diff --git a/mapping.csv b/mapping.csv index 7e00d0bd357..bb18ab265d5 100644 --- a/mapping.csv +++ b/mapping.csv @@ -257805,3 +257805,165 @@ vulnerability,CVE-2023-26280,vulnerability--68831bff-8f1c-40ed-8f06-27fc503e05ac vulnerability,CVE-2020-12492,vulnerability--2b6efd5b-0154-4840-ac81-f9ac38535e1a vulnerability,CVE-2020-12491,vulnerability--c98b50db-7033-4d9a-8c6b-b86be9912480 vulnerability,CVE-2020-11311,vulnerability--6995be1d-ae92-4ad1-9915-655b9355200d +vulnerability,CVE-2017-11076,vulnerability--1909e11c-1f5d-4bb9-9e44-7bc9a607ba96 +vulnerability,CVE-2017-18307,vulnerability--def4af2a-9cac-4e4e-9d63-b87d4ec56dac +vulnerability,CVE-2017-18306,vulnerability--7a052aa6-548e-4d59-9193-9a434ca3ff7f +vulnerability,CVE-2017-18153,vulnerability--23bf95fe-2351-4fb0-8d9f-17650cce3a56 +vulnerability,CVE-2017-17772,vulnerability--da53f9f6-e70c-4d03-8e01-d67e739d9d07 +vulnerability,CVE-2017-15832,vulnerability--f991728a-b290-471b-ace0-530b02b32f86 +vulnerability,CVE-2024-51058,vulnerability--3e64b620-99ea-4863-853a-3729b5393541 +vulnerability,CVE-2024-51569,vulnerability--fadb8c87-7339-46d3-9dc7-a8391b8d851d +vulnerability,CVE-2024-52008,vulnerability--8a41595d-6d79-44f2-9713-9e7f70139dda +vulnerability,CVE-2024-52336,vulnerability--99b808cb-f320-4009-96a2-430244594b6f +vulnerability,CVE-2024-52337,vulnerability--97b8fee1-6eb2-4d08-90b4-f93305bf6df4 +vulnerability,CVE-2024-52899,vulnerability--2cdea977-ddb8-4e98-8522-1a1b12b7b4c4 +vulnerability,CVE-2024-10542,vulnerability--cd615707-c1ff-4410-b26b-c23480cf41a2 +vulnerability,CVE-2024-10729,vulnerability--55faa9d0-b7b5-4f2d-9c24-a3763656e4a6 +vulnerability,CVE-2024-10878,vulnerability--9a9cb8b0-87f0-44a6-9d50-bf7faf247145 +vulnerability,CVE-2024-10579,vulnerability--79298d1b-36ec-4368-9041-c007442ffbb2 +vulnerability,CVE-2024-10240,vulnerability--ce514050-7f71-4447-a876-efea371350d6 +vulnerability,CVE-2024-10471,vulnerability--495ed4a0-acad-4ecb-9b70-2d0137b59c2e +vulnerability,CVE-2024-10857,vulnerability--1163ffee-ddde-496b-9624-700cd4a25202 +vulnerability,CVE-2024-10308,vulnerability--1b5bd800-3d69-45ad-87a2-76f53291a675 +vulnerability,CVE-2024-10570,vulnerability--583376f1-0f3d-43e9-8e1d-dced8b001c45 +vulnerability,CVE-2024-10781,vulnerability--955727f5-f4db-4820-8ac8-28cd3453a05f +vulnerability,CVE-2024-9928,vulnerability--cb1736a6-de81-42f4-9565-a1a2beae8f7f +vulnerability,CVE-2024-9170,vulnerability--f34d9260-b3ae-4d85-b664-de7f16117832 +vulnerability,CVE-2024-9504,vulnerability--b2a3ee8d-aa45-45a3-9462-479e10b1ea53 +vulnerability,CVE-2024-9461,vulnerability--cb63fb26-740f-4b4e-b33f-2bc4e7cafb16 +vulnerability,CVE-2024-9929,vulnerability--1b518a74-783c-4d62-b5fd-d6d1322764f2 +vulnerability,CVE-2024-47248,vulnerability--13bc986a-a040-4c89-8cd4-7ebcb27cd18b +vulnerability,CVE-2024-47257,vulnerability--bfb268c7-827f-4b5b-a92e-e09dbea5a79f +vulnerability,CVE-2024-47249,vulnerability--92434fea-606c-4395-926f-6441ba3519a2 +vulnerability,CVE-2024-47250,vulnerability--9fcd3294-8d8d-4ffd-bed5-1ff6bbf4605e +vulnerability,CVE-2024-50377,vulnerability--cfc36348-91fb-4184-956f-58f022c78f21 +vulnerability,CVE-2024-50374,vulnerability--a2e2d033-f0be-4a70-bd89-ca890113e4c6 +vulnerability,CVE-2024-50371,vulnerability--d658bdbf-9182-473b-9a4a-2820de4645a9 +vulnerability,CVE-2024-50364,vulnerability--fa07d155-4f60-4b6c-8fdd-bafa64a56cbe +vulnerability,CVE-2024-50370,vulnerability--0641296f-33ba-4c7f-ac43-a0d6640aebc4 +vulnerability,CVE-2024-50368,vulnerability--f6c48afa-c475-416b-b2b6-992431ab9e95 +vulnerability,CVE-2024-50375,vulnerability--bfbd3bb8-27b9-41fd-b84a-cb8ca63cc249 +vulnerability,CVE-2024-50373,vulnerability--cb843002-5fdd-4ae2-b50b-5c8f4a413f32 +vulnerability,CVE-2024-50372,vulnerability--b9e56a5b-b42c-4410-8b19-c94c32747f02 +vulnerability,CVE-2024-50360,vulnerability--8cbb069e-62c5-4181-af82-56d6ac2f6b90 +vulnerability,CVE-2024-50942,vulnerability--8e9092a8-4279-4049-a9fb-b14de51a9d75 +vulnerability,CVE-2024-50367,vulnerability--3dd33c78-c4a6-4b22-9d12-4bb7e044b49d +vulnerability,CVE-2024-50366,vulnerability--c4b9ba42-40ee-46f3-8a0f-274ca61ffa9c +vulnerability,CVE-2024-50369,vulnerability--3c741c3e-8629-4c34-9ee2-affac1acb58d +vulnerability,CVE-2024-50359,vulnerability--4f4aff8e-2283-43f8-9e8c-e0d72436a915 +vulnerability,CVE-2024-50358,vulnerability--cc6fa055-4678-4306-bf8e-d9452f2907aa +vulnerability,CVE-2024-50365,vulnerability--35e68900-ffcf-44e1-b2c9-10f8f0642582 +vulnerability,CVE-2024-50361,vulnerability--922fbbe4-4bb1-49bf-9007-481d6831745c +vulnerability,CVE-2024-50376,vulnerability--e5a22087-74d0-4026-aeb3-a11fb883dac5 +vulnerability,CVE-2024-50362,vulnerability--ed9c4ba4-a968-4478-a7be-400827c47625 +vulnerability,CVE-2024-50363,vulnerability--a3478f39-6d21-4e97-8502-4c341ee01a7c +vulnerability,CVE-2024-11817,vulnerability--07ea153c-8312-4983-af4f-5834bf2ab5f8 +vulnerability,CVE-2024-11192,vulnerability--c65daae5-c30e-42e3-a8eb-673e268d3b7b +vulnerability,CVE-2024-11675,vulnerability--7954af9d-83ed-4477-8b0f-de80239870f5 +vulnerability,CVE-2024-11819,vulnerability--5aabb645-89c4-422b-83d6-f7ce1dfc2d9f +vulnerability,CVE-2024-11744,vulnerability--748987d2-9a7a-4a06-a57a-a7b0ceae34a9 +vulnerability,CVE-2024-11696,vulnerability--81d91757-21af-4c1d-9637-69988e6d81ed +vulnerability,CVE-2024-11342,vulnerability--1f65942e-46ba-4dc7-bd19-90f5dace0af2 +vulnerability,CVE-2024-11694,vulnerability--24ac1bfe-5e6d-4018-b6b4-d60ab7ebfaf1 +vulnerability,CVE-2024-11705,vulnerability--14fd765b-45b3-46a7-8034-5d48478d7549 +vulnerability,CVE-2024-11708,vulnerability--a34ede6d-1dbc-469b-b80a-d3d7c12d0978 +vulnerability,CVE-2024-11699,vulnerability--cf6e6003-2afb-4206-b5be-8d27474a9e26 +vulnerability,CVE-2024-11700,vulnerability--99cab0a6-fea8-4971-a284-6fcb86bcd6c3 +vulnerability,CVE-2024-11698,vulnerability--78328bc5-1ab6-4a09-a84c-596120c14998 +vulnerability,CVE-2024-11742,vulnerability--32469bfa-12ce-44c1-b098-485a66b3f083 +vulnerability,CVE-2024-11693,vulnerability--8836b8a0-415a-452d-90ae-a837c3812b78 +vulnerability,CVE-2024-11677,vulnerability--12d6bc17-0c98-4333-8698-f66a98c60b34 +vulnerability,CVE-2024-11692,vulnerability--f236c037-87e4-4fb6-a5a8-a9936436184a +vulnerability,CVE-2024-11706,vulnerability--d3fa664c-886e-404a-8a66-09c630ec7768 +vulnerability,CVE-2024-11032,vulnerability--77e610af-d6f6-4f9d-bd04-2cf219b38852 +vulnerability,CVE-2024-11407,vulnerability--107d33eb-5d3a-4529-ba7a-0d5fb2c62995 +vulnerability,CVE-2024-11828,vulnerability--4313bc8d-4482-46f6-a966-3d4c18de6c39 +vulnerability,CVE-2024-11678,vulnerability--38d2adc9-d8b6-4fa0-b266-07d3279578b6 +vulnerability,CVE-2024-11697,vulnerability--dbed5476-e203-402b-9b0e-945fd5ed0788 +vulnerability,CVE-2024-11695,vulnerability--0a3db5a6-cce2-44d6-9ae5-ce79ed8d3201 +vulnerability,CVE-2024-11145,vulnerability--6c23fa9f-2e03-4d10-acf7-1b958cdf9260 +vulnerability,CVE-2024-11202,vulnerability--d223796f-038d-447b-abf3-c6fb929d926e +vulnerability,CVE-2024-11702,vulnerability--7f424ffe-9585-4def-8adc-5c92d1948477 +vulnerability,CVE-2024-11680,vulnerability--d0739e48-af99-46a3-b75e-672cbb3a3a16 +vulnerability,CVE-2024-11743,vulnerability--e5484002-4bdc-4522-956b-b883a7f54be6 +vulnerability,CVE-2024-11818,vulnerability--b9a0f2cc-0d65-422a-8933-9579a68b55d1 +vulnerability,CVE-2024-11745,vulnerability--0572e200-710a-431b-858e-cc51bdfb88bb +vulnerability,CVE-2024-11091,vulnerability--fe1d2a62-148d-4d6e-933a-d9beab4702fc +vulnerability,CVE-2024-11676,vulnerability--c4916218-5077-446a-be4a-0ab72d85abe6 +vulnerability,CVE-2024-11119,vulnerability--40659f21-dd5f-4f66-9f60-e960336fac27 +vulnerability,CVE-2024-11418,vulnerability--ebdccf98-d666-4172-8c3e-6920a373cb34 +vulnerability,CVE-2024-11701,vulnerability--5239c0cc-ede6-484d-ac25-c36c142ddcae +vulnerability,CVE-2024-11691,vulnerability--a28d9b45-88e9-4b51-8b31-3196963e7588 +vulnerability,CVE-2024-11024,vulnerability--97d04ace-e0ac-4a41-8cd0-68f4fdb488d2 +vulnerability,CVE-2024-11669,vulnerability--cb3af460-6272-41b6-921d-c0744584d29d +vulnerability,CVE-2024-11002,vulnerability--98c92cbf-f594-4560-bbfa-8b7de21f8fc6 +vulnerability,CVE-2024-11622,vulnerability--8204dfe2-5313-4e13-8d61-35a80172bd9c +vulnerability,CVE-2024-11704,vulnerability--63b201e9-32c0-4f05-845c-fa12b7856c82 +vulnerability,CVE-2024-11668,vulnerability--b866cd19-c33a-46d4-a1e8-e90b255ca567 +vulnerability,CVE-2024-11703,vulnerability--a1877664-8bc5-4f03-b4f7-088131da7e6b +vulnerability,CVE-2024-34162,vulnerability--319146a3-00ee-492e-9c76-5dc2b0861598 +vulnerability,CVE-2024-33605,vulnerability--93976f70-3c7d-43cc-b601-dba159d6ece1 +vulnerability,CVE-2024-33616,vulnerability--21c4e627-2e74-470a-8a4e-ded6d22b4e47 +vulnerability,CVE-2024-33610,vulnerability--ed7891b8-fc06-4f56-8ba5-d55a6a803b13 +vulnerability,CVE-2024-53849,vulnerability--7c42adf7-9ba2-497d-b762-0590d2f6e6de +vulnerability,CVE-2024-53267,vulnerability--6df52e84-b91e-4f91-97d3-ed04c23d0f4b +vulnerability,CVE-2024-53844,vulnerability--cec2cce7-652d-44dd-ae4b-21397d900745 +vulnerability,CVE-2024-53975,vulnerability--500c448e-cb1f-4c18-91f1-bcf85206aa30 +vulnerability,CVE-2024-53675,vulnerability--4eeeee7f-f369-4d0f-8d45-882806c6e15e +vulnerability,CVE-2024-53278,vulnerability--bf2921ac-3869-4022-bae3-2bc5508e1366 +vulnerability,CVE-2024-53976,vulnerability--8a8027d3-b159-4b19-9800-cd10fee3f8ab +vulnerability,CVE-2024-53674,vulnerability--e5f97305-bd99-489f-bce3-ccbf303530de +vulnerability,CVE-2024-53365,vulnerability--13f5f7f2-e295-4c2f-9989-39e2f6f37aa7 +vulnerability,CVE-2024-53555,vulnerability--d749a406-7a92-4b7b-826b-80b8c32a1115 +vulnerability,CVE-2024-53673,vulnerability--0078e0fb-1c74-4546-997f-ccf3ac3dd2e6 +vulnerability,CVE-2024-53620,vulnerability--cdf447a2-ff15-4f04-8be7-8c6c4ccfa555 +vulnerability,CVE-2024-53619,vulnerability--da8d949e-6306-47cf-8ca0-7c139bad73f5 +vulnerability,CVE-2024-8114,vulnerability--1490554f-0d36-477f-bb07-793f7f6dfe47 +vulnerability,CVE-2024-8177,vulnerability--d26c3c5f-eb02-4e37-ba26-4c3b6128ac1d +vulnerability,CVE-2024-8899,vulnerability--2ee35467-f34a-4440-b709-9b6747ee4257 +vulnerability,CVE-2024-8160,vulnerability--27d8c3c1-3c82-410d-8135-c1b6ece29227 +vulnerability,CVE-2024-8772,vulnerability--ec9f1a40-7b7e-4e9f-b480-c4eb25bbecf8 +vulnerability,CVE-2024-8237,vulnerability--d34449b8-ff51-4721-bc8d-165c3f8cb0f7 +vulnerability,CVE-2024-8676,vulnerability--a1973e65-7c31-45eb-b705-4d11861ff254 +vulnerability,CVE-2024-8236,vulnerability--e314b93a-bc90-4fb6-aec4-ce0bd3aaa709 +vulnerability,CVE-2024-38831,vulnerability--060150d2-5528-47f0-adfe-e2c7388ea110 +vulnerability,CVE-2024-38833,vulnerability--d4fdcd01-9416-46ef-8b1a-abe4241c7974 +vulnerability,CVE-2024-38830,vulnerability--853c9501-60ad-459c-a165-e266e2865d00 +vulnerability,CVE-2024-38834,vulnerability--260de322-3340-4c8d-b47c-ed12e932f304 +vulnerability,CVE-2024-38832,vulnerability--e1a7a338-3c29-4694-845b-fe82271c6081 +vulnerability,CVE-2024-22117,vulnerability--10d86317-a6ba-4ee0-be8f-4760ee0ba3dc +vulnerability,CVE-2024-35244,vulnerability--9062fa7e-d527-43f2-ae61-b628e76956e5 +vulnerability,CVE-2024-49052,vulnerability--bfee874c-38ae-49c3-8213-c6053ac078ed +vulnerability,CVE-2024-49351,vulnerability--b2f10494-e956-4c9e-bca2-085f76b11715 +vulnerability,CVE-2024-49596,vulnerability--1e5291ed-2735-4a05-88dd-f683fcd9c347 +vulnerability,CVE-2024-49353,vulnerability--669e05de-bbff-4ac7-933b-f9d228e3f082 +vulnerability,CVE-2024-49597,vulnerability--d4a12959-5069-4f94-8b81-96c3f1b78811 +vulnerability,CVE-2024-49595,vulnerability--3b439bb1-cc86-4cd0-b64d-000ebaa1f32e +vulnerability,CVE-2024-49038,vulnerability--9bdf6c48-95cf-4b00-a110-80e29903d584 +vulnerability,CVE-2024-49035,vulnerability--da6964d0-9286-4ce3-b57b-3fdb1f9f5a97 +vulnerability,CVE-2024-49053,vulnerability--1558e317-9a35-4823-8dd8-be561ba7155e +vulnerability,CVE-2024-36248,vulnerability--0ec4310c-d747-4322-80b7-3e27af16eec1 +vulnerability,CVE-2024-36251,vulnerability--25d780e9-5c43-46d9-95b8-f703511dab38 +vulnerability,CVE-2024-36254,vulnerability--695c8054-d3cf-4876-9faf-8dec3dc43fb3 +vulnerability,CVE-2024-36249,vulnerability--a9a5fbf0-3865-480f-932e-b780fb1473b1 +vulnerability,CVE-2024-36463,vulnerability--96392600-156e-458b-a269-aa3987ff712e +vulnerability,CVE-2024-32151,vulnerability--ff5ae3da-b246-4237-9186-e6bbbde2a53e +vulnerability,CVE-2024-32965,vulnerability--548d878a-e27e-4db1-b8ca-86eed59d4d66 +vulnerability,CVE-2024-28038,vulnerability--408f533d-0d44-44a8-8301-000dbdc9e284 +vulnerability,CVE-2024-28955,vulnerability--88f79a74-e08c-46c3-857e-67c807048d79 +vulnerability,CVE-2024-29978,vulnerability--fe20c7f5-9613-4bc7-b9e8-ac6fd3802c73 +vulnerability,CVE-2024-29146,vulnerability--2bb2168d-cbc0-4523-b78f-1b269509701f +vulnerability,CVE-2024-43784,vulnerability--eb70b4e6-119b-41a5-b1cd-7979609e938d +vulnerability,CVE-2024-6831,vulnerability--fc2306af-129d-40a0-a637-cbc3c476f09c +vulnerability,CVE-2024-6476,vulnerability--a6901828-6691-4a38-8d57-56f3375f005c +vulnerability,CVE-2024-6749,vulnerability--3c4c1bde-5196-4f54-ae74-71665087b37b +vulnerability,CVE-2019-17082,vulnerability--a9ff0e7c-b042-4773-a752-475aac83887e +vulnerability,CVE-2023-2142,vulnerability--6f68622c-8c4d-45f7-a62e-d7e8841a7034 +vulnerability,CVE-2023-0163,vulnerability--ea7c7edd-0000-44bc-8844-f09c3156f709 +vulnerability,CVE-2023-1521,vulnerability--eaa4bd72-14c6-4087-8395-9e15a1368d2c +vulnerability,CVE-2016-10394,vulnerability--75d599ca-7450-4197-a824-2d071de27d3a +vulnerability,CVE-2016-10408,vulnerability--6fa00bc6-4052-4224-bdb8-3d4a45542cd6 +vulnerability,CVE-2018-11922,vulnerability--27551bf0-7896-4319-9c8f-65e8b12aa002 +vulnerability,CVE-2018-11816,vulnerability--71cca58d-14be-49fd-826c-a535ce46f4ce +vulnerability,CVE-2018-11952,vulnerability--bacd47e9-4480-4662-be2f-8f1a3a2e2130 +vulnerability,CVE-2018-5852,vulnerability--0527e73a-1223-4e9d-99b5-7c4a7696b140 diff --git a/objects/vulnerability/vulnerability--0078e0fb-1c74-4546-997f-ccf3ac3dd2e6.json b/objects/vulnerability/vulnerability--0078e0fb-1c74-4546-997f-ccf3ac3dd2e6.json new file mode 100644 index 00000000000..edc0d7cd9cf --- /dev/null +++ b/objects/vulnerability/vulnerability--0078e0fb-1c74-4546-997f-ccf3ac3dd2e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c768ddc6-5671-4873-be43-7d7ddb7c8cce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0078e0fb-1c74-4546-997f-ccf3ac3dd2e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.878971Z", + "modified": "2024-11-27T00:22:10.878971Z", + "name": "CVE-2024-53673", + "description": "A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated attacker to execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0527e73a-1223-4e9d-99b5-7c4a7696b140.json b/objects/vulnerability/vulnerability--0527e73a-1223-4e9d-99b5-7c4a7696b140.json new file mode 100644 index 00000000000..404d8a47aac --- /dev/null +++ b/objects/vulnerability/vulnerability--0527e73a-1223-4e9d-99b5-7c4a7696b140.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--379cd2fd-70fe-4460-84b7-1e2e82d973a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0527e73a-1223-4e9d-99b5-7c4a7696b140", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:24.769691Z", + "modified": "2024-11-27T00:22:24.769691Z", + "name": "CVE-2018-5852", + "description": "An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-5852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0572e200-710a-431b-858e-cc51bdfb88bb.json b/objects/vulnerability/vulnerability--0572e200-710a-431b-858e-cc51bdfb88bb.json new file mode 100644 index 00000000000..ae1210f8eac --- /dev/null +++ b/objects/vulnerability/vulnerability--0572e200-710a-431b-858e-cc51bdfb88bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5931fb3c-ae13-4251-88af-968b5a276490", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0572e200-710a-431b-858e-cc51bdfb88bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.58149Z", + "modified": "2024-11-27T00:22:10.58149Z", + "name": "CVE-2024-11745", + "description": "A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11745" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--060150d2-5528-47f0-adfe-e2c7388ea110.json b/objects/vulnerability/vulnerability--060150d2-5528-47f0-adfe-e2c7388ea110.json new file mode 100644 index 00000000000..a1daf39eb75 --- /dev/null +++ b/objects/vulnerability/vulnerability--060150d2-5528-47f0-adfe-e2c7388ea110.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5efcb66-3559-4460-997e-7aad9f706b52", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--060150d2-5528-47f0-adfe-e2c7388ea110", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.964399Z", + "modified": "2024-11-27T00:22:10.964399Z", + "name": "CVE-2024-38831", + "description": "VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0641296f-33ba-4c7f-ac43-a0d6640aebc4.json b/objects/vulnerability/vulnerability--0641296f-33ba-4c7f-ac43-a0d6640aebc4.json new file mode 100644 index 00000000000..be28ba95108 --- /dev/null +++ b/objects/vulnerability/vulnerability--0641296f-33ba-4c7f-ac43-a0d6640aebc4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22973caf-d221-4d04-8665-102328f1408d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0641296f-33ba-4c7f-ac43-a0d6640aebc4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.290127Z", + "modified": "2024-11-27T00:22:10.290127Z", + "name": "CVE-2024-50370", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"cfg_cmd_set_eth_conf\" operation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07ea153c-8312-4983-af4f-5834bf2ab5f8.json b/objects/vulnerability/vulnerability--07ea153c-8312-4983-af4f-5834bf2ab5f8.json new file mode 100644 index 00000000000..2344b32d719 --- /dev/null +++ b/objects/vulnerability/vulnerability--07ea153c-8312-4983-af4f-5834bf2ab5f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6872467-8f47-4314-aa93-ca9e993f8532", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07ea153c-8312-4983-af4f-5834bf2ab5f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.525905Z", + "modified": "2024-11-27T00:22:10.525905Z", + "name": "CVE-2024-11817", + "description": "A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11817" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a3db5a6-cce2-44d6-9ae5-ce79ed8d3201.json b/objects/vulnerability/vulnerability--0a3db5a6-cce2-44d6-9ae5-ce79ed8d3201.json new file mode 100644 index 00000000000..8c769a5f13e --- /dev/null +++ b/objects/vulnerability/vulnerability--0a3db5a6-cce2-44d6-9ae5-ce79ed8d3201.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c891cca4-34a7-45e6-83ae-9860638f2374", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a3db5a6-cce2-44d6-9ae5-ce79ed8d3201", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.569268Z", + "modified": "2024-11-27T00:22:10.569268Z", + "name": "CVE-2024-11695", + "description": "A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ec4310c-d747-4322-80b7-3e27af16eec1.json b/objects/vulnerability/vulnerability--0ec4310c-d747-4322-80b7-3e27af16eec1.json new file mode 100644 index 00000000000..27e0280b9b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--0ec4310c-d747-4322-80b7-3e27af16eec1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--232ca06b-76de-4ae1-8964-46a91fe1821a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ec4310c-d747-4322-80b7-3e27af16eec1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.741488Z", + "modified": "2024-11-27T00:22:11.741488Z", + "name": "CVE-2024-36248", + "description": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--107d33eb-5d3a-4529-ba7a-0d5fb2c62995.json b/objects/vulnerability/vulnerability--107d33eb-5d3a-4529-ba7a-0d5fb2c62995.json new file mode 100644 index 00000000000..7e88989ad8d --- /dev/null +++ b/objects/vulnerability/vulnerability--107d33eb-5d3a-4529-ba7a-0d5fb2c62995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a13bc63-1f71-48bc-8c38-be0f4abad2ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--107d33eb-5d3a-4529-ba7a-0d5fb2c62995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.564048Z", + "modified": "2024-11-27T00:22:10.564048Z", + "name": "CVE-2024-11407", + "description": "There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11407" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10d86317-a6ba-4ee0-be8f-4760ee0ba3dc.json b/objects/vulnerability/vulnerability--10d86317-a6ba-4ee0-be8f-4760ee0ba3dc.json new file mode 100644 index 00000000000..415c97b9707 --- /dev/null +++ b/objects/vulnerability/vulnerability--10d86317-a6ba-4ee0-be8f-4760ee0ba3dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59420674-2caa-4da0-9fc4-6d68e7b9832d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10d86317-a6ba-4ee0-be8f-4760ee0ba3dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.059312Z", + "modified": "2024-11-27T00:22:11.059312Z", + "name": "CVE-2024-22117", + "description": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1163ffee-ddde-496b-9624-700cd4a25202.json b/objects/vulnerability/vulnerability--1163ffee-ddde-496b-9624-700cd4a25202.json new file mode 100644 index 00000000000..e7e36d73544 --- /dev/null +++ b/objects/vulnerability/vulnerability--1163ffee-ddde-496b-9624-700cd4a25202.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57cd43ae-da37-4454-913e-251aba1f7736", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1163ffee-ddde-496b-9624-700cd4a25202", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.089121Z", + "modified": "2024-11-27T00:22:10.089121Z", + "name": "CVE-2024-10857", + "description": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12d6bc17-0c98-4333-8698-f66a98c60b34.json b/objects/vulnerability/vulnerability--12d6bc17-0c98-4333-8698-f66a98c60b34.json new file mode 100644 index 00000000000..94e94a1b9f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--12d6bc17-0c98-4333-8698-f66a98c60b34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07a8dd3f-b37d-43db-b162-ea6cb66493a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12d6bc17-0c98-4333-8698-f66a98c60b34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.554465Z", + "modified": "2024-11-27T00:22:10.554465Z", + "name": "CVE-2024-11677", + "description": "A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13bc986a-a040-4c89-8cd4-7ebcb27cd18b.json b/objects/vulnerability/vulnerability--13bc986a-a040-4c89-8cd4-7ebcb27cd18b.json new file mode 100644 index 00000000000..83041df9703 --- /dev/null +++ b/objects/vulnerability/vulnerability--13bc986a-a040-4c89-8cd4-7ebcb27cd18b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--768cc89d-b04a-4e50-8eb0-2758882f1d55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13bc986a-a040-4c89-8cd4-7ebcb27cd18b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.229121Z", + "modified": "2024-11-27T00:22:10.229121Z", + "name": "CVE-2024-47248", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13f5f7f2-e295-4c2f-9989-39e2f6f37aa7.json b/objects/vulnerability/vulnerability--13f5f7f2-e295-4c2f-9989-39e2f6f37aa7.json new file mode 100644 index 00000000000..308f3f28ea0 --- /dev/null +++ b/objects/vulnerability/vulnerability--13f5f7f2-e295-4c2f-9989-39e2f6f37aa7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--467cdd8c-6e4f-4f88-aacb-342de1ed7558", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13f5f7f2-e295-4c2f-9989-39e2f6f37aa7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.865034Z", + "modified": "2024-11-27T00:22:10.865034Z", + "name": "CVE-2024-53365", + "description": "A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1490554f-0d36-477f-bb07-793f7f6dfe47.json