From 67d727bd3b903defa061ed5ac9da78b6488f234f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 16 Dec 2024 17:04:17 +0000 Subject: [PATCH] Auto-Update: 2024-12-16T17:00:55.175005+00:00 --- CVE-2023/CVE-2023-514xx/CVE-2023-51440.json | 52 ++--- CVE-2024/CVE-2024-00xx/CVE-2024-0034.json | 92 +++++++- CVE-2024/CVE-2024-00xx/CVE-2024-0035.json | 95 +++++++- CVE-2024/CVE-2024-00xx/CVE-2024-0036.json | 95 +++++++- CVE-2024/CVE-2024-109xx/CVE-2024-10972.json | 56 +++++ CVE-2024/CVE-2024-113xx/CVE-2024-11371.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12089.json | 56 +++++ CVE-2024/CVE-2024-120xx/CVE-2024-12090.json | 56 +++++ CVE-2024/CVE-2024-120xx/CVE-2024-12091.json | 56 +++++ CVE-2024/CVE-2024-120xx/CVE-2024-12092.json | 56 +++++ CVE-2024/CVE-2024-126xx/CVE-2024-12653.json | 141 ++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12654.json | 141 ++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12668.json | 56 +++++ CVE-2024/CVE-2024-281xx/CVE-2024-28173.json | 63 +++++- CVE-2024/CVE-2024-281xx/CVE-2024-28174.json | 62 +++++- CVE-2024/CVE-2024-282xx/CVE-2024-28228.json | 62 +++++- CVE-2024/CVE-2024-282xx/CVE-2024-28229.json | 62 +++++- CVE-2024/CVE-2024-282xx/CVE-2024-28230.json | 62 +++++- CVE-2024/CVE-2024-28xx/CVE-2024-2874.json | 104 ++++++++- CVE-2024/CVE-2024-298xx/CVE-2024-29880.json | 62 +++++- CVE-2024/CVE-2024-311xx/CVE-2024-31134.json | 62 +++++- CVE-2024/CVE-2024-311xx/CVE-2024-31136.json | 62 +++++- CVE-2024/CVE-2024-311xx/CVE-2024-31139.json | 62 +++++- CVE-2024/CVE-2024-311xx/CVE-2024-31140.json | 62 +++++- CVE-2024/CVE-2024-353xx/CVE-2024-35300.json | 61 ++++- CVE-2024/CVE-2024-353xx/CVE-2024-35301.json | 62 +++++- CVE-2024/CVE-2024-353xx/CVE-2024-35302.json | 62 +++++- CVE-2024/CVE-2024-363xx/CVE-2024-36362.json | 90 +++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36363.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36364.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36365.json | 90 +++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36366.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36367.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36368.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36369.json | 83 ++++++- CVE-2024/CVE-2024-363xx/CVE-2024-36370.json | 83 ++++++- CVE-2024/CVE-2024-372xx/CVE-2024-37251.json | 56 +++++ CVE-2024/CVE-2024-432xx/CVE-2024-43234.json | 56 +++++ CVE-2024/CVE-2024-48xx/CVE-2024-4835.json | 106 ++++++++- CVE-2024/CVE-2024-497xx/CVE-2024-49775.json | 100 +++++++++ CVE-2024/CVE-2024-542xx/CVE-2024-54229.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54249.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54257.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54279.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54280.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54283.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54284.json | 56 +++++ CVE-2024/CVE-2024-542xx/CVE-2024-54285.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54331.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54332.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54348.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54352.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54353.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54354.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54355.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54356.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54357.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54358.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54359.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54360.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54361.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54363.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54364.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54365.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54366.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54367.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54368.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54369.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54370.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54372.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54373.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54374.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54375.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54376.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54378.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54379.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54380.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54382.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54384.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54385.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54386.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54387.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54388.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54389.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54390.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54391.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54392.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54393.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54394.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54395.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54396.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54397.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54398.json | 56 +++++ CVE-2024/CVE-2024-543xx/CVE-2024-54399.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54400.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54401.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54402.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54403.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54404.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54405.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54406.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54407.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54408.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54409.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54410.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54411.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54412.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54413.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54414.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54415.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54416.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54417.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54418.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54419.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54420.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54421.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54422.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54423.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54424.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54425.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54426.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54427.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54428.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54429.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54430.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54431.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54432.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54433.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54434.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54435.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54436.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54437.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54438.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54439.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54440.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54441.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54442.json | 56 +++++ CVE-2024/CVE-2024-544xx/CVE-2024-54443.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55972.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55973.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55974.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55976.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55977.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55978.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55979.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55980.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55981.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55982.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55986.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55987.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55988.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55989.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55990.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55992.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55993.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55994.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55996.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55998.json | 56 +++++ CVE-2024/CVE-2024-559xx/CVE-2024-55999.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56001.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56003.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56004.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56005.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56007.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56009.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56011.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56012.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56013.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56015.json | 56 +++++ CVE-2024/CVE-2024-560xx/CVE-2024-56074.json | 39 +++- CVE-2024/CVE-2024-560xx/CVE-2024-56082.json | 39 +++- CVE-2024/CVE-2024-560xx/CVE-2024-56084.json | 39 +++- CVE-2024/CVE-2024-560xx/CVE-2024-56085.json | 39 +++- CVE-2024/CVE-2024-560xx/CVE-2024-56086.json | 39 +++- CVE-2024/CVE-2024-560xx/CVE-2024-56087.json | 39 +++- CVE-2024/CVE-2024-561xx/CVE-2024-56112.json | 39 +++- README.md | 75 +++++-- _state.csv | 234 ++++++++++++++++---- 178 files changed, 10527 insertions(+), 226 deletions(-) create mode 100644 CVE-2024/CVE-2024-109xx/CVE-2024-10972.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12089.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12090.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12091.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12092.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12653.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12654.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12668.json create mode 100644 CVE-2024/CVE-2024-372xx/CVE-2024-37251.json create mode 100644 CVE-2024/CVE-2024-432xx/CVE-2024-43234.json create mode 100644 CVE-2024/CVE-2024-497xx/CVE-2024-49775.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54229.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54249.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54257.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54279.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54280.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54283.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54284.json create mode 100644 CVE-2024/CVE-2024-542xx/CVE-2024-54285.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54331.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54332.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54348.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54352.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54353.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54354.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54355.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54356.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54357.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54358.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54359.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54360.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54361.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54363.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54364.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54365.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54366.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54367.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54368.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54369.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54370.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54372.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54373.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54374.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54375.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54376.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54378.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54379.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54380.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54382.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54384.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54385.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54386.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54387.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54388.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54389.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54390.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54391.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54392.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54393.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54394.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54395.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54396.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54397.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54398.json create mode 100644 CVE-2024/CVE-2024-543xx/CVE-2024-54399.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54400.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54401.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54402.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54403.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54404.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54405.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54406.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54407.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54408.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54409.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54410.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54411.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54412.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54413.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54414.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54415.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54416.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54417.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54418.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54419.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54420.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54421.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54422.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54423.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54424.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54425.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54426.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54427.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54428.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54429.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54430.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54431.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54432.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54433.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54434.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54435.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54436.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54437.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54438.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54439.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54440.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54441.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54442.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54443.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55972.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55973.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55974.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55976.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55977.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55978.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55979.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55980.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55981.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55982.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55986.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55987.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55988.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55989.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55990.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55992.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55993.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55994.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55996.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55998.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55999.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56001.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56003.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56004.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56005.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56007.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56009.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56011.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56012.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56013.json create mode 100644 CVE-2024/CVE-2024-560xx/CVE-2024-56015.json diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51440.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51440.json index ff518c9bdd0..944c3596e12 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51440.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51440.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51440", "sourceIdentifier": "productcert@siemens.com", "published": "2024-02-13T09:15:46.830", - "lastModified": "2024-11-21T08:38:07.353", - "vulnStatus": "Modified", + "lastModified": "2024-12-16T15:17:29.160", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -90,9 +90,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:cp_343-1_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "BCBBA47B-610F-4226-83DB-D9D246D12274" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C100D7C1-EAD2-455D-8A72-5BBBD85F2F77" } ] }, @@ -101,9 +101,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:cp_343-1:-:*:*:*:*:*:*:*", - "matchCriteriaId": "7750ADFE-975A-4996-97AF-564E92DBC2E1" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "611E1F0F-D55F-4F40-87A0-4783876182B0" } ] } @@ -117,9 +117,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8DFF3729-82F1-42AD-AE58-D0E5216E7148" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE2A18E2-F88F-4DC1-81E9-AC836C85A248" } ] }, @@ -128,9 +128,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:cp_343-1_lean:-:*:*:*:*:*:*:*", - "matchCriteriaId": "482D477B-0087-4531-9B69-0B3E13BE608C" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "065874F0-45A3-45D8-8EAC-657B04567570" } ] } @@ -144,9 +144,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "E5941347-0E16-41D1-BC6C-4FC62916F20F" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C04E90BF-FA49-40B2-AEA2-A64A6E5A8B77" } ] }, @@ -155,9 +155,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*", - "matchCriteriaId": "C04E90BF-FA49-40B2-AEA2-A64A6E5A8B77" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E5941347-0E16-41D1-BC6C-4FC62916F20F" } ] } @@ -171,9 +171,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "98B87B82-1949-498F-A922-8DF26B9F6414" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*", + "matchCriteriaId": "31A4A9A6-25FF-4FEF-8081-E827CCC87FAF" } ] }, @@ -182,9 +182,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*", - "matchCriteriaId": "31A4A9A6-25FF-4FEF-8081-E827CCC87FAF" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98B87B82-1949-498F-A922-8DF26B9F6414" } ] } diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0034.