diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10783.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10783.json new file mode 100644 index 00000000000..866d42c828a --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10783.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-10783", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T10:15:06.400", + "lastModified": "2024-12-13T10:15:06.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-child.php#L76", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-connect.php#L69", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-connect.php#L788", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197586%40mainwp-child&new=3197586%40mainwp-child&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/mainwp-child/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9156e536-a58e-4d78-b136-af8a9613ee23?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11012.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11012.json new file mode 100644 index 00000000000..55a486fe4d9 --- /dev/null +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11012.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11012", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T10:15:07.127", + "lastModified": "2024-12-13T10:15:07.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Notibar \u2013 Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/notibar/trunk/includes/NotificationBar/WpCustomNotification.php#L90", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205224/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/notibar/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1766727d-ba54-4b46-b362-415c14be027d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11275.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11275.json new file mode 100644 index 00000000000..5c7b531df82 --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11275.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11275", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:04.887", + "lastModified": "2024-12-13T09:15:04.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/timetics/trunk/core/customers/api-customer.php#L308", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11754.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11754.json new file mode 100644 index 00000000000..618ad09c67a --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11754.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11754", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:05.630", + "lastModified": "2024-12-13T09:15:05.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207016%40booking-system-trafft&new=3207016%40booking-system-trafft&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84adbde0-9a9b-4a76-9333-56880fcc139d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11832.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11832.json new file mode 100644 index 00000000000..5fa5581babd --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11832.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11832", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:06.113", + "lastModified": "2024-12-13T09:15:06.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206556%40beaver-builder-lite-version&new=3206556%40beaver-builder-lite-version&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1988ff5e-2d3f-4901-8bcc-eb0a7da7566c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11910.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11910.json new file mode 100644 index 00000000000..ccc263a1bb6 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11910.