diff --git a/mapping.csv b/mapping.csv index a6ea596c6e1..11ee3d4d885 100644 --- a/mapping.csv +++ b/mapping.csv @@ -259594,3 +259594,55 @@ vulnerability,CVE-2024-43719,vulnerability--418a63f0-6271-46c4-835c-cdeb3bbf34b4 vulnerability,CVE-2024-43747,vulnerability--cfd4ba16-a209-4c04-9788-3d9377a4a175 vulnerability,CVE-2023-6947,vulnerability--785a0123-6a9f-4196-9adb-0c819b1de57a vulnerability,CVE-2020-28398,vulnerability--ce37da8b-f295-444b-8b96-faeddcb1b90a +vulnerability,CVE-2024-51460,vulnerability--8789c726-278a-4569-b3a8-e416bebe403f +vulnerability,CVE-2024-48912,vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd +vulnerability,CVE-2024-52537,vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f +vulnerability,CVE-2024-45337,vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9 +vulnerability,CVE-2024-12283,vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05 +vulnerability,CVE-2024-12381,vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86 +vulnerability,CVE-2024-12294,vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9 +vulnerability,CVE-2024-12382,vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4 +vulnerability,CVE-2024-12363,vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07 +vulnerability,CVE-2024-12325,vulnerability--1084545d-7d72-4225-b982-31269d828e54 +vulnerability,CVE-2024-12004,vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed +vulnerability,CVE-2024-12479,vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68 +vulnerability,CVE-2024-10251,vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840 +vulnerability,CVE-2024-10511,vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698 +vulnerability,CVE-2024-9845,vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b +vulnerability,CVE-2024-47544,vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37 +vulnerability,CVE-2024-47542,vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4 +vulnerability,CVE-2024-47760,vulnerability--6124931d-6010-4815-b680-69dbc669b905 +vulnerability,CVE-2024-47537,vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72 +vulnerability,CVE-2024-47539,vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485 +vulnerability,CVE-2024-47761,vulnerability--2d027835-0dc1-4090-984b-9f5debac819a +vulnerability,CVE-2024-47545,vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc +vulnerability,CVE-2024-47543,vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff +vulnerability,CVE-2024-47540,vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92 +vulnerability,CVE-2024-47541,vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad +vulnerability,CVE-2024-47758,vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed +vulnerability,CVE-2024-47538,vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31 +vulnerability,CVE-2024-50585,vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652 +vulnerability,CVE-2024-50339,vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42 +vulnerability,CVE-2024-11401,vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37 +vulnerability,CVE-2024-11597,vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6 +vulnerability,CVE-2024-11598,vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08 +vulnerability,CVE-2024-11840,vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8 +vulnerability,CVE-2024-11053,vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af +vulnerability,CVE-2024-11737,vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a +vulnerability,CVE-2024-11351,vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10 +vulnerability,CVE-2024-11008,vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01 +vulnerability,CVE-2024-53289,vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13 +vulnerability,CVE-2024-53292,vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35 +vulnerability,CVE-2024-53290,vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779 +vulnerability,CVE-2024-53677,vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977 +vulnerability,CVE-2024-8496,vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9 +vulnerability,CVE-2024-37401,vulnerability--1bb110c5-5357-4646-9d75-30defdad4259 +vulnerability,CVE-2024-37377,vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501 +vulnerability,CVE-2024-35117,vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1 +vulnerability,CVE-2024-54269,vulnerability--92bf8085-2759-450b-9516-66f26a4ca483 +vulnerability,CVE-2024-42448,vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844 +vulnerability,CVE-2024-28141,vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5 +vulnerability,CVE-2024-28139,vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c +vulnerability,CVE-2024-28140,vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6 +vulnerability,CVE-2023-37395,vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974 +vulnerability,CVE-2023-23472,vulnerability--8ca243f8-257f-47af-b787-94fc569a582d diff --git a/objects/vulnerability/vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4.json b/objects/vulnerability/vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4.json new file mode 100644 index 00000000000..5d31d929a94 --- /dev/null +++ b/objects/vulnerability/vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--189f0537-37c2-42ae-9421-a0b3cbad8b8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.893896Z", + "modified": "2024-12-12T00:22:32.893896Z", + "name": "CVE-2024-12382", + "description": "Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12382" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9.json