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0034.json index 3f1d7ff1174..d64f7b3096e 100644 --- a/CVE-2024/CVE-2024-00xx/CVE-2024-0034.json +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0034.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0034", "sourceIdentifier": "security@android.com", "published": "2024-02-16T02:15:50.933", - "lastModified": "2024-11-21T08:45:45.523", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T16:07:35.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,22 +59,82 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0035.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0035.json index b2143f4ffff..37876d83142 100644 --- a/CVE-2024/CVE-2024-00xx/CVE-2024-0035.json +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0035.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0035", "sourceIdentifier": "security@android.com", "published": "2024-02-16T02:15:50.980", - "lastModified": "2024-11-21T08:45:45.710", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:59:54.053", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0036.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0036.json index 885cd9edd7f..4e88250cabb 100644 --- a/CVE-2024/CVE-2024-00xx/CVE-2024-0036.json +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0036.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0036", "sourceIdentifier": "security@android.com", "published": "2024-02-16T02:15:51.047", - "lastModified": "2024-11-21T08:45:45.897", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:58:38.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,22 +81,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2024-02-01", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json new file mode 100644 index 00000000000..ec837401b53 --- /dev/null +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10972", + "sourceIdentifier": "cve@rapid7.com", + "published": "2024-12-16T15:15:06.067", + "lastModified": "2024-12-16T16:15:05.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD\u00a0with a parallel thread changing the memory\u2019s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the\u00a0userspace to change page permissions half way through the routine.\u00a0 A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1", + "source": "cve@rapid7.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11371.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11371.json index b1fa3286a2b..f5b5ee074f2 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11371.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11371.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11371", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-21T11:15:26.653", - "lastModified": "2024-11-26T18:01:57.250", + "lastModified": "2024-12-16T15:53:39.657", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -60,9 +60,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:slimndap:theater:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:slimndap:theater_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "0.18.7", - "matchCriteriaId": "947799E1-BEAB-4E05-9EA0-2DFBA8FA4DEE" + "matchCriteriaId": "0964EB67-8AA4-4F43-BA45-9EBF26B7F2AD" } ] } diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json new file mode 100644 index 00000000000..4387e7ea9e0 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12089", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2024-12-16T15:15:06.250", + "lastModified": "2024-12-16T15:15:06.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json new file mode 100644 index 00000000000..0571230289c --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12090", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2024-12-16T15:15:06.393", + "lastModified": "2024-12-16T15:15:06.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json new file mode 100644 index 00000000000..de7aebcad29 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12091", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2024-12-16T15:15:06.540", + "lastModified": "2024-12-16T15:15:06.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json new file mode 100644 index 00000000000..e1a4ccc87c2 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12092", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2024-12-16T15:15:06.677", + "lastModified": "2024-12-16T15:15:06.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12653.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12653.json new file mode 100644 index 00000000000..2a028138e49 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12653.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12653", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-16T16:15:06.593", + "lastModified": "2024-12-16T16:15:06.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x22040C-NPD-DOS-15160437bb1e80228995f9a74a5c233c?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.288522", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.288522", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456026", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12654.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12654.json new file mode 100644 index 00000000000..1ac90c8c481 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12654.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12654", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-16T16:15:06.810", + "lastModified": "2024-12-16T16:15:06.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220408-NPD-DOS-15160437bb1e803e9b3df784e61c6dcd", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.288523", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.288523", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.456028", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json new file mode 100644 index 00000000000..05cbe0ea07e --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12668", + "sourceIdentifier": "cve@rapid7.com", + "published": "2024-12-16T15:15:06.807", + "lastModified": "2024-12-16T15:15:06.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability whereby an attacker can subvert code-signing facilities leading to the ability to write the value zero anywhere in memory with the driver \u2013 without using the\\nPMEM_WRITE_ENABLED compilation flag. This issue is remediated in version 4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1", + "source": "cve@rapid7.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28173.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28173.json index 70ddf2b0599..2376c4f028d 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28173.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28173.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28173", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-06T17:15:11.190", - "lastModified": "2024-11-21T09:05:57.553", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:11:43.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -49,16 +69,51 @@ "value": "CWE-201" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.4", + "matchCriteriaId": "6C6D5C05-A8BA-418F-AB16-419D2E6E947B" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28174.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28174.json index 57a0421698f..37a7ddb1620 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28174.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28174.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28174", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-06T17:15:11.397", - "lastModified": "2024-11-21T09:05:57.683", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:07:02.497", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-863" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.11.4", + "matchCriteriaId": "66B25AF5-F103-4A5C-8A39-901357131404" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28228.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28228.json index e3d6bf330d6..9a0def7e31f 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28228.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28228.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28228", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-07T12:15:46.847", - "lastModified": "2024-11-21T09:06:02.890", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:06:31.563", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-290" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.1.25893", + "matchCriteriaId": "7F7B5732-41E6-48CF-AB7F-CDA97F8EC107" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28229.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28229.json index 0c8661d3634..38a2d0ee109 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28229.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28229.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28229", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-07T12:15:47.123", - "lastModified": "2024-11-21T09:06:03.017", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:06:00.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-863" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.1.25893", + "matchCriteriaId": "7F7B5732-41E6-48CF-AB7F-CDA97F8EC107" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28230.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28230.json index c146d7541b0..4d34cc476bc 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28230.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28230.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28230", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-07T12:15:47.307", - "lastModified": "2024-11-21T09:06:03.137", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:05:43.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.1.25893", + "matchCriteriaId": "7F7B5732-41E6-48CF-AB7F-CDA97F8EC107" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2874.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2874.json index 6f3f4a874ef..eb0255e60a6 100644 --- a/CVE-2024/CVE-2024-28xx/CVE-2024-2874.json +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2874.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2874", "sourceIdentifier": "cve@gitlab.com", "published": "2024-05-23T07:15:08.463", - "lastModified": "2024-11-21T09:10:43.743", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:16:54.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,24 +69,96 @@ "value": "CWE-770" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionEndExcluding": "16.10.6", + "matchCriteriaId": "D32468B2-9ED8-4D66-90E3-DC5F9CAEB1A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "16.10.6", + "matchCriteriaId": "75F6F9C5-BA57-4BB3-851E-A771C0562683" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.11.0", + "versionEndExcluding": "16.11.3", + "matchCriteriaId": "D2461BDD-0006-45A1-B49B-1761CC52BD04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.11.0", + "versionEndExcluding": "16.11.3", + "matchCriteriaId": "B9E351A7-5B4B-4043-8EC2-D9B58488ACE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*", + "matchCriteriaId": "4B294023-4020-405B-907C-F7F20DFAD3A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "5881525D-CFD4-43AA-9B1E-8C1221772BC3" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451911", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://hackerone.com/reports/2426166", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451911", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://hackerone.com/reports/2426166", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-298xx/CVE-2024-29880.json b/CVE-2024/CVE-2024-298xx/CVE-2024-29880.json index 4b6ad238302..7eb1a02b217 100644 --- a/CVE-2024/CVE-2024-298xx/CVE-2024-29880.json +++ b/CVE-2024/CVE-2024-298xx/CVE-2024-29880.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29880", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-21T14:15:10.077", - "lastModified": "2024-11-21T09:08:32.270", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:37:50.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-749" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.11", + "matchCriteriaId": "14BE4ADE-D80E-4842-B209-DB14117D955E" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31134.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31134.json index cab936adbe7..a9b3afd3230 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31134.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31134.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31134", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-28T15:15:46.973", - "lastModified": "2024-11-21T09:12:54.013", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:53:28.913", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-863" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.03", + "matchCriteriaId": "77D8DE57-62BD-4043-837F-28C87A1596B4" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31136.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31136.json index 0cd6c54a448..e8eb67282db 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31136.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31136.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31136", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-28T15:15:47.413", - "lastModified": "2024-11-21T09:12:54.277", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:54:25.227", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-1288" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.03", + "matchCriteriaId": "77D8DE57-62BD-4043-837F-28C87A1596B4" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31139.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31139.json index 3e0cacae486..ba3883a5599 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31139.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31139.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31139", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-28T15:15:48.060", - "lastModified": "2024-11-21T09:12:54.670", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:56:36.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.7, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-611" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.03", + "matchCriteriaId": "77D8DE57-62BD-4043-837F-28C87A1596B4" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31140.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31140.json index 40e8465cb3a..ebbd176ba84 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31140.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31140.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31140", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-03-28T15:15:48.273", - "lastModified": "2024-11-21T09:12:54.793", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:58:11.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-1288" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.03", + "matchCriteriaId": "77D8DE57-62BD-4043-837F-28C87A1596B4" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35300.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35300.json index 4097bf9d033..c4ad3990590 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35300.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35300.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35300", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-16T11:15:47.720", - "lastModified": "2024-11-21T09:20:06.460", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:48:36.930", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,16 +69,49 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:2024.03:*:*:*:*:*:*:*", + "matchCriteriaId": "B765D7FE-103D-4858-A618-A60140C6B05A" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35301.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35301.json index 7feb27f8127..20e18660480 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35301.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35301.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35301", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-16T11:15:47.947", - "lastModified": "2024-11-21T09:20:06.590", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:51:28.007", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-280" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.03.1", + "matchCriteriaId": "D71910D8-B104-4713-91FB-3F914EE1D3EB" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35302.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35302.json index f20cfc35486..f09698e30b5 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35302.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35302.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35302", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-16T11:15:48.160", - "lastModified": "2024-11-21T09:20:06.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:42:19.513", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,16 +69,50 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.11", + "matchCriteriaId": "14BE4ADE-D80E-4842-B209-DB14117D955E" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36362.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36362.json index 3a22d5bdbd4..1e5da14b336 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36362.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36362.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36362", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:22.033", - "lastModified": "2024-11-21T09:22:01.590", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:41:48.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,16 +69,78 @@ "value": "CWE-23" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.03", + "versionEndExcluding": "2024.03.2", + "matchCriteriaId": "F35C03CA-A940-44F7-8144-E5AFEA4BB9E0" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36363.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36363.json index 434018fbaa3..3338a0de82c 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36363.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36363.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36363", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:22.360", - "lastModified": "2024-11-21T09:22:01.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:41:02.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36364.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36364.json index 7fe3a17f2dc..953742b60aa 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36364.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36364.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36364", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:22.637", - "lastModified": "2024-11-21T09:22:01.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:40:49.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-863" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36365.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36365.json index 15ab4267978..a95e7368348 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36365.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36365.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36365", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:22.907", - "lastModified": "2024-11-21T09:22:01.980", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:52:04.303", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 } ] }, @@ -49,16 +69,78 @@ "value": "CWE-863" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.03", + "versionEndExcluding": "2024.03.2", + "matchCriteriaId": "F35C03CA-A940-44F7-8144-E5AFEA4BB9E0" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36366.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36366.json index 5fa94c70d12..1942e704dfb 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36366.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36366.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36366", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:23.123", - "lastModified": "2024-11-21T09:22:02.117", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:52:21.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36367.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36367.json index 46e68252668..e291f3c3ba5 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36367.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36367.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36367", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:23.343", - "lastModified": "2024-11-21T09:22:02.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:15:11.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36368.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36368.json index afb674bc722..376e42f2b5d 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36368.