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-11910", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:06.543", + "lastModified": "2024-12-13T09:15:06.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-crowdfunding/trunk/includes/blocks/Search.php#L70", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3206336/wp-crowdfunding/trunk/includes/blocks/Search.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-crowdfunding/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1541aaf-9f35-44b5-a985-1b8d33228f0a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11911.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11911.json new file mode 100644 index 00000000000..2c13374afbc --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11911.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11911", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:07.083", + "lastModified": "2024-12-13T09:15:07.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3206336%40wp-crowdfunding%2Ftrunk&old=3174230%40wp-crowdfunding%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/972be091-64c4-4cb7-9563-70249c0db157?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12042.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12042.json new file mode 100644 index 00000000000..a614858b939 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12042.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12042", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:07.370", + "lastModified": "2024-12-13T09:15:07.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload HTML files with arbitrary web scripts that will execute whenever a user accesses the file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/functions/index.php#790", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3205338/mstore-api/trunk/functions/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af468138-c10a-4f9b-b714-0425d52f0210?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12309.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12309.json new file mode 100644 index 00000000000..85a3c0562f9 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12309.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12309", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:07.810", + "lastModified": "2024-12-13T09:15:07.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Rate My Post \u2013 Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3206801/rate-my-post/trunk/public/class-rate-my-post-public.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9aa467f-9ac2-4a84-b0bb-761101733af7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12414.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12414.json new file mode 100644 index 00000000000..3aef2bd64b8 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12414.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12414", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:08.070", + "lastModified": "2024-12-13T09:15:08.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/themify-store-locator/tags/1.1.9/includes/init.php#L142", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206624%40themify-store-locator&new=3206624%40themify-store-locator&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/287abdef-24de-4e1b-a673-59cd37411bf6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12417.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12417.json new file mode 100644 index 00000000000..04632a73028 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12417.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12417", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:08.353", + "lastModified": "2024-12-13T09:15:08.