b/objects/vulnerability/vulnerability--1490554f-0d36-477f-bb07-793f7f6dfe47.json new file mode 100644 index 00000000000..321bdb80690 --- /dev/null +++ b/objects/vulnerability/vulnerability--1490554f-0d36-477f-bb07-793f7f6dfe47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c0d934de-8a50-4b29-9853-301eb6500167", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1490554f-0d36-477f-bb07-793f7f6dfe47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.906988Z", + "modified": "2024-11-27T00:22:10.906988Z", + "name": "CVE-2024-8114", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14fd765b-45b3-46a7-8034-5d48478d7549.json b/objects/vulnerability/vulnerability--14fd765b-45b3-46a7-8034-5d48478d7549.json new file mode 100644 index 00000000000..9de4776fb23 --- /dev/null +++ b/objects/vulnerability/vulnerability--14fd765b-45b3-46a7-8034-5d48478d7549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0cdba54-b9c2-4200-9ab2-32896b3ae0e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14fd765b-45b3-46a7-8034-5d48478d7549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.540709Z", + "modified": "2024-11-27T00:22:10.540709Z", + "name": "CVE-2024-11705", + "description": "`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1558e317-9a35-4823-8dd8-be561ba7155e.json b/objects/vulnerability/vulnerability--1558e317-9a35-4823-8dd8-be561ba7155e.json new file mode 100644 index 00000000000..a43105d515f --- /dev/null +++ b/objects/vulnerability/vulnerability--1558e317-9a35-4823-8dd8-be561ba7155e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--733b697e-b6ee-4507-bbce-94ba965eeab3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1558e317-9a35-4823-8dd8-be561ba7155e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.601336Z", + "modified": "2024-11-27T00:22:11.601336Z", + "name": "CVE-2024-49053", + "description": "Microsoft Dynamics 365 Sales Spoofing Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49053" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1909e11c-1f5d-4bb9-9e44-7bc9a607ba96.json b/objects/vulnerability/vulnerability--1909e11c-1f5d-4bb9-9e44-7bc9a607ba96.json new file mode 100644 index 00000000000..50228cd32fd --- /dev/null +++ b/objects/vulnerability/vulnerability--1909e11c-1f5d-4bb9-9e44-7bc9a607ba96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a39f9fb6-853b-4a95-baed-cdc551ffcf1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1909e11c-1f5d-4bb9-9e44-7bc9a607ba96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:08.827185Z", + "modified": "2024-11-27T00:22:08.827185Z", + "name": "CVE-2017-11076", + "description": "On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-11076" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b518a74-783c-4d62-b5fd-d6d1322764f2.json b/objects/vulnerability/vulnerability--1b518a74-783c-4d62-b5fd-d6d1322764f2.json new file mode 100644 index 00000000000..8594485dc42 --- /dev/null +++ b/objects/vulnerability/vulnerability--1b518a74-783c-4d62-b5fd-d6d1322764f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a910cf2-04d7-4cbc-8b52-3f664fabde9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b518a74-783c-4d62-b5fd-d6d1322764f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.154531Z", + "modified": "2024-11-27T00:22:10.154531Z", + "name": "CVE-2024-9929", + "description": "A vulnerability exists in NSD570 that allows any authenticated\nuser to access all device logs disclosing login information with\ntimestamps.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9929" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b5bd800-3d69-45ad-87a2-76f53291a675.json b/objects/vulnerability/vulnerability--1b5bd800-3d69-45ad-87a2-76f53291a675.json new file mode 100644 index 00000000000..d33413f0445 --- /dev/null +++ b/objects/vulnerability/vulnerability--1b5bd800-3d69-45ad-87a2-76f53291a675.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d1c9190-e803-48fa-8ce8-c6e3313cc10d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b5bd800-3d69-45ad-87a2-76f53291a675", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.095594Z", + "modified": "2024-11-27T00:22:10.095594Z", + "name": "CVE-2024-10308", + "description": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10308" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e5291ed-2735-4a05-88dd-f683fcd9c347.json b/objects/vulnerability/vulnerability--1e5291ed-2735-4a05-88dd-f683fcd9c347.json new file mode 100644 index 00000000000..c184e8440e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e5291ed-2735-4a05-88dd-f683fcd9c347.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3622b95-9fd1-4b66-90ef-3332e503ef88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e5291ed-2735-4a05-88dd-f683fcd9c347", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.501053Z", + "modified": "2024-11-27T00:22:11.501053Z", + "name": "CVE-2024-49596", + "description": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f65942e-46ba-4dc7-bd19-90f5dace0af2.json b/objects/vulnerability/vulnerability--1f65942e-46ba-4dc7-bd19-90f5dace0af2.json new file mode 100644 index 00000000000..ef8bd65b5ac --- /dev/null +++ b/objects/vulnerability/vulnerability--1f65942e-46ba-4dc7-bd19-90f5dace0af2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--285c8fcf-5409-4007-bea0-f86c447e3462", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f65942e-46ba-4dc7-bd19-90f5dace0af2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.53574Z", + "modified": "2024-11-27T00:22:10.53574Z", + "name": "CVE-2024-11342", + "description": "The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21c4e627-2e74-470a-8a4e-ded6d22b4e47.json b/objects/vulnerability/vulnerability--21c4e627-2e74-470a-8a4e-ded6d22b4e47.json new file mode 100644 index 00000000000..f0d17dde2d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--21c4e627-2e74-470a-8a4e-ded6d22b4e47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--177fd6bd-d176-42ae-9cb4-683f8eb97c94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21c4e627-2e74-470a-8a4e-ded6d22b4e47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.814592Z", + "modified": "2024-11-27T00:22:10.814592Z", + "name": "CVE-2024-33616", + "description": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23bf95fe-2351-4fb0-8d9f-17650cce3a56.json b/objects/vulnerability/vulnerability--23bf95fe-2351-4fb0-8d9f-17650cce3a56.json new file mode 100644 index 00000000000..bcd9b073e06 --- /dev/null +++ b/objects/vulnerability/vulnerability--23bf95fe-2351-4fb0-8d9f-17650cce3a56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--078a3a0b-2b7c-4f41-b580-924593ef20ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23bf95fe-2351-4fb0-8d9f-17650cce3a56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.034081Z", + "modified": "2024-11-27T00:22:09.034081Z", + "name": "CVE-2017-18153", + "description": "A race condition exists in a driver potentially leading to a use-after-free condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-18153" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24ac1bfe-5e6d-4018-b6b4-d60ab7ebfaf1.json b/objects/vulnerability/vulnerability--24ac1bfe-5e6d-4018-b6b4-d60ab7ebfaf1.json new file mode 100644 index 00000000000..4f7b55a79be --- /dev/null +++ b/objects/vulnerability/vulnerability--24ac1bfe-5e6d-4018-b6b4-d60ab7ebfaf1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b35c423-9e29-46e6-82c0-295107103410", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24ac1bfe-5e6d-4018-b6b4-d60ab7ebfaf1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.537755Z", + "modified": "2024-11-27T00:22:10.537755Z", + "name": "CVE-2024-11694", + "description": "Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11694" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25d780e9-5c43-46d9-95b8-f703511dab38.json b/objects/vulnerability/vulnerability--25d780e9-5c43-46d9-95b8-f703511dab38.json new file mode 100644 index 00000000000..3d6620247d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--25d780e9-5c43-46d9-95b8-f703511dab38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d9ae1ae-9d58-472d-b44c-9b31f6c86e6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25d780e9-5c43-46d9-95b8-f703511dab38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.75531Z", + "modified": "2024-11-27T00:22:11.75531Z", + "name": "CVE-2024-36251", + "description": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36251" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--260de322-3340-4c8d-b47c-ed12e932f304.json b/objects/vulnerability/vulnerability--260de322-3340-4c8d-b47c-ed12e932f304.json new file mode 100644 index 00000000000..57a448d257a --- /dev/null +++ b/objects/vulnerability/vulnerability--260de322-3340-4c8d-b47c-ed12e932f304.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f394da2c-d9b5-46ea-ade2-a1161f5f4735", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--260de322-3340-4c8d-b47c-ed12e932f304", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.995894Z", + "modified": "2024-11-27T00:22:10.995894Z", + "name": "CVE-2024-38834", + "description": "VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38834" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27551bf0-7896-4319-9c8f-65e8b12aa002.json b/objects/vulnerability/vulnerability--27551bf0-7896-4319-9c8f-65e8b12aa002.json new file mode 100644 index 00000000000..766e7aa525c --- /dev/null +++ b/objects/vulnerability/vulnerability--27551bf0-7896-4319-9c8f-65e8b12aa002.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c2ae041-24fd-479b-a2c7-b9e3a76b9fda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27551bf0-7896-4319-9c8f-65e8b12aa002", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:23.823593Z", + "modified": "2024-11-27T00:22:23.823593Z", + "name": "CVE-2018-11922", + "description": "Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-11922" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27d8c3c1-3c82-410d-8135-c1b6ece29227.json b/objects/vulnerability/vulnerability--27d8c3c1-3c82-410d-8135-c1b6ece29227.json new file mode 100644 index 00000000000..4116506e495 --- /dev/null +++ b/objects/vulnerability/vulnerability--27d8c3c1-3c82-410d-8135-c1b6ece29227.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1b268ef-94c1-453f-ad1b-c0a2adcacd19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27d8c3c1-3c82-410d-8135-c1b6ece29227", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.924479Z", + "modified": "2024-11-27T00:22:10.924479Z", + "name": "CVE-2024-8160", + "description": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2bb2168d-cbc0-4523-b78f-1b269509701f.json b/objects/vulnerability/vulnerability--2bb2168d-cbc0-4523-b78f-1b269509701f.json new file mode 100644 index 00000000000..9feed48baef --- /dev/null +++ b/objects/vulnerability/vulnerability--2bb2168d-cbc0-4523-b78f-1b269509701f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e904d9cf-820c-4665-a7e9-eb08a4db6bf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2bb2168d-cbc0-4523-b78f-1b269509701f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.26351Z", + "modified": "2024-11-27T00:22:12.26351Z", + "name": "CVE-2024-29146", + "description": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2cdea977-ddb8-4e98-8522-1a1b12b7b4c4.json b/objects/vulnerability/vulnerability--2cdea977-ddb8-4e98-8522-1a1b12b7b4c4.json new file mode 100644 index 00000000000..497f62e8514 --- /dev/null +++ b/objects/vulnerability/vulnerability--2cdea977-ddb8-4e98-8522-1a1b12b7b4c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61f280d9-3c1a-40f5-9305-defeb49ca6b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2cdea977-ddb8-4e98-8522-1a1b12b7b4c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.959242Z", + "modified": "2024-11-27T00:22:09.959242Z", + "name": "CVE-2024-52899", + "description": "IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ee35467-f34a-4440-b709-9b6747ee4257.json b/objects/vulnerability/vulnerability--2ee35467-f34a-4440-b709-9b6747ee4257.json new file mode 100644 index 00000000000..a1171953c54 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ee35467-f34a-4440-b709-9b6747ee4257.