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36368.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36368", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:23.563", - "lastModified": "2024-11-21T09:22:02.370", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:14:56.433", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36369.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36369.json index 2b95e326315..ba5dbf9622a 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36369.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36369.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36369", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:23.790", - "lastModified": "2024-11-21T09:22:02.497", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:14:39.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36370.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36370.json index 616f9a54b7c..7b645892a9c 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36370.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36370.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36370", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-05-29T14:15:24.010", - "lastModified": "2024-11-21T09:22:02.630", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:42:30.397", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,16 +69,71 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.04.7", + "matchCriteriaId": "1389D50C-E2D5-46A4-8F48-30C6638B86DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.10", + "versionEndExcluding": "2022.10.6", + "matchCriteriaId": "5AB207D5-66D1-45FC-A4D4-14DF8D30E0A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.05", + "versionEndExcluding": "2023.05.6", + "matchCriteriaId": "BB2C8303-18EC-4947-B9D2-892146CF2F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.11", + "versionEndExcluding": "2023.11.5", + "matchCriteriaId": "7E08BD03-CC4B-4BCF-A97B-A37E53D28A97" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "cve@jetbrains.com" + "source": "cve@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json b/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json new file mode 100644 index 00000000000..a3c39784b20 --- /dev/null +++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37251", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:06.970", + "lastModified": "2024-12-16T15:15:06.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-custom-fields-pro/vulnerability/wordpress-advanced-custom-fields-pro-plugin-6-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43234.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43234.json new file mode 100644 index 00000000000..7003aff34be --- /dev/null +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43234.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-43234", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.037", + "lastModified": "2024-12-16T16:15:07.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4835.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4835.json index 522b4271434..71e9310c624 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4835.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4835.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4835", "sourceIdentifier": "cve@gitlab.com", "published": "2024-05-23T07:15:09.683", - "lastModified": "2024-11-21T09:43:42.317", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-16T15:10:13.577", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.8 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 } ] }, @@ -49,24 +69,98 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.11.0", + "versionEndExcluding": "16.10.6", + "matchCriteriaId": "43BE75CB-B680-431E-A07E-093558211217" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.11.0", + "versionEndExcluding": "16.10.6", + "matchCriteriaId": "4113907A-DF93-4FCF-BA99-57B43952BDE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.11.0", + "versionEndExcluding": "16.11.3", + "matchCriteriaId": "D2461BDD-0006-45A1-B49B-1761CC52BD04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.11.0", + "versionEndExcluding": "16.11.3", + "matchCriteriaId": "B9E351A7-5B4B-4043-8EC2-D9B58488ACE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*", + "matchCriteriaId": "4B294023-4020-405B-907C-F7F20DFAD3A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "5881525D-CFD4-43AA-9B1E-8C1221772BC3" + } + ] + } + ] } ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/461328", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://hackerone.com/reports/2497024", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/461328", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://hackerone.com/reports/2497024", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json new file mode 100644 index 00000000000..2aeb69e9991 --- /dev/null +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49775", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-12-16T15:15:07.173", + "lastModified": "2024-12-16T15:15:07.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.\r\nThis could allow an unauthenticated remote attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-928984.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json new file mode 100644 index 00000000000..3681e8b10f4 --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54229", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.290", + "lastModified": "2024-12-16T16:15:07.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sv100-companion/vulnerability/wordpress-sv100-companion-plugin-2-0-02-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json new file mode 100644 index 00000000000..34247491eaf --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54249", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.430", + "lastModified": "2024-12-16T16:15:07.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-options-editor/vulnerability/wordpress-advanced-options-editor-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json new file mode 100644 index 00000000000..73be0369e8d --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54257", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.577", + "lastModified": "2024-12-16T16:15:07.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/tydskrif/vulnerability/wordpress-tydskrif-theme-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json new file mode 100644 index 00000000000..e4304c454b4 --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54279", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.717", + "lastModified": "2024-12-16T16:15:07.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-nerd-toolkit/vulnerability/wordpress-wp-nerd-toolkit-plugin-1-1-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json new file mode 100644 index 00000000000..3e5746fd2ce --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54280", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:07.880", + "lastModified": "2024-12-16T16:15:07.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-6-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json new file mode 100644 index 00000000000..de0f8e9ac0c --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54283", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.023", + "lastModified": "2024-12-16T16:15:08.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json new file mode 100644 index 00000000000..370b456f6cc --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54284", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.153", + "lastModified": "2024-12-16T16:15:08.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-sql-injection-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json new file mode 100644 index 00000000000..ef34ababde4 --- /dev/null +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54285", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.320", + "lastModified": "2024-12-16T16:15:08.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json new file mode 100644 index 00000000000..81dc437ce79 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54331", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:07.377", + "lastModified": "2024-12-16T15:15:07.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/i-plant-a-tree/vulnerability/wordpress-i-plant-a-tree-plugin-1-7-3-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json new file mode 100644 index 00000000000..f61df7d71df --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54332", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:07.547", + "lastModified": "2024-12-16T15:15:07.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-currency-exchange-rates/vulnerability/wordpress-wp-currency-exchange-rates-plugin-1-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json new file mode 100644 index 00000000000..0bed4fd53d2 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54348", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.477", + "lastModified": "2024-12-16T16:15:08.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/brand/vulnerability/wordpress-brandy-theme-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json new file mode 100644 index 00000000000..52761ea8672 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54352", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:07.707", + "lastModified": "2024-12-16T15:15:07.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sogrid/vulnerability/wordpress-sogrid-plugin-1-5-2-csrf-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json new file mode 100644 index 00000000000..2c6f44645af --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54353", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:07.867", + "lastModified": "2024-12-16T15:15:07.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hack-info/vulnerability/wordpress-hack-info-plugin-3-17-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json new file mode 100644 index 00000000000..e3e52b6c16d --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54354", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.023", + "lastModified": "2024-12-16T15:15:08.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/termin-kalender/vulnerability/wordpress-termin-kalender-plugin-0-99-47-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json new file mode 100644 index 00000000000..58782242975 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54355", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.180", + "lastModified": "2024-12-16T15:15:08.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-17-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json new file mode 100644 index 00000000000..b4a8b31d3a0 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54356", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.327", + "lastModified": "2024-12-16T15:15:08.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json new file mode 100644 index 00000000000..2acc8fd2ef7 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54357", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.617", + "lastModified": "2024-12-16T16:15:08.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-theme-7-11-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json new file mode 100644 index 00000000000..c370e19e266 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54358", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.477", + "lastModified": "2024-12-16T15:15:08.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/3d-avatar-user-profile/vulnerability/wordpress-3d-avatar-user-profile-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json new file mode 100644 index 00000000000..ffa2c4ea720 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54359", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.630", + "lastModified": "2024-12-16T15:15:08.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/banner-system/vulnerability/wordpress-banner-system-plugin-1-0-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json new file mode 100644 index 00000000000..a38f517f49e --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54360", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.793", + "lastModified": "2024-12-16T15:15:08.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gutensee/vulnerability/wordpress-gutensee-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json new file mode 100644 index 00000000000..8ab85fe531d --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54361", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:08.970", + "lastModified": "2024-12-16T15:15:08.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/instant-appointment/vulnerability/wordpress-instant-appointment-plugin-1-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json new file mode 100644 index 00000000000..6c9561dd9ee --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54363", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:09.130", + "lastModified": "2024-12-16T15:15:09.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json new file mode 100644 index 00000000000..db01bfe37db --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54364", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:09.283", + "lastModified": "2024-12-16T15:15:09.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/feedpress-generator/vulnerability/wordpress-feedpress-generator-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json new file mode 100644 index 00000000000..c7c94b96d93 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54365", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:09.437", + "lastModified": "2024-12-16T15:15:09.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/kh-easy-user-settings/vulnerability/wordpress-kh-easy-user-settings-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json new file mode 100644 index 00000000000..e90866876ad --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54366", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:09.610", + "lastModified": "2024-12-16T15:15:09.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/vimeography/vulnerability/wordpress-vimeography-plugin-2-4-4-full-path-disclosure-fpd-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json new file mode 100644 index 00000000000..2f6c8955b87 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54367", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:10.027", + "lastModified": "2024-12-16T15:15:10.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json new file mode 100644 index 00000000000..4127bc69811 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54368", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:10.223", + "lastModified": "2024-12-16T15:15:10.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/git-sync/vulnerability/wordpress-gitsync-plugin-1-1-0-csrf-to-remote-code-execution-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json new file mode 100644 index 00000000000..ea36f70dedb --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54369", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:10.410", + "lastModified": "2024-12-16T15:15:10.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ai-site-builder/vulnerability/wordpress-zita-site-builder-plugin-1-0-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json new file mode 100644 index 00000000000..9f2ed8a695c --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54370", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:10.593", + "lastModified": "2024-12-16T15:15:10.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json new file mode 100644 index 00000000000..596cceafb6c --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54372", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:10.810", + "lastModified": "2024-12-16T15:15:10.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json new file mode 100644 index 00000000000..087d08d9735 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54373", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:11.013", + "lastModified": "2024-12-16T15:15:11.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris G\u00e5rdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eduadmin-booking/vulnerability/wordpress-eduadmin-booking-plugin-5-2-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json new file mode 100644 index 00000000000..6c9fff2dc2e --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54374", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:11.200", + "lastModified": "2024-12-16T15:15:11.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sogrid/vulnerability/wordpress-sogrid-plugin-1-5-6-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json new file mode 100644 index 00000000000..b0f27acae0a --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54375", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:11.553", + "lastModified": "2024-12-16T15:15:11.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woolook/vulnerability/wordpress-woolook-plugin-1-7-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json new file mode 100644 index 00000000000..1ec14c8cf82 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54376", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.763", + "lastModified": "2024-12-16T16:15:08.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eazydocs/vulnerability/wordpress-eazydocs-plugin-2-5-4-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json new file mode 100644 index 00000000000..8dc84188af0 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54378", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:11.740", + "lastModified": "2024-12-16T15:15:11.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/quietly-insights/vulnerability/wordpress-quietly-insights-plugin-1-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json new file mode 100644 index 00000000000..de0faf38e1e --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54379", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:11.930", + "lastModified": "2024-12-16T15:15:11.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/minterpress/vulnerability/wordpress-minterpress-plugin-1-0-5-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json new file mode 100644 index 00000000000..a4009887b7b --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54380", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.123", + "lastModified": "2024-12-16T15:15:12.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-cookies-enabler/vulnerability/wordpress-wp-cookies-enabler-plugin-1-0-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json new file mode 100644 index 00000000000..416e83e6286 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54382", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.313", + "lastModified": "2024-12-16T15:15:12.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-1-5-path-traversal-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json new file mode 100644 index 00000000000..0f14a7854db --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54384", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.497", + "lastModified": "2024-12-16T15:15:12.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in eLightUp Falcon \u2013 WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon \u2013 WordPress Optimizations & Tweaks: from n/a through 2.8.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/falcon/vulnerability/wordpress-falcon-wordpress-optimizations-tweaks-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json new file mode 100644 index 00000000000..ad93376eabb --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54385", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.653", + "lastModified": "2024-12-16T15:15:12.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/radio-player/vulnerability/wordpress-radio-player-plugin-2-0-82-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json new file mode 100644 index 00000000000..e9b1548dd9b --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54386", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.837", + "lastModified": "2024-12-16T15:15:12.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/push-monkey-desktop-push-notifications/vulnerability/wordpress-push-monkey-pro-plugin-3-9-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json new file mode 100644 index 00000000000..c641552b39a --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54387", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:12.987", + "lastModified": "2024-12-16T15:15:12.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/posts-date-ranges/vulnerability/wordpress-posts-date-ranges-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json new file mode 100644 index 00000000000..3b282682071 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54388", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:13.163", + "lastModified": "2024-12-16T15:15:13.