e9,2024-03-13T16:15:22.113000 +CVE-2024-1414,1,1,8c7785bc1b6bf96ea5f760e64bbd54333e935607ae667ee6356933519432058c,2024-03-13T16:15:22.287000 CVE-2024-1419,0,0,2c70f60b0f2ce39c1fb701bf4c4f420108cacd5e876318aed7a6153508e9a501,2024-03-07T13:52:27.110000 CVE-2024-1420,0,0,63be6135cf11500708980f0eb6e023d1c00fd2eeb1aa055b1a9dd099f6d1d32a,2024-02-12T15:15:07.733000 CVE-2024-1421,0,0,f03d7f3ef1765f0f145e59552c7f2e0551f5780bf62fafd3ac0b92ab1fea1897,2024-03-13T12:33:51.697000 +CVE-2024-1422,1,1,4e6305cfa7eec592936ae992bf119330a1f5785bfa6c5d5754fea881c5809eb7,2024-03-13T16:15:22.457000 CVE-2024-1423,0,0,6e27005a2bc9cac940b744a08e145c97df4169105a5c6ac980f63cd4cfdbe785,2024-02-27T15:15:07.460000 CVE-2024-1425,0,0,7bd23f13ec6e59c9c0cdfb4dd0d18d7583033ed33c6961c2f335253af10e4df9,2024-02-29T13:49:29.390000 CVE-2024-1430,0,0,1f7ad1f1bebbdcb3e1f4fca338921661a7ae2b45ce3f6720731a1be64c4b8668,2024-02-29T01:43:50.420000 @@ -238536,10 +238601,12 @@ CVE-2024-1447,0,0,129620084dda891f621a7f87667d14bbb327ab33f314fcfbe48b39c8087abf CVE-2024-1448,0,0,ed1c5cadf4b993a65be8fd3d2d9f9c2063ea1f165106a42a4d91618e77cf0089,2024-02-29T13:49:29.390000 CVE-2024-1449,0,0,a4b86fab0a435a9775ea4d33f0f451d613f80c51ca6afbaae6a28faf018e4127,2024-03-04T13:58:23.447000 CVE-2024-1451,0,0,3f6435be1eda5f484a72686d969060594b556ef09b071072e8b2c55917874dbc,2024-03-04T20:12:59.223000 +CVE-2024-1452,1,1,3b8d7ca9588b4a1f7b8a2e521ed7e4b26f04d5d4276c52a332958f4d0e65b426,2024-03-13T16:15:22.643000 CVE-2024-1453,0,0,e11f7c6a5ca684a7ed72821317f7b1247eb4a0454b5116cf4686bee193c0189b,2024-03-01T22:22:25.913000 CVE-2024-1454,0,0,84349a93d497528c437ea070460a895e0d6db200e409d19d3d8ac63e6afd75d7,2024-02-13T14:01:49.147000 CVE-2024-1459,0,0,11d2cc6cb4f85209b5f6836b3ad08354090d0f8d1b51c2b33235c6338b29d8d2,2024-02-27T16:55:31.430000 CVE-2024-1460,0,0,cff087352bb23bf663ab2e822f0f3fe258f454a6ba829a2496758fccaa0c2c9b,2024-03-07T13:52:27.110000 +CVE-2024-1462,1,1,420bd006aeb4d618d38284c5ee7951dbd47e1f9a8ec719a27384a8cb1dc2fd55,2024-03-13T16:15:22.830000 CVE-2024-1468,0,0,4517d5dd5472fccb03db943dd2b07b64e505f3a6f8deb2585efb6085b2bb0ecf,2024-02-29T13:49:29.390000 CVE-2024-1470,0,0,d8ad68b9f79de863429aa75b2c26cfea8286a0e2a68040820c4340853d168b81,2024-02-29T13:49:29.390000 CVE-2024-1471,0,0,6a37d562bb33b15ac52534107c9a7df17314a338a978678f458df6c0471e88ff,2024-02-15T06:23:39.303000 @@ -238548,17 +238615,23 @@ CVE-2024-1474,0,0,c4a82d57c404536fbf907cca0793da0f9aa51e2721de59b07df3626d4b208f CVE-2024-1475,0,0,d3f457dd50ad944b7c111bcc9da22cebb8ff1e3e9d18642c3e499a79c1736017,2024-02-29T13:49:29.390000 CVE-2024-1476,0,0,d0730689614c6c4e0529f40c4f2bd5c19c1d139902825e56e4e732d35ae7afa9,2024-02-28T14:06:45.783000 CVE-2024-1478,0,0,40cbce0cae33ffa26f31fcfbd9f18bad1281854428c8fee3920e07dab050464f,2024-03-05T13:41:01.900000 +CVE-2024-1479,1,1,458bad4961fab3053498ebe101e55980a49f3f04c27cbcced3b61f8e26060d8f,2024-03-13T16:15:23.013000 CVE-2024-1482,0,0,4004dc294092456d033ab8b20599d970ac1a724515bbd4c4f198331d64cbdb99,2024-02-15T06:23:39.303000 +CVE-2024-1484,1,1,b7aa2aca46768791d56c296256fc20e0517a2387853225f484f249d82f3394fa,2024-03-13T16:15:23.203000 CVE-2024-1485,0,0,b9f4145834ee9d538c2d6e8caecb301f8f2dde5a282a13e80f59671c5263bb0b,2024-02-22T01:15:07.980000 CVE-2024-1487,0,0,b2b2dfebf360671acfd4768e2cc139260a275378c54bcc3c51c880d20aa055c8,2024-03-12T12:40:13.500000 CVE-2024-1488,0,0,279192e2f81dcccd45cc434d6eccb30e7b02e02b175a7c5c859669b551700228,2024-02-15T06:23:39.303000 +CVE-2024-1489,1,1,21dcd4a2fa3fda3fe786ce7906b1011a35c39c2207d4936b6bc2711cd293e27d,2024-03-13T16:15:23.377000 CVE-2024-1492,0,0,bd2975db15d23bf6ccb04f9bbcf2cde248dc3c55e86248e7f4d78edff1274431,2024-02-29T13:49:29.390000 CVE-2024-1496,0,0,6fa952c12eca34adb02683b8b330ee432853a078218cc9eaec1fae21364cc413,2024-02-29T13:49:29.390000 +CVE-2024-1497,1,1,25cc7a74bff0ca9e6ade4b79569a4f1a0d0ff4f43a8209bf8e40a8283c86c9fc,2024-03-13T16:15:23.547000 +CVE-2024-1499,1,1,7b85fefd12d1913d52cceadd1fe7e4daa7cd8b2746cd3640f4bb2a6072ca71be,2024-03-13T16:15:23.723000 CVE-2024-1500,0,0,030135b536631161bf7373d1bc26c6a0161415f31692495f02fe85bb326e82d3,2024-03-07T13:52:27.110000 CVE-2024-1501,0,0,03a0e69bbed943f6752c31b93edc06b4f9628316bedb06b12c13732297836920,2024-02-22T19:07:37.840000 +CVE-2024-1505,1,1,aad63aa8f981fc1830ab0de34890b7add0a39ac0d3962568cfb52b01c2f6f288,2024-03-13T16:15:23.893000 CVE-2024-1506,0,0,00ff2f2daa3580204f0275e9f7f13379ea753ba22ee6749c3bd524e9165b9ee7,2024-03-07T13:52:27.110000 -CVE-2024-1507,1,1,b5b9748c19cd7305599035fbb892d328109d06217c3575c8650eb66a813d2794,2024-03-13T14:28:45.217000 -CVE-2024-1508,1,1,b26b380c4cc71f875e64b69f6d93b4e0a1c0f3653220f2fa16a22eda2b44b756,2024-03-13T14:28:45.217000 +CVE-2024-1507,0,0,b5b9748c19cd7305599035fbb892d328109d06217c3575c8650eb66a813d2794,2024-03-13T14:28:45.217000 +CVE-2024-1508,0,0,b26b380c4cc71f875e64b69f6d93b4e0a1c0f3653220f2fa16a22eda2b44b756,2024-03-13T14:28:45.217000 CVE-2024-1510,0,0,185d4fd159aa50cf43e7df38b058aa658a6c979b28cef06f25ebaf770e6afed2,2024-02-20T19:50:53.960000 CVE-2024-1512,0,0,3eada062125c2f57449fa1c27f1cb9955352a1beb6c2c5c21fb33758b5d74c36,2024-02-20T19:50:53.960000 CVE-2024-1514,0,0,d2fbc2ea79f24fb3edb2e52944d3d629922ad42815d62dfe622b8d66c1b627e6,2024-02-28T14:06:45.783000 @@ -238572,6 +238645,10 @@ CVE-2024-1528,0,0,6ab8f39f0b896e9d0d7804e3f3d7bb4d33d6cfb8272b1b7047fc22376eeb82 CVE-2024-1529,0,0,c48f70f7277d5d7f374c30fc26b9f938e3b79615ae1320955b7bdc2e7c6b1a8e,2024-03-12T17:46:17.273000 CVE-2024-1530,0,0,6e63cc5bca164a3a0b598a3524ab12b73fe5b20673b51cfd75421e36747f8db9,2024-03-12T14:54:16.667000 CVE-2024-1534,0,0,b47b5b6f31ee51f53e35858c84b04962d1229f4f62333f470d913dd20b214dd3,2024-03-07T13:52:27.110000 +CVE-2024-1535,1,1,f0f16c9fa68c97dc23c15692c1925d632e16a1e5c836058d4beb6a953b0ce0a8,2024-03-13T16:15:24.090000 +CVE-2024-1536,1,1,3bf22fe2122376fbe6cb8dda43c14f65cb0e0e7a7c0281be72615a76e9996915,2024-03-13T16:15:24.270000 +CVE-2024-1537,1,1,2da56a5ab93a64fb1609caa4c7cb5bf37a3419e7e8bb02fa67c4c5f85dac467b,2024-03-13T16:15:24.440000 +CVE-2024-1541,1,1,1e66acfc73d5e62e024f0fcfc808f6e213176150873bdb3d6e37d24abe9c3f0a,2024-03-13T16:15:24.600000 CVE-2024-1546,0,0,d87548555f4c8992ddc193a435b01cbf450a34c4725a832074955ddd5326558a,2024-03-04T09:15:37.650000 CVE-2024-1547,0,0,fc3de1ace81ccfdd8fbde9e6a6951be522c10c940115407bd01fd7d037e7d770,2024-03-04T09:15:37.740000 CVE-2024-1548,0,0,5c3fdabcf3d8bd48353969cee361c3ee839f4f1654385920acb6b56968a4a795,2024-03-04T09:15:37.787000 @@ -238592,6 +238669,7 @@ CVE-2024-1568,0,0,03adf0f94bdba0662cb278cdaa3b54a5cd3ae08b3ef89a1e89169605096fa6 CVE-2024-1570,0,0,fa96633d08cf4f7a9a083fffefdd325991610013e77e1890328cb3b85d75e300,2024-02-29T13:49:29.390000 CVE-2024-1580,0,0,6b9c71428a5b96b2b7263dbf5be1dd103862465da9af91a11236ffbbfb0157cf,2024-02-20T19:50:53.960000 CVE-2024-1582,0,0,5801086f12a7b25e0a24481309300eacfe3989ff6a37128452730610efa279b1,2024-03-13T12:33:51.697000 +CVE-2024-1585,1,1,428bc3ca31f7a238358e834c9baf4c46844993e74b172b7aa5b5cc7962ceda3e,2024-03-13T16:15:24.780000 CVE-2024-1586,0,0,0f7dcaaedeb3b15eee35c0b1fbce415960454d76b6eae4dff9a3ecfad1011e31,2024-02-29T13:49:29.390000 CVE-2024-1590,0,0,8cf7a30592711c236a58c08f65bffca938f2cb5ec79513db7f6cedfa37d0bfed,2024-02-23T16:14:43.447000 CVE-2024-1591,0,0,813b185516fa7310825023c3e019d8a3dad8db3ac6e030a92367a91ad355f320,2024-02-16T19:26:55.393000 @@ -238609,6 +238687,8 @@ CVE-2024-1633,0,0,38fdaaa081cb72684e8a3a7c24003a4981094738f4cb62580982692842e123 CVE-2024-1635,0,0,afdfc88a91b3e19c23e9baf0c4ef009675cb15f38c497a875cb9cabeec1970db,2024-02-20T19:50:53.960000 CVE-2024-1636,0,0,110561fc2d8220a09cd098605d5d9c82332c44e2266859d6f751e2ed66576fc3,2024-02-28T14:06:45.783000 CVE-2024-1638,0,0,3d25792f560ad8670a55d542406f093195536acafd656ae4b3cd5fcca03c7380,2024-02-20T19:50:53.960000 +CVE-2024-1640,1,1,c973b6bac9b14f2126025145b9a785ac2a18cf4944ffb6a7f396e166feeec9a5,2024-03-13T16:15:24.957000 +CVE-2024-1642,1,1,028de77137818c25a2c1b7e1e47cdc0d6f93ee7b80bdb5d8ee61aaaeb94da608,2024-03-13T16:15:25.127000 CVE-2024-1644,0,0,258e0c2c60e2ead118c6bf409e3c4e6182303d86b8fb67135f0b03753d76fde4,2024-02-20T19:50:53.960000 CVE-2024-1645,0,0,1a8f3c6555dd4e7a23ffb772d88e0126b5a7926305ae8e7f9c3c65d0deac956f,2024-03-12T12:40:13.500000 CVE-2024-1647,0,0,54139a2a2a3a50db142faf8dcea4fe1dc96abdff85a01701062a380d090db1a3,2024-02-20T19:50:53.960000 @@ -238619,6 +238699,7 @@ CVE-2024-1651,0,0,b5a1bc561b4d7ae4d1ca2ccf7f79068fb2afa7b09c9ad49805a75edae57e04 CVE-2024-1652,0,0,713b08425ff0d91e3a1f6c5fcc742628e562c3c90970b08c1ec718d504f2db3c,2024-02-27T14:19:41.650000 CVE-2024-1653,0,0,875a0ad46333e774de4f895ea6a9ead74cdbdb6ae6c4ddb02a960bfb85513ae4,2024-02-27T14:19:41.650000 CVE-2024-1661,0,0,24db83c92b829dc6c3c4aa1496bd15ce44d311aaea85d91d099cbad064ada2b4,2024-02-29T01:43:53.173000 +CVE-2024-1668,1,1,768a796755a274e78da2463f6061bb8efa958de90180caa0860ba63ccf3b3854,2024-03-13T16:15:25.510000 CVE-2024-1669,0,0,3362eeabf5b6399fda046d3f728ab967509d79cc74a91c5ce260a94031135ec7,2024-02-26T16:27:52.577000 CVE-2024-1670,0,0,ae75c94f0b29c0a28e4a7c87bcbb408051ef24e0c713cce4805624b9b431840f,2024-02-26T16:27:52.643000 CVE-2024-1671,0,0,e0584d087d830e64e997b38ef394e140c943c9214103297026cc634804f80536,2024-02-26T16:27:52.697000 @@ -238627,9 +238708,13 @@ CVE-2024-1673,0,0,66d9a6f0480bf86a180f49668fc98e73573dc14fb30b60c9097250baab9510 CVE-2024-1674,0,0,149a05d1fb99cd45cde6ef745b8b9b9e22a1fc2f3ec04b42f9d9bd60196bb170,2024-02-26T16:27:52.823000 CVE-2024-1675,0,0,5f30a51f6df64259307e988bc84d5a52725068543b1ac51c6e60eb38234537d5,2024-02-26T16:27:52.870000 CVE-2024-1676,0,0,75a25dbf1da186d6f531373499511171b06f00b3a04068d4f734276fb08847e7,2024-02-26T16:27:52.910000 +CVE-2024-1680,1,1,4888feb1fc59e59edc2ae1fc3dfe36bc51505f63b9dd6961f6b0533e55cced1b,2024-03-13T16:15:25.773000 CVE-2024-1683,0,0,f25ae2f9a9595608d9c0ca7fa909b61084cd30e6bc54195e29b2d6a4f1fe18f2,2024-02-23T02:42:54.547000 +CVE-2024-1684,1,1,8a1a7b3c972519a865a0051ec7302ea6652f08485d76590841031d63c3d8fc9c,2024-03-13T16:15:25.947000 CVE-2024-1686,0,0,513b8933def64d694b65e22b1395645ba43c1774153040be97c24d03679a5263,2024-02-27T14:20:06.637000 CVE-2024-1687,0,0,2c139dd7a4cd5eb96b19cf20743fdcf2a4372838670ad53c30ef28a6668ce9e0,2024-02-27T14:20:06.637000 +CVE-2024-1690,1,1,8fd0583c0565c01805e8fbf1977c5b63332db0b69c841c171aeae7495e03214e,2024-03-13T16:15:26.127000 +CVE-2024-1691,1,1,fcf21fbc7d2a55a55f1b27f81a3a0a7f7b31353440a891220f199de834718589,2024-03-13T16:15:26.333000 CVE-2024-1696,0,0,99a90d5f5f3ed72de58d46078f56367f3c20ea4ece7ee2f1509d303d1823a04c,2024-03-12T12:40:13.500000 CVE-2024-1698,0,0,75dca8418f9d56ec0cfe8b6a5fe8dbac72155e2590b7f1e80f716b71405b9b9b,2024-02-27T14:20:06.637000 CVE-2024-1700,0,0,c51c2bf467ed3c973111c6298956b10138cd5b50099766c5a1386818675492b6,2024-02-29T01:43:53.363000 @@ -238647,20 +238732,24 @@ CVE-2024-1714,0,0,3d41c5b029ddf1f5d2c142d7cc7bb81d52a9f5606a977021cc48dc8d115788 CVE-2024-1719,0,0,bd92ffe7c3f4bf124004e532d326d3643bc62f549595f2a7817efea0dc7c188f,2024-02-28T14:06:45.783000 CVE-2024-1720,0,0,3f534b1db2e7b75966562da6fb1d468afac7b86b23a312961b1d896997e21de8,2024-03-07T13:52:27.110000 CVE-2024-1722,0,0,bbfa2fe804b85c8f73b8225a9811c290a6a29ddc6e06b05c51fd071f985f9060,2024-02-29T13:49:29.390000 +CVE-2024-1723,1,1,725d9449a9b56a469930e694ec91d0c763dee9c003ddf574eff46cff59a9dc32,2024-03-13T16:15:26.510000 CVE-2024-1725,0,0,ee1fb8cd83e91b3cc554ef61ba8506273bf384217121fa2160f3c7c69e57a993,2024-03-08T14:02:57.420000 CVE-2024-1731,0,0,a54dfdadfcd6666506c62883f073482e904182fadeecad8ff7a349f271e0661b,2024-03-05T13:41:01.900000 CVE-2024-1735,0,0,fef99247045161df3b08e17c74949b5db371420b96202703c89efa90d1969060,2024-02-26T16:32:25.577000 