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a273b4d7-c1bc-411c-8c05-94d9e3f08639", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ee35467-f34a-4440-b709-9b6747ee4257", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.918837Z", + "modified": "2024-11-27T00:22:10.918837Z", + "name": "CVE-2024-8899", + "description": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--319146a3-00ee-492e-9c76-5dc2b0861598.json b/objects/vulnerability/vulnerability--319146a3-00ee-492e-9c76-5dc2b0861598.json new file mode 100644 index 00000000000..56ff97539f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--319146a3-00ee-492e-9c76-5dc2b0861598.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7281e985-7acf-485a-851e-56cb81bf7d67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--319146a3-00ee-492e-9c76-5dc2b0861598", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.619974Z", + "modified": "2024-11-27T00:22:10.619974Z", + "name": "CVE-2024-34162", + "description": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32469bfa-12ce-44c1-b098-485a66b3f083.json b/objects/vulnerability/vulnerability--32469bfa-12ce-44c1-b098-485a66b3f083.json new file mode 100644 index 00000000000..bc471a367b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--32469bfa-12ce-44c1-b098-485a66b3f083.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--147353e0-4793-4b2f-9927-9681ec10868c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32469bfa-12ce-44c1-b098-485a66b3f083", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.5522Z", + "modified": "2024-11-27T00:22:10.5522Z", + "name": "CVE-2024-11742", + "description": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11742" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35e68900-ffcf-44e1-b2c9-10f8f0642582.json b/objects/vulnerability/vulnerability--35e68900-ffcf-44e1-b2c9-10f8f0642582.json new file mode 100644 index 00000000000..4ef94b7d15e --- /dev/null +++ b/objects/vulnerability/vulnerability--35e68900-ffcf-44e1-b2c9-10f8f0642582.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--405f4dcd-6899-48f5-bf66-c1114b50257b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35e68900-ffcf-44e1-b2c9-10f8f0642582", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.339581Z", + "modified": "2024-11-27T00:22:10.339581Z", + "name": "CVE-2024-50365", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"lan_apply\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38d2adc9-d8b6-4fa0-b266-07d3279578b6.json b/objects/vulnerability/vulnerability--38d2adc9-d8b6-4fa0-b266-07d3279578b6.json new file mode 100644 index 00000000000..f301d5b697a --- /dev/null +++ b/objects/vulnerability/vulnerability--38d2adc9-d8b6-4fa0-b266-07d3279578b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a77e909-b638-47a0-b756-f0d51666de9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38d2adc9-d8b6-4fa0-b266-07d3279578b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.566656Z", + "modified": "2024-11-27T00:22:10.566656Z", + "name": "CVE-2024-11678", + "description": "A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b439bb1-cc86-4cd0-b64d-000ebaa1f32e.json b/objects/vulnerability/vulnerability--3b439bb1-cc86-4cd0-b64d-000ebaa1f32e.json new file mode 100644 index 00000000000..30362c581d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b439bb1-cc86-4cd0-b64d-000ebaa1f32e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f80ba448-9e66-4c28-bc1d-6790f81f2748", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b439bb1-cc86-4cd0-b64d-000ebaa1f32e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.517246Z", + "modified": "2024-11-27T00:22:11.517246Z", + "name": "CVE-2024-49595", + "description": "Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c4c1bde-5196-4f54-ae74-71665087b37b.json b/objects/vulnerability/vulnerability--3c4c1bde-5196-4f54-ae74-71665087b37b.json new file mode 100644 index 00000000000..0f6d22d89cd --- /dev/null +++ b/objects/vulnerability/vulnerability--3c4c1bde-5196-4f54-ae74-71665087b37b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a47bbf9d-ac97-4b5d-930f-40dbb1cc6afc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c4c1bde-5196-4f54-ae74-71665087b37b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.470063Z", + "modified": "2024-11-27T00:22:12.470063Z", + "name": "CVE-2024-6749", + "description": "Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. \n\n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c741c3e-8629-4c34-9ee2-affac1acb58d.json b/objects/vulnerability/vulnerability--3c741c3e-8629-4c34-9ee2-affac1acb58d.json new file mode 100644 index 00000000000..383e77f4579 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c741c3e-8629-4c34-9ee2-affac1acb58d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5c3aec4-6761-4a44-95f0-5cc192cdb74e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c741c3e-8629-4c34-9ee2-affac1acb58d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.324419Z", + "modified": "2024-11-27T00:22:10.324419Z", + "name": "CVE-2024-50369", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"multiple_ssid_htm\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dd33c78-c4a6-4b22-9d12-4bb7e044b49d.json b/objects/vulnerability/vulnerability--3dd33c78-c4a6-4b22-9d12-4bb7e044b49d.json new file mode 100644 index 00000000000..94d55e7b0fa --- /dev/null +++ b/objects/vulnerability/vulnerability--3dd33c78-c4a6-4b22-9d12-4bb7e044b49d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c8eda2c-c514-44f0-8a74-e23541954787", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dd33c78-c4a6-4b22-9d12-4bb7e044b49d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.319235Z", + "modified": "2024-11-27T00:22:10.319235Z", + "name": "CVE-2024-50367", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"sta_log_htm\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e64b620-99ea-4863-853a-3729b5393541.json b/objects/vulnerability/vulnerability--3e64b620-99ea-4863-853a-3729b5393541.json new file mode 100644 index 00000000000..b5572f6681a --- /dev/null +++ b/objects/vulnerability/vulnerability--3e64b620-99ea-4863-853a-3729b5393541.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48077e77-ae85-44ea-943d-17c520cc43b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e64b620-99ea-4863-853a-3729b5393541", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.766502Z", + "modified": "2024-11-27T00:22:09.766502Z", + "name": "CVE-2024-51058", + "description": "Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40659f21-dd5f-4f66-9f60-e960336fac27.json b/objects/vulnerability/vulnerability--40659f21-dd5f-4f66-9f60-e960336fac27.json new file mode 100644 index 00000000000..11959433311 --- /dev/null +++ b/objects/vulnerability/vulnerability--40659f21-dd5f-4f66-9f60-e960336fac27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a3fe016-85b1-4312-af84-05a0ea2b581e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40659f21-dd5f-4f66-9f60-e960336fac27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.58725Z", + "modified": "2024-11-27T00:22:10.58725Z", + "name": "CVE-2024-11119", + "description": "The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11119" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--408f533d-0d44-44a8-8301-000dbdc9e284.json b/objects/vulnerability/vulnerability--408f533d-0d44-44a8-8301-000dbdc9e284.json new file mode 100644 index 00000000000..12b513f2d3d --- /dev/null +++ b/objects/vulnerability/vulnerability--408f533d-0d44-44a8-8301-000dbdc9e284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93fa3774-8bad-4944-88a3-624f08171e8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--408f533d-0d44-44a8-8301-000dbdc9e284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.120098Z", + "modified": "2024-11-27T00:22:12.120098Z", + "name": "CVE-2024-28038", + "description": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4313bc8d-4482-46f6-a966-3d4c18de6c39.json b/objects/vulnerability/vulnerability--4313bc8d-4482-46f6-a966-3d4c18de6c39.json new file mode 100644 index 00000000000..3d174a96c98 --- /dev/null +++ b/objects/vulnerability/vulnerability--4313bc8d-4482-46f6-a966-3d4c18de6c39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4954a5c3-d8a5-4298-9706-f01c111df96b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4313bc8d-4482-46f6-a966-3d4c18de6c39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.565036Z", + "modified": "2024-11-27T00:22:10.565036Z", + "name": "CVE-2024-11828", + "description": "A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11828" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--495ed4a0-acad-4ecb-9b70-2d0137b59c2e.json b/objects/vulnerability/vulnerability--495ed4a0-acad-4ecb-9b70-2d0137b59c2e.json new file mode 100644 index 00000000000..ffa98c8a16e --- /dev/null +++ b/objects/vulnerability/vulnerability--495ed4a0-acad-4ecb-9b70-2d0137b59c2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d74e41c-2fc3-4589-b6d1-38149c78093d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--495ed4a0-acad-4ecb-9b70-2d0137b59c2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.085911Z", + "modified": "2024-11-27T00:22:10.085911Z", + "name": "CVE-2024-10471", + "description": "The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4eeeee7f-f369-4d0f-8d45-882806c6e15e.json b/objects/vulnerability/vulnerability--4eeeee7f-f369-4d0f-8d45-882806c6e15e.json new file mode 100644 index 00000000000..e790ca55c09 --- /dev/null +++ b/objects/vulnerability/vulnerability--4eeeee7f-f369-4d0f-8d45-882806c6e15e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6734742-c2a2-48f5-b630-0de10f454c15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4eeeee7f-f369-4d0f-8d45-882806c6e15e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.853177Z", + "modified": "2024-11-27T00:22:10.853177Z", + "name": "CVE-2024-53675", + "description": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f4aff8e-2283-43f8-9e8c-e0d72436a915.json b/objects/vulnerability/vulnerability--4f4aff8e-2283-43f8-9e8c-e0d72436a915.json new file mode 100644 index 00000000000..5d0e9a16889 --- /dev/null +++ b/objects/vulnerability/vulnerability--4f4aff8e-2283-43f8-9e8c-e0d72436a915.