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/multiple-admin-emails/vulnerability/wordpress-multiple-admin-emails-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json new file mode 100644 index 00000000000..91ca62bf6b5 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54389", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:13.303", + "lastModified": "2024-12-16T15:15:13.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/myweather/vulnerability/wordpress-addweather-plugin-2-5-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json new file mode 100644 index 00000000000..1822fd8e3bd --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54390", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:13.467", + "lastModified": "2024-12-16T15:15:13.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/taggator/vulnerability/wordpress-taggator-plugin-1-54-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json new file mode 100644 index 00000000000..cc11de5a3be --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54391", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:13.700", + "lastModified": "2024-12-16T15:15:13.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wordpress-filter/vulnerability/wordpress-wordpress-filter-plugin-1-4-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json new file mode 100644 index 00000000000..344e661b690 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54392", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:13.873", + "lastModified": "2024-12-16T15:15:13.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP\u5fae\u4fe1\u673a\u5668\u4eba allows Stored XSS.This issue affects WP\u5fae\u4fe1\u673a\u5668\u4eba: from n/a through 5.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-weixin-robot/vulnerability/wordpress-wp-plugin-5-3-5-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json new file mode 100644 index 00000000000..aba1b1f58a3 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54393", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:14.030", + "lastModified": "2024-12-16T15:15:14.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-fiddle/vulnerability/wordpress-wp-fiddle-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json new file mode 100644 index 00000000000..b359d96a63a --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54394", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:14.220", + "lastModified": "2024-12-16T15:15:14.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/email-form-under-post/vulnerability/wordpress-mandrill-wp-plugin-1-0-5-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json new file mode 100644 index 00000000000..b870ff0f8d2 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54395", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:14.377", + "lastModified": "2024-12-16T15:15:14.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/increase-sociability/vulnerability/wordpress-increase-sociability-plugin-1-3-0-reflected-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json new file mode 100644 index 00000000000..9dee5ecec54 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54396", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:14.610", + "lastModified": "2024-12-16T15:15:14.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bet-sport-free/vulnerability/wordpress-bet-sport-free-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json new file mode 100644 index 00000000000..f73209534ce --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54397", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:14.983", + "lastModified": "2024-12-16T15:15:14.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/goanimate/vulnerability/wordpress-go-animate-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json new file mode 100644 index 00000000000..743f1799c46 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54398", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:15.153", + "lastModified": "2024-12-16T15:15:15.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flaming-forms/vulnerability/wordpress-flaming-forms-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json new file mode 100644 index 00000000000..6f9873c7440 --- /dev/null +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54399", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:15.317", + "lastModified": "2024-12-16T15:15:15.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/crudlab-google-plus/vulnerability/wordpress-crudlab-google-plus-button-plugin-1-0-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json new file mode 100644 index 00000000000..978ae516b40 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54400", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:15.587", + "lastModified": "2024-12-16T15:15:15.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/appmaps/vulnerability/wordpress-appmaps-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json new file mode 100644 index 00000000000..b3c1433114c --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54401", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:15.970", + "lastModified": "2024-12-16T15:15:15.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-fancybox/vulnerability/wordpress-advanced-fancybox-plugin-1-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json new file mode 100644 index 00000000000..f379c02bdfd --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54402", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:16.153", + "lastModified": "2024-12-16T15:15:16.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/arabic-webfonts/vulnerability/wordpress-arabic-webfonts-plugin-1-4-6-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json new file mode 100644 index 00000000000..9b410c26520 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54403", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:16.327", + "lastModified": "2024-12-16T15:15:16.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/visual-recent-posts/vulnerability/wordpress-visual-recent-posts-plugin-1-2-3-reflected-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json new file mode 100644 index 00000000000..cee1fe8e5d2 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54404", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:16.500", + "lastModified": "2024-12-16T15:15:16.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mdc-comment-toolbar/vulnerability/wordpress-mdc-comment-toolbar-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json new file mode 100644 index 00000000000..8bdaa9f813e --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54405", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:16.673", + "lastModified": "2024-12-16T15:15:16.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ect-social-share/vulnerability/wordpress-ect-social-share-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json new file mode 100644 index 00000000000..560e8aca7bd --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54406", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:17.197", + "lastModified": "2024-12-16T15:15:17.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/comments-on-feed/vulnerability/wordpress-comments-on-feed-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json new file mode 100644 index 00000000000..b851d1c5924 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54407", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:17.493", + "lastModified": "2024-12-16T15:15:17.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u968f\u610f\u7684\u98ce CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ck-and-syntaxhighlighter/vulnerability/wordpress-ck-and-syntaxhighlighter-plugin-3-4-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json new file mode 100644 index 00000000000..cfdabdf7de9 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54408", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:17.693", + "lastModified": "2024-12-16T15:15:17.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/youmax-channel-embeds-for-youtube-businesses/vulnerability/wordpress-youtube-video-grid-plugin-1-9-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json new file mode 100644 index 00000000000..36ed8dc22bf --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54409", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:17.980", + "lastModified": "2024-12-16T15:15:17.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/xpd-reduce-image-filesize/vulnerability/wordpress-xpd-reduce-image-filesize-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json new file mode 100644 index 00000000000..59d583be2e2 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54410", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:18.173", + "lastModified": "2024-12-16T15:15:18.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sopa-blackout/vulnerability/wordpress-sopa-blackout-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json new file mode 100644 index 00000000000..b2c26e0a9c9 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54411", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:18.370", + "lastModified": "2024-12-16T15:15:18.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-management-controller/vulnerability/wordpress-wp-controller-plugin-3-2-0-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json new file mode 100644 index 00000000000..c0fff108b9f --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54412", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:18.547", + "lastModified": "2024-12-16T15:15:18.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ect-product-carousel/vulnerability/wordpress-ect-product-carousel-plugin-1-9-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json new file mode 100644 index 00000000000..fd1e3a6296c --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54413", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:18.770", + "lastModified": "2024-12-16T15:15:18.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/display-future-posts/vulnerability/wordpress-display-future-posts-plugin-0-2-3-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json new file mode 100644 index 00000000000..5e7c2ad2b46 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54414", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:18.923", + "lastModified": "2024-12-16T15:15:18.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/geoportail-shortcode/vulnerability/wordpress-geoportail-shortcode-plugin-2-4-4-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json new file mode 100644 index 00000000000..bdee0cb2065 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54415", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:19.100", + "lastModified": "2024-12-16T15:15:19.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-hide-that/vulnerability/wordpress-wp-hidethat-plugin-1-2-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json new file mode 100644 index 00000000000..927eef549c1 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54416", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:19.263", + "lastModified": "2024-12-16T15:15:19.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-login-with-ajax/vulnerability/wordpress-wp-login-with-ajax-plugin-0-6-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json new file mode 100644 index 00000000000..b619e865a66 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54417", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:19.437", + "lastModified": "2024-12-16T15:15:19.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pixproof/vulnerability/wordpress-pixproof-plugin-2-0-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json new file mode 100644 index 00000000000..acfc67a7512 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54418", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:19.703", + "lastModified": "2024-12-16T15:15:19.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through 1.1.05." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dtc-documents/vulnerability/wordpress-dtc-documents-plugin-1-1-05-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json new file mode 100644 index 00000000000..7654364304a --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54419", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:19.897", + "lastModified": "2024-12-16T15:15:19.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ui-slider-filter-by-price/vulnerability/wordpress-ui-slider-filter-by-price-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json new file mode 100644 index 00000000000..956237455ac --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54420", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.100", + "lastModified": "2024-12-16T15:15:20.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/metrika/vulnerability/wordpress-metrika-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json new file mode 100644 index 00000000000..19f03af10eb --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54421", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.257", + "lastModified": "2024-12-16T15:15:20.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/floating-player/vulnerability/wordpress-floating-video-player-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json new file mode 100644 index 00000000000..9a919b7580b --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54422", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.410", + "lastModified": "2024-12-16T15:15:20.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gaowei Tang Evernote Sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through 3.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/evernote-sync/vulnerability/wordpress-evernote-sync-plugin-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json new file mode 100644 index 00000000000..782a1b1d638 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.550", + "lastModified": "2024-12-16T15:15:20.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/social-media-sharing/vulnerability/wordpress-social-media-sharing-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json new file mode 100644 index 00000000000..1f5c97d8110 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54424", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.697", + "lastModified": "2024-12-16T15:15:20.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilya Chekalskiy Like in Vk.com allows Stored XSS.This issue affects Like in Vk.com: from n/a through 0.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/like-on-vkontakte/vulnerability/wordpress-like-in-vk-com-plugin-0-5-2-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json new file mode 100644 index 00000000000..1042ab6caff --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54425", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:20.853", + "lastModified": "2024-12-16T15:15:20.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/maintenance-and-noindex-nofollow/vulnerability/wordpress-lionscripts-site-maintenance-plugin-2-1-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json new file mode 100644 index 00000000000..770610d8c26 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54426", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.000", + "lastModified": "2024-12-16T15:15:21.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leaderboard-lite/vulnerability/wordpress-leaderboard-plugin-plugin-1-2-4-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json new file mode 100644 index 00000000000..f4c468c2c71 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54427", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.140", + "lastModified": "2024-12-16T15:15:21.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/list-one-category-of-posts/vulnerability/wordpress-category-of-posts-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json new file mode 100644 index 00000000000..e79f84d9e46 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54428", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.280", + "lastModified": "2024-12-16T15:15:21.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/add-image-to-post/vulnerability/wordpress-add-image-to-post-plugin-0-6-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json new file mode 100644 index 00000000000..914806c764d --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54429", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.417", + "lastModified": "2024-12-16T15:15:21.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/aphorismus/vulnerability/wordpress-aphorismus-plugin-1-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json new file mode 100644 index 00000000000..1c4d66d1177 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54430", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.567", + "lastModified": "2024-12-16T15:15:21.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json new file mode 100644 index 00000000000..ced7242a558 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54431", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.727", + "lastModified": "2024-12-16T15:15:21.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mohamed Riyaz Admin Customization allows Stored XSS.This issue affects Admin Customization: from n/a through 2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpp-customization/vulnerability/wordpress-admin-customization-plugin-2-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json new file mode 100644 index 00000000000..7b8e6c6a155 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54432", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:21.883", + "lastModified": "2024-12-16T15:15:21.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patnaik WP Flipkart Importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-flipkart-importer/vulnerability/wordpress-wp-flipkart-importer-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json new file mode 100644 index 00000000000..f3fc159ee3b --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54433", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.023", + "lastModified": "2024-12-16T15:15:22.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-booking-widget/vulnerability/wordpress-simple-booking-widget-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json new file mode 100644 index 00000000000..938e72bd6ff --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54434", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.160", + "lastModified": "2024-12-16T15:15:22.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/phzoom/vulnerability/wordpress-phzoom-plugin-1-2-92-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json new file mode 100644 index 00000000000..1bf7fef2762 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54435", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.293", + "lastModified": "2024-12-16T15:15:22.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a through 1.2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/onlywire-multi-autosubmitter/vulnerability/wordpress-onlywire-multi-autosubmitter-plugin-1-2-4-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json new file mode 100644 index 00000000000..48a5b641f73 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54436", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.437", + "lastModified": "2024-12-16T15:15:22.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/jet-footer-code/vulnerability/wordpress-jet-footer-code-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json new file mode 100644 index 00000000000..1ce4b1d4455 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54437", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.570", + "lastModified": "2024-12-16T15:15:22.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Merrill M. Mayer jCarousel allows Stored XSS.This issue affects jCarousel: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/jcarousel-for-wordpress/vulnerability/wordpress-jcarousel-for-wordpress-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json new file mode 100644 index 00000000000..219e00c0055 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54438", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.713", + "lastModified": "2024-12-16T15:15:22.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords allows Stored XSS.This issue affects Gaxx Keywords: from n/a through 0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gaxx-keywords/vulnerability/wordpress-gaxx-keywords-plugin-0-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json new file mode 100644 index 00000000000..f9905213d9f --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54439", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.843", + "lastModified": "2024-12-16T15:15:22.