CVE-2024-1748,0,0,21505baeaebcf9908a04bf82d4cb4713c61c4f34121be4218d6bba17104cf0ea,2024-02-29T01:43:54.190000 CVE-2024-1749,0,0,f5dc36f2b3c5b49630d54ea9d7d110611078de7ac69bcb5b1effa0637f5c756a,2024-02-29T01:43:54.267000 CVE-2024-1750,0,0,c5946c153e9b3863c3ae1f56422e923359d491538b9997bed7c797eaf3e5cae9,2024-02-29T01:43:54.333000 +CVE-2024-1751,1,1,9048b71adaeedaffea58dffb8a2e38f8701fba368330810d0aaaca4c16b05c0f,2024-03-13T16:15:26.683000 CVE-2024-1758,0,0,6de6dd43b2bb9af7fe1358bc4934bd64904e9488104279e3470618b288cbdab8,2024-02-26T16:32:25.577000 CVE-2024-1760,0,0,0a20f47041faa81845898be9ba0faa3a27a19a140e382ff1058d2f999acd0fd1,2024-03-06T15:18:08.093000 CVE-2024-1761,0,0,9e36bbb76f5c2b7f4a9f5c6274a1f378aa86f86f618e6f962a515dfe593dc5f7,2024-03-07T13:52:27.110000 +CVE-2024-1763,1,1,c022a997600dcab8def0ece378c49c257bcb58471eef1b5c6ceb1ae37e409829,2024-03-13T16:15:26.863000 CVE-2024-1764,0,0,c434e7eb3867d4e9c121215628110f61b78b54be2a078e3d4abbb0d2595e2437,2024-03-06T15:18:08.093000 CVE-2024-1765,0,0,9393650a3716a95a879e579180f18ed4907e1cef3b587b0e572b47942072153d,2024-03-13T12:33:51.697000 CVE-2024-1767,0,0,164cfb2f79cabfa462770ec4a455f8e91d058d9fb18bef76ee945606225fec24,2024-03-11T01:32:39.697000 CVE-2024-1769,0,0,4b17a6efe485c004cbf1cc71fd32ae864ff319587ea6998c7a1ad28d6dff65e5,2024-03-05T13:41:01.900000 CVE-2024-1771,0,0,cc7280a085dd6f03eb9687c2eff5425926f2bc0e4a81dde799379b7786c7a87e,2024-03-06T15:18:08.093000 +CVE-2024-1772,1,1,84fb6cc73efa2a591388a479545207d59b33ae1a81b7ad43664a0f8965ba129f,2024-03-13T16:15:27.040000 CVE-2024-1773,0,0,eea85e1a4bb87da89a486d39c94ff7ae4042032c41aee54c0645824074a798c9,2024-03-08T14:02:57.420000 CVE-2024-1775,0,0,37a7788d3bd75d439be674cd2af306cf23fab3f6811e9a82a88cb43749fef3d9,2024-03-04T13:58:23.447000 CVE-2024-1776,0,0,ee26f83e9648ef58987c10f04b2fa62032ea09f35a95017a417d0154ef32ff6a,2024-02-23T16:14:43.447000 @@ -238674,7 +238763,9 @@ CVE-2024-1784,0,0,08bab1cfa23744baa67dfba68edb1fd6e48368d69ec82ec87547480084eea2 CVE-2024-1786,0,0,449ec13e35f750939f24803b2ef55c495bc451930bfead85c3515bd3cd68c4ab,2024-02-29T01:43:54.670000 CVE-2024-1788,0,0,880181e49a800669246c4d4cd32ccd361560cda70996b821fd2bf7b522fa9d8b,2024-03-04T13:15:44.523000 CVE-2024-1791,0,0,5d3b6b544d9930344476e785dc53de0e62748b437e39c14583d8b6dbe65900d0,2024-02-28T14:06:45.783000 +CVE-2024-1793,1,1,5fbd84cf9e5c119d0690e23123c55ab46133db4bd749c6a0d495c4a026a7f5a7,2024-03-13T16:15:27.207000 CVE-2024-1802,0,0,fc49d6852e2d9c806d87bd476c49eb44290671042d27cb531abfd095f2e45f37,2024-03-08T14:02:57.420000 +CVE-2024-1806,1,1,e5a47302cff3806005670ef056a48885f1b127d01cd88f1cdc118efefc78670a,2024-03-13T16:15:27.380000 CVE-2024-1808,0,0,2da113a6f87d1b28b926abe8dc4a1c1454247327ae44f0a848973179ceb1addc,2024-02-28T14:06:45.783000 CVE-2024-1810,0,0,3ed28ead4309aa20d8dbb01f1df05396f6299eece4357cb3786e9b9d0cf9a602,2024-02-26T13:42:22.567000 CVE-2024-1817,0,0,bcfc649552c114b4245e00ffee663bc4ff6c9a44b6eaa79ab24a72dfeed627e2,2024-02-29T01:43:54.763000 @@ -238695,11 +238786,14 @@ CVE-2024-1831,0,0,b1aebd2868d683702e95cc019f28c746109a5c4367dc34105cd1afd0cd55cd CVE-2024-1832,0,0,1cf63b6616a572aec4e8e8dba8d9459a1c637c1c61b9b4b77fb7f27cdac41467,2024-02-29T01:43:55.810000 CVE-2024-1833,0,0,2b107fa9cbbf38960ef04d941bf5e32990a98ff894cbb76ab9d3ad3733030a79,2024-02-29T01:43:55.873000 CVE-2024-1834,0,0,71484c054cc8716550405a2212257a1bb19512d3ccfc712afddd01b2d896efc2,2024-02-29T01:43:55.940000 +CVE-2024-1843,1,1,69390a0795ee8dabc8d96754d96b5fcb8ebd6b4e9e375829ba22a3210be69c43,2024-03-13T16:15:27.550000 CVE-2024-1847,0,0,152f4d845ce8c23980172297d934e8efa3d32af4a304d4db000f4175545dd48b,2024-02-29T13:49:47.277000 CVE-2024-1851,0,0,ac07ab34f3e596527407cf2fcb93e785fa1a213045982c8aadd05f9e543a11a5,2024-03-08T14:02:57.420000 +CVE-2024-1854,1,1,e320c0aecdf9c8f564633f9dfbb3b114b65b21e52bf8485e6a5251f4d0e1af2b,2024-03-13T16:15:27.717000 CVE-2024-1859,0,0,c19a8bbad570254357ebcf90235dc1b7204181d3a1a12c804d832963f66d9a08,2024-03-01T14:04:26.010000 CVE-2024-1860,0,0,53b7775f88dbda3fc2d4abeb2e913e87a2f0c7e010f7824d10356d98445fd8c8,2024-02-28T14:06:45.783000 CVE-2024-1861,0,0,363e90e453613fa7f323dd0890c48f34ab39b189b63bc72b87c77b28e0c67e6a,2024-02-28T14:06:45.783000 +CVE-2024-1862,1,1,a5c39e1e808cbff2a6a9b1de60cde5d6c9fd76550a3fda9c5f19f33e40e7d722,2024-03-13T16:15:27.893000 CVE-2024-1864,0,0,797c711e6b44e5bc5fc07b8a96b3914e190ffab8282378f1e76f968098d88951,2024-02-27T22:15:14.807000 CVE-2024-1865,0,0,72c248580cf80b6b26359b857531fc6d6bafece63af2cd2d90fccedf68d28d3b,2024-02-27T22:15:14.847000 CVE-2024-1866,0,0,c996e8524f8bc688a87621835a946e6cc299eedbf430cec590d1bba5d1e5a6d0,2024-02-27T22:15:14.887000 @@ -238717,6 +238811,7 @@ CVE-2024-1888,0,0,a3af5a064de51a800a91be3cb666c7e14b128371291990482b114f68c19cce CVE-2024-1889,0,0,a9e0ff9436634ac467e347a96a49e3a756a17fdd194019854d55c57c44fc589a,2024-02-26T16:32:25.577000 CVE-2024-1890,0,0,a66653f379be2abfe527e7e6ac5c97f3c916a8b7fd5f4f0c5287b2a9c62cef68,2024-02-26T16:32:25.577000 CVE-2024-1892,0,0,cdd921603e21932db62978792dae806fb80ebb8c197000070f5d99fb4eb75adb,2024-02-28T14:06:45.783000 +CVE-2024-1894,1,1,249a5b31705da69d07ca445343a1ca0eb8dd814e3bdfe06ad19a51ac83b4f422,2024-03-13T16:15:28.067000 CVE-2024-1898,0,0,cd46da23aa9e689b946891d810a24293bd08f970fb7bfbbf6f19e3a7303f1ecd,2024-03-06T15:18:08.093000 CVE-2024-1899,0,0,7c478f071b0974bcebba2951a8eb7192cc799460a1d4b61e805ebe3eb528155c,2024-02-26T22:10:40.463000 CVE-2024-1900,0,0,df3a7e0d7f662e0642af797e67801f5b993e667e914107fd3f604cd2322f2a71,2024-03-06T15:18:08.093000 @@ -238739,6 +238834,7 @@ CVE-2024-1927,0,0,2becab7a40a1b3154528936d981aa8f5a6fb1ffc4394bc6d0b4379e26e3426 CVE-2024-1928,0,0,eef4b0604514a301b04139c569d0543b41b3f91d037010adee99ce8f47400ceb,2024-02-29T13:49:29.390000 