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3e306405-5ddd-4694-b529-9d294421c022", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f4aff8e-2283-43f8-9e8c-e0d72436a915", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.327178Z", + "modified": "2024-11-27T00:22:10.327178Z", + "name": "CVE-2024-50359", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"scan_ap\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50359" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--500c448e-cb1f-4c18-91f1-bcf85206aa30.json b/objects/vulnerability/vulnerability--500c448e-cb1f-4c18-91f1-bcf85206aa30.json new file mode 100644 index 00000000000..2ed1b8eed6e --- /dev/null +++ b/objects/vulnerability/vulnerability--500c448e-cb1f-4c18-91f1-bcf85206aa30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--825658b7-8399-411b-baee-3015607d2ed2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--500c448e-cb1f-4c18-91f1-bcf85206aa30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.848332Z", + "modified": "2024-11-27T00:22:10.848332Z", + "name": "CVE-2024-53975", + "description": "Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53975" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5239c0cc-ede6-484d-ac25-c36c142ddcae.json b/objects/vulnerability/vulnerability--5239c0cc-ede6-484d-ac25-c36c142ddcae.json new file mode 100644 index 00000000000..ccd027e69a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--5239c0cc-ede6-484d-ac25-c36c142ddcae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b374ad1-5559-4f6b-b70a-abcfcaa20f6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5239c0cc-ede6-484d-ac25-c36c142ddcae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.591208Z", + "modified": "2024-11-27T00:22:10.591208Z", + "name": "CVE-2024-11701", + "description": "The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--548d878a-e27e-4db1-b8ca-86eed59d4d66.json b/objects/vulnerability/vulnerability--548d878a-e27e-4db1-b8ca-86eed59d4d66.json new file mode 100644 index 00000000000..29963f0da5d --- /dev/null +++ b/objects/vulnerability/vulnerability--548d878a-e27e-4db1-b8ca-86eed59d4d66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc87ae04-745b-47c3-98e7-238e16c7f14e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--548d878a-e27e-4db1-b8ca-86eed59d4d66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.948047Z", + "modified": "2024-11-27T00:22:11.948047Z", + "name": "CVE-2024-32965", + "description": "Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55faa9d0-b7b5-4f2d-9c24-a3763656e4a6.json b/objects/vulnerability/vulnerability--55faa9d0-b7b5-4f2d-9c24-a3763656e4a6.json new file mode 100644 index 00000000000..c86e43d06cd --- /dev/null +++ b/objects/vulnerability/vulnerability--55faa9d0-b7b5-4f2d-9c24-a3763656e4a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d3e729c-228f-4d28-bf1e-affd3efd78f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55faa9d0-b7b5-4f2d-9c24-a3763656e4a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.063355Z", + "modified": "2024-11-27T00:22:10.063355Z", + "name": "CVE-2024-10729", + "description": "The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--583376f1-0f3d-43e9-8e1d-dced8b001c45.json b/objects/vulnerability/vulnerability--583376f1-0f3d-43e9-8e1d-dced8b001c45.json new file mode 100644 index 00000000000..963b7a264b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--583376f1-0f3d-43e9-8e1d-dced8b001c45.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ebd98d6-4aaf-4b84-ba2c-510026f4086f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--583376f1-0f3d-43e9-8e1d-dced8b001c45", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.09773Z", + "modified": "2024-11-27T00:22:10.09773Z", + "name": "CVE-2024-10570", + "description": "The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10570" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5aabb645-89c4-422b-83d6-f7ce1dfc2d9f.json b/objects/vulnerability/vulnerability--5aabb645-89c4-422b-83d6-f7ce1dfc2d9f.json new file mode 100644 index 00000000000..22ec90602b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--5aabb645-89c4-422b-83d6-f7ce1dfc2d9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d87a902e-ba69-4f8e-a2da-712bb0f9b3f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5aabb645-89c4-422b-83d6-f7ce1dfc2d9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.532158Z", + "modified": "2024-11-27T00:22:10.532158Z", + "name": "CVE-2024-11819", + "description": "A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63b201e9-32c0-4f05-845c-fa12b7856c82.json b/objects/vulnerability/vulnerability--63b201e9-32c0-4f05-845c-fa12b7856c82.json new file mode 100644 index 00000000000..85672a616c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--63b201e9-32c0-4f05-845c-fa12b7856c82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26d19178-4412-4f88-a21d-83b3eb15b982", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63b201e9-32c0-4f05-845c-fa12b7856c82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.602503Z", + "modified": "2024-11-27T00:22:10.602503Z", + "name": "CVE-2024-11704", + "description": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11704" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--669e05de-bbff-4ac7-933b-f9d228e3f082.json b/objects/vulnerability/vulnerability--669e05de-bbff-4ac7-933b-f9d228e3f082.json new file mode 100644 index 00000000000..aeee123ffec --- /dev/null +++ b/objects/vulnerability/vulnerability--669e05de-bbff-4ac7-933b-f9d228e3f082.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49aee2c5-c6e3-4083-9eaa-2ceba4c688a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--669e05de-bbff-4ac7-933b-f9d228e3f082", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.50539Z", + "modified": "2024-11-27T00:22:11.50539Z", + "name": "CVE-2024-49353", + "description": "IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49353" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--695c8054-d3cf-4876-9faf-8dec3dc43fb3.json b/objects/vulnerability/vulnerability--695c8054-d3cf-4876-9faf-8dec3dc43fb3.json new file mode 100644 index 00000000000..556435a83cb --- /dev/null +++ b/objects/vulnerability/vulnerability--695c8054-d3cf-4876-9faf-8dec3dc43fb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bbb37033-4247-4bcb-905a-f940072cfd9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--695c8054-d3cf-4876-9faf-8dec3dc43fb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.757225Z", + "modified": "2024-11-27T00:22:11.757225Z", + "name": "CVE-2024-36254", + "description": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c23fa9f-2e03-4d10-acf7-1b958cdf9260.json b/objects/vulnerability/vulnerability--6c23fa9f-2e03-4d10-acf7-1b958cdf9260.json new file mode 100644 index 00000000000..625bc11f3bc --- /dev/null +++ b/objects/vulnerability/vulnerability--6c23fa9f-2e03-4d10-acf7-1b958cdf9260.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8357509f-73c7-4273-8c51-bde7b353712f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c23fa9f-2e03-4d10-acf7-1b958cdf9260", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.570436Z", + "modified": "2024-11-27T00:22:10.570436Z", + "name": "CVE-2024-11145", + "description": "Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11145" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6df52e84-b91e-4f91-97d3-ed04c23d0f4b.json b/objects/vulnerability/vulnerability--6df52e84-b91e-4f91-97d3-ed04c23d0f4b.json new file mode 100644 index 00000000000..3e5546efa40 --- /dev/null +++ b/objects/vulnerability/vulnerability--6df52e84-b91e-4f91-97d3-ed04c23d0f4b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b13e52f-2bf9-4f63-ae9f-e1e51c48f904", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6df52e84-b91e-4f91-97d3-ed04c23d0f4b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.836557Z", + "modified": "2024-11-27T00:22:10.836557Z", + "name": "CVE-2024-53267", + "description": "sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but \"mismatched\" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation of KeylessVerifier.verify(). The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby \"verifying\" a bundle without any proof the signing event was logged. This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors. The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass. sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality. This issue has been patched in v1.1.0 release with PR #856. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53267" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f68622c-8c4d-45f7-a62e-d7e8841a7034.json b/objects/vulnerability/vulnerability--6f68622c-8c4d-45f7-a62e-d7e8841a7034.json new file mode 100644 index 00000000000..fe7e0468ee4 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f68622c-8c4d-45f7-a62e-d7e8841a7034.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a003748d-582c-4444-8e80-e22919e898eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f68622c-8c4d-45f7-a62e-d7e8841a7034", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:20.879232Z", + "modified": "2024-11-27T00:22:20.879232Z", + "name": "CVE-2023-2142", + "description": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fa00bc6-4052-4224-bdb8-3d4a45542cd6.json b/objects/vulnerability/vulnerability--6fa00bc6-4052-4224-bdb8-3d4a45542cd6.json new file mode 100644 index 00000000000..a936f8cac25 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fa00bc6-4052-4224-bdb8-3d4a45542cd6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--494ec40b-84d1-4a96-b861-cf48fe46c7db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fa00bc6-4052-4224-bdb8-3d4a45542cd6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:22.006824Z", + "modified": "2024-11-27T00:22:22.006824Z", + "name": "CVE-2016-10408", + "description": "QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2016-10408" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71cca58d-14be-49fd-826c-a535ce46f4ce.json b/objects/vulnerability/vulnerability--71cca58d-14be-49fd-826c-a535ce46f4ce.json new file mode 100644 index 00000000000..a4f366bccd2 --- /dev/null +++ b/objects/vulnerability/vulnerability--71cca58d-14be-49fd-826c-a535ce46f4ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2fd073ff-c8ea-4c02-9aa7-c7e5024f09e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71cca58d-14be-49fd-826c-a535ce46f4ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:23.858229Z", + "modified": "2024-11-27T00:22:23.858229Z", + "name": "CVE-2018-11816", + "description": "Crafted Binder Request Causes Heap UAF in MediaServer", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-11816" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--748987d2-9a7a-4a06-a57a-a7b0ceae34a9.json b/objects/vulnerability/vulnerability--748987d2-9a7a-4a06-a57a-a7b0ceae34a9.json new file mode 100644 index 00000000000..a6ffc7e906a --- /dev/null +++ b/objects/vulnerability/vulnerability--748987d2-9a7a-4a06-a57a-a7b0ceae34a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70e7ffd5-26a5-4ceb-9a4c-ea637ebd5385", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--748987d2-9a7a-4a06-a57a-a7b0ceae34a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.533276Z", + "modified": "2024-11-27T00:22:10.533276Z", + "name": "CVE-2024-11744", + "description": "A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11744" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75d599ca-7450-4197-a824-2d071de27d3a.json b/objects/vulnerability/vulnerability--75d599ca-7450-4197-a824-2d071de27d3a.json new file mode 100644 index 00000000000..d569f699788 --- /dev/null +++ b/objects/vulnerability/vulnerability--75d599ca-7450-4197-a824-2d071de27d3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a32c219-24a8-486a-a901-9bb2a193062c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75d599ca-7450-4197-a824-2d071de27d3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:21.98912Z", + "modified": "2024-11-27T00:22:21.98912Z", + "name": "CVE-2016-10394", + "description": "Initial xbl_sec revision does not have all the debug policy features and critical checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2016-10394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77e610af-d6f6-4f9d-bd04-2cf219b38852.json b/objects/vulnerability/vulnerability--77e610af-d6f6-4f9d-bd04-2cf219b38852.json new file mode 100644 index 00000000000..3f6d5050734 --- /dev/null +++ b/objects/vulnerability/vulnerability--77e610af-d6f6-4f9d-bd04-2cf219b38852.