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/amazon-product-price/vulnerability/wordpress-amazon-product-price-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json new file mode 100644 index 00000000000..3877b277b5d --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54440", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:22.987", + "lastModified": "2024-12-16T15:15:22.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This issue affects WP-Ban-User: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-ban-user/vulnerability/wordpress-wp-ban-user-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json new file mode 100644 index 00000000000..9d65cacfe84 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54441", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:23.130", + "lastModified": "2024-12-16T15:15:23.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time allows Stored XSS.This issue affects Utech World Time: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/utech-world-time-for-wp/vulnerability/wordpress-utech-world-time-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json new file mode 100644 index 00000000000..2e5da46a30c --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54442", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:23.273", + "lastModified": "2024-12-16T15:15:23.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Llu\u00eds Cort\u00e8s Better WP Login Page allows Stored XSS.This issue affects Better WP Login Page: from n/a through 1.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/better-wp-login-page/vulnerability/wordpress-better-wp-login-page-plugin-better-wp-login-page-1-1-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json new file mode 100644 index 00000000000..dd8b2af5c1e --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54443", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:23.420", + "lastModified": "2024-12-16T15:15:23.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-data-table-for-elementor/vulnerability/wordpress-advanced-data-table-for-elementor-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55972.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55972.json new file mode 100644 index 00000000000..2e9b2372acd --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55972.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55972", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:23.613", + "lastModified": "2024-12-16T15:15:23.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/etemplates/vulnerability/wordpress-etemplates-plugin-0-2-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55973.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55973.json new file mode 100644 index 00000000000..961c5f3ef98 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55973.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55973", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:23.767", + "lastModified": "2024-12-16T15:15:23.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ryan Nystrom TSB Occasion Editor allows SQL Injection.This issue affects TSB Occasion Editor: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tsb-occasion-editor/vulnerability/wordpress-tsb-occasion-editor-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55974.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55974.json new file mode 100644 index 00000000000..484c54d6c98 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55974.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55974", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:24.397", + "lastModified": "2024-12-16T15:15:24.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/devoluciones-packback/vulnerability/wordpress-mimoos-plugin-1-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55976.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55976.json new file mode 100644 index 00000000000..522f7c6f2b1 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55976.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55976", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:24.550", + "lastModified": "2024-12-16T15:15:24.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mike Leembruggen Critical Site Intel allows SQL Injection.This issue affects Critical Site Intel: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/critical-site-intel-stats/vulnerability/wordpress-critical-site-intel-plugin-1-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55977.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55977.json new file mode 100644 index 00000000000..f5de56c643a --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55977.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55977", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:24.700", + "lastModified": "2024-12-16T15:15:24.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55978.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55978.json new file mode 100644 index 00000000000..a544f5d9670 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55978.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55978", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:24.840", + "lastModified": "2024-12-16T15:15:24.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/code-generator-pro/vulnerability/wordpress-code-generator-pro-plugin-1-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55979.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55979.json new file mode 100644 index 00000000000..a2558cf594d --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55979.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55979", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:24.983", + "lastModified": "2024-12-16T15:15:24.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wr-age-verification/vulnerability/wordpress-wr-age-verification-plugin-2-0-0-sql-injection-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55980.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55980.json new file mode 100644 index 00000000000..cfbbe200902 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55980.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55980", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.130", + "lastModified": "2024-12-16T15:15:25.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wr-age-verification/vulnerability/wordpress-wr-age-verification-plugin-2-0-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55981.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55981.json new file mode 100644 index 00000000000..14c4279b1f8 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55981.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55981", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.283", + "lastModified": "2024-12-16T15:15:25.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through v1.00." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/nabz-image-gallery/vulnerability/wordpress-nabz-image-gallery-plugin-v1-00-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55982.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55982.json new file mode 100644 index 00000000000..ea2e0b589af --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55982.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55982", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.433", + "lastModified": "2024-12-16T15:15:25.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons \u2013 Social Media allows Blind SQL Injection.This issue affects Share Buttons \u2013 Social Media: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rich-web-share-button/vulnerability/wordpress-share-buttons-social-media-plugin-1-0-2-sql-injection-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55986.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55986.json new file mode 100644 index 00000000000..69d4406b8e5 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55986.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55986", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.577", + "lastModified": "2024-12-16T15:15:25.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in serviceonline Service allows Blind SQL Injection.This issue affects Service: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/service/vulnerability/wordpress-service-plugin-1-0-4-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55987.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55987.json new file mode 100644 index 00000000000..4cff4b753b8 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55987.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55987", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.733", + "lastModified": "2024-12-16T15:15:25.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-what-should-we-write-about-next/vulnerability/wordpress-advanced-what-should-we-write-next-about-plugin-1-0-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55988.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55988.json new file mode 100644 index 00000000000..a73b424dc78 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55988.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55988", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:25.890", + "lastModified": "2024-12-16T15:15:25.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/navayan-csv-export/vulnerability/wordpress-navayan-csv-export-plugin-1-0-9-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55989.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55989.json new file mode 100644 index 00000000000..8c644f5e4f8 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55989.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55989", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.073", + "lastModified": "2024-12-16T15:15:26.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kyle M. Brown WP Simple Pay Lite Manager allows SQL Injection.This issue affects WP Simple Pay Lite Manager: from n/a through 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/stripe-manager/vulnerability/wordpress-wp-simple-pay-lite-manager-plugin-1-4-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55990.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55990.json new file mode 100644 index 00000000000..c05392aaf83 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55990.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55990", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.223", + "lastModified": "2024-12-16T15:15:26.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ewald Harmsen Mollie for Contact Form 7 allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through 5.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cf7-mollie/vulnerability/wordpress-mollie-for-contact-form-7-plugin-5-0-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55992.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55992.json new file mode 100644 index 00000000000..f32190d1342 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55992.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55992", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.377", + "lastModified": "2024-12-16T15:15:26.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-basic-ordernumbers/vulnerability/wordpress-woocommerce-basic-ordernumbers-plugin-1-4-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55993.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55993.json new file mode 100644 index 00000000000..51345770e86 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55993.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55993", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.523", + "lastModified": "2024-12-16T15:15:26.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through 2.1.60." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/job-board-manager/vulnerability/wordpress-job-board-manager-plugin-2-1-60-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55994.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55994.json new file mode 100644 index 00000000000..54b00afc0db --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55994.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55994", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.677", + "lastModified": "2024-12-16T15:15:26.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in \u641c\u72d0\u7545\u8a00 \u7545\u8a00\u8bc4\u8bba\u7cfb\u7edf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects \u7545\u8a00\u8bc4\u8bba\u7cfb\u7edf: from n/a through 2.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/changyan/vulnerability/wordpress-plugin-2-0-5-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55996.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55996.json new file mode 100644 index 00000000000..62e5d0dc0de --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55996.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55996", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.820", + "lastModified": "2024-12-16T15:15:26.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-product-payments/vulnerability/wordpress-payment-gateway-per-product-for-woocommerce-plugin-3-5-6-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55998.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55998.json new file mode 100644 index 00000000000..e3098e1173a --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55998.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55998", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:26.957", + "lastModified": "2024-12-16T15:15:26.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/popup-surveys/vulnerability/wordpress-popup-surveys-polls-for-wordpress-mare-io-plugin-1-36-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55999.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55999.json new file mode 100644 index 00000000000..81486a85a08 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55999.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55999", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:08.973", + "lastModified": "2024-12-16T16:15:08.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/xml-multilanguage-sitemap-generator/vulnerability/wordpress-xml-multilanguage-sitemap-generator-plugin-2-0-6-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56001.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56001.json new file mode 100644 index 00000000000..847f81f8712 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56001.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56001", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.090", + "lastModified": "2024-12-16T15:15:27.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ksher-payment/vulnerability/wordpress-ksher-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56003.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56003.json new file mode 100644 index 00000000000..e0a5672d444 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56003.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56003", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T16:15:09.113", + "lastModified": "2024-12-16T16:15:09.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/caldera-smtp-mailer/vulnerability/wordpress-caldera-smtp-mailer-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56004.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56004.json new file mode 100644 index 00000000000..4f66bb7eee5 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56004.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56004", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.233", + "lastModified": "2024-12-16T15:15:27.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-site-importer/vulnerability/wordpress-easy-site-importer-plugin-1-0-1-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56005.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56005.json new file mode 100644 index 00000000000..cf14a78d058 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56005.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56005", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.370", + "lastModified": "2024-12-16T15:15:27.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/posti-shipping/vulnerability/wordpress-posti-shipping-plugin-3-10-3-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56007.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56007.json new file mode 100644 index 00000000000..914b18ca10a --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56007.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56007", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.507", + "lastModified": "2024-12-16T15:15:27.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leader/vulnerability/wordpress-leader-plugin-2-6-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56009.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56009.json new file mode 100644 index 00000000000..f5e86a51136 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56009.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56009", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.643", + "lastModified": "2024-12-16T15:15:27.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/spreadr-for-woocomerce/vulnerability/wordpress-spreadr-woocommerce-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56011.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56011.json new file mode 100644 index 00000000000..e1029ac36ca --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56011.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56011", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.803", + "lastModified": "2024-12-16T15:15:27.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/responsive-google-maps/vulnerability/wordpress-responsive-google-maps-by-imbaa-plugin-1-2-5-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56012.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56012.json new file mode 100644 index 00000000000..c17d3bb0a70 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56012.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56012", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:27.943", + "lastModified": "2024-12-16T15:15:27.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flashnews-fading-effect-pearlbells/vulnerability/wordpress-flash-news-post-responsive-plugin-4-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56013.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56013.json new file mode 100644 index 00000000000..30cff916697 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56013.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56013", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:28.090", + "lastModified": "2024-12-16T15:15:28.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wovax-idx/vulnerability/wordpress-wovax-idx-plugin-1-2-2-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56015.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56015.json new file mode 100644 index 00000000000..d90b65214b7 --- /dev/null +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56015.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56015", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-12-16T15:15:28.230", + "lastModified": "2024-12-16T15:15:28.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tidy-up/vulnerability/wordpress-tidy-up-plugin-1-3-csrf-to-reflected-cross-site-scripting-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56074.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56074.json index 00777409b61..185e26a3845 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56074.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56074.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56074", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-15T04:15:05.360", - "lastModified": "2024-12-15T04:15:05.360", + "lastModified": "2024-12-16T16:15:09.250", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "gitingest before 9996a06 mishandles symbolic links that point outside of the base directory." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], "references": [ { "url": "https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30", diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56082.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56082.json index 96be3153f32..288d6975797 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56082.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56082.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56082", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-15T05:15:05.803", - "lastModified": "2024-12-15T05:15:05.803", + "lastModified": "2024-12-16T16:15:09.460", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/andrewnguonly/Lumos/issues/193", diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json index 709a9e587cf..84a593422ba 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56084", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.070", - "lastModified": "2024-12-16T06:15:07.070", + "lastModified": "2024-12-16T16:15:09.647", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137632418845-Remote-Code-Execution-while-creating-Universal-Normalizer", diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json index 94871f37c67..c20a0215e7e 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56085.