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/simple-link-directory/trunk/embed/qcopd-embed-link.php#L17", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3206971/simple-link-directory/trunk/embed/qcopd-embed-link.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7112840-f190-4867-9408-c96408f28b7a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12420.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12420.json new file mode 100644 index 00000000000..458436f82bc --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12420.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12420", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:08.627", + "lastModified": "2024-12-13T09:15:08.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The WPMobile.App \u2014 Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207040%40wpappninja&new=3207040%40wpappninja&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ad03e3f-fb3e-4a80-9eea-d24459ed62b8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12421.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12421.json new file mode 100644 index 00000000000..f6ed88abfd8 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12421.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12421", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:08.870", + "lastModified": "2024-12-13T09:15:08.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-coupon-usage/tags/5.16.7/inc/functions/functions-user-coupons.php#L491", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207070%40woo-coupon-usage&new=3207070%40woo-coupon-usage&sfp_email=&sfph_mail=#file7", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66b669ce-142a-48b8-9adf-620657c2db74?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12465.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12465.json new file mode 100644 index 00000000000..5ae3aec5147 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12465.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12465", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T09:15:09.060", + "lastModified": "2024-12-13T09:15:09.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207024%40property-hive-stamp-duty-calculator&new=3207024%40property-hive-stamp-duty-calculator&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f52cb6-eccf-4213-ae44-4a3fa738723d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52057.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52057.json new file mode 100644 index 00000000000..a1b5b4b47bf --- /dev/null +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52057.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-52057", + "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638", + "published": "2024-12-13T10:15:07.320", + "lastModified": "2024-12-13T10:15:07.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "3f572a00-62e2-4423-959a-7ea25eff1638", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "3f572a00-62e2-4423-959a-7ea25eff1638", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.rti.com/vulnerabilities/#cve-2024-52057", + "source": "3f572a00-62e2-4423-959a-7ea25eff1638" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9290.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9290.json new file mode 100644 index 00000000000..028ae25da5a --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9290", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-13T10:15:07.507", + "lastModified": "2024-12-13T10:15:07.