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3700d5bf-4f3e-426c-9589-c41643637df3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77e610af-d6f6-4f9d-bd04-2cf219b38852", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.562501Z", + "modified": "2024-11-27T00:22:10.562501Z", + "name": "CVE-2024-11032", + "description": "The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11032" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78328bc5-1ab6-4a09-a84c-596120c14998.json b/objects/vulnerability/vulnerability--78328bc5-1ab6-4a09-a84c-596120c14998.json new file mode 100644 index 00000000000..e58c5e40966 --- /dev/null +++ b/objects/vulnerability/vulnerability--78328bc5-1ab6-4a09-a84c-596120c14998.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--107b8d1d-192a-4569-87b6-d5866123ecef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78328bc5-1ab6-4a09-a84c-596120c14998", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.550829Z", + "modified": "2024-11-27T00:22:10.550829Z", + "name": "CVE-2024-11698", + "description": "A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing \"Esc\" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. \n*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79298d1b-36ec-4368-9041-c007442ffbb2.json b/objects/vulnerability/vulnerability--79298d1b-36ec-4368-9041-c007442ffbb2.json new file mode 100644 index 00000000000..5e16dd1f9e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--79298d1b-36ec-4368-9041-c007442ffbb2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e284426f-1b95-49c0-ad7d-cef0261e41c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79298d1b-36ec-4368-9041-c007442ffbb2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.071527Z", + "modified": "2024-11-27T00:22:10.071527Z", + "name": "CVE-2024-10579", + "description": "The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10579" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7954af9d-83ed-4477-8b0f-de80239870f5.json b/objects/vulnerability/vulnerability--7954af9d-83ed-4477-8b0f-de80239870f5.json new file mode 100644 index 00000000000..8e740b1f314 --- /dev/null +++ b/objects/vulnerability/vulnerability--7954af9d-83ed-4477-8b0f-de80239870f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9f45acf-6831-4434-9862-10d1b6b69ea3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7954af9d-83ed-4477-8b0f-de80239870f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.529462Z", + "modified": "2024-11-27T00:22:10.529462Z", + "name": "CVE-2024-11675", + "description": "A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a052aa6-548e-4d59-9193-9a434ca3ff7f.json b/objects/vulnerability/vulnerability--7a052aa6-548e-4d59-9193-9a434ca3ff7f.json new file mode 100644 index 00000000000..81ca4eee9e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a052aa6-548e-4d59-9193-9a434ca3ff7f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e125ae0-96d7-4be9-8392-44412acda914", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a052aa6-548e-4d59-9193-9a434ca3ff7f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:08.995284Z", + "modified": "2024-11-27T00:22:08.995284Z", + "name": "CVE-2017-18306", + "description": "Information disclosure due to uninitialized variable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-18306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c42adf7-9ba2-497d-b762-0590d2f6e6de.json b/objects/vulnerability/vulnerability--7c42adf7-9ba2-497d-b762-0590d2f6e6de.json new file mode 100644 index 00000000000..2424648a840 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c42adf7-9ba2-497d-b762-0590d2f6e6de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21637a09-89f0-4fd9-b92d-8187dfc773e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c42adf7-9ba2-497d-b762-0590d2f6e6de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.835299Z", + "modified": "2024-11-27T00:22:10.835299Z", + "name": "CVE-2024-53849", + "description": "editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f424ffe-9585-4def-8adc-5c92d1948477.json b/objects/vulnerability/vulnerability--7f424ffe-9585-4def-8adc-5c92d1948477.json new file mode 100644 index 00000000000..30a5ab44159 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f424ffe-9585-4def-8adc-5c92d1948477.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25d39a95-c457-4118-9ca8-0ddeae934f4e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f424ffe-9585-4def-8adc-5c92d1948477", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.573791Z", + "modified": "2024-11-27T00:22:10.573791Z", + "name": "CVE-2024-11702", + "description": "Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11702" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81d91757-21af-4c1d-9637-69988e6d81ed.json b/objects/vulnerability/vulnerability--81d91757-21af-4c1d-9637-69988e6d81ed.json new file mode 100644 index 00000000000..851078818cb --- /dev/null +++ b/objects/vulnerability/vulnerability--81d91757-21af-4c1d-9637-69988e6d81ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e29aa17-3b4f-47ca-8687-d85d9ba5d103", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81d91757-21af-4c1d-9637-69988e6d81ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.534284Z", + "modified": "2024-11-27T00:22:10.534284Z", + "name": "CVE-2024-11696", + "description": "The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8204dfe2-5313-4e13-8d61-35a80172bd9c.json b/objects/vulnerability/vulnerability--8204dfe2-5313-4e13-8d61-35a80172bd9c.json new file mode 100644 index 00000000000..ea0b975faa1 --- /dev/null +++ b/objects/vulnerability/vulnerability--8204dfe2-5313-4e13-8d61-35a80172bd9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--004ff836-0754-4375-9e1f-4609f83cbc25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8204dfe2-5313-4e13-8d61-35a80172bd9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.600181Z", + "modified": "2024-11-27T00:22:10.600181Z", + "name": "CVE-2024-11622", + "description": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--853c9501-60ad-459c-a165-e266e2865d00.json b/objects/vulnerability/vulnerability--853c9501-60ad-459c-a165-e266e2865d00.json new file mode 100644 index 00000000000..d3a4466f6b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--853c9501-60ad-459c-a165-e266e2865d00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4266a471-3716-4c13-8c00-6d74e4800158", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--853c9501-60ad-459c-a165-e266e2865d00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.979308Z", + "modified": "2024-11-27T00:22:10.979308Z", + "name": "CVE-2024-38830", + "description": "VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38830" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8836b8a0-415a-452d-90ae-a837c3812b78.json b/objects/vulnerability/vulnerability--8836b8a0-415a-452d-90ae-a837c3812b78.json new file mode 100644 index 00000000000..9eac88e6fc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--8836b8a0-415a-452d-90ae-a837c3812b78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0acea5d1-369f-4c99-9e87-4e59d5be5071", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8836b8a0-415a-452d-90ae-a837c3812b78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.553238Z", + "modified": "2024-11-27T00:22:10.553238Z", + "name": "CVE-2024-11693", + "description": "The executable file warning was not presented when downloading .library-ms files. \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88f79a74-e08c-46c3-857e-67c807048d79.json b/objects/vulnerability/vulnerability--88f79a74-e08c-46c3-857e-67c807048d79.json new file mode 100644 index 00000000000..4086ff97777 --- /dev/null +++ b/objects/vulnerability/vulnerability--88f79a74-e08c-46c3-857e-67c807048d79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e115eff0-beee-4c74-9eef-4ad793872194", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88f79a74-e08c-46c3-857e-67c807048d79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.123874Z", + "modified": "2024-11-27T00:22:12.123874Z", + "name": "CVE-2024-28955", + "description": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a41595d-6d79-44f2-9713-9e7f70139dda.json b/objects/vulnerability/vulnerability--8a41595d-6d79-44f2-9713-9e7f70139dda.json new file mode 100644 index 00000000000..dac38af760a --- /dev/null +++ b/objects/vulnerability/vulnerability--8a41595d-6d79-44f2-9713-9e7f70139dda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f44bcb93-14ce-4afe-9fea-94c3065e487f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a41595d-6d79-44f2-9713-9e7f70139dda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.911826Z", + "modified": "2024-11-27T00:22:09.911826Z", + "name": "CVE-2024-52008", + "description": "Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the creation of accounts with passwords as short as a single character. When an email messaging provider is enabled and a new user account is created in the system, an invite email containing a special link is sent to the new user's email address. This link directs the new user to a page where they can set their initial password. While the user interface implements password complexity checks, these validations are only performed client-side. The underlying `/api/v1/user/accept-invite` API endpoint does not implement the same password policy validations. This vulnerability allows an invited user to set an extremely weak password for their own account during the initial account setup process. Therefore that specific user's account can be compromised easily by an attacker guessing or brute forcing the password. The vulnerability has been patched in Fides version `2.50.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a8027d3-b159-4b19-9800-cd10fee3f8ab.json b/objects/vulnerability/vulnerability--8a8027d3-b159-4b19-9800-cd10fee3f8ab.json new file mode 100644 index 00000000000..204606e0cde --- /dev/null +++ b/objects/vulnerability/vulnerability--8a8027d3-b159-4b19-9800-cd10fee3f8ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff52ceae-1058-4c35-8781-abd66dfe887e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a8027d3-b159-4b19-9800-cd10fee3f8ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.857069Z", + "modified": "2024-11-27T00:22:10.857069Z", + "name": "CVE-2024-53976", + "description": "Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cbb069e-62c5-4181-af82-56d6ac2f6b90.json b/objects/vulnerability/vulnerability--8cbb069e-62c5-4181-af82-56d6ac2f6b90.json new file mode 100644 index 00000000000..bd3c5439682 --- /dev/null +++ b/objects/vulnerability/vulnerability--8cbb069e-62c5-4181-af82-56d6ac2f6b90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83e0e27a-d795-49e8-bb18-f2a6274706a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cbb069e-62c5-4181-af82-56d6ac2f6b90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.312011Z", + "modified": "2024-11-27T00:22:10.312011Z", + "name": "CVE-2024-50360", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"snmp_apply\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50360" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e9092a8-4279-4049-a9fb-b14de51a9d75.json b/objects/vulnerability/vulnerability--8e9092a8-4279-4049-a9fb-b14de51a9d75.json new file mode 100644 index 00000000000..5fc315f8650 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e9092a8-4279-4049-a9fb-b14de51a9d75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8f89990-ba95-4f07-896a-c1c9e7946cbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e9092a8-4279-4049-a9fb-b14de51a9d75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.315221Z", + "modified": "2024-11-27T00:22:10.315221Z", + "name": "CVE-2024-50942", + "description": "qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50942" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9062fa7e-d527-43f2-ae61-b628e76956e5.json