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56085", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.257", - "lastModified": "2024-12-16T06:15:07.257", + "lastModified": "2024-12-16T16:15:09.803", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137660393757-Server-Side-Template-Injection-SSTI-in-Search-Template-Dashboard", diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json index 9cb38a32d47..3336ef2c742 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56086.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56086", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.557", - "lastModified": "2024-12-16T06:15:07.557", + "lastModified": "2024-12-16T16:15:09.980", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates", diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json index e695a6fd8eb..99c6e84d29c 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56087.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56087", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.727", - "lastModified": "2024-12-16T06:15:07.727", + "lastModified": "2024-12-16T16:15:10.147", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137697881885-Server-Side-Template-Injection-SSTI-in-Search-Template-Dashboard-Queries", diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json index eb1dea046a8..5edd992d441 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56112.json @@ -2,7 +2,7 @@ "id": "CVE-2024-56112", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.920", - "lastModified": "2024-12-16T06:15:07.920", + "lastModified": "2024-12-16T16:15:10.313", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://cyberpanel.net/", diff --git a/README.md b/README.md index 2fe76f39317..0b236df7ca9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-16T15:04:04.573233+00:00 +2024-12-16T17:00:55.175005+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-16T15:02:44.123000+00:00 +2024-12-16T16:15:10.313000+00:00 ``` ### Last Data Feed Release @@ -33,30 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273911 +274051 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` - +Recently added CVEs: `140` + +- [CVE-2024-55979](CVE-2024/CVE-2024-559xx/CVE-2024-55979.json) (`2024-12-16T15:15:24.983`) +- [CVE-2024-55980](CVE-2024/CVE-2024-559xx/CVE-2024-55980.json) (`2024-12-16T15:15:25.130`) +- [CVE-2024-55981](CVE-2024/CVE-2024-559xx/CVE-2024-55981.json) (`2024-12-16T15:15:25.283`) +- [CVE-2024-55982](CVE-2024/CVE-2024-559xx/CVE-2024-55982.json) (`2024-12-16T15:15:25.433`) +- [CVE-2024-55986](CVE-2024/CVE-2024-559xx/CVE-2024-55986.json) (`2024-12-16T15:15:25.577`) +- [CVE-2024-55987](CVE-2024/CVE-2024-559xx/CVE-2024-55987.json) (`2024-12-16T15:15:25.733`) +- [CVE-2024-55988](CVE-2024/CVE-2024-559xx/CVE-2024-55988.json) (`2024-12-16T15:15:25.890`) +- [CVE-2024-55989](CVE-2024/CVE-2024-559xx/CVE-2024-55989.json) (`2024-12-16T15:15:26.073`) +- [CVE-2024-55990](CVE-2024/CVE-2024-559xx/CVE-2024-55990.json) (`2024-12-16T15:15:26.223`) +- [CVE-2024-55992](CVE-2024/CVE-2024-559xx/CVE-2024-55992.json) (`2024-12-16T15:15:26.377`) +- [CVE-2024-55993](CVE-2024/CVE-2024-559xx/CVE-2024-55993.json) (`2024-12-16T15:15:26.523`) +- [CVE-2024-55994](CVE-2024/CVE-2024-559xx/CVE-2024-55994.json) (`2024-12-16T15:15:26.677`) +- [CVE-2024-55996](CVE-2024/CVE-2024-559xx/CVE-2024-55996.json) (`2024-12-16T15:15:26.820`) +- [CVE-2024-55998](CVE-2024/CVE-2024-559xx/CVE-2024-55998.json) (`2024-12-16T15:15:26.957`) +- [CVE-2024-55999](CVE-2024/CVE-2024-559xx/CVE-2024-55999.json) (`2024-12-16T16:15:08.973`) +- [CVE-2024-56001](CVE-2024/CVE-2024-560xx/CVE-2024-56001.json) (`2024-12-16T15:15:27.090`) +- [CVE-2024-56003](CVE-2024/CVE-2024-560xx/CVE-2024-56003.json) (`2024-12-16T16:15:09.113`) +- [CVE-2024-56004](CVE-2024/CVE-2024-560xx/CVE-2024-56004.json) (`2024-12-16T15:15:27.233`) +- [CVE-2024-56005](CVE-2024/CVE-2024-560xx/CVE-2024-56005.json) (`2024-12-16T15:15:27.370`) +- [CVE-2024-56007](CVE-2024/CVE-2024-560xx/CVE-2024-56007.json) (`2024-12-16T15:15:27.507`) +- [CVE-2024-56009](CVE-2024/CVE-2024-560xx/CVE-2024-56009.json) (`2024-12-16T15:15:27.643`) +- [CVE-2024-56011](CVE-2024/CVE-2024-560xx/CVE-2024-56011.json) (`2024-12-16T15:15:27.803`) +- [CVE-2024-56012](CVE-2024/CVE-2024-560xx/CVE-2024-56012.json) (`2024-12-16T15:15:27.943`) +- [CVE-2024-56013](CVE-2024/CVE-2024-560xx/CVE-2024-56013.json) (`2024-12-16T15:15:28.090`) +- [CVE-2024-56015](CVE-2024/CVE-2024-560xx/CVE-2024-56015.json) (`2024-12-16T15:15:28.230`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` - -- [CVE-2023-21165](CVE-2023/CVE-2023-211xx/CVE-2023-21165.json) (`2024-12-16T14:46:05.963`) -- [CVE-2023-40085](CVE-2023/CVE-2023-400xx/CVE-2023-40085.json) (`2024-12-16T14:42:50.770`) -- [CVE-2023-6502](CVE-2023/CVE-2023-65xx/CVE-2023-6502.json) (`2024-12-16T15:02:44.123`) -- [CVE-2023-7045](CVE-2023/CVE-2023-70xx/CVE-2023-7045.json) (`2024-12-16T14:53:47.797`) -- [CVE-2024-0015](CVE-2024/CVE-2024-00xx/CVE-2024-0015.json) (`2024-12-16T14:39:02.223`) -- [CVE-2024-0016](CVE-2024/CVE-2024-00xx/CVE-2024-0016.json) (`2024-12-16T14:33:13.613`) -- [CVE-2024-0017](CVE-2024/CVE-2024-00xx/CVE-2024-0017.json) (`2024-12-16T14:32:15.203`) -- [CVE-2024-0041](CVE-2024/CVE-2024-00xx/CVE-2024-0041.json) (`2024-12-16T14:47:50.477`) -- [CVE-2024-22042](CVE-2024/CVE-2024-220xx/CVE-2024-22042.json) (`2024-12-16T15:02:32.453`) -- [CVE-2024-27199](CVE-2024/CVE-2024-271xx/CVE-2024-27199.json) (`2024-12-16T14:56:40.747`) -- [CVE-2024-5660](CVE-2024/CVE-2024-56xx/CVE-2024-5660.json) (`2024-12-16T14:15:05.123`) +Recently modified CVEs: `36` + +- [CVE-2024-29880](CVE-2024/CVE-2024-298xx/CVE-2024-29880.json) (`2024-12-16T15:37:50.093`) +- [CVE-2024-31134](CVE-2024/CVE-2024-311xx/CVE-2024-31134.json) (`2024-12-16T15:53:28.913`) +- [CVE-2024-31136](CVE-2024/CVE-2024-311xx/CVE-2024-31136.json) (`2024-12-16T15:54:25.227`) +- [CVE-2024-31139](CVE-2024/CVE-2024-311xx/CVE-2024-31139.json) (`2024-12-16T15:56:36.237`) +- [CVE-2024-31140](CVE-2024/CVE-2024-311xx/CVE-2024-31140.json) (`2024-12-16T15:58:11.000`) +- [CVE-2024-35300](CVE-2024/CVE-2024-353xx/CVE-2024-35300.json) (`2024-12-16T15:48:36.930`) +- [CVE-2024-35301](CVE-2024/CVE-2024-353xx/CVE-2024-35301.json) (`2024-12-16T15:51:28.007`) +- [CVE-2024-35302](CVE-2024/CVE-2024-353xx/CVE-2024-35302.json) (`2024-12-16T15:42:19.513`) +- [CVE-2024-36362](CVE-2024/CVE-2024-363xx/CVE-2024-36362.json) (`2024-12-16T15:41:48.623`) +- [CVE-2024-36363](CVE-2024/CVE-2024-363xx/CVE-2024-36363.json) (`2024-12-16T15:41:02.967`) +- [CVE-2024-36364](CVE-2024/CVE-2024-363xx/CVE-2024-36364.json) (`2024-12-16T15:40:49.667`) +- [CVE-2024-36365](CVE-2024/CVE-2024-363xx/CVE-2024-36365.json) (`2024-12-16T15:52:04.303`) +- [CVE-2024-36366](CVE-2024/CVE-2024-363xx/CVE-2024-36366.json) (`2024-12-16T15:52:21.477`) +- [CVE-2024-36367](CVE-2024/CVE-2024-363xx/CVE-2024-36367.json) (`2024-12-16T15:15:11.200`) +- [CVE-2024-36368](CVE-2024/CVE-2024-363xx/CVE-2024-36368.json) (`2024-12-16T15:14:56.433`) +- [CVE-2024-36369](CVE-2024/CVE-2024-363xx/CVE-2024-36369.json) (`2024-12-16T15:14:39.120`) +- [CVE-2024-36370](CVE-2024/CVE-2024-363xx/CVE-2024-36370.json) (`2024-12-16T15:42:30.397`) +- [CVE-2024-4835](CVE-2024/CVE-2024-48xx/CVE-2024-4835.json) (`2024-12-16T15:10:13.577`) +- [CVE-2024-56074](CVE-2024/CVE-2024-560xx/CVE-2024-56074.json) (`2024-12-16T16:15:09.250`) +- [CVE-2024-56082](CVE-2024/CVE-2024-560xx/CVE-2024-56082.json) (`2024-12-16T16:15:09.460`) +- [CVE-2024-56084](CVE-2024/CVE-2024-560xx/CVE-2024-56084.json) (`2024-12-16T16:15:09.647`) +- [CVE-2024-56085](CVE-2024/CVE-2024-560xx/CVE-2024-56085.json) (`2024-12-16T16:15:09.803`) +- [CVE-2024-56086](CVE-2024/CVE-2024-560xx/CVE-2024-56086.json) (`2024-12-16T16:15:09.980`) +- [CVE-2024-56087](CVE-2024/CVE-2024-560xx/CVE-2024-56087.json) (`2024-12-16T16:15:10.147`) +- [CVE-2024-56112](CVE-2024/CVE-2024-561xx/CVE-2024-56112.json) (`2024-12-16T16:15:10.313`) ## Download and Usage diff --git a/_state.csv b/_state.csv index bd51b522aac..0f3de27fd37 100644 --- a/_state.csv +++ b/_state.csv @@ -215900,7 +215900,7 @@ CVE-2023-21161,0,0,83c8875817b58a792b4217359ab04556351dd499cd14c2245d21b1c644195 CVE-2023-21162,0,0,7e5ad8a2952224228e9277aa3a61faae535853a0eedabc2fe78b32cced7984f9,2024-11-21T07:42:18.087000 CVE-2023-21163,0,0,78d54461e087962c55aee7e8d07c645b801741bcc23a84317da34692f4a7c668,2024-11-21T07:42:18.213000 CVE-2023-21164,0,0,325350e3bf8724d8d553cae105de7f160de1c84c0abaf4152efc4cf259840c7a,2024-11-21T07:42:18.317000 -CVE-2023-21165,0,1,4f27ef9ce2049e5ddca4c71b3390b52ffb53ee7692b457134ccfd63f0b309d44,2024-12-16T14:46:05.963000 +CVE-2023-21165,0,0,4f27ef9ce2049e5ddca4c71b3390b52ffb53ee7692b457134ccfd63f0b309d44,2024-12-16T14:46:05.963000 CVE-2023-21166,0,0,577f7cba8587707ba0098f6734baca360bd5381b60a9149f0c5d14d8ad7ea56f,2024-11-21T07:42:18.617000 CVE-2023-21167,0,0,c3a97da41250808f794010fc741410a2afb73860e01cf89a418c3ab68298096d,2024-11-21T07:42:18.790000 CVE-2023-21168,0,0,b18d716d159bf7d566e1ea03ce9801d4c1d0dc87f99c05a35b5cb49242a1917d,2024-11-21T07:42:18.900000 @@ -230942,7 +230942,7 @@ CVE-2023-40081,0,0,9e519c53fb4d8961baf637a95a43fa84283cf4c8b18d342e9d5275bf801e3 CVE-2023-40082,0,0,0be83106b3c2c0ae51c1cd03952af004bbdaa2da94eeca9f4f565532462ea5ec,2024-11-21T08:18:44.197000 CVE-2023-40083,0,0,6410c8501d09e20dc9821d0a7cedf40766a73a31c17c7b14c1ac1ac17b1573f3,2024-11-21T08:18:44.300000 CVE-2023-40084,0,0,df177c830dd89ef52bec28d132caef899df29cbd600a1e6cca86491a5ddb9a93,2024-11-21T08:18:44.410000 -CVE-2023-40085,0,1,159f3a72151c22af6121c706a2a859c5e84de30292955f80550016d3f8ad0224,2024-12-16T14:42:50.770000 +CVE-2023-40085,0,0,159f3a72151c22af6121c706a2a859c5e84de30292955f80550016d3f8ad0224,2024-12-16T14:42:50.770000 CVE-2023-40087,0,0,217aad8645e891c33576e570aef82efafebb91f82512e2b5d35e80c7c5937249,2024-11-21T08:18:44.713000 CVE-2023-40088,0,0,a93c6f2e736ca876bbac106a1786979c7b55eb6b7608aacfb2b8747746e22366,2024-11-21T08:18:44.830000 CVE-2023-40089,0,0,bdc2fcb225ab05c5e760e2d0e2f49e5507d91fa2297fe2a693aa54bd63751ff9,2024-11-21T08:18:45.023000 @@ -238972,7 +238972,7 @@ CVE-2023-51437,0,0,3584720eedf04b04f2e09058cca23f5afdd9d02462918fd964831be4c70a5 CVE-2023-51438,0,0,8b57066a2170f7efa5f617638585454da7553cffe77ff12e85c87b51307a3b43,2024-11-21T08:38:07.097000 CVE-2023-51439,0,0,07e3f967adf6e067a5007c2997189ef647925bb49dc0cac9e75e7eb78e5a19a0,2024-11-21T08:38:07.233000 CVE-2023-5144,0,0,e230aee2f50c279d6a7bf97e9d423e73ca96e7d03ac8e790fe03edf225e226bf,2024-11-21T08:41:09.130000 -CVE-2023-51440,0,0,b0df56da4d74d52e6bdc5c43e58308d0b6afecdf68c00366eba554b2e4385454,2024-11-21T08:38:07.353000 +CVE-2023-51440,0,1,1169f2ff9e326f6a3788f618809df1fe8188ee99151bee69ee1c834192da21a5,2024-12-16T15:17:29.160000 CVE-2023-51441,0,0,a1f5c39c8dff7bf99bb5a5fa410c3c1174c89222db585eebd25100439c38d134,2024-11-21T08:38:07.500000 CVE-2023-51442,0,0,1c1738101beb2069f2b1a7e3fda08286945bd667c62bf8c2c6862c2db1b18d8f,2024-11-21T08:38:07.630000 CVE-2023-51443,0,0,bc5dfbcf2d47b2402929c15b90b4be90f3f7485f94767446ff8ec5a8bbd43f0a,2024-11-21T08:38:07.743000 @@ -241403,7 +241403,7 @@ CVE-2023-6498,0,0,99cc8bcb8dbf27e1173e3bab1860eaae5e4dc624a7bdde19b917842567a95f CVE-2023-6499,0,0,0f28e76b1714bd3d0671e657beb973d354cb1e4a25cee69e6624dabe1c0b302d,2024-11-21T08:43:58.487000 CVE-2023-6500,0,0,fd0474616ce0acb645939029b823e00d80ed10071ce4185fbff027a5eee0b7b3,2024-11-21T08:43:58.633000 CVE-2023-6501,0,0,6f2dc2709e1b57686a19fefd5c1e1fcc332f27a18d730116c38d63c3bae6f271,2024-11-21T08:43:58.757000 -CVE-2023-6502,0,1,5e7a8b2091d4a37ad266a08e313a593b848022dcc218baabffeee78d247bdc81,2024-12-16T15:02:44.123000 +CVE-2023-6502,0,0,5e7a8b2091d4a37ad266a08e313a593b848022dcc218baabffeee78d247bdc81,2024-12-16T15:02:44.123000 CVE-2023-6503,0,0,2d5c1424ed18e9dd785945146151ea8b1c4510f654a5483a2962a659987e5f4a,2024-11-21T08:43:59.070000 CVE-2023-6504,0,0,8e655520d7536acf89272f10beaa18e7e4dffa257788006ae7916faa3a5ccd1f,2024-11-21T08:43:59.267000 CVE-2023-6505,0,0,954651d154db76177d18b36b315a18c42ed03916477a417e4bdfe342dbafb892,2024-11-21T08:43:59.383000 @@ -241881,7 +241881,7 @@ CVE-2023-7041,0,0,5ae869187bb10f71d50d60f511f1f25f3c60c2fbe68c688b245d69550210cd CVE-2023-7042,0,0,09db1dc2a20dfb00863929a01ae12d9b52de78e3df28c6d922d980dc6f7b2a06,2024-11-21T08:45:06.667000 CVE-2023-7043,0,0,ee95edbebe7ae16c6ce220536c5093e0348ba2f4411e5b7842af940e72cb1413,2024-11-21T08:45:06.820000 CVE-2023-7044,0,0,4b7c27dce7304073dd78a5bb892bf830c509362fae366908279694ceaf22f1fe,2024-11-21T08:45:06.997000 -CVE-2023-7045,0,1,98a8774beb494cb0c7248a35a26f93b03e84f08e6386defa76e011922311f01a,2024-12-16T14:53:47.797000 +CVE-2023-7045,0,0,98a8774beb494cb0c7248a35a26f93b03e84f08e6386defa76e011922311f01a,2024-12-16T14:53:47.797000 CVE-2023-7046,0,0,5d4c931d9aea160f71b837f0ea5c95e1bbc8655d1b57caa26519037753dd2641,2024-11-21T08:45:07.287000 CVE-2023-7047,0,0,f28612c5562b035b32d90a44d0cf5fe459f404ee856d792a7bb78b40199c9e07,2024-11-21T08:45:07.427000 CVE-2023-7048,0,0,b66d62789806fd7dd0d2e7878a9665ac16327cb8e61757e4e17b937cac1f1c8f,2024-11-21T08:45:07.573000 @@ -242109,9 +242109,9 @@ CVE-2024-0010,0,0,31a4fe9c570d054c731419e8dbca609fd313e658d7d97a146536a70ebab80d CVE-2024-0011,0,0,0cdc1a416dec7958965d013c501cb250e08e95b67733c03001a98f99c411ee1c,2024-12-09T15:05:57.857000 CVE-2024-0012,0,0,39c96b315f311cf70d7acce2e03df6f2da2b13764db334539ea5108a55d95b48,2024-11-29T16:15:08.167000 CVE-2024-0014,0,0,265161d9949465d3602447cae25f01c0800ff61c134bf258208b213d42b830ab,2024-12-13T20:04:22.733000 -CVE-2024-0015,0,1,ac153671c8f32bfd786c082dd9dcbf06514472c0792e3af9411b311c680fd9cc,2024-12-16T14:39:02.223000 -CVE-2024-0016,0,1,fe6b8d0cdbee34b3261a95c211b84f84a8146c7eb2580e083114d9eb74442b99,2024-12-16T14:33:13.613000 -CVE-2024-0017,0,1,c3ae32d0f7f4b3aee825adaba904bd8ea33c38296423e6c492125686085b5834,2024-12-16T14:32:15.203000 +CVE-2024-0015,0,0,ac153671c8f32bfd786c082dd9dcbf06514472c0792e3af9411b311c680fd9cc,2024-12-16T14:39:02.223000 +CVE-2024-0016,0,0,fe6b8d0cdbee34b3261a95c211b84f84a8146c7eb2580e083114d9eb74442b99,2024-12-16T14:33:13.613000 +CVE-2024-0017,0,0,c3ae32d0f7f4b3aee825adaba904bd8ea33c38296423e6c492125686085b5834,2024-12-16T14:32:15.203000 CVE-2024-0018,0,0,d830c3744ce7a1ea7f6c39445a382f844f81a27df6247e0448e915abade197f3,2024-11-21T08:45:42.823000 CVE-2024-0019,0,0,32676e58ef99a34d73bcad3e1d9b1fffb8ca52e74728e2a4d9bd79fcb16e9aba,2024-11-26T15:17:07.267000 CVE-2024-0020,0,0,a7f71403b00e8819c568cbd4da089b2f2d73314abaa1e33ca09f6668eaa3ac63,2024-11-21T08:45:43.150000 @@ -242127,14 +242127,14 @@ CVE-2024-0030,0,0,392408319dcaec46385fe693f357c0df3e50b5e2fa5a22a71957a26c641ecb CVE-2024-0031,0,0,5f5175781e0edb19e7130aa9448b97602753567266b28a532105d12cce9e7c14,2024-11-21T08:45:44.933000 CVE-2024-0032,0,0,7123161259f1e9254478469320c78d2c0889db98bc8b43ff7620177129fc9761,2024-11-21T08:45:45.123000 CVE-2024-0033,0,0,78c45fcb534fdaa9e2d5a3aa73cdc05c9dd9a5f18840670fac4782be689257dd,2024-11-21T08:45:45.323000 -CVE-2024-0034,0,0,a7ebcbee5e88040205b98e44e64846c48673a66e11d717b9d87ea2c28d21cbcd,2024-11-21T08:45:45.523000 -CVE-2024-0035,0,0,40963fa65759b1d884a2b24f3ed03035bb94830c5b44eff4e5d094ed89260c8f,2024-11-21T08:45:45.710000 -CVE-2024-0036,0,0,b8adf6df70375d45ce6d7b8134abfc863d06c79d1d5285395ed3a066de244b4b,2024-11-21T08:45:45.897000 +CVE-2024-0034,0,1,471bb92a857d05af28fe1adbdefa9a500cdf4aefc38bc7d55963449cb47c1cf3,2024-12-16T16:07:35.377000 +CVE-2024-0035,0,1,8f7e78db3211a3833a978a1f4a85563c71b64db0c3d044ea96edc4f8e2a75fad,2024-12-16T15:59:54.053000 +CVE-2024-0036,0,1,f9a5e9ac00eb63f9c5368c4edb5f07dae83774a08385359f41cf881322018329,2024-12-16T15:58:38.657000 CVE-2024-0037,0,0,394cfced2a2723a704c6cbe26977af45d337b3a1bb3716915c523e280e7c05c0,2024-12-03T16:15:20.440000 CVE-2024-0038,0,0,3d81078dd62d86232d623581052ff5d9f3751e2257f7c896e2d37fe459fcab8b,2024-11-21T08:45:46.180000 CVE-2024-0039,0,0,f51d4c38ebb3cc46492f31896efa747baab58b2bc83ee86fcd45588ba3e8a558,2024-11-26T14:26:56.233000 CVE-2024-0040,0,0,6eb13817fba0c61ffe69d3937882c67d44ae349c324cad15cf073d2d8256ca22,2024-11-21T08:45:46.490000 -CVE-2024-0041,0,1,30f391e32967bb0baf25d8a5436bac2e10d105d6b34926d3751c53b398bda865,2024-12-16T14:47:50.477000 +CVE-2024-0041,0,0,30f391e32967bb0baf25d8a5436bac2e10d105d6b34926d3751c53b398bda865,2024-12-16T14:47:50.477000 CVE-2024-0042,0,0,4690a9c902145d930d3daa4383acefd18a26426234bddfdc5cac030637ad11c5,2024-11-21T08:45:46.840000 CVE-2024-0043,0,0,fb4caf0f9a9ab06453b49c1c261bb22a7231afb3979ba569d0bfbdc3ba982550,2024-11-21T08:45:47.027000 CVE-2024-0044,0,0,beeefa26b2187b8ae88659f81f9da7c2eb86689d4af798d80a79718ec6590423,2024-11-21T08:45:47.203000 @@ -243786,6 +243786,7 @@ CVE-2024-10968,0,0,a921b8902882d4801f626f2f4054af6a15bab4d0cf4468f9642e1f86377f1 CVE-2024-10969,0,0,8114c2dfe952beb461c299d8bda61eb6b5ef295ee43d6de90e2c4aa8ea5fd65c,2024-12-10T21:10:24.593000 CVE-2024-1097,0,0,f1ad2b99b98b2176c3b3ccdd494bed6625a86a9f96e0ed3a25e7d4f3cd789ac4,2024-11-19T19:05:30.620000 CVE-2024-10971,0,0,f8d3e9d67661e4546a1e254ebb74d5d0c1dddae1c4d768a7ce5fd78bda7de46d,2024-11-21T08:49:10.613000 +CVE-2024-10972,1,1,a8452c8051948f0543ecfcf985d65809bb0e2321a958294c43af09b4639f54ea,2024-12-16T16:15:05.880000 CVE-2024-10975,0,0,87dd438a371aa254e8d367f54246f88f9b61e035fde8423a2dec0ee6b83d81a4,2024-11-08T19:01:03.880000 CVE-2024-10976,0,0,74ddf3e112f382a760946f483990fa0747a570c018c9e28cec5188371748074d,2024-11-15T13:58:08.913000 CVE-2024-10977,0,0,e54cdfcf4a6415150b7b9a534f3117ac0a47dcbb5949b9162862d5471ded9bdf,2024-11-15T13:58:08.913000 @@ -244084,7 +244085,7 @@ CVE-2024-11367,0,0,eea02b3c7a7e23b6b50200379882a96782686712f1c754d90239651a5f9c3 CVE-2024-11368,0,0,bf7c67e11e8f973c6ac3bae21678c3dfeb626f80e34696e9e29adffce5777903,2024-12-06T09:15:06.810000 CVE-2024-1137,0,0,9367f9a1347684403f58a1a7490fd736dd1a246a1ba5d989931872114e882ed8,2024-11-21T08:49:52.723000 CVE-2024-11370,0,0,dd87b64b129f6809c8edd7b234994b231659964606722e4f84f6ae489936a5a5,2024-11-26T17:53:22.707000 -CVE-2024-11371,0,0,85695f69ddb998fd54276702b9a185a3c971e606e7563fb96aaec381d1eef5d0,2024-11-26T18:01:57.250000 +CVE-2024-11371,0,1,940d4acb1660319dcaf9e79be7b51b02d713b6710d41c4a41d256d4b90485073,2024-12-16T15:53:39.657000 CVE-2024-11374,0,0,a5a1e58c0241313798d5870304d6ab4fd613b7c8d39f72ddd8edd6b514e2a94b,2024-12-07T10:15:05.643000 CVE-2024-11379,0,0,9fd00eb3fec3062cfc458a7971d09425d25dcca0c806b20326864d85b70adea6,2024-12-06T05:15:05.813000 CVE-2024-1138,0,0,786863f5efe71d0a9eaa305ef044215c6743ec975f6d66476179ca38c53c9996,2024-11-21T08:49:52.860000 @@ -244586,7 +244587,11 @@ CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af0 CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000 CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669a9,2024-11-21T08:50:02.590000 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000 +CVE-2024-12089,1,1,35579275f245f8abce3408536aa5095aa5e154dac9874b34a8b8a8f03b8928ca,2024-12-16T15:15:06.250000 CVE-2024-1209,0,0,0c11632b4f799f8334de1fe031a18ed75abc1306137789706f83e79036cdbf29,2024-11-21T08:50:02.720000 +CVE-2024-12090,1,1,592f70094ac2defca897b0b815661e4e72d372434ec3a36d037560a2bd533869,2024-12-16T15:15:06.393000 +CVE-2024-12091,1,1,55429089808d3b1b0c87db110a9ba30611724cc492c723f42d30aed06c679a68,2024-12-16T15:15:06.540000 +CVE-2024-12092,1,1,3f535d8ca993ecc4a654c9afeb7c9accc42dadb82d4deddb5adc62262546f5c6,2024-12-16T15:15:06.677000 CVE-2024-12094,0,0,918109c0341953bed354c9dc0c1e3bf994d002b139d0d147a6756e1d0b4180c2,2024-12-05T13:15:05.923000 CVE-2024-12099,0,0,82c97da21165b875b9d77b9a11ed031ee03fad8a14b90d2e80c74afeac6e262d,2024-12-04T04:15:04.287000 CVE-2024-1210,0,0,f5a9389cac94cbfcfa3f0d961d1ea27115bf7afa331ce2988db15dbaf2efdf76,2024-11-21T08:50:02.867000 @@ -244796,7 +244801,10 @@ CVE-2024-12644,0,0,4fe46a77976cb26c8db1a8817f8d60588d7d627c677def113b1f0c3da34da CVE-2024-12645,0,0,e2bf7e02fc7f9b197fb94f8f3f7739958eb1e7eb714f268785ecfdf27c30d30a,2024-12-16T07:15:06.560000 CVE-2024-12646,0,0,edf55cca2f63c5514783a7adeb1b585499807b56f798173f78bff573d5a90371,2024-12-16T07:15:06.737000 CVE-2024-1265,0,0,b39c324e3936d2b2eba136bb9fb37e8f905e9dd3fbb95d7d724d951e7512509f,2024-11-21T08:50:11.610000 +CVE-2024-12653,1,1,6f848225024de4c14a49213377e690a08093550ba762598c765246a77e1e7837,2024-12-16T16:15:06.593000 +CVE-2024-12654,1,1,1a7da902bc86773b1718a5279a6b089664e285ca426600f81a29cdf8c07c3da6,2024-12-16T16:15:06.810000 CVE-2024-1266,0,0,2a4a1a9a97982898c100d9d9cb94e7da9ed50410ea3a8e686081520943168bc9,2024-11-21T08:50:11.767000 +CVE-2024-12668,1,1,48a2fb57d83e468aa496fa3a0255cb41d017e39cd852327d1b47084911750b1d,2024-12-16T15:15:06.807000 CVE-2024-1267,0,0,0747778ead3832a4ca40a6166ab0347567f6883def83eef1d70067a8b72b33c4,2024-11-21T08:50:11.937000 CVE-2024-1268,0,0,8e96a69266d469b252e6c6ee082354a5ae4d9bc7d7daa2e17d8f5480121bca0a,2024-11-21T08:50:12.083000 CVE-2024-1269,0,0,afe5fa6f2789b35a14da593df22cde42ff88e5a3e5db5d1bb0de9d1e5a1f477a,2024-11-21T08:50:12.253000 @@ -247252,7 +247260,7 @@ CVE-2024-22039,0,0,ce396fab1e3ad0290927c5b46e298fa5c4ce735b27af9f7f5496f9dc290e2 