CVE-2024-1931,0,0,2c035e986439878fc41e4d57f10dd1dfaa67d4c99fcd2a57828e8789ee7b279b,2024-03-07T13:52:27.110000 CVE-2024-1932,0,0,5d8d8b3bcbb6e1458b966532c64c8c15a68eb67ca9de3e9c3d113ec944ac23a6,2024-02-28T14:06:45.783000 +CVE-2024-1935,1,1,4408ffa0562278aefafd18ad621d01c044b0c20caf1e0a13e3b0c87d7c29e5ce,2024-03-13T16:15:28.260000 CVE-2024-1936,0,0,fbffbd1d1b86b486253248fd8ab07d78e3c2235ecdfaa76f1e2af31e9571599f,2024-03-05T13:41:01.900000 CVE-2024-1938,0,0,24dc90499c61d902708c3560ef4b72bc4a3172c10dbf5b005bb9075fcee4ff4b,2024-03-07T23:15:07.177000 CVE-2024-1939,0,0,862ed503c4cd6a96fea863f557f2290de2baf913d152cc1cb93720d0bf768f1c,2024-03-07T23:15:07.250000 @@ -238746,6 +238842,8 @@ CVE-2024-1941,0,0,2deee38d49f655dc85a14e0f9cc0860e5fd72126cfed04ebe024762ac27ab8 CVE-2024-1942,0,0,d2058cc77179b578f0e78baf64d5b6e05e82d9b31a50db95cc791849070a4ce9,2024-02-29T13:49:29.390000 CVE-2024-1943,0,0,e7dc18d05b40bfd7ee5ebc3227fce56e30acd0b0b15356871ecd447fe6351a02,2024-02-28T14:06:45.783000 CVE-2024-1949,0,0,a4a1f3609fef0e2a230c1b010f52bf7d305a09f4861227b8e294f8389476ffa5,2024-02-29T13:49:29.390000 +CVE-2024-1950,1,1,dcecad29aff85fe03e4bc830e75d7d952b70721880870234d39cd804fdbbdaf1,2024-03-13T16:15:28.427000 +CVE-2024-1951,1,1,ca55675c0c96e3aed5c7c7473746a0d03ffe82443ff337029fedc135cf256620,2024-03-13T16:15:28.597000 CVE-2024-1952,0,0,77b1cce9f18d790f2100b6f0712fc82626f15c16d8f6388b079b51c3d9093920,2024-02-29T13:49:29.390000 CVE-2024-1953,0,0,b2843cd4a818ab7c1fbc9e58e5576ea1803047be6869535b4657953931e2b5f3,2024-02-29T13:49:29.390000 CVE-2024-1954,0,0,c10d0b9f29284ab216e31016c86a480f8df3290b94c5a722b2056c973f10467f,2024-02-28T14:06:45.783000 @@ -238759,9 +238857,13 @@ CVE-2024-1978,0,0,3ef3e0470f639541e7aa5332764a4fdc0e9cab2190d02bdfffcc246fd4ade3 CVE-2024-1979,0,0,32edf64c224b12a39425e5b66e1ea360c68d898ece9e593279cba6ece0e6cd69,2024-03-13T12:33:51.697000 CVE-2024-1981,0,0,56a3a9db8d42e012d762fd6941fad1981a0b2b42e5454cd6b5d1b42406dba2ca,2024-02-29T13:49:29.390000 CVE-2024-1982,0,0,ffbc05dfb227c410b4f1143a120edd4d2849f76b514d8ea46cab15f8dbe11320,2024-02-29T13:49:29.390000 +CVE-2024-1985,1,1,fb7952d75de588ed9857664bc520ae0e03116785058768e37113041a3acec016,2024-03-13T16:15:28.753000 CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a5093,2024-03-08T14:02:57.420000 CVE-2024-1987,0,0,51b6353c7487197fcf85dba32dd0017998b1425a36ba707e32269bf4afb531af,2024-03-08T14:02:57.420000 CVE-2024-1989,0,0,e603d4bdfbac73448a418c09b573178507e96a797a5be54fa1a78504bbf887da,2024-03-06T15:18:08.093000 +CVE-2024-1996,1,1,a3aff2022e0eeec63436c99e72a372c2cbbde8262829be0aca1a9a31863aee26,2024-03-13T16:15:28.930000 +CVE-2024-1997,1,1,8386e96948d1e399a1f14f86e23ef542c1d4ccc825674fa403d5dae20cff5fbf,2024-03-13T16:15:29.110000 +CVE-2024-2000,1,1,d1b294baae7dafbe0cdb35b6262f812e568b1adf663fd0a801525a51dfd3017a,2024-03-13T16:15:30.717000 CVE-2024-20001,0,0,efbe4e49752ddfea997ebdd6c491b74eca19a99884d44def3e33c77345370bb0,2024-02-09T02:02:13.153000 CVE-2024-20002,0,0,46b6afed42316be97368931c2d39434a4c3b4f4412ec2aa11d0d2b3e3bf7e82f,2024-02-09T02:01:37.090000 CVE-2024-20003,0,0,161cab7ddc4b98b2ef6112ed0e01b1cdfc43521bfb89175c8951df537d9d4adc,2024-02-09T02:01:04.183000 @@ -238798,7 +238900,9 @@ CVE-2024-20036,0,0,6aa0aaf0f816e5c28025ff632ab4f045edf0cde4015cad23ab9efb02c5b10 CVE-2024-20037,0,0,3394e4e5b536d07af9e060d111a2ccc408dd821a80abb589ecfb6a715771c30d,2024-03-04T13:58:23.447000 CVE-2024-20038,0,0,072c8099a3f9e48ba0836247d93bf5084e67d525de83ee6f0e8db29ddac35b4d,2024-03-04T13:58:23.447000 CVE-2024-2005,0,0,0a204161c9448048cd66fbf91bafa8438461c235083297fff577722cc214206d,2024-03-06T15:18:08.093000 +CVE-2024-2006,1,1,0bc7878a05b099a22f7618b59229a45e98c0335159e12f8e414c6200d03429c1,2024-03-13T16:15:30.897000 CVE-2024-2009,0,0,dc82c651b7b2f7425478a8ac3c1093beb3a02115ef3f04ec91e063eb5cad55fb,2024-03-01T14:04:26.010000 +CVE-2024-2020,1,1,ce75382b635aaae89a036a9167dd509579d4ae23c984b3b40a96be406a022400,2024-03-13T16:15:31.063000 CVE-2024-2021,0,0,3dc2fb575ebfb00689ab6c7d175c6e1c98bebc64e12436bb80d253d3fdb78b6c,2024-03-01T14:04:26.010000 CVE-2024-2022,0,0,b85cf238c2cb65cb8e7fef455cdd8f7e659141e9e290e145e1aaf1679dcb5291,2024-03-01T14:04:26.010000 CVE-2024-20251,0,0,93177578f73531041dc7b9f473ed061f1cc8390f1ba467fc874d7917d2010350,2024-02-02T16:15:53.757000 @@ -238811,11 +238915,13 @@ CVE-2024-20267,0,0,2716a642cdad532c3a4bd75fb20d5fecd6f79884b8ec8ad4d3b70c55b604b CVE-2024-20270,0,0,e782cd7ba9de695c0ad1c66716422322472732a1f5415c3e41652abc7d8c0edc,2024-02-02T16:15:54.227000 CVE-2024-20272,0,0,185f140724efe06396f39e49d9628053efc8d5b0f336793319946b145d008ecc,2024-02-02T16:15:54.683000 CVE-2024-20277,0,0,c44de8c225b0707871143fcb06737e334d929dd5a0acde877fcecec9290acbf6,2024-02-02T16:15:54.787000 +CVE-2024-2028,1,1,89967b3915fd9f63c311802e09d72d1d61b42c5004365b12f05b8bee1edf5c4e,2024-03-13T16:15:31.233000 CVE-2024-20287,0,0,73801d80b462793a88b2af436ab77ac49555a7cb9634b8a2ccc26dc598e491a1,2024-02-02T16:15:54.887000 CVE-2024-20290,0,0,057d5dfa7ca9ea45e2cb423f9faaf6e87f8f428206a3f34ecdd5587406e21147,2024-02-15T15:43:27.240000 CVE-2024-20291,0,0,871201adb3aa4676f62b167ece01efc309c4f8e84a1b9ad2c253a83a6590ce0b,2024-02-29T13:49:29.390000 CVE-2024-20292,0,0,bd2670c9582b587cdf9a7328c2351789f5b8997cab8f7bfcaca92954507c503d,2024-03-07T13:52:27.110000 CVE-2024-20294,0,0,1d3a9a3e9164827aaec419fc6a9a7d933913e3a790dc40da7ac082a33393bbf9,2024-02-29T13:49:29.390000 +CVE-2024-2030,1,1,d80483cd0522ffd270ef469a3998bf998dcf4fd47df047de12382837cbd20eaa,2024-03-13T16:15:31.407000 CVE-2024-20301,0,0,5731f674f5ae2bcf96420fc328e70e5146901802d1ab3db25461c019cd20961d,2024-03-07T13:52:27.110000 CVE-2024-20305,0,0,ab61a4ab7882e267880cc2c0e6b3ec1ab9c8b4d0dadf3a4832bdf14ae2ae012d,2024-02-15T19:56:38.910000 CVE-2024-2031,0,0,8c1bcd6bbcf916842768e08303dd42fc425614624a1e3216d105b6a1ddb5c8c0,2024-03-13T12:33:51.697000 @@ -238835,7 +238941,7 @@ CVE-2024-2048,0,0,b1d90a03303b3129ccd01b2fc2b67961e7b3ad9cf6b45fd30e9c61356487e3 CVE-2024-2049,0,0,58bf7dd981ad241a63625476de471475168cb2dbbf14e23f948c579239e38831,2024-03-12T16:02:33.900000 CVE-2024-2055,0,0,5f882a5989f6397f7e904e96da4e1c976169f82ca0f1c27b5426821f0151d07f,2024-03-06T15:18:08.093000 CVE-2024-2056,0,0,c4f48e587d270913ffe9771a526c024cadd4512922dc15fd4c6520c0e60e3767,2024-03-06T15:18:08.093000 -CVE-2024-2057,0,0,c41ddf6043bc4fe6dee89f426432e0e175bba0447efbea3517ac3b65349cf6cb,2024-03-10T02:16:08.657000 +CVE-2024-2057,0,1,8149d74fde3a21dd846be13ac332b6688d989c87e6493784a0c9078e718a82ae,2024-03-13T16:15:31.580000 CVE-2024-2058,0,0,5110405e4ef7e0c430668aa22c7305fe0b8945c6f9cf05c9f897a4db949b4d5b,2024-03-01T14:04:04.827000 CVE-2024-2059,0,0,f6b215c5fe235c7702ee4df72312e07ac3463833a1bc9ca72c6819f32ff7e2d2,2024-03-01T14:04:04.827000 CVE-2024-2060,0,0,20c45f56d7b67b163d4c0ef7fe117593e5a318428d3ee057e71af7b733acec71,2024-03-01T14:04:04.827000 @@ -239058,8 +239164,10 @@ CVE-2024-20984,0,0,585d056539d5b2a7ec102aa133531262bc58f31d6c087eb30a1c927656ef9 CVE-2024-20985,0,0,1887d4efcd4074083ed6001311349bddeba13ac350578caa9144fb2633e7d1e2,2024-02-02T17:27:12.127000 CVE-2024-20986,0,0,55fd916bbc66a048aba24029df1cdbff6d17cbdc5963bc85efdc3f349c48d99c,2024-02-20T19:50:53.960000 CVE-2024-20987,0,0,e6a4199f934ca8909c51db00ae903048e2b51791ebdf6565c06b10750c7af3ef,2024-01-20T18:30:16.877000 +CVE-2024-2106,1,1,ae135e1f56612779dc423d01ef33d26e4a3498a53d25f51474db9b3184b468fc,2024-03-13T16:15:31.703000 CVE-2024-2107,0,0,b116f601239eee1477d732dcdf4bd402d2ca5c711c20a89df0a8e9dd54cd4cd1,2024-03-13T12:33:51.697000 CVE-2024-2123,0,0,73501544f7a3558963420aa67d952b80e94655e9088396c3288ccd604d8029fd,2024-03-13T12:33:51.697000 +CVE-2024-2126,1,1,e5c02abc349fc83e213ae1ebc254e71717649131fabe83db40144e0fcaa4ba37,2024-03-13T16:15:31.867000 CVE-2024-2127,0,0,7e732da9362123c901ed00a29dfcc3ca896b81c43d152f47d3b1708469785552,2024-03-08T14:02:57.420000 CVE-2024-2128,0,0,b758ae1e45bbf3f98be89f21520e72433f96873d6cb56cc91a1f688f1fc159ac,2024-03-08T14:02:57.420000 CVE-2024-2130,0,0,9fe340e5e07df3d99bdc5083493ea2da904eddf69629b14325c6709a09efc300,2024-03-13T12:33:51.697000 @@ -239293,6 +239401,7 @@ CVE-2024-21674,0,0,3800c50d5b1de10d34cf1a729d2e4b9c7e14e723aac2f27150034dbd08207 CVE-2024-21678,0,0,644543e109adebdec8df004a77a478b56ad9337774b4affa63ec566a5c71b600,2024-02-20T19:50:53.960000 CVE-2024-2168,0,0,9533aee0fa894b709d02bacd21a067602f01632e9c1f0767fc5c7810721ba618,2024-03-05T13:41:01.900000 CVE-2024-21682,0,0,1288e7fcafeb10f9c77b4c5fb0257836d3b58742132134582c107bf83b3369e6,2024-02-20T19:50:53.960000 +CVE-2024-2172,1,1,f9e62ca777313f84e7166469bd69b438ef68aa1a9255cf7bfa252731f2b8fe8b,2024-03-13T16:15:32.043000 CVE-2024-21722,0,0,a71b22f29ccfe20a809147af4c5ec8874c667e01e795eb398f7ab084681219c4,2024-02-29T13:49:29.390000 CVE-2024-21723,0,0,00cccf047c5bbb1475d8708d99eb77b4cc33374bfae2cd667dfa07b00a9da924,2024-02-29T13:49:29.390000 CVE-2024-21724,0,0,7877a3f1fc81de4793ea30ad2ed30804ef96511f932568d6a9e549f964c799e7,2024-02-29T13:49:29.390000 @@ -239368,9 +239477,9 @@ CVE-2024-21891,0,0,cb8571e56627caa87ef673c91152fcd88080674b3913f379f1f0ca0227546 CVE-2024-21892,0,0,e9e7cd547b9c865ef0f7d643a8d56e423d474c52d8079510bad9fcfef1233a4d,2024-02-20T19:50:53.960000 CVE-2024-21893,0,0,2d188d3c7852b895bab2eb60f33b22f9fc7e1606c5595723c82f7fae54df9f67,2024-02-01T02:00:01.187000 CVE-2024-21896,0,0,f2e89bd11f46e09b5e1cac8d09f61e5326ff446268c7f7ea5ae718519ecd8d4a,2024-02-20T19:50:53.960000 -CVE-2024-21899,0,1,bf4b237bf33a91c77058b40d96fade08e251396e11b195174268294eb6097b75,2024-03-13T14:25:02.043000 -CVE-2024-21900,0,1,9e0efba8f76d7fc5c1f969c69d5131d7964374d62b39acb7cd0658a7bc6976c3,2024-03-13T14:24:02.157000 -CVE-2024-21901,0,1,d514b8ede4fc35c9abf8f207ae94a8eda6fe74ddd0d66fd95d615a16c3d1eee1,2024-03-13T14:23:12.393000 +CVE-2024-21899,0,0,bf4b237bf33a91c77058b40d96fade08e251396e11b195174268294eb6097b75,2024-03-13T14:25:02.043000 +CVE-2024-21900,0,0,9e0efba8f76d7fc5c1f969c69d5131d7964374d62b39acb7cd0658a7bc6976c3,2024-03-13T14:24:02.157000 +CVE-2024-21901,0,0,d514b8ede4fc35c9abf8f207ae94a8eda6fe74ddd0d66fd95d615a16c3d1eee1,2024-03-13T14:23:12.393000 CVE-2024-21907,0,0,e97acedaa5fff8f35a2639917d8b0e8affd6b5d126dc549f4b2d35936c62833b,2024-01-17T15:24:07.360000 CVE-2024-21908,0,0,329abb805b48ea46c40d9625a0e5a18857ae42d6b89a82f5c3cf797095821263,2024-01-08T19:46:41.157000 CVE-2024-21909,0,0,1862a33cb8cb7c096543042cface003ed2658c185ec7603674a262510a57f13e,2024-02-08T02:15:40.883000 @@ -239379,6 +239488,7 @@ CVE-2024-21911,0,0,30b0952621022b198f37c9fc7c47e2aaa3233be56e7cd5684ca7f588e4860 CVE-2024-21915,0,0,37ba536bf668637545b4dc7be0d8e2b8dd5a196f32352bf8da3b31f0b239e591,2024-02-16T19:26:55.393000 CVE-2024-21916,0,0,9f2b20d343ff64e569a6727c28d35277f9cb0ae2a13059d88274004570b48dd2,2024-02-08T01:34:49.067000 CVE-2024-21917,0,0,f716c6e174b4d85e6dd9ac9a5c0d15320474c17d34b338ef8fe8fa8f22be68b7,2024-02-08T01:29:32.367000 +CVE-2024-2194,1,1,55e2b5afe57b2434d6502582751af248c2e19e5615b52b8fd9493e269ca58ec7,2024-03-13T16:15:32.220000 CVE-2024-21982,0,0,994386f15521161d8cc5450a9cd855c84b7920a60d3a57eb970483fe82fbbf1f,2024-01-18T20:16:20.420000 CVE-2024-21983,0,0,ded146d4808fc5f83424e373b65cdad37794b676d9611f5162836ce6d86d8bd7,2024-02-20T19:51:05.510000 CVE-2024-21984,0,0,c4d05388605f2fb7e341aa0197be1de56d0ddb669904fcfa6f2ad451633ba0ba,2024-02-20T19:51:05.510000 @@ -239559,14 +239669,17 @@ CVE-2024-22365,0,0,b09f0e3dd0fc2bf60706805e33c1f78b209416e9ed2aa43cb1cfb00b1fe90 CVE-2024-22366,0,0,430ca6193adfaa0b9afcb94c1ccbb70fbf418a97a177252da5823216c0a609df,2024-01-30T22:15:32.033000 CVE-2024-22368,0,0,6b22b40b8e4884565fa5c7d8677cdf0e0ae6419db0baf589179542cd6fadbd26,2024-02-27T04:15:06.767000 