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 76f409cf6d4..4a4aa242ac9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-13T09:00:36.937707+00:00 +2024-12-13T11:00:38.571853+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-13T08:15:05.017000+00:00 +2024-12-13T10:15:07.507000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273554 +273570 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` - -- [CVE-2024-55918](CVE-2024/CVE-2024-559xx/CVE-2024-55918.json) (`2024-12-13T07:15:04.827`) +Recently added CVEs: `16` + +- [CVE-2024-10783](CVE-2024/CVE-2024-107xx/CVE-2024-10783.json) (`2024-12-13T10:15:06.400`) +- [CVE-2024-11012](CVE-2024/CVE-2024-110xx/CVE-2024-11012.json) (`2024-12-13T10:15:07.127`) +- [CVE-2024-11275](CVE-2024/CVE-2024-112xx/CVE-2024-11275.json) (`2024-12-13T09:15:04.887`) +- [CVE-2024-11754](CVE-2024/CVE-2024-117xx/CVE-2024-11754.json) (`2024-12-13T09:15:05.630`) +- [CVE-2024-11832](CVE-2024/CVE-2024-118xx/CVE-2024-11832.json) (`2024-12-13T09:15:06.113`) +- [CVE-2024-11910](CVE-2024/CVE-2024-119xx/CVE-2024-11910.json) (`2024-12-13T09:15:06.543`) +- [CVE-2024-11911](CVE-2024/CVE-2024-119xx/CVE-2024-11911.json) (`2024-12-13T09:15:07.083`) +- [CVE-2024-12042](CVE-2024/CVE-2024-120xx/CVE-2024-12042.json) (`2024-12-13T09:15:07.370`) +- [CVE-2024-12309](CVE-2024/CVE-2024-123xx/CVE-2024-12309.json) (`2024-12-13T09:15:07.810`) +- [CVE-2024-12414](CVE-2024/CVE-2024-124xx/CVE-2024-12414.json) (`2024-12-13T09:15:08.070`) +- [CVE-2024-12417](CVE-2024/CVE-2024-124xx/CVE-2024-12417.json) (`2024-12-13T09:15:08.353`) +- [CVE-2024-12420](CVE-2024/CVE-2024-124xx/CVE-2024-12420.json) (`2024-12-13T09:15:08.627`) +- [CVE-2024-12421](CVE-2024/CVE-2024-124xx/CVE-2024-12421.json) (`2024-12-13T09:15:08.870`) +- [CVE-2024-12465](CVE-2024/CVE-2024-124xx/CVE-2024-12465.json) (`2024-12-13T09:15:09.060`) +- [CVE-2024-52057](CVE-2024/CVE-2024-520xx/CVE-2024-52057.json) (`2024-12-13T10:15:07.320`) +- [CVE-2024-9290](CVE-2024/CVE-2024-92xx/CVE-2024-9290.json) (`2024-12-13T10:15:07.507`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-8259](CVE-2024/CVE-2024-82xx/CVE-2024-8259.json) (`2024-12-13T08:15:05.017`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 49562b75e3d..cede7cef58d 100644 --- a/_state.csv +++ b/_state.csv @@ -243516,6 +243516,7 @@ CVE-2024-1078,0,0,4fdf4438e937bc23eddab90d7d2917be63b435e62e0a2d1086ddd87d02563b CVE-2024-10780,0,0,24807701522a545ac98c6803b8e15da776f2d8a35c7b54777fb317026ce29a42,2024-11-28T10:15:05.280000 CVE-2024-10781,0,0,df5f48c6c5059116b8ab7de34db9894feb54bad774b862574fdcc33719382ffa,2024-11-26T06:15:08.057000 CVE-2024-10782,0,0,5406927f555c692a1d9c0a945182b268a80a14421e689a431011d46720d7260f,2024-11-21T13:57:24.187000 +CVE-2024-10783,1,1,232462393224d59e2154ead8e8b3eb3d36b1ac52876c9739c73fc397bf34feaf,2024-12-13T10:15:06.400000 CVE-2024-10784,0,0,8aec2d03b2fd30a3ad14582a150ff225d197ed662755ec8fe77bf26658a5da9c,2024-12-12T07:15:07.510000 CVE-2024-10785,0,0,3f01bd087d273daf30380c315f820020814d213e2340745da66061077350c031,2024-11-21T13:57:24.187000 CVE-2024-10786,0,0,ccc5097d72c9d28e3db11dc281f3f9385330979372f0eb8c07e82e1cc6da99f0,2024-11-18T17:11:17.393000 @@ -243687,6 +243688,7 @@ CVE-2024-11007,0,0,62a2e0757d628f20a5e5c0dd4a347b28f717af7d2afebfa5668d63b84e88b CVE-2024-11008,0,0,1880244f1f67b5841f1d2e94dcf73ce7501d11084552d8b71465fd847ea3803b,2024-12-11T11:15:04.947000 CVE-2024-11009,0,0,f480d27ee8261f76524c7f6e635dd05967cd1bee3828280624cb8a929fc9e083,2024-11-27T12:15:19.383000 CVE-2024-11010,0,0,df432a6ddcc96473c4608b251cddef86854ccd41b5717633ded9b47b86325565,2024-12-10T00:15:21.207000 +CVE-2024-11012,1,1,050c35a7efa98d3315c7c574508df000ce7894b733b60e41d44a52c4cf25012f,2024-12-13T10:15:07.127000 CVE-2024-11013,0,0,1584e7889c2d3a99777654ed0e3acd92f4aff58e9059c4aeb7efc6520ecfc42a,2024-11-29T08:15:03.923000 CVE-2024-11014,0,0,9f2efdb28e0b940011f1cf446ac00ebac4a7241224648feded8562f9b5e1a86a,2024-11-29T08:15:04.140000 