b/objects/vulnerability/vulnerability--9062fa7e-d527-43f2-ae61-b628e76956e5.json new file mode 100644 index 00000000000..b14ed0f1bff --- /dev/null +++ b/objects/vulnerability/vulnerability--9062fa7e-d527-43f2-ae61-b628e76956e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db577339-1528-4bf3-8157-ae943e58688b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9062fa7e-d527-43f2-ae61-b628e76956e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.451461Z", + "modified": "2024-11-27T00:22:11.451461Z", + "name": "CVE-2024-35244", + "description": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35244" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--922fbbe4-4bb1-49bf-9007-481d6831745c.json b/objects/vulnerability/vulnerability--922fbbe4-4bb1-49bf-9007-481d6831745c.json new file mode 100644 index 00000000000..d3683477f4a --- /dev/null +++ b/objects/vulnerability/vulnerability--922fbbe4-4bb1-49bf-9007-481d6831745c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78c18d95-2411-4582-a5e4-cd7ff3d862ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--922fbbe4-4bb1-49bf-9007-481d6831745c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.341422Z", + "modified": "2024-11-27T00:22:10.341422Z", + "name": "CVE-2024-50361", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"certificate_file_remove\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50361" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92434fea-606c-4395-926f-6441ba3519a2.json b/objects/vulnerability/vulnerability--92434fea-606c-4395-926f-6441ba3519a2.json new file mode 100644 index 00000000000..acbc4b642a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--92434fea-606c-4395-926f-6441ba3519a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c0af36be-6e2e-497c-82fc-94b568e6e99f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92434fea-606c-4395-926f-6441ba3519a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.251577Z", + "modified": "2024-11-27T00:22:10.251577Z", + "name": "CVE-2024-47249", + "description": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93976f70-3c7d-43cc-b601-dba159d6ece1.json b/objects/vulnerability/vulnerability--93976f70-3c7d-43cc-b601-dba159d6ece1.json new file mode 100644 index 00000000000..889dae37c28 --- /dev/null +++ b/objects/vulnerability/vulnerability--93976f70-3c7d-43cc-b601-dba159d6ece1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ccac283-c4e3-4b5a-ad36-663770cac9f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93976f70-3c7d-43cc-b601-dba159d6ece1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.80606Z", + "modified": "2024-11-27T00:22:10.80606Z", + "name": "CVE-2024-33605", + "description": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--955727f5-f4db-4820-8ac8-28cd3453a05f.json b/objects/vulnerability/vulnerability--955727f5-f4db-4820-8ac8-28cd3453a05f.json new file mode 100644 index 00000000000..03ea4b02572 --- /dev/null +++ b/objects/vulnerability/vulnerability--955727f5-f4db-4820-8ac8-28cd3453a05f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92e87532-c0df-467e-b06f-66a1637fd7ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--955727f5-f4db-4820-8ac8-28cd3453a05f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.102411Z", + "modified": "2024-11-27T00:22:10.102411Z", + "name": "CVE-2024-10781", + "description": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96392600-156e-458b-a269-aa3987ff712e.json b/objects/vulnerability/vulnerability--96392600-156e-458b-a269-aa3987ff712e.json new file mode 100644 index 00000000000..64b42f365b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--96392600-156e-458b-a269-aa3987ff712e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78498e93-986a-4d60-b071-6df57e5a9a21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96392600-156e-458b-a269-aa3987ff712e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.791236Z", + "modified": "2024-11-27T00:22:11.791236Z", + "name": "CVE-2024-36463", + "description": "The implementation of atob in \"Zabbix JS\" allows to create a string with arbitrary content and use it to access internal properties of objects.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97b8fee1-6eb2-4d08-90b4-f93305bf6df4.json b/objects/vulnerability/vulnerability--97b8fee1-6eb2-4d08-90b4-f93305bf6df4.json new file mode 100644 index 00000000000..31525fc0ab3 --- /dev/null +++ b/objects/vulnerability/vulnerability--97b8fee1-6eb2-4d08-90b4-f93305bf6df4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dab83207-0d0a-4029-9b5a-d5b6972f48df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97b8fee1-6eb2-4d08-90b4-f93305bf6df4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.948781Z", + "modified": "2024-11-27T00:22:09.948781Z", + "name": "CVE-2024-52337", + "description": "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97d04ace-e0ac-4a41-8cd0-68f4fdb488d2.json b/objects/vulnerability/vulnerability--97d04ace-e0ac-4a41-8cd0-68f4fdb488d2.json new file mode 100644 index 00000000000..1a83043c0a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--97d04ace-e0ac-4a41-8cd0-68f4fdb488d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--706b0853-7eab-4381-8ba9-73e4351f4db2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97d04ace-e0ac-4a41-8cd0-68f4fdb488d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.596065Z", + "modified": "2024-11-27T00:22:10.596065Z", + "name": "CVE-2024-11024", + "description": "The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98c92cbf-f594-4560-bbfa-8b7de21f8fc6.json b/objects/vulnerability/vulnerability--98c92cbf-f594-4560-bbfa-8b7de21f8fc6.json new file mode 100644 index 00000000000..bcd0811c9f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--98c92cbf-f594-4560-bbfa-8b7de21f8fc6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3826bb74-40e8-4191-94ce-be9d863535a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98c92cbf-f594-4560-bbfa-8b7de21f8fc6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.598746Z", + "modified": "2024-11-27T00:22:10.598746Z", + "name": "CVE-2024-11002", + "description": "The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11002" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99b808cb-f320-4009-96a2-430244594b6f.json b/objects/vulnerability/vulnerability--99b808cb-f320-4009-96a2-430244594b6f.json new file mode 100644 index 00000000000..9d8197234a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--99b808cb-f320-4009-96a2-430244594b6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c0c77e00-63eb-4ecc-abac-3169e7805b2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99b808cb-f320-4009-96a2-430244594b6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.934521Z", + "modified": "2024-11-27T00:22:09.934521Z", + "name": "CVE-2024-52336", + "description": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99cab0a6-fea8-4971-a284-6fcb86bcd6c3.json b/objects/vulnerability/vulnerability--99cab0a6-fea8-4971-a284-6fcb86bcd6c3.json new file mode 100644 index 00000000000..a3a2dd706f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--99cab0a6-fea8-4971-a284-6fcb86bcd6c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29a6cf89-777e-447c-afb5-526709ae0687", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99cab0a6-fea8-4971-a284-6fcb86bcd6c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.547513Z", + "modified": "2024-11-27T00:22:10.547513Z", + "name": "CVE-2024-11700", + "description": "Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a9cb8b0-87f0-44a6-9d50-bf7faf247145.json b/objects/vulnerability/vulnerability--9a9cb8b0-87f0-44a6-9d50-bf7faf247145.json new file mode 100644 index 00000000000..d8d38b572c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a9cb8b0-87f0-44a6-9d50-bf7faf247145.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec916114-98ea-4933-b1ae-b72adaa0d9a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a9cb8b0-87f0-44a6-9d50-bf7faf247145", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.067389Z", + "modified": "2024-11-27T00:22:10.067389Z", + "name": "CVE-2024-10878", + "description": "The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bdf6c48-95cf-4b00-a110-80e29903d584.json b/objects/vulnerability/vulnerability--9bdf6c48-95cf-4b00-a110-80e29903d584.json new file mode 100644 index 00000000000..385614f8fa9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9bdf6c48-95cf-4b00-a110-80e29903d584.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4f92f2c-e143-4cd4-a0e1-1cadac50d646", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bdf6c48-95cf-4b00-a110-80e29903d584", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.594985Z", + "modified": "2024-11-27T00:22:11.594985Z", + "name": "CVE-2024-49038", + "description": "Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fcd3294-8d8d-4ffd-bed5-1ff6bbf4605e.json b/objects/vulnerability/vulnerability--9fcd3294-8d8d-4ffd-bed5-1ff6bbf4605e.json new file mode 100644 index 00000000000..8b5445a51e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fcd3294-8d8d-4ffd-bed5-1ff6bbf4605e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--111da02c-b2b9-4158-8a8d-7f45e8291c1f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fcd3294-8d8d-4ffd-bed5-1ff6bbf4605e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.260772Z", + "modified": "2024-11-27T00:22:10.260772Z", + "name": "CVE-2024-47250", + "description": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1877664-8bc5-4f03-b4f7-088131da7e6b.json b/objects/vulnerability/vulnerability--a1877664-8bc5-4f03-b4f7-088131da7e6b.json new file mode 100644 index 00000000000..e13686a2c53 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1877664-8bc5-4f03-b4f7-088131da7e6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9321354-3fb7-49da-bc6b-69ae77815247", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1877664-8bc5-4f03-b4f7-088131da7e6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.607743Z", + "modified": "2024-11-27T00:22:10.607743Z", + "name": "CVE-2024-11703", + "description": "On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11703" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1973e65-7c31-45eb-b705-4d11861ff254.json b/objects/vulnerability/vulnerability--a1973e65-7c31-45eb-b705-4d11861ff254.json new file mode 100644 index 00000000000..17c24b2852f --- /dev/null +++ b/objects/vulnerability/vulnerability--a1973e65-7c31-45eb-b705-4d11861ff254.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c292cb1-2410-4f40-8047-32c920b1d234", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1973e65-7c31-45eb-b705-4d11861ff254", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.95568Z", + "modified": "2024-11-27T00:22:10.95568Z", + "name": "CVE-2024-8676", + "description": "A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a28d9b45-88e9-4b51-8b31-3196963e7588.json b/objects/vulnerability/vulnerability--a28d9b45-88e9-4b51-8b31-3196963e7588.json new file mode 100644 index 00000000000..275b93c681c --- /dev/null +++ b/objects/vulnerability/vulnerability--a28d9b45-88e9-4b51-8b31-3196963e7588.