CVE-2024-22369,0,0,7c7b63ed8954532bdb73079f1af573de5dc0b6a7594719643727fa2a34696aa0,2024-02-20T19:50:53.960000 +CVE-2024-2237,1,1,02ee2e924a6459f3aa2b4611aec4502c2514f255d1f9ed5eaa942c6cc639db5b,2024-03-13T16:15:32.403000 CVE-2024-22370,0,0,13df6251176042b21f4cc7eccb2248918a53b76e3179e3ca6bd1e1e82fbd0a45,2024-01-12T19:29:18.790000 CVE-2024-22371,0,0,a7abe5853292c2cd3af3b63f14ef1ba94d0ed58157139bca2e1eafdb17740f80,2024-02-26T16:32:25.577000 CVE-2024-22372,0,0,b1b41923d4d5e3a62f9aafb5eb6f291d0486263d2806b04c051fd8c8c54bfad1,2024-01-30T22:17:49.987000 +CVE-2024-2238,1,1,2135084a9abd2ffc2f76b02a392247aa0b47a779bab86103548be0f5cd07e39a,2024-03-13T16:15:32.577000 CVE-2024-22380,0,0,fbb17e03b7392116b029e62cf5fc227ae3083f2acc9171774ca51468933ea1b7,2024-01-30T22:14:24.967000 CVE-2024-22383,0,0,bfb2bc0e688fe04df6f10c62b6d1480ba8ca08562caa2033a8d36ddf3b2a0cdf,2024-03-05T13:41:01.900000 CVE-2024-22386,0,0,9bb868760c88683007f1f54485a980666afe5aeeb8bc008d8d811fea3dbfe22d,2024-02-10T04:05:26.383000 CVE-2024-22388,0,0,da7359316abb172866812a3012c9f9fa4c74a86ab41d23e55880cf90ab42d985,2024-02-14T20:59:09.660000 CVE-2024-22389,0,0,bfd8518273b09377c10d87f8645956dc77f5658157595c42e3815805b76e24cc,2024-02-14T18:04:45.380000 +CVE-2024-2239,1,1,908ce7eeb3524e0204f8d38d1444e46bc0a640795cfeaebde5364de9e192ff3a,2024-03-13T16:15:32.750000 CVE-2024-22393,0,0,baae8029e1587725a02d8ccb1fb298e540bb69b478da7728d31a9731926e8718,2024-02-22T19:07:27.197000 CVE-2024-22394,0,0,fdf2846817bf0321d479c4aa67f29d797db24255733cd4d946cc68e44bfccdc7,2024-02-14T21:46:40.537000 CVE-2024-22395,0,0,b21f811c39a8757d126ad039f30ef550a4161900f4b964d1876a739d59a87644,2024-02-26T13:42:22.567000 @@ -239609,7 +239722,7 @@ CVE-2024-22458,0,0,fab0847e92bbf727c5b27aa7c362cf6e8ac33445a67dace1537122f2ef005 CVE-2024-22459,0,0,0f6e55dd5e86a1ba38a08c9c7a4fb2896872d396522db79869b212894fff2ef6,2024-02-28T14:06:45.783000 CVE-2024-22463,0,0,5b884681f5c1cb31ebf38842df7c3075a8e9d98da101d1e4ec4faa1ef09b6ce2,2024-03-04T15:35:25.673000 CVE-2024-22464,0,0,890f63b91e1207e51dc2d0fc686f763deb067d6410c523bfc64d52071d75be15,2024-02-15T05:03:27.617000 -CVE-2024-2247,1,1,9e85ed4f50cab3213620739fef323cb3a6fe1cce4088e46f1198fba9df000957,2024-03-13T14:28:45.217000 +CVE-2024-2247,0,0,9e85ed4f50cab3213620739fef323cb3a6fe1cce4088e46f1198fba9df000957,2024-03-13T14:28:45.217000 CVE-2024-22473,0,0,ba695bcad0bbe2cba422f3053697429916506f0f0ce55f150fe9af4a818e1f6b,2024-02-22T19:07:27.197000 CVE-2024-22490,0,0,36caaa8caefc70cd3fb65a62a9488b2446e68d14844d0a61d7baf757d2000caa,2024-01-29T22:48:35.493000 CVE-2024-22491,0,0,99c25b0ff8de89fe3ebd04368e499e7fe9b3820707560bd21fed90048934c0ad,2024-01-23T14:28:45.890000 @@ -239621,6 +239734,7 @@ CVE-2024-22497,0,0,29230860822b45470697edda9e8633f686ef5407db1ae4da323a69fb44eb5 CVE-2024-22514,0,0,6ff8271727116507c0b5c03c6c74603b371fdcebcf5b7ad7b772af39abc421dc,2024-02-13T22:09:31.440000 CVE-2024-22515,0,0,457774d8e2171d1abf71d5497a4ccd95c3c203920e8f27dbeb7bf5e203f93ada,2024-02-13T22:12:12.863000 CVE-2024-22519,0,0,a5bc3aa0e73310fa9a4268379339f3da554a6494977cad025014751f4ad6f586,2024-02-14T19:47:52.893000 +CVE-2024-2252,1,1,fa23018b57ed0ea222f22943dcedd29d26ef575540c3d6a3c4ac866943b6d8bf,2024-03-13T16:15:32.920000 CVE-2024-22520,0,0,9b6223a53e180c3295f59e3aa1be5500dd113bead8df3efd63052e10ac314b3b,2024-02-14T19:45:35.337000 CVE-2024-22523,0,0,c46fa576c9efc04bfa68e9b9b048feb02140ef1745b4ca662893a1dcd1fc7e20,2024-02-05T18:45:22.323000 CVE-2024-22529,0,0,f41d09d708d73657afdb982e616544d0858f64a9413ba7f1cfbd6a4f36b177fc,2024-01-31T18:42:44.573000 @@ -239716,6 +239830,7 @@ CVE-2024-22853,0,0,ec6a06bd931391a16658f5323e2bffe5ddc884df4aacc34598a685bd3979b CVE-2024-22854,0,0,8b8b90cd6c1c9786e2fb5396ca19284ddab9c4ff42eae4bf034495afa4860075,2024-02-16T13:37:51.433000 CVE-2024-22857,0,0,35822cc895b8c2183f09d2bfa6059f48618ac2243f7332403d34bad3a07e19d2,2024-03-07T13:52:27.110000 CVE-2024-22859,0,0,c38d48046b6f439529eec19b7bcfc26995d5809715a940d7284a20cd4fcb0ea9,2024-02-11T00:15:07.770000 +CVE-2024-2286,1,1,b2ea98d00b48cbd6dce1e6383fe7cb695745dd4a67cb7ebc5d3398d1213686ba,2024-03-13T16:15:33.090000 CVE-2024-22860,0,0,2356d6c888fca02c70325b51a39623a7535f82a709f9194a1301833cd9cbfe59,2024-02-02T23:38:02.733000 CVE-2024-22861,0,0,c89d044769ece1a7b6a075f4ae298dac300ceb86cde9ed7916956be6ce090fa7,2024-02-02T23:38:20.193000 CVE-2024-22862,0,0,8c77a453cf55f4869bcb690a30d93ebca959e1728384e14ae5102a4662e5da73,2024-02-02T23:38:28.047000 @@ -239744,6 +239859,7 @@ CVE-2024-22920,0,0,51f0129b273fb908d99bcb2eca704d4931866fa77e67457d263efd22da214 CVE-2024-22922,0,0,d6877285738dd258d8cd645c51a962a06bbe4b1287b3b0914545fc8c745d8198,2024-01-29T15:58:07.447000 CVE-2024-22923,0,0,9f25070d93f8c984230869bd1b70c3147e8429e70e55462567c03690d9c94e40,2024-02-27T17:14:38.007000 CVE-2024-22927,0,0,fdc9c506a2dc69d34982148fc12530f1da2a23db71484836eba0513444a15bb4,2024-02-02T16:15:40.137000 +CVE-2024-2293,1,1,bdbcee367faa28feed9ce95ac2e9813e3b89bf9a83b3037f197c521c5bb66079,2024-03-13T16:15:33.287000 CVE-2024-22936,0,0,45b4c82ccf4949ddff1cdb4aa72dcc2aef63e9659126ee67d80c59a24d21c3d5,2024-02-29T13:49:29.390000 CVE-2024-22938,0,0,d14c96ecc84394e0c226b15d653363af8f866fc8a362ffe8912d5673a5fc16df,2024-02-03T00:30:37.107000 CVE-2024-22939,0,0,82eb1705a79947a373dfe149f6c75b22dc866cb88984d08ea27cb07970929d09,2024-02-29T13:49:29.390000 @@ -239778,7 +239894,7 @@ CVE-2024-23120,0,0,1fdd5384a3247451b572eec50acc63b80f4302d338e02a15db81dbcc92866 CVE-2024-23121,0,0,ae89a79fcf6c313d61197ac6f338d68b00711a8ed1e7b84e5d9691d517b9b085,2024-03-13T03:15:06.320000 CVE-2024-23122,0,0,53a6a7f808f40f9f8ccc6c9426a05387fb59e2867d6b512f9c97f02c17acdf90,2024-03-13T03:15:06.390000 CVE-2024-23123,0,0,80a373f3449c95eb380a5a70c0b7efa82991d89500c1ac1323995b54768d154d,2024-03-13T03:15:06.443000 -CVE-2024-23124,0,0,56048d8302ab3695b58e020a7eb18f0d2b8dc1b68eefecfcc360f895576970e0,2024-02-22T19:07:27.197000 +CVE-2024-23124,0,1,310e8c4cd574e0a0147b3ffefdbfe36a36709549adc5926c84549e0d2e3d6fc7,2024-03-13T15:15:50.783000 CVE-2024-23125,0,0,f0886c546f6144b586ec7d77c24ce27baa331af9d054edd3d089f488c8104eca,2024-02-22T19:07:27.197000 CVE-2024-23126,0,0,666918a0ca84f08874fe358fd5d9bf3144bedf47c3e33be48b17577bb7f4f2db,2024-02-22T19:07:27.197000 CVE-2024-23127,0,0,2d521f5a343df02dc3f877aab29c287159cff9cd757b67a1b3fb2b3cdb44ffa7,2024-02-22T19:07:27.197000 @@ -240030,6 +240146,7 @@ CVE-2024-23655,0,0,b4fe4299d47f9606e4fc07c80e04bb15761ba2650f126678feb918b4172cc CVE-2024-23656,0,0,695cb145f7353545c42b021c49ddb6b311a4d25b9fa1e7632b8b33e1235c65fb,2024-01-31T23:26:14.650000 CVE-2024-23659,0,0,236290b059375e8b7040b3505591889202adcca1fe58c9cff8e0844cbcf32583,2024-01-25T14:58:22.470000 CVE-2024-23660,0,0,1b2c29c1f9877409e81cc31263cb621728177876460bb697b8348507998614a6,2024-02-15T16:01:29.370000 +CVE-2024-23672,1,1,2ca8a75c912c17f0bdee0e2a06dfdbcc643e2d0d01831199ca900612ef8c420b,2024-03-13T16:15:29.287000 CVE-2024-23673,0,0,11a42dc617628e4138314e2a3d8d0f02b60cec9315a80bc3284ec5f1547fd09f,2024-02-14T00:26:41.517000 CVE-2024-23674,0,0,6ff4eec4bc6bf37404ee9cc16207f5af57bda7bc987c56668d0793a7a9ea14ad,2024-02-16T13:37:55.033000 CVE-2024-23675,0,0,9efb5b028640b8fde323c67b79c038267e86921347cc160dc2b8176c1daa7239,2024-01-29T18:04:13.527000 @@ -240351,6 +240468,7 @@ CVE-2024-24525,0,0,13b50b322b70c1ba78c523473a9882b44cc13b59455e3e47dd336806a91a1 CVE-2024-24528,0,0,184f3e16e059f6b990b79bbe85c13104f1b7059f71d8a1713060531c24aa2c42,2024-02-26T19:15:07.247000 CVE-2024-24543,0,0,f516e88d85199344e1e2c4ae69468b4de7248951f71da4710fc97171a286ff1a,2024-02-14T17:13:32.827000 CVE-2024-24548,0,0,9dbe1af5af4a9b865bf88b2a305b739ac231a7ce95c9c8ed04344b3144708c91,2024-02-08T18:53:14.107000 +CVE-2024-24549,1,1,228f8d3b25e59c07d10bf6f44e1228e49cc90e0ca2b97c3892ec29f768ef028b,2024-03-13T16:15:29.373000 CVE-2024-24556,0,0,5eadc80f5e2b4d40f2247a29eb7c2aa8b2d9f2f191f8cfe4f491f2d184a6cbe7,2024-02-06T19:24:46.810000 CVE-2024-24557,0,0,803986686a1d77830cb33582e01547bf1b4ed013f71e8dbf2a84322efe6db933,2024-02-09T20:21:32.970000 CVE-2024-24558,0,0,e1e4d32f901535a55c2f6412106d8d6d972ab259b4d2d031ab0a6368463e0518,2024-02-06T19:35:24.230000 @@ -240556,8 +240674,11 @@ CVE-2024-25089,0,0,5efabd2c26974f37d1846cb1668b5b36df31dff51c549d5b8d4c512bfb0c7 CVE-2024-25091,0,0,01b357047b564e780ed13b7e87b2fb8ec79ae12ad4e744cc9437e3dc74a94964,2024-03-01T14:04:04.827000 CVE-2024-25093,0,0,c29d732f68144a1dd5d537415c8d51940073ac1e6ff114431aa6a52d78b263f0,2024-02-29T13:49:29.390000 CVE-2024-25094,0,0,6ba9f5c53aa4aac51446efc522144ae35e985d8a070a664685b43e0df39aa007,2024-02-29T13:49:29.390000 +CVE-2024-25097,1,1,26a61e635459869e983b1d52300e720e444be29e8739fa9fa2184f6b39ad23b0,2024-03-13T16:15:29.450000 CVE-2024-25098,0,0,028b98ef9a2084a8173d1d38eecdc4136ac8af6138dca7ba8312806912dc26e0,2024-02-29T13:49:29.390000 +CVE-2024-25099,1,1,946e899c3c60a1fe32cb2c8cde51312e06c704cf308f52c9b1f609affd872412,2024-03-13T16:15:29.650000 CVE-2024-25100,0,0,768355855b6b247c2464ac263f2f7d717e09a027676015cb2401f9712d1a8577,2024-02-12T14:20:03.287000 +CVE-2024-25101,1,1,0a003a1fcfde3271d56cc7d2d31460c9477f27e62fafaa0da97adfaa08106732,2024-03-13T16:15:29.847000 CVE-2024-25102,0,0,8fcdf5d18cf63fdbf4ede60084b1f1c517062ad69eb75a3da618391a6173a139,2024-03-06T15:18:08.093000 CVE-2024-25103,0,0,c335cf5a4a2ec9c3ddce8df2d0a5644939ecfc5378f640418bfaf0d91c4144cb,2024-03-06T15:18:08.093000 CVE-2024-25106,0,0,8dd509f504f26480381227e2c04ae3a9349d520b35ffd468656ee448e39af1bb,2024-02-15T18:53:44.707000 @@ -240594,6 +240715,9 @@ CVE-2024-25149,0,0,856ef5072cd231e615043a37110add07ae1c11df31020a760fa99bb7b5155 CVE-2024-25150,0,0,a1b445b4feba1ddab27223ba85cb6cb7a3839ee111a847a234e925eaf7866dca,2024-02-20T19:50:53.960000 CVE-2024-25151,0,0,d25ac696be566034afe69a4bd3efe8a41ed7f3f94ce2b749716018043c4d4dd0,2024-02-22T19:07:37.840000 CVE-2024-25152,0,0,d2b7fc6b45886d0a5a3f2cc9660183e19b76bf6d358dba96897768fd1b59e182,2024-02-22T19:07:37.840000 +CVE-2024-25153,1,1,95041ef732852fa6a22329c15854ff339bf709b32d27d0a99c0f84798c96cf61,2024-03-13T15:15:50.913000 +CVE-2024-25154,1,1,a73aebceca1e29ffb9d99f542578adff17dc86b01f8195c553355aa8c2037858,2024-03-13T15:15:51.307000 +CVE-2024-25155,1,1,7644a818fb1d635bf1266a62f32ebadc0b8d7919fd13eceb9fb7ca9151423a46,2024-03-13T15:15:51.700000 CVE-2024-25164,0,0,cb09965552a1f390f4064031a22c4e145a720dca523f49b901fb7b90f192d036,2024-03-05T13:41:01.900000 CVE-2024-25165,0,0,416a8b518b9c4a5742bbec94408d835314b2b53d43ae0a8909f15e16fbbd1a92,2024-02-15T06:23:39.303000 CVE-2024-25166,0,0,129a95ebe90cc2b383c4fe37f7a5c2e5cdcb882bd64dbe64af9759fbd5ff754c,2024-02-27T14:20:06.637000 @@ -241051,7 +241175,8 @@ CVE-2024-26625,0,0,29adc757db465c6ac28ab5a88b8651fe2f2af6ed70ecfb37d6743e85b92b5 CVE-2024-26626,0,0,68a2643258cb97224efc16dc60483f33ca3a855ac7fa2e11723b43938a59d59d,2024-03-06T15:18:08.093000 CVE-2024-26627,0,0,9c09d4f73dbc04e8bf693f2b91f36043cf32b88ec1b0ffef850696b2f5157e34,2024-03-06T15:18:08.093000 CVE-2024-26628,0,0,42dfef900a5a3b235123f4b602a0e59569ae0b50c5a44e59039017e264e71923,2024-03-06T15:18:08.093000 -CVE-2024-26629,1,1,a8a1fa974201393ac548df2735f5100bbd51b57e895a6e88b4a1674396c6f867,2024-03-13T14:28:45.217000 +CVE-2024-26629,0,0,a8a1fa974201393ac548df2735f5100bbd51b57e895a6e88b4a1674396c6f867,2024-03-13T14:28:45.217000 +CVE-2024-26630,1,1,5a279c1ace1609b13d2158bebaff8bf456d948d64c6b4a04373f7bf1470eb24b,2024-03-13T16:15:30.047000 CVE-2024-27081,0,0,47d3ae55f3dd6ab1587375b5a2b7c0ac715515add555c3e7f6d75a8a181b7509,2024-02-26T22:10:40.463000 CVE-2024-27083,0,0,7bbff1c1de69dd1832a650b6712070018b44593bcae8cda4ed320989a44fd4d0,2024-02-29T13:49:29.390000 