CVE-2024-11015,0,0,ce90df143645eb5314baeab0136ffaa2898f5ea0f2f6ffaa7fb5855c9a246bb7,2024-12-12T04:15:04.797000 @@ -243888,6 +243890,7 @@ CVE-2024-11265,0,0,cd84e375ba34be8f1d8c0a95984eed473f1b4c14b99dc4b41ab53021d7d29 CVE-2024-11268,0,0,40373fcd315fe487c851607fe3ac45b00147e2cbb2f06b71a2f20cd5b3490696,2024-12-09T18:15:22.120000 CVE-2024-1127,0,0,156ab4f781dcbea8349dccaf03d8331b37e207b23f13868177d2fc6d72956211,2024-11-21T08:49:51.547000 CVE-2024-11274,0,0,68416047580eaaa72dd4e9ca219e395346d31290ba0ce8919ace0c1ae20f7ea4,2024-12-12T12:15:22.267000 +CVE-2024-11275,1,1,e4ceee5b7d1816f9e3e84b73f395bc2cf43308396d0bdbc3ce8f2747078ed613,2024-12-13T09:15:04.887000 CVE-2024-11276,0,0,bec6f6d7f70ddc5f33f40077c2ca48024f960e5925873d26e2cd076944abd586,2024-12-06T09:15:05.827000 CVE-2024-11277,0,0,70fa881c494ed4e8a3131fb313821feca0fce09e01d4dad197524b7869b481b5,2024-11-26T20:59:50.643000 CVE-2024-11278,0,0,3f323ea4c088ae11099db65ea7e4647c3e5f880422ea2bf5351a2656e281a2c7,2024-11-21T13:57:24.187000 @@ -244248,6 +244251,7 @@ CVE-2024-11745,0,0,96069305de6ef8812783ef245e2f61d86d985db42c36cad22c8d389adbd7e CVE-2024-11747,0,0,3759ff4fc6bacdbc93b41c30e49e712686d53794386a1c516e9d37a83c4db995,2024-12-04T03:15:04.933000 CVE-2024-1175,0,0,f997875411f4ee3836569f05e6ded063f5984d7986ed98f909a5423e1a302ce0,2024-11-21T08:49:58 CVE-2024-11750,0,0,3c34e091d90fe18ed980ae2930740ab9280c6a3419c7de611ea99715b89180e0,2024-12-12T05:15:09.577000 +CVE-2024-11754,1,1,7f899a763cc43644ced7e3eac1478b4e04aedec1f0a902ba54d937491193a54b,2024-12-13T09:15:05.630000 CVE-2024-11757,0,0,f6e9cc66f398e537f819c502da6499dbb37805cac3d1aa532638955a25992311,2024-12-12T06:15:21.367000 CVE-2024-1176,0,0,ade3cc69c20caab05c727481cc0ec5f568a186d8a0d855f0f768d9d6ccfee82f,2024-11-21T08:49:58.123000 CVE-2024-11760,0,0,5cfb5d180120c1875ad31a782b3cbd78a6ea2212cd7c91767b7a154b08a9b37d,2024-12-12T09:15:05.040000 @@ -244299,6 +244303,7 @@ CVE-2024-11820,0,0,851b7a45884f50f3792038cee6a0dd94b1414d7c7c3cad4aa15d26efb61c7 CVE-2024-11823,0,0,39aa0fbc102b8a9648f017c9098019c8c94234f421f38dd89f51eddc70f54f40,2024-12-06T09:15:07.463000 CVE-2024-11828,0,0,2182fcc94d5c2924b387611eabcc64629aff0d6ea201e85bc92b19a7228cc503,2024-12-12T21:07:04.270000 CVE-2024-1183,0,0,65ecfa5c3d2b221c19281f6b798c6cc7087d171223e10f3dd191314d09620aec,2024-11-21T08:49:58.950000 +CVE-2024-11832,1,1,aadf62fc4eeada44adff600b225c42fa09a9b0f6911729915b42277f1c29059c,2024-12-13T09:15:06.113000 CVE-2024-11833,0,0,400c0bc8f7bed746cef05b7eb9344d2eed64ee376938496522edd2a73efd06a9,2024-12-13T06:15:25.233000 CVE-2024-11834,0,0,b4223c3487600139b2dc6f34da392d0877b89f37153f0f6d2ce4b7f993ed7954,2024-12-13T06:15:25.440000 CVE-2024-11835,0,0,58df7f1e073686cecda4af7fd302cbb6e3fec61392e0dce5022c4636e2d9dd85,2024-12-13T06:15:25.600000 @@ -244334,6 +244339,8 @@ CVE-2024-11901,0,0,85a51f3a62cac6a871a42c80931949fc5d3b4624a58f6d01d97754dcd7f10 CVE-2024-11903,0,0,1fb664847ae87ab093a142384297236893b764bd45b68ea230b1dd002c36e183,2024-12-04T08:15:06.830000 CVE-2024-11904,0,0,da24913eab17510e55c4ea2ef4b2fa1fad64a4fc2d2fdf47398459156652574a,2024-12-07T02:15:18.263000 CVE-2024-1191,0,0,6f7a8128ca74425a818c30dd0345aad863d38fbb6a993214ffab466088e49214,2024-11-21T08:50:00.150000 +CVE-2024-11910,1,1,3e53c17b4d4f3d6fda9e4abea3d4378ee27e9e34bda8c0d51cc6847e587e513e,2024-12-13T09:15:06.543000 +CVE-2024-11911,1,1,595ad0d6bcaed0c4a2a777d12876187817168daf7b8e8936a15520df1fd6ddae,2024-12-13T09:15:07.083000 CVE-2024-11914,0,0,6bedccc117b468b1c5e82e3ad1903d97b2027e3032457dde2935576fa2de9097,2024-12-12T04:15:06.983000 CVE-2024-11918,0,0,f7031582b21494aaa2ccab4dd4ab92d52bf9f67c1445d9fb72b363b717cfc06b,2024-11-28T06:15:08.347000 