b/objects/vulnerability/vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9.json new file mode 100644 index 00000000000..2b1cecf5012 --- /dev/null +++ b/objects/vulnerability/vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af6137a0-1732-4772-a802-e4b9cf8f2970", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.771686Z", + "modified": "2024-12-12T00:22:33.771686Z", + "name": "CVE-2024-8496", + "description": "Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c.json b/objects/vulnerability/vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c.json new file mode 100644 index 00000000000..604e53f7863 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--530a6a6b-0f04-449f-b5d8-14b75388d718", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:35.016149Z", + "modified": "2024-12-12T00:22:35.016149Z", + "name": "CVE-2024-28139", + "description": "The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1084545d-7d72-4225-b982-31269d828e54.json b/objects/vulnerability/vulnerability--1084545d-7d72-4225-b982-31269d828e54.json new file mode 100644 index 00000000000..cd94504b86c --- /dev/null +++ b/objects/vulnerability/vulnerability--1084545d-7d72-4225-b982-31269d828e54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d65c71bc-845c-4145-84ce-47747d7682f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1084545d-7d72-4225-b982-31269d828e54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.896811Z", + "modified": "2024-12-12T00:22:32.896811Z", + "name": "CVE-2024-12325", + "description": "The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9.json b/objects/vulnerability/vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9.json new file mode 100644 index 00000000000..14b3a1ae4c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5bf8fab-6eaa-4d76-ba62-7f5a26303416", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.853315Z", + "modified": "2024-12-12T00:22:32.853315Z", + "name": "CVE-2024-45337", + "description": "Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bb110c5-5357-4646-9d75-30defdad4259.json b/objects/vulnerability/vulnerability--1bb110c5-5357-4646-9d75-30defdad4259.json new file mode 100644 index 00000000000..9d75e15abb6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bb110c5-5357-4646-9d75-30defdad4259.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f84ba97-2523-4274-b5ae-bcacc0b485c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bb110c5-5357-4646-9d75-30defdad4259", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.19037Z", + "modified": "2024-12-12T00:22:34.19037Z", + "name": "CVE-2024-37401", + "description": "An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f.json b/objects/vulnerability/vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f.json new file mode 100644 index 00000000000..374ac336694 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18eedda1-7e5b-4511-8596-503e8318c208", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.765291Z", + "modified": "2024-12-12T00:22:32.765291Z", + "name": "CVE-2024-52537", + "description": "Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31.json b/objects/vulnerability/vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31.json new file mode 100644 index 00000000000..6567bcbb0b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2dbd3df-4d4b-47d4-9a43-dd4a96a7d51a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.145073Z", + "modified": "2024-12-12T00:22:33.145073Z", + "name": "CVE-2024-47538", + "description": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd.json b/objects/vulnerability/vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd.json new file mode 100644 index 00000000000..0dc08c0221f --- /dev/null +++ b/objects/vulnerability/vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79179b71-290f-4620-a09b-bc323060f2f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.670889Z", + "modified": "2024-12-12T00:22:32.670889Z", + "name": "CVE-2024-48912", + "description": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48912" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92.json b/objects/vulnerability/vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92.json new file mode 100644 index 00000000000..8f9da34732e --- /dev/null +++ b/objects/vulnerability/vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9477a57-6105-4585-9936-69ee54c7e868", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.134787Z", + "modified": "2024-12-12T00:22:33.134787Z", + "name": "CVE-2024-47540", + "description": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad.json b/objects/vulnerability/vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad.json new file mode 100644 index 00000000000..6e4a3884202 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4470acff-e046-4280-93a6-12176ed85242", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.138664Z", + "modified": "2024-12-12T00:22:33.138664Z", + "name": "CVE-2024-47541", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d027835-0dc1-4090-984b-9f5debac819a.json b/objects/vulnerability/vulnerability--2d027835-0dc1-4090-984b-9f5debac819a.json new file mode 100644 index 00000000000..aa81063c10c --- /dev/null +++ b/objects/vulnerability/vulnerability--2d027835-0dc1-4090-984b-9f5debac819a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7846e4d-ea9c-44fe-b9eb-1c065d2384e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d027835-0dc1-4090-984b-9f5debac819a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.112137Z", + "modified": "2024-12-12T00:22:33.112137Z", + "name": "CVE-2024-47761", + "description": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47761" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779.json b/objects/vulnerability/vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779.json new file mode 100644 index 00000000000..0af691fb76f --- /dev/null +++ b/objects/vulnerability/vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfe54176-34a7-4cc2-bba4-078398914b24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.708207Z", + "modified": "2024-12-12T00:22:33.708207Z", + "name": "CVE-2024-53290", + "description": "Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86.json b/objects/vulnerability/vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86.json new file mode 100644 index 00000000000..dc75b2479e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--208d9e31-9bee-497c-ae0a-51b594868e48", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.883019Z", + "modified": "2024-12-12T00:22:32.883019Z", + "name": "CVE-2024-12381", + "description": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12381" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974.json b/objects/vulnerability/vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974.json new file mode 100644 index 00000000000..b9b95a31b66 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57eddddf-624b-4aef-9f15-41185901bc66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:43.742687Z", + "modified": "2024-12-12T00:22:43.742687Z", + "name": "CVE-2023-37395", + "description": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01.json b/objects/vulnerability/vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01.json new file mode 100644 index 00000000000..ff16241dc4c --- /dev/null +++ b/objects/vulnerability/vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4ba01d3-b925-40f6-a1ab-f2d2d8bab87d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.43543Z", + "modified": "2024-12-12T00:22:33.43543Z", + "name": "CVE-2024-11008", + "description": "The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652.json b/objects/vulnerability/vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652.json new file mode 100644 index 00000000000..709de8192e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--532f7bf3-c174-4225-8156-e199ad1a7b78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.169611Z", + "modified": "2024-12-12T00:22:33.169611Z", + "name": "CVE-2024-50585", + "description": "Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the \"Numerix License Server Administration System Login\" (nlslogin.jsp) page. The vulnerability can be triggered by sending a specially crafted HTTP POST request. \n\n\n\nThe vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff.json b/objects/vulnerability/vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff.json new file mode 100644 index 00000000000..8551639aff2 --- /dev/null +++ b/objects/vulnerability/vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87d13ff3-ef01-458f-8620-29a92666895f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.124508Z", + "modified": "2024-12-12T00:22:33.124508Z", + "name": "CVE-2024-47543", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10.json b/objects/vulnerability/vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10.json new file mode 100644 index 00000000000..d569ee59fcc --- /dev/null +++ b/objects/vulnerability/vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d20315b-0ae6-4f16-956c-c3da108f10a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.431888Z", + "modified": "2024-12-12T00:22:33.431888Z", + "name": "CVE-2024-11351", + "description": "The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed.json b/objects/vulnerability/vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed.json new file mode 100644 index 00000000000..7597bfa945b --- /dev/null +++ b/objects/vulnerability/vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d130a0b-e23e-44c0-a2fa-e643f37dacda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.139775Z", + "modified": "2024-12-12T00:22:33.139775Z", + "name": "CVE-2024-47758", + "description": "GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47758" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485.json b/objects/vulnerability/vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485.json new file mode 100644 index 00000000000..5d3bf1f9571 --- /dev/null +++ b/objects/vulnerability/vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b32c1f3-d562-487b-98ae-a235d5409f62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.098754Z", + "modified": "2024-12-12T00:22:33.098754Z", + "name": "CVE-2024-47539", + "description": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840.json b/objects/vulnerability/vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840.json new file mode 100644 index 00000000000..49c555e6e7c --- /dev/null +++ b/objects/vulnerability/vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc9e2b8a-cbcf-4df4-8633-2c960c3e0f47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.95633Z", + "modified": "2024-12-12T00:22:32.95633Z", + "name": "CVE-2024-10251", + "description": "Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10251" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977.json b/objects/vulnerability/vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977.json new file mode 100644 index 00000000000..38db0ba662f --- /dev/null +++ b/objects/vulnerability/vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6512904-3449-46cd-810e-cd82867b81dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.712803Z", + "modified": "2024-12-12T00:22:33.712803Z", + "name": "CVE-2024-53677", + "description": "File upload logic is flawed vulnerability in Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\n\nYou can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6124931d-6010-4815-b680-69dbc669b905.json b/objects/vulnerability/vulnerability--6124931d-6010-4815-b680-69dbc669b905.json new file mode 100644 index 00000000000..1aea5938359 --- /dev/null +++ b/objects/vulnerability/vulnerability--6124931d-6010-4815-b680-69dbc669b905.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a795efb-983c-4d0b-9e10-f933ee83f1ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6124931d-6010-4815-b680-69dbc669b905", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.093409Z", + "modified": "2024-12-12T00:22:33.093409Z", + "name": "CVE-2024-47760", + "description": "GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47760" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6.json b/objects/vulnerability/vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6.json new file mode 100644 index 00000000000..832f386a7da --- /dev/null +++ b/objects/vulnerability/vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7811ea7b-4848-4962-a7f6-3facd8399461", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.397311Z", + "modified": "2024-12-12T00:22:33.397311Z", + "name": "CVE-2024-11597", + "description": "Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8.json b/objects/vulnerability/vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8.json new file mode 100644 index 00000000000..8428486a792 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4372bc20-6927-42c9-8dbc-97f861830262", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.413839Z", + "modified": "2024-12-12T00:22:33.413839Z", + "name": "CVE-2024-11840", + "description": "The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698.json b/objects/vulnerability/vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698.json new file mode 100644 index 00000000000..875d7259a24 --- /dev/null +++ b/objects/vulnerability/vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2ab1d19-9ebf-4142-93c3-b30ffdcc35eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.962479Z", + "modified": "2024-12-12T00:22:32.962479Z", + "name": "CVE-2024-10511", + "description": "CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface\nwhen someone on the local network repeatedly requests the /accessdenied URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8789c726-278a-4569-b3a8-e416bebe403f.json b/objects/vulnerability/vulnerability--8789c726-278a-4569-b3a8-e416bebe403f.json new file mode 100644 index 00000000000..fd212fc7e5a --- /dev/null +++ b/objects/vulnerability/vulnerability--8789c726-278a-4569-b3a8-e416bebe403f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5be9e0d8-5262-4cfc-9c84-f5d851bde97a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8789c726-278a-4569-b3a8-e416bebe403f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.615047Z", + "modified": "2024-12-12T00:22:32.615047Z", + "name": "CVE-2024-51460", + "description": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51460" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ca243f8-257f-47af-b787-94fc569a582d.json b/objects/vulnerability/vulnerability--8ca243f8-257f-47af-b787-94fc569a582d.json new file mode 100644 index 00000000000..4a443265a0e --- /dev/null +++ b/objects/vulnerability/vulnerability--8ca243f8-257f-47af-b787-94fc569a582d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--835660e2-b648-440e-9eb5-b84924609060", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ca243f8-257f-47af-b787-94fc569a582d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:43.964248Z", + "modified": "2024-12-12T00:22:43.964248Z", + "name": "CVE-2023-23472", + "description": "IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-23472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9.json b/objects/vulnerability/vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9.json new file mode 100644 index 00000000000..d73b0265366 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9b1c09b-2e3c-4d38-b01a-21fe6103fee9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.889204Z", + "modified": "2024-12-12T00:22:32.889204Z", + "name": "CVE-2024-12294", + "description": "The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92bf8085-2759-450b-9516-66f26a4ca483.json b/objects/vulnerability/vulnerability--92bf8085-2759-450b-9516-66f26a4ca483.json new file mode 100644 index 00000000000..faa86c6661a --- /dev/null +++ b/objects/vulnerability/vulnerability--92bf8085-2759-450b-9516-66f26a4ca483.