CVE-2024-2204,0,0,4f7e2c2978e4ca6d1339d570d25b39dc440d1a46d1fe372408ba35e60952b958,2024-11-21T09:09:15.083000 CVE-2024-22040,0,0,71e6d2927c184ce6e97cc21e34b37e0f85e816c2ab695b9e0452a34e09115356,2024-11-21T08:55:26.510000 CVE-2024-22041,0,0,002b9bf9adcbd86b0adc5987ba9591d8d45df19056ec349889a57b8211dc2fc1,2024-11-21T08:55:26.660000 -CVE-2024-22042,0,1,f299fbf6ca7c4c9a5419863aff1c78c9ffcb8592a4d3e59bc1c282c660cb786f,2024-12-16T15:02:32.453000 +CVE-2024-22042,0,0,f299fbf6ca7c4c9a5419863aff1c78c9ffcb8592a4d3e59bc1c282c660cb786f,2024-12-16T15:02:32.453000 CVE-2024-22043,0,0,ab28b95c2293e8d043005b472ee1c195b171baa49ef18712f7c1bbd1f4e21354,2024-11-21T08:55:26.950000 CVE-2024-22044,0,0,3785c041801c9e494f1163bcded486ac4d8ba2b4daeeba43f718d07aa287ce8a,2024-11-21T08:55:27.110000 CVE-2024-22045,0,0,0fc85a36de1553626b26231251df9561b8f82694677467031c0736aaeb797b1f,2024-11-21T08:55:27.243000 @@ -251039,7 +251047,7 @@ CVE-2024-27195,0,0,68f85d3e1201e3452938e14e0e91cce1f14d6d9125dae2a69df328af01a25 CVE-2024-27196,0,0,c974b6c0b1f82a6c341ae450a21ff1f8a075bfc0feac22ce9dc831baf4cb8b9f,2024-11-21T09:04:04.640000 CVE-2024-27197,0,0,08fc2d714f1d12ab320703fdbc50d6a91db99df17169281351a6ffac5a71715b,2024-11-21T09:04:04.763000 CVE-2024-27198,0,0,de438747af70d3a35b18668b9b31d3da0ee0ca592d998e76d2e324c336123584,2024-11-29T16:25:32.523000 -CVE-2024-27199,0,1,82ee3c054db940a599ef04a223b1edddbc0af922d3b2c864cd97a9e1669b1412,2024-12-16T14:56:40.747000 +CVE-2024-27199,0,0,82ee3c054db940a599ef04a223b1edddbc0af922d3b2c864cd97a9e1669b1412,2024-12-16T14:56:40.747000 CVE-2024-2720,0,0,3a04c50bd9eaa3e1d31cec067b1b9f5cb9613017dd41b88c00de0d45c254f79f,2024-11-21T09:10:22.247000 CVE-2024-27200,0,0,9f287b534ca4f586904b2cc6faaa6d91f8ef3d30ae3977397d8c7dae4f46ee77,2024-11-15T14:00:09.720000 CVE-2024-27201,0,0,2fe70f06347b0947149c8bf944b1f6385bc398091867c7d22cad80745062498c,2024-11-21T09:04:05.253000 @@ -251826,8 +251834,8 @@ CVE-2024-2817,0,0,a8e11bee63949fb5218bd8db482262b5fdebf72e6367810e717aa9c25999d5 CVE-2024-28170,0,0,7e6501225f83f8e70d6fbf4eb86cd8c9cc85dbebd043b17850d89b9ed51ed334,2024-09-23T14:49:17.057000 CVE-2024-28171,0,0,b5eb85b06e2fe7be5f52608a9079412a2fea6983ee47a02bf32589033a75973c,2024-11-21T09:05:57.300000 CVE-2024-28172,0,0,ba5b0fee0a00ad08e11b31067bab56fedfbf935900fad85372a5827fc2a22a1a,2024-09-06T18:36:10.863000 -CVE-2024-28173,0,0,d081efde8e048570e7611bf727df993df65cdc31594175097bacb617ccfa2c75,2024-11-21T09:05:57.553000 -CVE-2024-28174,0,0,93af5f678f856d477f278a6958e68caf6a31b1cfdf4318282ade55f6d3489cc3,2024-11-21T09:05:57.683000 +CVE-2024-28173,0,1,ea128472b844ae9d393924075ea3785042942393668417797d1acc5674d32bd2,2024-12-16T15:11:43.620000 +CVE-2024-28174,0,1,6dfd63f7b3e20facd0f59fc87c055b11b6d81d8ff8cd2c3f65e9da350b856bce,2024-12-16T15:07:02.497000 CVE-2024-28175,0,0,d3ff2e666b1aedf8b388410f078a1d5d7af943680bbf262f67250c6a4b9da239,2024-11-21T09:05:57.817000 CVE-2024-28176,0,0,8e2712bfe1ea7116f11f8ad9a2861387b20c6463817c56944eede5e5ddf4bb41,2024-11-21T09:05:57.947000 CVE-2024-28179,0,0,7f82026281e2dd9f15927caa04d85bc2295c5beb1cf03576e742ef34b4c15043,2024-11-21T09:05:58.083000 @@ -251867,10 +251875,10 @@ CVE-2024-2822,0,0,eac17cb2010c91c3b838b4ace8eb55a7b3846d55205a1f1ec1bcafa75ea3a9 CVE-2024-28222,0,0,a6f532e094121d2d3ca88f2594b97947ed6d0fe5027ca5c1ac4a5899d887e85c,2024-11-21T09:06:02.470000 CVE-2024-28224,0,0,4dc495d1b5391a5805b35b2cccf549718cba127cbcdb7a2bab566e35ee9808ef,2024-11-21T09:06:02.613000 CVE-2024-28226,0,0,a04adc45d47426d327f332ffc617a958172e7494aece288fc40840e9be086147,2024-11-21T09:06:02.767000 -CVE-2024-28228,0,0,cb0b7a2bdc6db780918883ec52cc75e0c6c2024603154c4958d027c05392ad90,2024-11-21T09:06:02.890000 -CVE-2024-28229,0,0,8ccc306599ed4817a0eaf908eb757a3679a26a5cbb6cd5437b8b1d33a16d89cf,2024-11-21T09:06:03.017000 +CVE-2024-28228,0,1,4c70949e6df8bcf2882fac2da178d0d5c63a3ff277dc66365cbdd98196ca17b4,2024-12-16T15:06:31.563000 +CVE-2024-28229,0,1,91f2c6bf4f4cd9f37b886899d3e16c101d8f0aeb77afc57f338cfea95f7a2e46,2024-12-16T15:06:00.407000 CVE-2024-2823,0,0,616fd3f02b6fbcafbe8ddb74810cbccaf8c5a31f6fdd4cffc69174176dca38cf,2024-11-21T09:10:36.770000 -CVE-2024-28230,0,0,581ce3e4647a19392a251ce34b4e3149e259402d10eb14eeb00a2c77d771c27f,2024-11-21T09:06:03.137000 +CVE-2024-28230,0,1,6ee006a554d642707dd81d0df925d8a02a1d248529abab0f06a8e2dc084c1b89,2024-12-16T15:05:43.290000 CVE-2024-28231,0,0,879955e0d3b6b3f4d0d07366e36d2b8c1d2a204b3e9eb4c9d2fa328320c752b1,2024-11-21T09:06:03.257000 CVE-2024-28232,0,0,4016560842e5dbe0556f8c825e8c7f66803aa1fc46a7caeb391820502d6b268b,2024-11-21T09:06:03.400000 CVE-2024-28233,0,0,9dfb6a281036a246e6a8c7797767e8821a8200df2339f7f383cd7903646892b5,2024-11-21T09:06:03.527000 @@ -252105,7 +252113,7 @@ CVE-2024-28734,0,0,248da8578808414567db67c3b503066a14a98351080fe64fbc15bb46c363a CVE-2024-28735,0,0,81c41919d4a8ef295ba05c2dc2d0919e7f08d346fde9111b328dce84910fee98,2024-11-21T09:06:51.010000 CVE-2024-28736,0,0,df782a0cdc83649a96a984c1b8ce3c2c9e002e8bd9b3d64936ef7e71c1609578,2024-11-21T09:06:51.233000 CVE-2024-28739,0,0,6f446ff59c9537aa4b5a8742ebfdad671a80a577ee582bd1a98b3db07755c8bd,2024-08-12T18:18:17.717000 -CVE-2024-2874,0,0,16a0b7cdde2a896edd542b3214d3401bcdba26c224ee015353fdd46071bb64a2,2024-11-21T09:10:43.743000 +CVE-2024-2874,0,1,a31e28465fa71f9062d6319cfc3c8d1fe0a152aed175717a5e9e88a324585636,2024-12-16T15:16:54.830000 CVE-2024-28740,0,0,59845f313cbdf7224a1102cca1548a45ffb7fb3b8466fe620d06a9769009859b,2024-08-21T18:35:02.877000 CVE-2024-28741,0,0,335d1d75b1ec6bbbe9be7839da86be48fa75d600721df7343911718962694585,2024-11-21T09:06:51.950000 CVE-2024-28744,0,0,d80a636691f100f09a75e0a042c51fb3034a953b6a967d3f70a481b8b5994955,2024-11-21T09:06:52.213000 @@ -252877,7 +252885,7 @@ CVE-2024-29877,0,0,1774d4393b3ff2ccfcfc5a29fc6ef0d37b991c57ff8178133ee1c75ebd25c CVE-2024-29878,0,0,b112e821bf25760d8f5117d180bbfc649df8c2437b8c0edc8c25982c8862833e,2024-11-21T09:08:31.983000 CVE-2024-29879,0,0,1b8943394f9c1e900ed5064335f48840161d8b3aac0cefe300ca3a232ca4d80c,2024-11-21T09:08:32.130000 CVE-2024-2988,0,0,0d8a449922d54da18a868cebeeb21ba624977357d60b1e4dc7eac81c52a5d04b,2024-11-21T09:10:59.853000 -CVE-2024-29880,0,0,50e7bfd4aa931f0de94b53748ddfeb8f917082fa630073f56a4ccb71a562a4c2,2024-11-21T09:08:32.270000 +CVE-2024-29880,0,1,9ac6e81333477f282048eba209d47dc5f78b687ca71971db5702c5608a33ba05,2024-12-16T15:37:50.093000 CVE-2024-29881,0,0,26411cffafa6bc6e69a94607cec3788fdb2462e04af812e3926cbb73aee7ce39,2024-11-21T09:08:32.393000 CVE-2024-29882,0,0,5a7d27dfebf9283de120d3cc19d723effc0c21b4416e04c71ef61e855a255211,2024-11-21T09:08:32.530000 CVE-2024-29883,0,0,a32da929a11d0ffe72f11a5dde39ceab05026d6c4c48b837c40a2f2a8b8c6318,2024-11-21T09:08:32.667000 @@ -253888,14 +253896,14 @@ CVE-2024-31121,0,0,17a27d33fe8a21f76c62822e8bd0b5425e66dca9d6d98c456685474852fd8 CVE-2024-31122,0,0,c51a5712bdbe0f189f233e0d8822c1782400145d92344ed8488a068152cb5597,2024-11-21T09:12:53.767000 CVE-2024-31123,0,0,403d3e968ce2b5e26d5481a0f21ce8d416f8c3ec1d4ca02c2071acb75c924ac7,2024-11-21T09:12:53.900000 CVE-2024-3113,0,0,32406a8ec0c24639328b41deaf4f2ff4769d38d909f91472c26a9693bb2f9a7c,2024-11-21T09:28:55.750000 -CVE-2024-31134,0,0,2a5621fea8f241f7e70e3fbd622042156a3652763fe7c8d08513d6f9d8b6e0c6,2024-11-21T09:12:54.013000 +CVE-2024-31134,0,1,684ec4fb3ab1d4b94622e466bd62b4b2952a0217846316306405c4f6193f7b3b,2024-12-16T15:53:28.913000 CVE-2024-31135,0,0,6f570ab7f122a6ad49c3fa62728d41ae46d24bf44d47ac54c704b6fb6a9d101f,2024-11-21T09:12:54.143000 -CVE-2024-31136,0,0,5d695bdb6954fc152a7347e9d95fd8578dcda6515dbbec4f78333ffe2b7a16b2,2024-11-21T09:12:54.277000 +CVE-2024-31136,0,1,f5b8b98e9005d7bb3352f2ee91334c4ca64999580be42c2fe381aa49e3d825e8,2024-12-16T15:54:25.227000 CVE-2024-31137,0,0,aecbff13a0ee8c906b42d718c3c8ed151cfc9064e4b1a866402d907eb4710bbd,2024-11-21T09:12:54.400000 CVE-2024-31138,0,0,a14830dd632eab19efd921efe1eecfd04c7766923aade8813413aec3b3c0940b,2024-11-21T09:12:54.537000 -CVE-2024-31139,0,0,10c24ea06fc98eb4b48276eaa83c304680b40137eb96791a12ae2ac06fd2f1b0,2024-11-21T09:12:54.670000 +CVE-2024-31139,0,1,d91f493db8c81bb4b5d794b8f2a363ddcea640c7742984db8441987b1d195e49,2024-12-16T15:56:36.237000 CVE-2024-3114,0,0,ade433a65127555302d65b2c164d94e533c3b45e4239cf2791c7a999f14d794c,2024-08-30T14:15:15.937000 -CVE-2024-31140,0,0,99f4f76073970c66507fdf182e0a31245624117f5385e7cb218aaf36e4a74a67,2024-11-21T09:12:54.793000 +CVE-2024-31140,0,1,8d4feb999561527fd03ad2e67dd311029f29e7334774d14942143f4dc9376a40,2024-12-16T15:58:11 CVE-2024-31141,0,0,63f66ffcfa72f4318f3e7b758344a36b89d8424c883759a26f5d11cd5df1f6b7,2024-11-21T09:12:54.913000 CVE-2024-31142,0,0,f0e25bdb8c8839bef9c14d66586bad0c1ebbce2b2125a4db27230c001518faa1,2024-11-21T09:12:55.110000 CVE-2024-31143,0,0,4790e02a9527ae34971a6ec375e16b193baf2e8575d041b48c7869872729bd6c,2024-11-21T09:12:55.220000 @@ -257007,9 +257015,9 @@ CVE-2024-35297,0,0,23e69c7fa8758d2839ba0f21232e1c70c9a4debd79526bb77618b215f0e86 CVE-2024-35298,0,0,fa7788bf317a71a84bf8146795eafa26bcb4ed57f180f49f693caedd58415924,2024-11-21T09:20:06.100000 CVE-2024-35299,0,0,66ebbab2b0a692e2b1d921e2a31108ce541366992eb29d6d2df1746eef7b2b2c,2024-11-21T09:20:06.297000 CVE-2024-3530,0,0,19a26ee56ded29d2e11b10a192b107effee98b98e60c5d0c5a925841596c5055,2024-11-21T09:29:47.480000 -CVE-2024-35300,0,0,9c93539d29fe92fa6d22adb952d88d70f00fd1dc6dee56c5e0d272740968fc8c,2024-11-21T09:20:06.460000 -CVE-2024-35301,0,0,a4a098c7873c0bc2dd0ff1ec964475561295ec0819b7071826545299282d3fe2,2024-11-21T09:20:06.590000 -CVE-2024-35302,0,0,4a1bb03804c4a2430ff0c30b8ae98562a8d893fe1f7ace4efc346510ab0e8ba9,2024-11-21T09:20:06.717000 +CVE-2024-35300,0,1,8476854df88ded7ab4fe4db1007017684a43223b3513105c5d461b5e9e5fe242,2024-12-16T15:48:36.930000 +CVE-2024-35301,0,1,3aa290a2314ba6b70fc37ae1db563a8252a1099fb3aea3ee731b4ca2cd8d2137,2024-12-16T15:51:28.007000 +CVE-2024-35302,0,1,9009b11838ab554d52fcc535f98537996a71e65b1368667d6ed2e3cf5074b624,2024-12-16T15:42:19.513000 CVE-2024-35303,0,0,dbcf22354574acb019f75dca9d06610c5fcb14a1dfda0fbfd65584d0226f9c1e,2024-11-21T09:20:06.837000 CVE-2024-35304,0,0,7ed4f146fd33b6171600587adcbdeaead1decee1ed73e0b90178e1b104d7c926,2024-11-21T09:20:06.967000 CVE-2024-35305,0,0,0461a720e668c8959039a3652a36f33095f7babd165ee84239e034d727297a97,2024-11-21T09:20:07.110000 @@ -257863,16 +257871,16 @@ CVE-2024-36359,0,0,3cc0d651469873089668811614995b932e2a134931c52e95469939b03a9b9 CVE-2024-3636,0,0,4c7744b51293bd4e3a9aa3d916a63e7f32e699b3ac0ad0263818bae7fdeef663,2024-08-07T16:35:14.110000 CVE-2024-36360,0,0,86c2fec55966fb8ed1d52aee7a156763ceca1ae898ea75dea3ecbf7fdfbcc5e9,2024-11-21T09:22:01.170000 CVE-2024-36361,0,0,e4343f7ee38acd675bd11a78326fa9c9897eb116b95daf33a3c1581431d81b95,2024-11-21T09:22:01.357000 -CVE-2024-36362,0,0,bdfe2445f4e8bbb170a509a8cc962090e915d6ddda802e1da6d08a3a0856741d,2024-11-21T09:22:01.590000 -CVE-2024-36363,0,0,d6fbd096408a3da19f817cd1fb4d0660c649723123adf5fc1af46ba8eaee824d,2024-11-21T09:22:01.737000 -CVE-2024-36364,0,0,7e65646a63286561f91cc540e8b194ccbceb9474c35e005957aa965aa99cc510,2024-11-21T09:22:01.850000 -CVE-2024-36365,0,0,2a2d25391a2a1731da98688b648b1f5cd06b48795ead00796a28a1c83a451393,2024-11-21T09:22:01.980000 -CVE-2024-36366,0,0,366e5735012c18ea9ce39036cdd29c859108f575aa7ff9c68f4d2289bfb3df70,2024-11-21T09:22:02.117000 -CVE-2024-36367,0,0,6299514d35d8ae9703b8bd17daa576b864085685d8a375b63eadd8c197bd097a,2024-11-21T09:22:02.240000 -CVE-2024-36368,0,0,1130fcafd0d557943bf5ef6f93141f05a6f60feb8d46c7407594dbf0cc089578,2024-11-21T09:22:02.370000 -CVE-2024-36369,0,0,9722c070b6ec0c3fb1af5d943db8351bfb22cc52a3baf72a7cf986e507633225,2024-11-21T09:22:02.497000 +CVE-2024-36362,0,1,3ff8b5091e460c716d44f313160232b1d6394a6c30faf8d66a18a697350ec2db,2024-12-16T15:41:48.623000 +CVE-2024-36363,0,1,af475d26473cb95c39d9a0b42996cb69848ffd5b957d41d1fad04fa0f7680c9f,2024-12-16T15:41:02.967000 +CVE-2024-36364,0,1,23c721ef2dd5dc0d28660a89f5c4460c041ac784dbb72ef83ff9a454e255184d,2024-12-16T15:40:49.667000 +CVE-2024-36365,0,1,dc44a45656061ade89d768d4fa2e992d74d2c4428342db72c2a67b9b28e1ca18,2024-12-16T15:52:04.303000 +CVE-2024-36366,0,1,1ad2bd86ee83972344f0b6d1bad7348c121df781e8bfb5e105b00680fac7ebfd,2024-12-16T15:52:21.477000 +CVE-2024-36367,0,1,641557a81dbb2c7e627cce689572504d103545c194da9b835536d1ed1a22c9ed,2024-12-16T15:15:11.200000 +CVE-2024-36368,0,1,db58c03bed12cd47c6e92371f3cee4963e9f815b9a39d4dd27c6c09d87c5337d,2024-12-16T15:14:56.433000 +CVE-2024-36369,0,1,86335f126149b45fcfe791d3a51b05f9b5c2ef6682670204bff02f19d0fd3666,2024-12-16T15:14:39.120000 CVE-2024-3637,0,0,21120798a280816ab7cf3ed70bbd1f108404954e011a1d26b78f2314da517882,2024-11-21T09:30:03.153000 -CVE-2024-36370,0,0,7331cda531e9907d1e60ab081470a93183b5a863fd0f219791032067e7e878e7,2024-11-21T09:22:02.630000 +CVE-2024-36370,0,1,7197b09dbd5b84f4171470c9be6f834edd16667f764d0dab4aed81738c95555d,2024-12-16T15:42:30.397000 CVE-2024-36371,0,0,beae7d114ca51288bcc971c126cbd91dfe3a175d32b595469dfc3189b7a03bfa,2024-11-21T09:22:02.753000 CVE-2024-36372,0,0,f904fafce93cdb574512bc8038996ce8f1b1abc255493f4b077cf5906c5d7cda,2024-11-21T09:22:02.920000 CVE-2024-36373,0,0,14e86239fe2f2a099c98ef8abdeb611c7d0c29cd7d8e7616ee91094ab38c7a74,2024-11-21T09:22:03.053000 @@ -258522,6 +258530,7 @@ CVE-2024-37248,0,0,ec62e8d4fe2e7579113c2b37456d725796d20d1311148f2bb7c100ae2eef8 CVE-2024-37249,0,0,b28111764a4c58ed81f56cdf7ecccc4cecf9efe2cdc39c1ad5678b6845adaa22,2024-11-01T20:24:53.730000 CVE-2024-3725,0,0,18364719a7ffb6dcc031c07ec17bc162c26f3b343f96940fbe622dc91ac280c0,2024-11-21T09:30:15.123000 CVE-2024-37250,0,0,162a7b18dc3b3934e704845f5211211f8c1a8ee9037e336cce22b77790194428,2024-11-01T20:24:53.730000 +CVE-2024-37251,1,1,7c398b2bfbbabad1c95432ccf3ecaad2492e3c0433f3b9ae5c03871ccccb3e17,2024-12-16T15:15:06.970000 CVE-2024-37252,0,0,352abc05f60f2e4fbc6355cda6bac20bf4066a5734bd84d216e40d333c970822,2024-11-21T09:23:28.390000 CVE-2024-37253,0,0,6ad326c6ab9256d1c78d972af311b89fce01e900376b835d2b2b0e35a35a97f0,2024-11-21T09:23:28.510000 CVE-2024-37254,0,0,7d8e71419a3130a86567c36341c002c59c1fc9f1c27411c09dfcb40f68500996,2024-11-01T20:24:53.730000 @@ -262718,6 +262727,7 @@ CVE-2024-43230,0,0,3438c9ccfea127a956b5025f46fc0219f157584c782a74b31fb7851ceb9b9 CVE-2024-43231,0,0,44c239b38fbd55455653753b3fd25fe2d8d919b27d08f15ee1b05fad9edf9d6b,2024-08-13T12:58:25.437000 CVE-2024-43232,0,0,52a1852c046c09034701352a38e8ac744730c5fd62b6924733c81dd9ea3e74f7,2024-08-19T18:36:07.297000 CVE-2024-43233,0,0,a3cb80d788fcdefbe82efd5cb7c46f3e83ae874c20df2ef7eb293b519d517ebb,2024-08-13T12:58:25.437000 +CVE-2024-43234,1,1,6499b67f98984de01105beabb063b8d176940a6244f2236cde120b320d33bd16,2024-12-16T16:15:07.037000 CVE-2024-43235,0,0,153cf4f640991e76b1fd90c9e2d70c020b64700c307856901f74189cc7743bee,2024-11-01T20:24:53.730000 CVE-2024-43236,0,0,31b49ca6a31d05d0d0a34fd55ac45950bc1127c323529a1cff3b9cca0de7458c,2024-08-19T18:36:07.297000 CVE-2024-43237,0,0,b06cb1da3f0bf78839a44face593f3df310ca1b2e53335b15d64a161ba7d3890,2024-09-26T13:32:02.803000 @@ -266203,7 +266213,7 @@ CVE-2024-48336,0,0,5cb1b4f35926e19009664116e71be8fd3716294889352a8f25534443259aa CVE-2024-48342,0,0,cab27a7526b8debabab042631051135b3c12f9f8dc84e657f2f251a3750f9436,2024-11-04T07:15:11.437000 CVE-2024-48343,0,0,0bfa348b5d2d42e48044b97cff0f001dba38954dec1f095fe3ec5f9d82ed0dc5,2024-10-29T19:35:23.657000 CVE-2024-48346,0,0,137121b06c9d03025a14db47b13e30e3704002468bdea02ff387b29ce7f68d9a,2024-11-01T12:57:03.417000 -CVE-2024-4835,0,0,c6a2db60430318398487aece323125c8792cef78bef47a2106eaba725f27ad91,2024-11-21T09:43:42.317000 +CVE-2024-4835,0,1,e5afebda31e3d00337280146c689aefe524c3c5fc6e420e48bcb5298cdef38fb,2024-12-16T15:10:13.577000 CVE-2024-48352,0,0,0630b5d0648f49e8f5e7ffc77997954c036846dfd8121959ae1ed5204e6959c4,2024-11-05T21:35:31.063000 CVE-2024-48353,0,0,6e062ef59024cab9444cec2113ba798ef28bfd7e30a0322f5c3671f058c6654a,2024-11-05T21:09:34.780000 CVE-2024-48356,0,0,eac70a56b90ec2a9ea89c90d1bd0f8f40240711b9bd71861f168af2fe20e0990,2024-10-30T17:35:12.420000 @@ -267048,6 +267058,7 @@ CVE-2024-49771,0,0,8c6be80f6c66464327581fe20dca305196ea80220132086a57a1f206da8b3 CVE-2024-49772,0,0,32b7e95857890df8c85cd4e02aad79ee44554209662330cf7f8cc7a1c9ccfb02,2024-11-13T20:19:54.597000 CVE-2024-49773,0,0,5bfedd952fbe471dc43c1bdd3c2dee35821f6f90ccb32f5b65a888e216008a47,2024-11-13T20:29:11.297000 CVE-2024-49774,0,0,73af62f273d436afb14d667598c160b834c1cd8d93ad602898a66d14ddd85e8d,2024-11-13T20:40:26.100000 +CVE-2024-49775,1,1,8dc782eedaedb37ab685c0d011f75cd0f6b35d0a4024c3e2d7203025ee844c58,2024-12-16T15:15:07.173000 CVE-2024-49776,0,0,b329b9bb81d9728287170b18d3b168a17467bbe39eccc58affb8da9d8a750f4a,2024-11-15T18:35:34.550000 CVE-2024-49777,0,0,2267bc9ff93ef330d0a1f69ee1d413cb1459de2363d63c74f1eb9f77896870cc,2024-11-15T18:35:35.413000 CVE-2024-49778,0,0,ce01f58133a3eca198de9ca85c44a1634d3ab246b582a1e70ee7b9bae211ce29,2024-11-15T18:35:36.260000 @@ -269804,6 +269815,7 @@ CVE-2024-54225,0,0,718637207634ce393328c74b719f6195ce980edfa43845f62d44bb51a571b CVE-2024-54226,0,0,96db7c741f0175e61ef18acd2b8374057aea5d1c8bb19c9b0568d7c49ff45ed5,2024-12-09T13:15:42.787000 CVE-2024-54227,0,0,4593859a9f1e1945e9c644d6e0c78fb64e4629e76e799479c9b09ceaf5cb45d6,2024-12-09T13:15:42.910000 CVE-2024-54228,0,0,6f834b81fce618f10b8ed8b4ad3a2e1b64ca1965e08839904498c2d07f83404a,2024-12-09T13:15:43.030000 +CVE-2024-54229,1,1,01ce418eece3168af7fc4aa39406a218d00786d97a22f372f56e0862ab27d26c,2024-12-16T16:15:07.290000 CVE-2024-5423,0,0,7a628fbcf4260b47e4020abba26bee837e84024c4fe4430cc553749e9117b851,2024-08-29T15:41:13.247000 CVE-2024-54230,0,0,426c8bebe1be09c2b500b620f91c66be5d61bf6bb3718239e0e8f03edd648ca2,2024-12-09T13:15:43.163000 CVE-2024-54231,0,0,9adcdde5c484a4d3f0dd1e31829015eeff2948e3ce8bc45ba8c48e25b0cd1e13,2024-12-13T15:15:27.250000 @@ -269825,6 +269837,7 @@ CVE-2024-54245,0,0,d20f133a954dc4c596025d36115c231a80c0fbd5170dce03102f0ee8f95d7 CVE-2024-54246,0,0,15daf4a2b62ef54a26b3eac69e8c06a7dac15327dcfa5c7d8ce92ce792d13929,2024-12-13T15:15:29.260000 CVE-2024-54247,0,0,57d6dfcdd22519bf9e88a21ff9b1df9ea70c0a456cff6a228e959919d7875998,2024-12-09T13:15:43.440000 CVE-2024-54248,0,0,e68b4c2dc745e43018b4703d2fc23e8081ba817bfa6eedd2e3331a83fad0f245,2024-12-13T15:15:29.397000 +CVE-2024-54249,1,1,a1ea740c4155539e63a62a469dc27bffe720abc4f72ddb3aef4a994a99b066f3,2024-12-16T16:15:07.430000 CVE-2024-5425,0,0,39c2f07d9a14a501f6a62a9467f6ca87f9b63c1b18438a7bf6cb3ddf24a3b17c,2024-11-21T09:47:37.743000 CVE-2024-54250,0,0,c4b42575991b30db16b66f5f2527fcdac57048da933445876ee01033406f52ba,2024-12-13T15:15:29.540000 CVE-2024-54251,0,0,88555ba4b3a32f180346f6738dcf0b83adaa6db6974925f721d191bb83a4f8fd,2024-12-09T13:15:43.587000 @@ -269833,6 +269846,7 @@ CVE-2024-54253,0,0,3e7f14d57faa9aa8a35c642a9452a28b4636dd0d4a1cba0850dcbd3450d69 CVE-2024-54254,0,0,04373a59529aaae92a87c4a192571d7f42eb990ce554ec6c5442265fabd555f6,2024-12-09T13:15:43.860000 CVE-2024-54255,0,0,9be77e20322099703040d9eab39da1153fb30df746e4acd9c4440dfc860382ad,2024-12-09T13:15:44.007000 CVE-2024-54256,0,0,68f49eb4fc73bafed807a2f9302fb90d0f3380f706ca0b1cc8789b65608043a8,2024-12-13T15:15:29.800000 +CVE-2024-54257,1,1,e1900dd3dcec0b3981bada6012589575172879299ab61de2de491f38a04207d8,2024-12-16T16:15:07.577000 CVE-2024-54258,0,0,40977d96bf1a1150018840b2b1887904bb081d20b00fc4f685b4add8fdc994cf,2024-12-13T15:15:29.940000 CVE-2024-54259,0,0,e9f0ce56454eab10162f84a029346ed7917509eebe036edc5de188a026e2b971,2024-12-13T15:15:30.080000 CVE-2024-5426,0,0,5ea29bfa6e12ae428a874da685da80617819a2a2873f1c2f03b3a2184d9a719d,2024-11-21T09:47:37.890000 @@ -269854,8 +269868,13 @@ CVE-2024-54275,0,0,01fbef7f9c6ad844b0359d42c1c6681f9b0c0492c41862dc18fb3364644fb CVE-2024-54276,0,0,e3c82beb3b4ba680352d6c4bb853d8f039dfab5c0430baa84349eeb1655a525e,2024-12-13T15:15:31.907000 CVE-2024-54277,0,0,644b1ec7ce0758a42e7cadcffb0abfa7c6f1936d66b8693dca02d7c7d7cb373a,2024-12-13T15:15:32.037000 CVE-2024-54278,0,0,c988ba1fd990c34dbe34c4a48f2ebfe9d973cee978e4f753f42cd41487e5054a,2024-12-13T15:15:32.177000 +CVE-2024-54279,1,1,e9e061a05c05e9670ae8b86b67e8959107d7761f6eebb2d442786dbe2074a636,2024-12-16T16:15:07.717000 CVE-2024-5428,0,0,30a1e5798ba964c256509639dbff6325801c2c8107993bac46e8095f1112ddf1,2024-12-09T22:51:14.763000 +CVE-2024-54280,1,1,ab03c103faa0d589807e4deeb24e5efc3229691c0ee761c91fd1f67f799ac3ec,2024-12-16T16:15:07.880000 CVE-2024-54282,0,0,ee7697592655debc3b68f7db6daeea6f7366421cd50262ef4e8451e234989509,2024-12-13T15:15:32.303000 +CVE-2024-54283,1,1,f5f6b15f0c1118757767a88ae2452c0f9fe78ac618167f70e18bdd76cf809445,2024-12-16T16:15:08.023000 +CVE-2024-54284,1,1,d6e5417501aded07a918ea054c3153ba42489d4b4e9b30b6b0253984d31ac50b,2024-12-16T16:15:08.153000 +CVE-2024-54285,1,1,9f55f81344a782b4205fd5e19ac95e86c860da2df70c17f271a767c8637dfd61,2024-12-16T16:15:08.320000 CVE-2024-54286,0,0,1fe2cb3deb2f99ff7236b99fa2a4b0205d97f9a1acdae17f77055dc910d4910a,2024-12-13T15:15:32.440000 CVE-2024-54287,0,0,2aeb2989c5e0f2e258b8daadd407d0b8265934aab0500d9baeccfc9630f029e7,2024-12-13T15:15:32.573000 CVE-2024-54288,0,0,f1c978e6daab8ee4837d7bce1aab9cf6db2b02a12777cc4bf5c0cac0b889cf00,2024-12-13T15:15:32.707000 @@ -269905,6 +269924,8 @@ CVE-2024-54328,0,0,d7fed70435f871dcf6236ee52206f0f433a9a0f42f54bb6174bbfcc5c71cd CVE-2024-54329,0,0,e948e1a0a6429b416ec6d4b5157b877ff4c27051991ba97181245142f86fe5fc,2024-12-13T15:15:40.107000 