CVE-2024-1192,0,0,feeadd7788bda0ae41e0b060ef10672169205cb5b73feeee0610abe95f0f97d2,2024-11-21T08:50:00.287000 @@ -244403,6 +244410,7 @@ CVE-2024-12028,0,0,d2c420f66bbd357e2489473cb2335e7956cf9c2e9639b9f4934dd8440bd3b CVE-2024-1203,0,0,d1f896c2674b7d8b8ac7ccf181e7d9a7e598afaaabec693045eb0f85d52368c5,2024-11-21T08:50:01.913000 CVE-2024-1204,0,0,52c83c0f4289636bc1afd18cb37875b782729e90167239cc1a53f532e5633e12,2024-11-21T08:50:02.033000 CVE-2024-12040,0,0,39e54c1617f7e28d0c3f3b48c53cf20fa25d33e84438fb670823959ec7d37040,2024-12-12T06:15:22.947000 +CVE-2024-12042,1,1,e9986891d8f31ba95ca9b0c2f45479fbb6f2378fb362247a8f772f70b86d7bb4,2024-12-13T09:15:07.370000 CVE-2024-1205,0,0,7a555763b4ee56426377ab020ddc9dc79c7bd15b9be6f5edc39ecd5779b4ad33,2024-11-21T08:50:02.210000 CVE-2024-12053,0,0,deed3343567444a181a7ca41ddaf1738a385e7a42108cbc02e3ad8b91b7d2002,2024-12-03T20:15:14.513000 CVE-2024-12056,0,0,d7fbaa89c201679c30b80d6484a6860abf01d1ecc41424a8e0b08b504062cb8c,2024-12-04T15:15:09.700000 @@ -244502,6 +244510,7 @@ CVE-2024-12300,0,0,699335afc6b60ce8f75d8e5292b0de9023ec03e7dc3d726459e0a0c42acf7 CVE-2024-12305,0,0,591beb549e2fd130a4eb51689f906f54cfd4f9ef094b292b5ebd58de367d8b56,2024-12-09T09:15:04.970000 CVE-2024-12306,0,0,7a6ad19881298b2491617643bd5219a8f3696a7257d332ef3f9d18eb332eeb87,2024-12-09T09:15:05.293000 CVE-2024-12307,0,0,23aacf8c044133a030d70d78a0f87e6b3da2eadc1bf68e4a395d80d759eab88c,2024-12-09T09:15:05.433000 +CVE-2024-12309,1,1,d62c4fbe6a15f24d5555bddc7ce2150b421836015159b8d98df287596c6c6f09,2024-12-13T09:15:07.810000 CVE-2024-1231,0,0,b14e8b0a07bc5ec367647c5978c3a1256f30a8a16700580e77b0e0e8d9654fdc,2024-11-21T08:50:06.870000 CVE-2024-12312,0,0,4f1e4d7a9351bbf89fb07bc3b891c5587f19ab228728d06e5854d5cf8ab9431c,2024-12-12T07:15:10.090000 CVE-2024-1232,0,0,0724dcbb02c95ade7614aaa3e49113b53bf4da94f0e9ec3c91efd2f39f26e0e2,2024-11-21T08:50:07.030000 @@ -244546,12 +244555,17 @@ CVE-2024-1240,0,0,04799415e1f0377b54b78e2b8bdc0cc625bbd87f5e08d92014024c374e43cc CVE-2024-12401,0,0,168ab50a00c8e055cc6b3c22c9a86d74152dd552dee0343c930d3f40f1bd1ecd,2024-12-12T09:15:05.790000 CVE-2024-12406,0,0,fa1ab7c597cd33fcacb317cf2fa610cdcf6468bc31d67d5c659a34b86d65b782,2024-12-12T05:15:12.210000 CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67ea8,2024-11-21T08:50:08.490000 +CVE-2024-12414,1,1,c6c62afd8231ad84f0cfbacb9824eb7ef75ee3eec91768b77318c01a4a7a2e2c,2024-12-13T09:15:08.070000 +CVE-2024-12417,1,1,18cff6407a68203c614d63ed63995a1bbdcb09f8d67d032b1540cb6d37a1cca3,2024-12-13T09:15:08.353000 CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc1314073,2024-11-21T08:50:08.620000 +CVE-2024-12420,1,1,e390c38f4e88665e32a2cd62152aa860ec938ca2fa0dfcbdfe404f6557d8a750,2024-12-13T09:15:08.627000 +CVE-2024-12421,1,1,ac4f95208439dcb1252d6283c443373564305334068386dd134a6484558faee1,2024-12-13T09:15:08.870000 CVE-2024-12441,0,0,8dc47fc0bc628e554cb5d5dec738cf187ea41d3428aede59fd0f61db8f834f33,2024-12-12T05:15:12.703000 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000 CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000 CVE-2024-12461,0,0,87132fe6ee9a0a857141b6cda632ed8c8a71393196330fb5b19b4b0c53e8baa3,2024-12-12T04:15:07.820000 CVE-2024-12463,0,0,16058c978a913956bb36aa3280bcad6d31dbd913cf9beb7eb08a9f5fffeecbb8,2024-12-12T05:15:13.197000 +CVE-2024-12465,1,1,12688c9e12a4af7815fc2288834e09f6bf4fc2de624e4c07cbd62f7f14d587e0,2024-12-13T09:15:09.060000 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000 CVE-2024-12479,0,0,a43f8145b082e439d09ff6167e64d352f39b03576b87a98804243a903d0554df,2024-12-12T01:40:28.927000 CVE-2024-12480,0,0,b0eab20a7ec0a125c8d7de42a5914029294e75829166f8b51f3f5c9a83e1f3a0,2024-12-12T01:40:29.110000 @@ -268451,6 +268465,7 @@ CVE-2024-52053,0,0,634822104ec4d4af8aa9cf0854397b2e2ea6f5f55e9fc999886a29a44842f CVE-2024-52054,0,0,9a2d2ec3a40a48770d9647f97127693cc6b0ef5932cb18c296471a466b60d1e3,2024-11-21T23:15:05.627000 CVE-2024-52055,0,0,259d73954aece81f7c011d1c96f3f9c4bf1a8d33b43ce9ab6720600ab6632df4,2024-11-21T23:15:05.890000 CVE-2024-52056,0,0,da2fb97069f42481988d3de6950366edf96ce98eb60db797a3ccea41a89e8e92,2024-11-21T23:15:06.147000 +CVE-2024-52057,1,1,4afa017149785f60875924874d6d565d05d116767f78456dbc0402abf3c4ffe7,2024-12-13T10:15:07.320000 CVE-2024-5206,0,0,8862c9be0fc374f53d6a02e5cb7505c5867d3e503357cffe44c63c1a9e66a567,2024-11-21T09:47:11.143000 CVE-2024-52067,0,0,3b3805f082afbbdd7956c2385fa9d932a6e128593a07e351c3b4f992b1659428,2024-11-21T13:57:24.187000 CVE-2024-5207,0,0,1dd18e9ab7ff6bfd8ddcbcad1d892aa6d72fe1c4875644c7384ba96bff8c8b12,2024-11-21T09:47:11.280000 @@ -269853,7 +269868,7 @@ CVE-2024-55886,0,0,9ec539fe6f9f48b8925ed26ad51cb53691c99ad16b00ba13a8014018fc053 CVE-2024-55888,0,0,6bc68c6e76518b27090ba4f9936a243dab7a518f1ad77584f6ca4caf7f706769,2024-12-12T20:15:22.017000 CVE-2024-5589,0,0,f5444edd52a970169072d34e3475e47df466a0f4e4d6a1a900b9eeb8173a84e0,2024-11-21T09:47:58.880000 CVE-2024-5590,0,0,61c18480efc672e6d99b43c679013d2693f79c71f53844282e3c898145206740,2024-11-21T09:47:59.020000 -CVE-2024-55918,1,1,d8f1370c78ed9a23164eb37b56443cde3ae9864a1ae08343002bd78fcd13a0dc,2024-12-13T07:15:04.827000 +CVE-2024-55918,0,0,d8f1370c78ed9a23164eb37b56443cde3ae9864a1ae08343002bd78fcd13a0dc,2024-12-13T07:15:04.827000 CVE-2024-5595,0,0,5c3da38e1b5f1812e17cdadfa64cfac3c13c5342e8821d9036b7da1dd32b505d,2024-08-02T17:35:43.927000 CVE-2024-5596,0,0,eb53dbc41b5b12ac359e7b7f77cdb6558119327982ea8ec36e1ee0087b4d4e06,2024-11-21T09:47:59.330000 CVE-2024-5597,0,0,19152de155f962b3e408bc5c0ea325627a4afb5429a8b6d2b7a95c71680933a4,2024-11-21T09:47:59.443000 @@ -272170,7 +272185,7 @@ CVE-2024-8254,0,0,942a14d7630124eb518b0a4afc4fc0d5a7d0c55fcf9cb143f0c2c9d16a735b CVE-2024-8255,0,0,5d2845ec8e88416cc6e8a7f932062f58b18cb10d3792252a3bd4e24bfdb68a91,2024-09-06T22:53:34.187000 CVE-2024-8256,0,0,99cdcb922f20ce4980783ca217f97c74b0231f6c8a86e1bdf0a15a5f419457bd,2024-12-10T09:15:06.190000 CVE-2024-8258,0,0,f677c900ed296a6df7da1749e81be4ee8adc676fc5218d5f619ab1c8ff2ca2c9,2024-09-27T18:56:41.140000 -CVE-2024-8259,0,1,7bf4352426e14b796c98c3dff8a9f93d11f407925658b449d6ea8fe3ebd0f96f,2024-12-13T08:15:05.017000 +CVE-2024-8259,0,0,7bf4352426e14b796c98c3dff8a9f93d11f407925658b449d6ea8fe3ebd0f96f,2024-12-13T08:15:05.017000 CVE-2024-8260,0,0,1a5d0d9640e33b2f7c9f22aba5e11715bf32bcc340f2c05d167a5a396b68ca4a,2024-09-19T16:08:58.863000 CVE-2024-8263,0,0,02859751230be0f2362a72baf7f14e3ca8afcc9ef6f11a007d2edecd96369c0f,2024-09-30T15:57:26.213000 CVE-2024-8264,0,0,2d0f7550734ab3870107734db176c89529f357d12409e5b5d0288029aba420c5,2024-10-17T14:06:39.420000 @@ -272994,6 +273009,7 @@ CVE-2024-9284,0,0,e747cbb82ef430c65e12719c88c63c2fbce54e52eb20c21371241717d7cc4e CVE-2024-9286,0,0,5c87b07f904b24f28322b109601842556e84152397134ac82da299aaabaf274a,2024-11-21T17:15:27.713000 CVE-2024-9287,0,0,ee4875fcc1eab286a5a806a04af7541165bd2ee970c2b6c4a30368f5704e3047,2024-11-04T18:15:05.627000 CVE-2024-9289,0,0,82efcd622bd05af8234fb7f9750f1266ba9c6595f5976c11981038e615a0ed09,2024-10-07T18:25:21.380000 +CVE-2024-9290,1,1,e41d5c4a813bab3a7edd5eaac43a1cc6708ddeed01d4e71cc4f5faff8c970d3b,2024-12-13T10:15:07.507000 CVE-2024-9291,0,0,73e401584c500ba127e7af4fffd6757ae385ec6f94f9207b4110ea56e7a67b15,2024-10-07T16:13:44.433000 CVE-2024-9292,0,0,527c65352feb89104baea5b2d5dfb7b073634663094f34514a27c8ec3da14e3a,2024-10-10T12:57:21.987000 CVE-2024-9293,0,0,603fd9a9b5f2f09866227e56378d613899b58f9b42512fcc436593f8b2e0f098,2024-10-07T15:37:33.670000