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a12a59ec-e702-43fe-9538-303b68e4d30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92bf8085-2759-450b-9516-66f26a4ca483", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.339393Z", + "modified": "2024-12-12T00:22:34.339393Z", + "name": "CVE-2024-54269", + "description": "Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54269" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844.json b/objects/vulnerability/vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844.json new file mode 100644 index 00000000000..179e6227843 --- /dev/null +++ b/objects/vulnerability/vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dadabad4-a07e-4468-a602-d58d02dc26c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.75044Z", + "modified": "2024-12-12T00:22:34.75044Z", + "name": "CVE-2024-42448", + "description": "From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42448" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5.json b/objects/vulnerability/vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5.json new file mode 100644 index 00000000000..d7c9b13d9a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ed1cc50-4479-4773-ab52-dfc95f111fd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.983237Z", + "modified": "2024-12-12T00:22:34.983237Z", + "name": "CVE-2024-28141", + "description": "The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68.json b/objects/vulnerability/vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68.json new file mode 100644 index 00000000000..d8ed233d736 --- /dev/null +++ b/objects/vulnerability/vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cae51c9f-5fbb-463d-b61b-87e6c54fda76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.909353Z", + "modified": "2024-12-12T00:22:32.909353Z", + "name": "CVE-2024-12479", + "description": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6.json b/objects/vulnerability/vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6.json new file mode 100644 index 00000000000..565d57b5271 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26acc58c-49e5-4349-b6f5-855d2552c0f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:35.020353Z", + "modified": "2024-12-12T00:22:35.020353Z", + "name": "CVE-2024-28140", + "description": "The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running \"ps aux\" as the root user and observing the output.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28140" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed.json b/objects/vulnerability/vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed.json new file mode 100644 index 00000000000..3a327400a50 --- /dev/null +++ b/objects/vulnerability/vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a33efae-34c5-47ff-bc91-44c1a498359a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.908322Z", + "modified": "2024-12-12T00:22:32.908322Z", + "name": "CVE-2024-12004", + "description": "The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12004" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af.json b/objects/vulnerability/vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af.json new file mode 100644 index 00000000000..a2f13875669 --- /dev/null +++ b/objects/vulnerability/vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6985108-00bc-4979-993f-3e4149b936aa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.415265Z", + "modified": "2024-12-12T00:22:33.415265Z", + "name": "CVE-2024-11053", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11053" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1.json b/objects/vulnerability/vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1.json new file mode 100644 index 00000000000..e2760e01906 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c0c1a62d-1af9-41e9-8d3e-ef3490fe430d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.269972Z", + "modified": "2024-12-12T00:22:34.269972Z", + "name": "CVE-2024-35117", + "description": "IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05.json b/objects/vulnerability/vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05.json new file mode 100644 index 00000000000..b5bc461f9aa --- /dev/null +++ b/objects/vulnerability/vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bebce9d3-4ff3-4a6b-8784-855065e5d0bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.881491Z", + "modified": "2024-12-12T00:22:32.881491Z", + "name": "CVE-2024-12283", + "description": "The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12283" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37.json b/objects/vulnerability/vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37.json new file mode 100644 index 00000000000..9c608c1c7e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9c52f8d-840d-4a34-988a-5b33164c3c6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.085175Z", + "modified": "2024-12-12T00:22:33.085175Z", + "name": "CVE-2024-47544", + "description": "GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc.json b/objects/vulnerability/vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc.json new file mode 100644 index 00000000000..9e8d4ec66a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73ff9418-9e59-4dbe-8e54-61cafc17c107", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.120965Z", + "modified": "2024-12-12T00:22:33.120965Z", + "name": "CVE-2024-47545", + "description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4.json b/objects/vulnerability/vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4.json