CVE-2024-27084,0,0,9d9dc56eb44342ebdf65f8df5857c4a42b535ee96f2998cb21e8400366ec79c8,2024-02-26T18:15:07.920000 @@ -241131,6 +241256,7 @@ CVE-2024-27355,0,0,0b9031e2eb548ad12d2d9e0065d270364951139eb9b910f1e5678f52ec438 CVE-2024-27356,0,0,2464f4bdc7cd759969915038df7055199f0bd02c6d9b1a8ceb85c7588507e9ba,2024-02-27T14:20:06.637000 CVE-2024-27359,0,0,45c452c4a5013555c154282328f794ae0e5bd9c68f52a53f3747792eec7b2661,2024-02-26T16:32:25.577000 CVE-2024-27440,0,0,f656cf3f867b554b4acbc17eee670f16835e4e41b3c8da203b1b487ef7d6f2b3,2024-03-13T12:33:51.697000 +CVE-2024-27441,1,1,e840685b8600bbca2bd5265ffc2375dd0e1834727afca845fa72402578217a21,2024-03-13T15:15:52.083000 CVE-2024-27444,0,0,a237f36c45a82911cb697384887c7b89bc1c2ea038ffd45f33470a0acaad42ea,2024-02-26T16:32:25.577000 CVE-2024-27447,0,0,cb57e8d03df573cd861f28c33cc0f260471c72de24ec7e9c3037c0509931fb18,2024-02-26T16:32:25.577000 CVE-2024-27454,0,0,420cb9ec3b08ac5a96e141e933952328f4cf525758241b7fd36981eea8d7ea27,2024-02-26T16:32:25.577000 @@ -241261,19 +241387,32 @@ CVE-2024-28239,0,0,faccbe471f1ae24e1ff85c8426d7d0f8447bb8e496567a24af19b5962ca5e CVE-2024-28338,0,0,9985a0b99abb928b9c829cb29ecce6039c07964aad6d9841c1477c6680f4f9b5,2024-03-12T17:46:17.273000 CVE-2024-28339,0,0,06a7f15d55f22a965683bef17c82587bc073ddf9fa5edb33c38c4cd82d5f37f7,2024-03-12T17:46:17.273000 CVE-2024-28340,0,0,89775fa07d73d115a7392603111ecb04f65799be74b8d41063e67ed0eb97d0cf,2024-03-12T17:46:17.273000 -CVE-2024-28429,1,1,caaa64487b84149266e9e941a72e13f93e6070c94b1fe7355fb56db4eb5b2161,2024-03-13T14:28:45.217000 -CVE-2024-28430,1,1,bf34fb49e742ebf9176808c1e05b7467ed1662a29a5c18afe29f976454928e37,2024-03-13T14:28:45.217000 -CVE-2024-28431,1,1,148c6be422e12f315897bdd57f5208c74e8137e452c7019eafe29f97f527c418,2024-03-13T14:28:45.217000 -CVE-2024-28432,1,1,4bc8c3df18623e8712ef966fb24c80f6754436b2eb6a0c14d5d3c56f5a161090,2024-03-13T14:28:45.217000 +CVE-2024-28429,0,0,caaa64487b84149266e9e941a72e13f93e6070c94b1fe7355fb56db4eb5b2161,2024-03-13T14:28:45.217000 +CVE-2024-28430,0,0,bf34fb49e742ebf9176808c1e05b7467ed1662a29a5c18afe29f976454928e37,2024-03-13T14:28:45.217000 +CVE-2024-28431,0,0,148c6be422e12f315897bdd57f5208c74e8137e452c7019eafe29f97f527c418,2024-03-13T14:28:45.217000 +CVE-2024-28432,0,0,4bc8c3df18623e8712ef966fb24c80f6754436b2eb6a0c14d5d3c56f5a161090,2024-03-13T14:28:45.217000 CVE-2024-28535,0,0,05b59fc574e3ec1a67ffae1023c5999e94849ce19d6ee2f539dda71a994d8b6c,2024-03-12T16:02:33.900000 CVE-2024-28553,0,0,805b633f3af1b0b015d2f8e90520174ed99391ad33f4ee744bfc3e783d7c9257,2024-03-12T16:02:33.900000 CVE-2024-28623,0,0,81bda7f177219bd08e3dc69b11f4157e89434624cca7692be3ee54e609ec67e1,2024-03-13T12:33:51.697000 -CVE-2024-28665,1,1,15ff1802f077648abfb71685745562ccf344af547e52cbd5425e81cbe36cae7e,2024-03-13T14:28:45.217000 -CVE-2024-28666,1,1,5e800cca159186be28f29e1824df7439f0dc92c267c794010b9aa154f3d0c123,2024-03-13T14:28:45.217000 -CVE-2024-28667,1,1,8609dc77a902b440c3c0b00b00f201e51c1c73cdced91bd71fb67881bef0f7c4,2024-03-13T14:28:45.217000 -CVE-2024-28668,1,1,65a29caf5b71117b1cce25b65c8664819afcc14bdf91a02551c6fded7b63dc1d,2024-03-13T14:28:45.217000 -CVE-2024-28675,1,1,51ddbc570347f1bc46400a82ce4efee63205279279869d4b97e9ad27ef539200,2024-03-13T14:28:45.217000 -CVE-2024-28684,1,1,df89c702874c46527da5dc5bf33ec252c05a69f53466623f5ca04f0566a6cd25,2024-03-13T14:28:45.217000 +CVE-2024-28665,0,0,15ff1802f077648abfb71685745562ccf344af547e52cbd5425e81cbe36cae7e,2024-03-13T14:28:45.217000 +CVE-2024-28666,0,0,5e800cca159186be28f29e1824df7439f0dc92c267c794010b9aa154f3d0c123,2024-03-13T14:28:45.217000 +CVE-2024-28667,0,0,8609dc77a902b440c3c0b00b00f201e51c1c73cdced91bd71fb67881bef0f7c4,2024-03-13T14:28:45.217000 +CVE-2024-28668,0,0,65a29caf5b71117b1cce25b65c8664819afcc14bdf91a02551c6fded7b63dc1d,2024-03-13T14:28:45.217000 +CVE-2024-28669,1,1,dbaa1c88f346377ac8d3994feb6e1173baf79d793ed06029dfd3ee078736d458,2024-03-13T16:15:30.100000 +CVE-2024-28670,1,1,2948b97843aae49086c7b900bd8f93c2b909b58991dded014de23ae4392bfd57,2024-03-13T16:15:30.147000 +CVE-2024-28671,1,1,af9ed03aa3d7f5438d0bd6bcf91ba8489df8dd598ec9b454c7855c7e4260b574,2024-03-13T16:15:30.197000 +CVE-2024-28672,1,1,63181bbcf841f060443d2d88afeac5d6d26d9d52d42c4ed0c52ca1de91e62a49,2024-03-13T16:15:30.247000 +CVE-2024-28673,1,1,aed9e0d2923579eac4861965f7409ed74394a68a170f34e083ab9903edd5f0fb,2024-03-13T16:15:30.297000 +CVE-2024-28675,0,0,51ddbc570347f1bc46400a82ce4efee63205279279869d4b97e9ad27ef539200,2024-03-13T14:28:45.217000 +CVE-2024-28676,1,1,fc28b510d42bf4c8c7386bc8d24f7fad6799ca7858a22835ceef565f0d585cdf,2024-03-13T16:15:30.347000 +CVE-2024-28677,1,1,c1f4a84c009d21ef85fd559800ce44cd6045a7661a068aec7a65e0d0c8540109,2024-03-13T16:15:30.390000 +CVE-2024-28678,1,1,21468cd05ecaa1ebb62389aafcd79513007899d69ff92372656b1fd156a72f00,2024-03-13T16:15:30.440000 +CVE-2024-28679,1,1,64ca5786bbc82fa008f8ffd48d2c568933ab776b2d815f65b76f470ecb36c33f,2024-03-13T16:15:30.483000 +CVE-2024-28680,1,1,fcb4cb74783274444041444e1e65d720d29ccbebbbb382ac9f84b6e7a8516900,2024-03-13T16:15:30.530000 +CVE-2024-28681,1,1,56c6811c37c6579a36653972b1bf61f55f2d1c0778fab6676d1c2c5ae34aba98,2024-03-13T16:15:30.570000 +CVE-2024-28682,1,1,c467ef954cd763bffcf2cb3276a864e9d578a7263a40d7330dd283f759864378,2024-03-13T16:15:30.620000 +CVE-2024-28683,1,1,76f3f28fe173e5386e78799c738e5c879121e8289790fa550c507bda667ba223,2024-03-13T16:15:30.667000 +CVE-2024-28684,0,0,df89c702874c46527da5dc5bf33ec252c05a69f53466623f5ca04f0566a6cd25,2024-03-13T14:28:45.217000 CVE-2024-28753,0,0,73ca850c1b6879daba607bc61d7d16457b56173a47004b8bff799b514a526c36,2024-03-11T01:32:39.697000 CVE-2024-28754,0,0,9281349f951cf3fa92b3f484f1e5f3e3b9f20229dcabe6872ba34e9bebaf3b2c,2024-03-11T01:32:39.697000 CVE-2024-28757,0,0,2ea8a9bd701b62a4c7d927e860f5361b09b4376e3bc3bbb014ff5d4ca725cec6,2024-03-11T01:32:29.610000