CVE-2024-5433,0,0,85754fd697f4f5b622bb075df4ed4549c19f6bb5edf752c62289239c9b05d91f,2024-11-21T09:47:40.537000 CVE-2024-54330,0,0,a675d635313b6a5a1e335866161fb4feec8173053fb82fde7b523836a1a5b3fe,2024-12-13T15:15:40.243000 +CVE-2024-54331,1,1,90fe907b9c9742596de187183b59cd3308226ec6f8480a9b7815560094319510,2024-12-16T15:15:07.377000 +CVE-2024-54332,1,1,ac683aab5f7a8d02b137bd9c571219f1b6e2e2f3affddc27910e904defa2a8b3,2024-12-16T15:15:07.547000 CVE-2024-54333,0,0,3b0a26eef2dd8c691b14f6849e93855ed5c79a54aa49ad306c7a7b87b37aaf58,2024-12-13T15:15:40.387000 CVE-2024-54334,0,0,bc3e80ec549ecd263a38a7bdd34eb19b5ff44199e30f954fa8b4e5ed8ee9953f,2024-12-13T15:15:40.517000 CVE-2024-54335,0,0,13d8c858c47a3826946720d9f4d27480ac6ea7973dd85f9fc3a3887a4ded1e8d,2024-12-13T15:15:40.643000 @@ -269921,17 +269942,105 @@ CVE-2024-54344,0,0,2d09f07c3cbb27f7fb028c0560b3cdaf3555242004f5fc3c293313ba5e9c4 CVE-2024-54345,0,0,befba314e564cec96abc9b60242ec5f528d6f5d0a0a172ded32adcd159090e3f,2024-12-13T15:15:42.010000 CVE-2024-54346,0,0,4f1d43cd11fa56bf1cad60578ee49dc94d2860a632a88cb8a11447dc0f45a148,2024-12-13T15:15:42.147000 CVE-2024-54347,0,0,9ecffa953e0884bbd46d6103688207c54883dbdda010bfeb70a36a3a1d570889,2024-12-13T15:15:42.300000 +CVE-2024-54348,1,1,aa27cf6b15bab24c6c600c9630a13cf2537b1e8caebdcb4ef68f3fe5d90bcee2,2024-12-16T16:15:08.477000 CVE-2024-54349,0,0,1827028321e929a3a9304e3cc0db0d3b606a5800582305628e60ae52cd7428a1,2024-12-13T15:15:42.440000 CVE-2024-5435,0,0,be7b01e002899800d7c367843f4cb71728bce729e4821fb8e6b5065711ce87d0,2024-11-21T09:47:40.767000 CVE-2024-54351,0,0,c7129cdf0b23517dec940400cbe9c6a0f2d69d5f8af88980273177b73e05253c,2024-12-13T15:15:42.573000 +CVE-2024-54352,1,1,d6b00b28bc731c1d7480280f5844dfeeba94e7552fbc8fc902c4d74620e2809a,2024-12-16T15:15:07.707000 +CVE-2024-54353,1,1,56c899c16f980be7d5ae16bb63bd232789506aa08518290600f7451bf40d052c,2024-12-16T15:15:07.867000 +CVE-2024-54354,1,1,22aee8b8cd7daf2dc8e90d68268db256ccdea105971cbe4aab3a3d9f30ef39fd,2024-12-16T15:15:08.023000 +CVE-2024-54355,1,1,b3c3427c0fb86ec5e7c4bfbd797bb64c7feff4315bd7478eb4f4767690ed453b,2024-12-16T15:15:08.180000 +CVE-2024-54356,1,1,4e02e8dd033bffe2a93215089bbb2f3b3997857535e57f329a5782be62c47096,2024-12-16T15:15:08.327000 +CVE-2024-54357,1,1,80da106218284b3a0c7a7149660863113a09dfc504570f394a68d11a70056114,2024-12-16T16:15:08.617000 +CVE-2024-54358,1,1,21b2a8a2a2efed35487e62c6767160f26f3dcec2e4d60c69ef5462a7582a67b6,2024-12-16T15:15:08.477000 +CVE-2024-54359,1,1,6bd4a8122e09b88b4d92ac28992e9216936e643d24f522952060f7bcf28ba03c,2024-12-16T15:15:08.630000 CVE-2024-5436,0,0,33c3768bf6b957789e9fd4520192cd7f52d0101d89a4b841a8c4d92b239bee32,2024-11-21T09:47:40.917000 +CVE-2024-54360,1,1,39508cedc7d8f23daba9a2b00ca88fb5f3080f2daa9c1316e418d67595d2cb8e,2024-12-16T15:15:08.793000 +CVE-2024-54361,1,1,1916a09f30132297bb917bdd38ad3600a1ce159210dc76b6fa9090645897ca34,2024-12-16T15:15:08.970000 +CVE-2024-54363,1,1,d4335cae104d5c5ab97728da2d8d897c90b40129adc54aa8307bfe224b121049,2024-12-16T15:15:09.130000 +CVE-2024-54364,1,1,dece08cc2bb49cf93f758c15ca6ad6e9d9f9ef88582ce5d6ea3062d2e6e95135,2024-12-16T15:15:09.283000 +CVE-2024-54365,1,1,5a3c7ba6aafbf728201d04cf236f645e532cc0aff2fb0a9d2e8a35b9c1e956a0,2024-12-16T15:15:09.437000 +CVE-2024-54366,1,1,bd2f401d647575d3dd62c0c35779d221211985530e3efaf67568696c7de7d7e9,2024-12-16T15:15:09.610000 +CVE-2024-54367,1,1,8db81081dfcc8c13696b3cfb578fe0e13595a501b3be9d9af29799f3940394e0,2024-12-16T15:15:10.027000 +CVE-2024-54368,1,1,944c5cb6f4c2406f9c67882a1fec37a2f3a40060c78abba8fadc1a78949ec554,2024-12-16T15:15:10.223000 +CVE-2024-54369,1,1,4c89da48552c4ea41ea6dfe82659722b58f4ea346c30754adb6b5646f31cf955,2024-12-16T15:15:10.410000 CVE-2024-5437,0,0,192ebfba1ee0c535fd80257f20084502c6785a2aaa34b88a17d7df43ec70e510,2024-12-09T22:52:00.683000 +CVE-2024-54370,1,1,ee8940e4d9b28ca9b47b65b892e904d7b0e768bf361266e6018cc23f210c92d2,2024-12-16T15:15:10.593000 +CVE-2024-54372,1,1,22211bda6363f60f5bd9a86809a26315798446615659751e14c7b1b328cf04dc,2024-12-16T15:15:10.810000 +CVE-2024-54373,1,1,38fe09965260602f6487a151c4048df11b8e187948261771a615c5194802205f,2024-12-16T15:15:11.013000 +CVE-2024-54374,1,1,7abaa673bd6c8c7d9a0bd3e23009bd97b692b7d0fbde45edeaa22b83359790ac,2024-12-16T15:15:11.200000 +CVE-2024-54375,1,1,3068deaa377a4ea093666c49c420b08b23f95a1b226b08f1e9db404dde4c6bec,2024-12-16T15:15:11.553000 +CVE-2024-54376,1,1,bc4adacbc175a967a5098c28357743eba44e9ea26c69a92a58d56e931187e29e,2024-12-16T16:15:08.763000 +CVE-2024-54378,1,1,e0793cb140d3daaf22451976989e673c35e2a847e6003dbe8cf15bddee267d2d,2024-12-16T15:15:11.740000 +CVE-2024-54379,1,1,1ceccc11425fe839deb2312ef4df013d80a5d3134346932fc2a9e2266469d5b1,2024-12-16T15:15:11.930000 CVE-2024-5438,0,0,ffa2cf18257657249bf4324d169209d5b77afdfcf36ba5cbe26b4a5e29aa156e,2024-11-21T09:47:41.163000 +CVE-2024-54380,1,1,45c25d50ae5052d82986ff15482682ca30bd2ece78e3ec0e65c2fe22d025ad96,2024-12-16T15:15:12.123000 +CVE-2024-54382,1,1,d70895b9723d8dc4b6916078b2a54e6e03b8bbf44fc762436619765bab30fd6e,2024-12-16T15:15:12.313000 +CVE-2024-54384,1,1,8f8d2ccf33e387e4b711949c951451ebecb0140d34035d48d8452d2e5154f98b,2024-12-16T15:15:12.497000 +CVE-2024-54385,1,1,decfdc74d2854badf867203e8f29e393979ad5029990fdba4cb698db019b4036,2024-12-16T15:15:12.653000 +CVE-2024-54386,1,1,233dc3c04ed6c0cd086632a6711be15443f56fe0e238c795984ad866ad0bbda8,2024-12-16T15:15:12.837000 +CVE-2024-54387,1,1,4b32b85509bbf265bfd44697af629a643666a49a637478d7cb26ff1160748cc6,2024-12-16T15:15:12.987000 +CVE-2024-54388,1,1,a162feaf63d3b38ec1bebe413f2fca895776e1ebda0f446e7f2a3548147a500e,2024-12-16T15:15:13.163000 +CVE-2024-54389,1,1,d3ae4126a9d34ecaf2dc66deffc5f181b2a520a0a342fffb949a15e4c2d2dac4,2024-12-16T15:15:13.303000 CVE-2024-5439,0,0,5a44e3fd4aa453ab2ad6437ae67e94335e6990f31b7d3e0d4c8ca40e0afb67a0,2024-11-21T09:47:41.280000 +CVE-2024-54390,1,1,51e7e8015be03752319bad0d2e3f5a818c467fce2e1971e96a33783a518e2252,2024-12-16T15:15:13.467000 +CVE-2024-54391,1,1,97a45738ce3484cb5d07d32bd75ddcdd8cfa6122aa2c9cdff3884bd6d628cc1f,2024-12-16T15:15:13.700000 +CVE-2024-54392,1,1,bf73ec768029bff1e079d43098f72e4ae4450bc0a7280f74d004fd39ab81f7f8,2024-12-16T15:15:13.873000 +CVE-2024-54393,1,1,2ee065d58dfa59dcf0e3f98f6db75c8b17ae0234532d777e77e9ac127c5bb5b7,2024-12-16T15:15:14.030000 +CVE-2024-54394,1,1,c9ea511b3ec0302b3caad5208bcdc3cb007c9c682015a0dd8c58bb196bf99ffa,2024-12-16T15:15:14.220000 +CVE-2024-54395,1,1,cbc804c3cf520707bf0db63f10d15569a487ccf077ba226942e6b07372e47928,2024-12-16T15:15:14.377000 +CVE-2024-54396,1,1,8157fafbd65964fc9a74aa473d4ebab060f3548f9f6c723fdef15adbd71914f4,2024-12-16T15:15:14.610000 +CVE-2024-54397,1,1,bdf7d80aa450d49caeabc53910c9cbdc6e23180f887853b0a60debce2c5de9c4,2024-12-16T15:15:14.983000 +CVE-2024-54398,1,1,5e8ea34cb0211573624138cba0cc49f3c251625b68084500f500c80ec096fc20,2024-12-16T15:15:15.153000 +CVE-2024-54399,1,1,ff6b86af74ba45eec4e2391473eb656a537bc427c66979f4c29441f505ae29c8,2024-12-16T15:15:15.317000 +CVE-2024-54400,1,1,8cd0da4da9e82b29af382546b34322a95b9c2b47defbb97e62c24aa9d50d1541,2024-12-16T15:15:15.587000 +CVE-2024-54401,1,1,e8423b7db86089cdc1f52920fcad2ad069c4a00726f80ca9c37433a674d03b40,2024-12-16T15:15:15.970000 +CVE-2024-54402,1,1,68f97c1768805310667bcbd4ee4ab85763831463ec3a4ec47832bf33a64a626a,2024-12-16T15:15:16.153000 +CVE-2024-54403,1,1,640758deba575628ce70c6df3a418cb0fe412adaa3ae52d1b877b915ccf9220f,2024-12-16T15:15:16.327000 +CVE-2024-54404,1,1,c7698f335fcabc9086785c31d5e5142ee2534a6f6867dc90700ed714eecfbb4c,2024-12-16T15:15:16.500000 +CVE-2024-54405,1,1,7b53cb7b5bdad09441f7ee72d99d5e52c147b9f2c6e4bf1edfd5137ba894f97d,2024-12-16T15:15:16.673000 +CVE-2024-54406,1,1,5cd10b05f522e08920ef06d5c67a76d415e9d98e90a4dfa9a8c4c9e80337f371,2024-12-16T15:15:17.197000 +CVE-2024-54407,1,1,cc9ff24537883b75b3063ba176d4c20d80474bea68eb4cc4e7480661d62791ea,2024-12-16T15:15:17.493000 +CVE-2024-54408,1,1,b257cfa79f09aacb8be16be4f84d0b8bbd7197046a8be8184d62b6c31f2b3cce,2024-12-16T15:15:17.693000 +CVE-2024-54409,1,1,896a54386bf79e08acebdebacba7f8fe8c8463902d58fee784e1279b718954c6,2024-12-16T15:15:17.980000 CVE-2024-5441,0,0,9a188de2800fac4e34dbb82ed230985cafee97f2cb127a657423bd77bdb5a0c1,2024-11-21T09:47:41.390000 +CVE-2024-54410,1,1,4c42cfabc3fb4ca241057f931aaf45b833cc0147a8df8f6f9e665eca68f7fe70,2024-12-16T15:15:18.173000 +CVE-2024-54411,1,1,cec1e1c5d743ece3ec14f865a0570354da6e20ab714c2628aeb56c536a4f776f,2024-12-16T15:15:18.370000 +CVE-2024-54412,1,1,36b0dfecf8e2f62133d150f92d2b8e6d7585699049f88fc8ffc9f795f192d9b5,2024-12-16T15:15:18.547000 +CVE-2024-54413,1,1,da5d81165726eea37c53ee571c43ef05fe5ae8aa1570bd44aab4eebf29542578,2024-12-16T15:15:18.770000 +CVE-2024-54414,1,1,31371ede249edc56d1bb00e40d5410c43c4a069ea4b803bf65c5058f33b86f6f,2024-12-16T15:15:18.923000 +CVE-2024-54415,1,1,64b568706462ff6c4ea8f85916d0214c2f43173d60268e17af0a8d3db6d31570,2024-12-16T15:15:19.100000 +CVE-2024-54416,1,1,ba21c5c6494db39c41f6a5ff0bfa764232266b84d2e7ca1bef3bcec6e12c72d0,2024-12-16T15:15:19.263000 +CVE-2024-54417,1,1,761fd479c5fbddc6fef39f46f793260bc2c3490da57b55ab3b6fa716eb4eac85,2024-12-16T15:15:19.437000 +CVE-2024-54418,1,1,a8f874217e1144e033b9ca982fa9166214b0d65ada42ae337374b8f639ab2186,2024-12-16T15:15:19.703000 +CVE-2024-54419,1,1,3118a80cc4fab64c61673aa6ea9f63296acdaeae899d8d49890402efaee29e3f,2024-12-16T15:15:19.897000 CVE-2024-5442,0,0,d04c2bb3cc8f82a2c7270c721f12e5a9b2940fb0a26db1ab02f9941e2c6a7785,2024-11-21T09:47:41.530000 +CVE-2024-54420,1,1,facff9f8f95c6d3204932843751b8e2d3246a54249d6445340ee6927612dfbdf,2024-12-16T15:15:20.100000 +CVE-2024-54421,1,1,7e2534b4fbdb8d38aee4c72dc99c99286b4e8e22b86384a7f91203601c91b992,2024-12-16T15:15:20.257000 +CVE-2024-54422,1,1,162324eb205b53ed3e7896b6fed495f401588ac80de15c94300da2b188a786bb,2024-12-16T15:15:20.410000 +CVE-2024-54423,1,1,747ddfb32b376e9a8e8ab7f9a3a87c5d58a5b861dbc613ecdba9f6dddef3f014,2024-12-16T15:15:20.550000 +CVE-2024-54424,1,1,a34f704033090a4f28cfc748684fa0d23a0dc15b496ba093a6959c48959a4e32,2024-12-16T15:15:20.697000 +CVE-2024-54425,1,1,609a1c1e639c1fe93ce83b25ccf2eb400690a313dc1529789b05d55f3d4ca985,2024-12-16T15:15:20.853000 +CVE-2024-54426,1,1,1a503ca24fd2fd0040fa174b0e2d2ee6b3b63f8646741fd246d92d68c9c3dc65,2024-12-16T15:15:21 +CVE-2024-54427,1,1,5fc5c1c9853f7533fc7e06d87d6c906d1e88988489a4a53522659ca2c49884e6,2024-12-16T15:15:21.140000 +CVE-2024-54428,1,1,08f1adec342adbbc700949d9fe2079753ab8898e68c88d7a0100185e7385893f,2024-12-16T15:15:21.280000 +CVE-2024-54429,1,1,4d331caab19a7d85dbfe304e8ccca7dda090b044d688c9f912ddf5a3f1c6d2f6,2024-12-16T15:15:21.417000 CVE-2024-5443,0,0,adadd9c694860afcdd394e8dee0fe463a311b2c2fa5a4e181ef4b87c4458e44d,2024-11-21T09:47:41.690000 +CVE-2024-54430,1,1,a656dd701a2668f957e552e8a07e5d7b7192e7b03c2645eb9f6b46a3f2a19364,2024-12-16T15:15:21.567000 +CVE-2024-54431,1,1,d7dba430b8aa996716a2c0a9b992c36d439aaa7317598bb8e0d5796886213fef,2024-12-16T15:15:21.727000 +CVE-2024-54432,1,1,f2dfe631f8b46a0dc6f9169bbf46861096ad2c017c4d41ad39c824864b7026b7,2024-12-16T15:15:21.883000 +CVE-2024-54433,1,1,a912f9700a7908b93524d6d87f8723051eac23332ea05936c08ae67547590638,2024-12-16T15:15:22.023000 +CVE-2024-54434,1,1,60607e47dd4bfd485a7eebe98bb663f6d43e5c22b85980c4e5a13a7b9ce2f6ce,2024-12-16T15:15:22.160000 +CVE-2024-54435,1,1,6cb280132fba53914ea7857424fd76c3802011d15881003df4b52222da1e5fe5,2024-12-16T15:15:22.293000 +CVE-2024-54436,1,1,92e43f5e7840d583eafa042bf0b51d2eeb0ad5a7d442fc66a4131981cd87bb12,2024-12-16T15:15:22.437000 +CVE-2024-54437,1,1,932fb33e8a78630c47848053d87a0882ea2cf84d1aeb9c98a6885a49f42fe12b,2024-12-16T15:15:22.570000 +CVE-2024-54438,1,1,b918533ce20dd8454099eeb2d3103c58686db0d7cd225408c317fc119ae24dbb,2024-12-16T15:15:22.713000 +CVE-2024-54439,1,1,4c5ecdbd9fe0ed07bf3ce032df03c05747a9a650f613280d3fe2cea7f3e216ff,2024-12-16T15:15:22.843000 CVE-2024-5444,0,0,d122b54e471150af4b6bf3b5aac169a49909a5e1c30b12ec4d263232852abd0e,2024-11-21T09:47:41.810000 +CVE-2024-54440,1,1,723f44632275f06c5e23d1e1f6274f82a8029f776b495170e076f2f1d0119ef1,2024-12-16T15:15:22.987000 +CVE-2024-54441,1,1,a08b486e295172eb894273ccaf7d82132ef8ac3f77926b6a73e4266679abbd24,2024-12-16T15:15:23.130000 +CVE-2024-54442,1,1,69dca484a65627a3db8bf4fb838f1eb265ef0927a339a4c7e14aeb30335cda17,2024-12-16T15:15:23.273000 +CVE-2024-54443,1,1,a43da47516f57b915c394add4b1398be1ec579a2e3d328952334629aec11fe1e,2024-12-16T15:15:23.420000 CVE-2024-5445,0,0,868cf662746874f2c335da1d583d2882ec8b61a1e57de341d372842bb0244e3a,2024-08-12T13:41:36.517000 CVE-2024-54465,0,0,649545beb8fbf7b7dcaa754e8f5868f87d1993a29b4f4f1eae2282e5919a3339,2024-12-13T18:42:50.737000 CVE-2024-54466,0,0,007391ad25f3f19d155f1bab4a612386e47b938cdb46a1c1a05637652e9969fd,2024-12-12T22:15:08.213000 @@ -270194,10 +270303,41 @@ CVE-2024-5596,0,0,eb53dbc41b5b12ac359e7b7f77cdb6558119327982ea8ec36e1ee0087b4d4e CVE-2024-55969,0,0,b8d6e744182357bf303692c68a99b6881f3335ee6e7002ef516b5a8e35aa9140,2024-12-15T04:15:04.657000 CVE-2024-5597,0,0,c028f291e4b563828a2ebebe088654ce56adccaea078f8905bc0de855460aa3c,2024-11-21T09:47:59.443000 CVE-2024-55970,0,0,5b1dff250587b29c9634d8ef8df7f76368a1e76dee21d3944f7629ccef50be40,2024-12-15T03:15:15.263000 +CVE-2024-55972,1,1,1c44851ff34933b5d9d20c1d43229f33a01d18ccacf7c33b8ab8ff687a3ae63c,2024-12-16T15:15:23.613000 +CVE-2024-55973,1,1,88c683f476bee0b08a38ad5028fbfed3d3c5274f5b3a1ebfb1df181a1a2f2141,2024-12-16T15:15:23.767000 +CVE-2024-55974,1,1,64a3805e2dde6492ed0dae16ddb2d242bbca0f63953aa16f3a50643bc6d911ba,2024-12-16T15:15:24.397000 +CVE-2024-55976,1,1,677d9056c69dbe1fb1ca305a501c341e634fb161039746fcfd3fad470d57a092,2024-12-16T15:15:24.550000 +CVE-2024-55977,1,1,00bde74b9c09b028f5e45be95decc038680e51a23a68e23798ad262b3f6d0941,2024-12-16T15:15:24.700000 +CVE-2024-55978,1,1,70de8549de34b7beae6d0c7d53f0c88e5e5163d577c6d4b77e1e9a0d3587d5cb,2024-12-16T15:15:24.840000 +CVE-2024-55979,1,1,1de4e7a9a25645de571f57b84769f72b703a9ae20466abdf28ac0f56e198e2e4,2024-12-16T15:15:24.983000 CVE-2024-5598,0,0,2cf80b31fb178896d7f3a9a8e95bb15f7d3d96fd4d258d8fe02fb96f5cf5629d,2024-11-21T09:47:59.580000 +CVE-2024-55980,1,1,c8db833ec7e6e3c339e99eae8d44a99f2eed3deef5836a2ec493c77fc198dde4,2024-12-16T15:15:25.130000 +CVE-2024-55981,1,1,f883699a36d99fb40d792fa40c88a353cf593e1183b7ec4c5e05b2733ffab54f,2024-12-16T15:15:25.283000 +CVE-2024-55982,1,1,5d9583881751b8be02c821a9caf92f4429cb26fc56f032f5634573dbe01fe6ce,2024-12-16T15:15:25.433000 +CVE-2024-55986,1,1,38dc69c582c764aa6783802fb0171e7b5042b834a050391697f2a15e6b5a2ec7,2024-12-16T15:15:25.577000 +CVE-2024-55987,1,1,320fc215a551586a71623e41c709ba0ae15b4b8c18f560d8881b040eb63bf602,2024-12-16T15:15:25.733000 +CVE-2024-55988,1,1,78318cefbf0a9cd3679cf8f17eeba7d821228ea534660f38950e54bc7283ddc6,2024-12-16T15:15:25.890000 +CVE-2024-55989,1,1,c38f3b2500e13c7423110e839aeebbc43ee4f66bb272c1e11d3951190aba708f,2024-12-16T15:15:26.073000 CVE-2024-5599,0,0,f3e32e76596c8dfbbbc9f620e9218f469ed68b0de9d9b75b168201bc4595067e,2024-11-21T09:47:59.700000 +CVE-2024-55990,1,1,2260d2c1e688c78ac510d9e6e1f0c916a427cc4ab382059bff4f2235835970a8,2024-12-16T15:15:26.223000 +CVE-2024-55992,1,1,66c21f67530201c357756290067290b55d9160751eedffe023b99fe9beda4546,2024-12-16T15:15:26.377000 +CVE-2024-55993,1,1,01857b4340d022453a35608fc0d89f3b2236d7e97f49b7795fa10f528b7ad3bf,2024-12-16T15:15:26.523000 +CVE-2024-55994,1,1,11be206618ebd59d6dd447780d180264658d58838f7be46230ab26bdde64cecd,2024-12-16T15:15:26.677000 +CVE-2024-55996,1,1,2565ba93c1f065db19de84241b28dc4a2fba083a567a0913fd4af777e3b95656,2024-12-16T15:15:26.820000 +CVE-2024-55998,1,1,710f5de4b14b0c0d8579bbf1dfad86e9bc65fb05373752f5527d05614fac6aa3,2024-12-16T15:15:26.957000 +CVE-2024-55999,1,1,bbc3255d877ba6fbd7a1898cc98740c856c51f1d6439a774d8af06fc147ebd17,2024-12-16T16:15:08.973000 CVE-2024-5600,0,0,9ec61c0439dd991245dd59b838c072ef06691da563abf803dab52d51cc92f007,2024-11-21T09:47:59.817000 +CVE-2024-56001,1,1,189bca167b525ae14d039dc3f779fec34ac038e0d9f16b9139fc10002162db0f,2024-12-16T15:15:27.090000 +CVE-2024-56003,1,1,625ce523f1770738acc9f8f197189066eb7c396a7124f58b14e9fc0502e63bd0,2024-12-16T16:15:09.113000 +CVE-2024-56004,1,1,000434e0597f438da98218913e2ee2cb6238f56be36ccc6ef3c06ee0c32a6af1,2024-12-16T15:15:27.233000 +CVE-2024-56005,1,1,548e74b83a6ea05a9027b723682f0bf87d4d468fe2385c211a67a524bf422b89,2024-12-16T15:15:27.370000 +CVE-2024-56007,1,1,44c512d713a31fc6d0d0b8146683eb2f5c27273cd3a84a44340acadf5fa1a6bf,2024-12-16T15:15:27.507000 +CVE-2024-56009,1,1,775ac8634fcf4ecad99e9b5042c330f466f24f7950d7edd2b87f8adc82ecdec5,2024-12-16T15:15:27.643000 CVE-2024-5601,0,0,acbfc7658ae08d87e0393a42bceb6ed0cbea62f439f049ccb260c38457891d44,2024-11-21T09:47:59.930000 +CVE-2024-56011,1,1,0a424cb818da7335bf1f0c462b0a349e91b8f3641cc66bb68166f781c159c53b,2024-12-16T15:15:27.803000 +CVE-2024-56012,1,1,1294e1b9cfda889d2897343dbdd5a8f0d69df1b88d00748e64c163cc5857799d,2024-12-16T15:15:27.943000 +CVE-2024-56013,1,1,98d5f16619c75bf7700fe13a8918184b7016cc1b87371ca36dfb3fcf7e341f9c,2024-12-16T15:15:28.090000 +CVE-2024-56015,1,1,a40d49c757aa948f90c29b7c6bdf9b80dad98326d3e52005d5d7b1f0a780c74b,2024-12-16T15:15:28.230000 CVE-2024-5602,0,0,f0b74b0cc64b84af5cc9e3e41d215e059dc6bc39d5e4f09c9ace9e8dd21b7bc5,2024-11-21T09:48:00.070000 CVE-2024-5604,0,0,8891da3265bc2c375fdbcf484ffb602948ffb13c3bebcf06f381e67d81cf40c0,2024-11-21T09:48:00.187000 CVE-2024-5605,0,0,a58f7d5ea1a1f097543f1fa828fe0f4d77e53004da146d280334895bad6f3fd1,2024-11-21T09:48:00.363000 @@ -270205,17 +270345,17 @@ CVE-2024-5606,0,0,98eaf774fa1e05fbd39a41e5847ce28629e9cd607119c8a5d04808d521a366 CVE-2024-5607,0,0,2f2e883967a2421396c2c72ed671760bd1b0ce90e12a34d10be305825ec8d97f,2024-11-21T09:48:00.667000 CVE-2024-56072,0,0,bd6e4433d11f02012078ec78b3d640c7b5f2f1fd75efb6e332973e1bbc62319d,2024-12-15T03:15:16.323000 CVE-2024-56073,0,0,01824a247f09195beb347683faab76db49c5c6281fc26b7356c5505b6ae504c1,2024-12-15T03:15:16.433000 -CVE-2024-56074,0,0,0642cc60954135db9d21e04c2f8a3494d7d5e43e5456627fcfb7a5451c970b77,2024-12-15T04:15:05.360000 +CVE-2024-56074,0,1,4a0e54489986d9a8929c35bb21fa99462f381a7418844c952c8f6fe6d433d784,2024-12-16T16:15:09.250000 CVE-2024-5608,0,0,ced92374bfec9f9526a30572e667eb2d7d2eee08d2b8c010b292f0924bebbe2c,2024-11-26T01:42:21.587000 -CVE-2024-56082,0,0,57d547b5a105acb2d3e1ac52bd9fee3095823a449148e9ae5f97a8b20acffe15,2024-12-15T05:15:05.803000 +CVE-2024-56082,0,1,df77aa083621f3cbe4f477b0149a9cf1724aee6e10bd2b96a61219d972b348a1,2024-12-16T16:15:09.460000 CVE-2024-56083,0,0,d5ae267ba83e28c541445d0350006e64b5fe517cb65a3dc2c39e4da3ee6ab5c3,2024-12-16T03:15:04.650000 -CVE-2024-56084,0,0,dd4b3899f13d6cc48ef2431ecf71a6d4f1f582b01420c47f59b4e730263bceba,2024-12-16T06:15:07.070000 -CVE-2024-56085,0,0,41cd7d13d1f62126b006143baeada1bf2ae2b131b1bffb4b2d1bf4f82008c1a0,2024-12-16T06:15:07.257000 -CVE-2024-56086,0,0,be9d8e8202b01df6ac58f2936c97673c2d917d5f68ce8e6b2c2bc2d1c3ba25db,2024-12-16T06:15:07.557000 -CVE-2024-56087,0,0,c9cb1df91f12c26db3987d003d8609417f9e02ef91af16219fd77e7aa06f6f4e,2024-12-16T06:15:07.727000 +CVE-2024-56084,0,1,6555848ae48b9f6dd50622badb3bd2ee416e5c7c85e8d4c41399c1928fe22792,2024-12-16T16:15:09.647000 +CVE-2024-56085,0,1,84b6c02bec28fda12b581609dc9c482f299fc4f7b2fdd8ef29c683562f037bcf,2024-12-16T16:15:09.803000 +CVE-2024-56086,0,1,55b2e18e9093ba91193d6a87cd1d557d79b0006f86d41a690637db3e2c4eeda7,2024-12-16T16:15:09.980000 +CVE-2024-56087,0,1,71bdda0ff7417396ad31c25e1bfa27f6b23e1f9a164b7da02056ec46ee4b5351,2024-12-16T16:15:10.147000 CVE-2024-5609,0,0,4c03a855f07c8ea18d8e7a70e1e2d3467f32254daea5abf62f130fb919fa93d1,2024-06-06T19:16:09.920000 CVE-2024-5611,0,0,52c51c7a288f3c0ab122ffc809ef2624c3045fff37cac024f8608d70739aac41,2024-11-21T09:48:00.920000 -CVE-2024-56112,0,0,98f0ba8a486530c3d9e8a82fb5101ef3dc6829dab0f1fe3ca7221915d295d052,2024-12-16T06:15:07.920000 +CVE-2024-56112,0,1,c0764d57c8621e012754919d62c22e086c1612ad1fec50477bfc7128c3e19f91,2024-12-16T16:15:10.313000 CVE-2024-5612,0,0,fa9f2c267dc0651754a7af098fdc2eb62147cefb9c269a544f85a4928011ea0a,2024-11-21T09:48:01.037000 CVE-2024-5613,0,0,7adefd0ffa78c5730a0bdb9525773949feed9eb79c6b9e6014b5dbc5d6f802b4,2024-11-21T09:48:01.160000 CVE-2024-5614,0,0,dbfe1b67548311692c56bb8d68c3048c964ba6dbbed397928536eff3aafacba1,2024-11-21T09:48:01.283000 @@ -270260,7 +270400,7 @@ CVE-2024-5656,0,0,ba99339cfecc1c5fdb0f6d1bb26f06bfe70b58ff628ceb5bd66c459a2628a6 CVE-2024-5657,0,0,322b989a97af9a632a310787c45ccef95cbff8f0006f11abe6348fcd1668034b,2024-11-21T09:48:06.280000 CVE-2024-5658,0,0,7e7462fc3515e519516e2f809c98e13e2106352e6aac99c565fb770e189dd063,2024-11-21T09:48:06.413000 CVE-2024-5659,0,0,83e7687f93b86419198f1683634dd14733df87a0c466715b2e7e79370f69ac01,2024-11-21T09:48:06.543000 -CVE-2024-5660,0,1,185ada92ecf12140397c738113ef0443174eeeea8f301748716001f7b999562c,2024-12-16T14:15:05.123000 +CVE-2024-5660,0,0,185ada92ecf12140397c738113ef0443174eeeea8f301748716001f7b999562c,2024-12-16T14:15:05.123000 CVE-2024-5661,0,0,7d090de96660a134ff2e3cb7262fde0b3d927ce5a88611486b37761a6a2d78a0,2024-11-21T09:48:06.673000 CVE-2024-5662,0,0,a32230f368c985ce000177685318420ae12365dafb7b142a133da07f0e3fd986,2024-11-21T09:48:06.860000 CVE-2024-5663,0,0,3d93cfa6260123c05a0fe5dd837778ab353045f85b9b96941dd647b061b7390d,2024-11-21T09:48:06.970000