new file mode 100644 index 00000000000..f4b5e33de77 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ef01a3c-cbd6-4693-893c-5baa3dde179b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.090519Z", + "modified": "2024-12-12T00:22:33.090519Z", + "name": "CVE-2024-47542", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72.json b/objects/vulnerability/vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72.json new file mode 100644 index 00000000000..bdb7a13d6dc --- /dev/null +++ b/objects/vulnerability/vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b801bb01-71b7-4986-baf5-f15461912ed5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.095883Z", + "modified": "2024-12-12T00:22:33.095883Z", + "name": "CVE-2024-47537", + "description": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37.json b/objects/vulnerability/vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37.json new file mode 100644 index 00000000000..c8daf43df87 --- /dev/null +++ b/objects/vulnerability/vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14cc9c1d-abda-4922-a253-ea25948b3338", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.383609Z", + "modified": "2024-12-12T00:22:33.383609Z", + "name": "CVE-2024-11401", + "description": "Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35.json b/objects/vulnerability/vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35.json new file mode 100644 index 00000000000..00ebcd633a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1b10acb-1f17-4558-a501-72f46a1a24f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.703982Z", + "modified": "2024-12-12T00:22:33.703982Z", + "name": "CVE-2024-53292", + "description": "Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08.json b/objects/vulnerability/vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08.json new file mode 100644 index 00000000000..0d1b4c50583 --- /dev/null +++ b/objects/vulnerability/vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc31b1c6-b0f3-4c42-9450-4635b3b890a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.411316Z", + "modified": "2024-12-12T00:22:33.411316Z", + "name": "CVE-2024-11598", + "description": "Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42.json b/objects/vulnerability/vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42.json new file mode 100644 index 00000000000..7e328754e38 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34f5255d-26b1-4fc4-8cbf-f699a817846b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.200248Z", + "modified": "2024-12-12T00:22:33.200248Z", + "name": "CVE-2024-50339", + "description": "GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13.json b/objects/vulnerability/vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13.json new file mode 100644 index 00000000000..60a38c12801 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--960dae54-11f8-4463-8661-7fbda61ea7e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.688499Z", + "modified": "2024-12-12T00:22:33.688499Z", + "name": "CVE-2024-53289", + "description": "Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53289" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07.json b/objects/vulnerability/vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07.json new file mode 100644 index 00000000000..6270e6402bf --- /dev/null +++ b/objects/vulnerability/vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b0ea610-21df-4ec0-a946-16cecb595daf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.895241Z", + "modified": "2024-12-12T00:22:32.895241Z", + "name": "CVE-2024-12363", + "description": "Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12363" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b.json b/objects/vulnerability/vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b.json new file mode 100644 index 00000000000..c69765a832f --- /dev/null +++ b/objects/vulnerability/vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af680c5e-ba0f-45f1-8c46-df78ae7ce2e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:32.976325Z", + "modified": "2024-12-12T00:22:32.976325Z", + "name": "CVE-2024-9845", + "description": "Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501.json b/objects/vulnerability/vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501.json new file mode 100644 index 00000000000..50e773a6622 --- /dev/null +++ b/objects/vulnerability/vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d21af13-45bb-4459-a8a1-b3bc7df69bed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:34.210864Z", + "modified": "2024-12-12T00:22:34.210864Z", + "name": "CVE-2024-37377", + "description": "A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37377" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a.json b/objects/vulnerability/vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a.json new file mode 100644 index 00000000000..4b50c79cd93 --- /dev/null +++ b/objects/vulnerability/vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d008c2a5-614a-48f3-a635-a5a576a3a1c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-12T00:22:33.42572Z", + "modified": "2024-12-12T00:22:33.42572Z", + "name": "CVE-2024-11737", + "description": "CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of\nconfidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11737" + } + ] + } + ] +} \ No newline at end of file