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3ea719a-1197-468e-b74b-214ca66dbfba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a28d9b45-88e9-4b51-8b31-3196963e7588", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.594958Z", + "modified": "2024-11-27T00:22:10.594958Z", + "name": "CVE-2024-11691", + "description": "Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. \n*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2e2d033-f0be-4a70-bd89-ca890113e4c6.json b/objects/vulnerability/vulnerability--a2e2d033-f0be-4a70-bd89-ca890113e4c6.json new file mode 100644 index 00000000000..bef197bb8b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2e2d033-f0be-4a70-bd89-ca890113e4c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6efc8adb-fb22-43cb-802a-ce6ea48c5aef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2e2d033-f0be-4a70-bd89-ca890113e4c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.282311Z", + "modified": "2024-11-27T00:22:10.282311Z", + "name": "CVE-2024-50374", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"capture_packages\" operation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3478f39-6d21-4e97-8502-4c341ee01a7c.json b/objects/vulnerability/vulnerability--a3478f39-6d21-4e97-8502-4c341ee01a7c.json new file mode 100644 index 00000000000..3e48c7a9d94 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3478f39-6d21-4e97-8502-4c341ee01a7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96679c43-9ebc-4dd8-8693-c9c4da1cb8a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3478f39-6d21-4e97-8502-4c341ee01a7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.352676Z", + "modified": "2024-11-27T00:22:10.352676Z", + "name": "CVE-2024-50363", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"mp_apply\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50363" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a34ede6d-1dbc-469b-b80a-d3d7c12d0978.json b/objects/vulnerability/vulnerability--a34ede6d-1dbc-469b-b80a-d3d7c12d0978.json new file mode 100644 index 00000000000..2fd0f793753 --- /dev/null +++ b/objects/vulnerability/vulnerability--a34ede6d-1dbc-469b-b80a-d3d7c12d0978.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--420cd55e-3132-4e54-885c-e41c76ab53c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a34ede6d-1dbc-469b-b80a-d3d7c12d0978", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.541688Z", + "modified": "2024-11-27T00:22:10.541688Z", + "name": "CVE-2024-11708", + "description": "Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11708" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6901828-6691-4a38-8d57-56f3375f005c.json b/objects/vulnerability/vulnerability--a6901828-6691-4a38-8d57-56f3375f005c.json new file mode 100644 index 00000000000..53721fe6dc2 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6901828-6691-4a38-8d57-56f3375f005c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c4fb930-4e45-4bce-8738-0c9afa81f714", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6901828-6691-4a38-8d57-56f3375f005c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.457004Z", + "modified": "2024-11-27T00:22:12.457004Z", + "name": "CVE-2024-6476", + "description": "Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. \n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9a5fbf0-3865-480f-932e-b780fb1473b1.json b/objects/vulnerability/vulnerability--a9a5fbf0-3865-480f-932e-b780fb1473b1.json new file mode 100644 index 00000000000..3efeb48a9c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9a5fbf0-3865-480f-932e-b780fb1473b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2f7ea25-5dcf-40f3-8762-ee65dba2ab92", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9a5fbf0-3865-480f-932e-b780fb1473b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.784276Z", + "modified": "2024-11-27T00:22:11.784276Z", + "name": "CVE-2024-36249", + "description": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9ff0e7c-b042-4773-a752-475aac83887e.json b/objects/vulnerability/vulnerability--a9ff0e7c-b042-4773-a752-475aac83887e.json new file mode 100644 index 00000000000..9f847f160ee --- /dev/null +++ b/objects/vulnerability/vulnerability--a9ff0e7c-b042-4773-a752-475aac83887e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1fe58d71-a51a-4015-b0aa-1a29b79cdd56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9ff0e7c-b042-4773-a752-475aac83887e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:18.785728Z", + "modified": "2024-11-27T00:22:18.785728Z", + "name": "CVE-2019-17082", + "description": "Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP Integration allows Authentication Bypass. The vulnerability could allow \n\na valid AccuRev username to gain access to AccuRev source control without knowing the user’s password.\n\nThis issue affects AccuRev for LDAP Integration: 2017.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2019-17082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2a3ee8d-aa45-45a3-9462-479e10b1ea53.json b/objects/vulnerability/vulnerability--b2a3ee8d-aa45-45a3-9462-479e10b1ea53.json new file mode 100644 index 00000000000..e7368ca6d67 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2a3ee8d-aa45-45a3-9462-479e10b1ea53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ee97d19-40e8-46e6-ab6f-695fca7c2d98", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2a3ee8d-aa45-45a3-9462-479e10b1ea53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.139718Z", + "modified": "2024-11-27T00:22:10.139718Z", + "name": "CVE-2024-9504", + "description": "The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2f10494-e956-4c9e-bca2-085f76b11715.json b/objects/vulnerability/vulnerability--b2f10494-e956-4c9e-bca2-085f76b11715.json new file mode 100644 index 00000000000..02c14820a20 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2f10494-e956-4c9e-bca2-085f76b11715.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6848bbd7-1fac-4c65-acb1-4d7b68d8f728", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2f10494-e956-4c9e-bca2-085f76b11715", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.496081Z", + "modified": "2024-11-27T00:22:11.496081Z", + "name": "CVE-2024-49351", + "description": "IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b866cd19-c33a-46d4-a1e8-e90b255ca567.json b/objects/vulnerability/vulnerability--b866cd19-c33a-46d4-a1e8-e90b255ca567.json new file mode 100644 index 00000000000..6349d28e766 --- /dev/null +++ b/objects/vulnerability/vulnerability--b866cd19-c33a-46d4-a1e8-e90b255ca567.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5cc351a-1dd0-441c-80af-e391fc7b4505", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b866cd19-c33a-46d4-a1e8-e90b255ca567", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.606717Z", + "modified": "2024-11-27T00:22:10.606717Z", + "name": "CVE-2024-11668", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11668" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9a0f2cc-0d65-422a-8933-9579a68b55d1.json b/objects/vulnerability/vulnerability--b9a0f2cc-0d65-422a-8933-9579a68b55d1.json new file mode 100644 index 00000000000..44f00d5708a --- /dev/null +++ b/objects/vulnerability/vulnerability--b9a0f2cc-0d65-422a-8933-9579a68b55d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80c63a27-05ee-4c5f-b2b6-a3a95383b2d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9a0f2cc-0d65-422a-8933-9579a68b55d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.578347Z", + "modified": "2024-11-27T00:22:10.578347Z", + "name": "CVE-2024-11818", + "description": "A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9e56a5b-b42c-4410-8b19-c94c32747f02.json b/objects/vulnerability/vulnerability--b9e56a5b-b42c-4410-8b19-c94c32747f02.json new file mode 100644 index 00000000000..69c9678e66b --- /dev/null +++ b/objects/vulnerability/vulnerability--b9e56a5b-b42c-4410-8b19-c94c32747f02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd11df90-01d2-4d38-b9b9-b4a42b748c60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9e56a5b-b42c-4410-8b19-c94c32747f02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.308367Z", + "modified": "2024-11-27T00:22:10.308367Z", + "name": "CVE-2024-50372", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"backup_config_to_utility\" operation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50372" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bacd47e9-4480-4662-be2f-8f1a3a2e2130.json b/objects/vulnerability/vulnerability--bacd47e9-4480-4662-be2f-8f1a3a2e2130.json new file mode 100644 index 00000000000..d98bb3c2f16 --- /dev/null +++ b/objects/vulnerability/vulnerability--bacd47e9-4480-4662-be2f-8f1a3a2e2130.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f356cc9e-cf6b-43d8-b977-1804ef9b1503", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bacd47e9-4480-4662-be2f-8f1a3a2e2130", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:23.866303Z", + "modified": "2024-11-27T00:22:23.866303Z", + "name": "CVE-2018-11952", + "description": "An image with a version lower than the fuse version may potentially be booted lead to improper authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-11952" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf2921ac-3869-4022-bae3-2bc5508e1366.json b/objects/vulnerability/vulnerability--bf2921ac-3869-4022-bae3-2bc5508e1366.json new file mode 100644 index 00000000000..5658acf3a6d --- /dev/null +++ b/objects/vulnerability/vulnerability--bf2921ac-3869-4022-bae3-2bc5508e1366.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--525d091f-cfaf-45ed-96ac-792492ded7d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf2921ac-3869-4022-bae3-2bc5508e1366", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.855297Z", + "modified": "2024-11-27T00:22:10.855297Z", + "name": "CVE-2024-53278", + "description": "Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfb268c7-827f-4b5b-a92e-e09dbea5a79f.json b/objects/vulnerability/vulnerability--bfb268c7-827f-4b5b-a92e-e09dbea5a79f.json new file mode 100644 index 00000000000..0fa0b1229a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfb268c7-827f-4b5b-a92e-e09dbea5a79f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e698ab97-9152-462f-ac2f-f7a45deca5db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfb268c7-827f-4b5b-a92e-e09dbea5a79f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.230214Z", + "modified": "2024-11-27T00:22:10.230214Z", + "name": "CVE-2024-47257", + "description": "Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. \nAxis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47257" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfbd3bb8-27b9-41fd-b84a-cb8ca63cc249.json b/objects/vulnerability/vulnerability--bfbd3bb8-27b9-41fd-b84a-cb8ca63cc249.json new file mode 100644 index 00000000000..09c8af3ccee --- /dev/null +++ b/objects/vulnerability/vulnerability--bfbd3bb8-27b9-41fd-b84a-cb8ca63cc249.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6e34558-bdb1-4165-990e-4f5ff94afd38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfbd3bb8-27b9-41fd-b84a-cb8ca63cc249", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.295429Z", + "modified": "2024-11-27T00:22:10.295429Z", + "name": "CVE-2024-50375", + "description": "A CWE-306 \"Missing Authentication for Critical Function\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50375" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfee874c-38ae-49c3-8213-c6053ac078ed.json b/objects/vulnerability/vulnerability--bfee874c-38ae-49c3-8213-c6053ac078ed.json new file mode 100644 index 00000000000..580a2ac7302 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfee874c-38ae-49c3-8213-c6053ac078ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--005f5b46-69ec-47b1-9c4d-996ab3407992", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfee874c-38ae-49c3-8213-c6053ac078ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.490058Z", + "modified": "2024-11-27T00:22:11.490058Z", + "name": "CVE-2024-49052", + "description": "Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4916218-5077-446a-be4a-0ab72d85abe6.json b/objects/vulnerability/vulnerability--c4916218-5077-446a-be4a-0ab72d85abe6.json new file mode 100644 index 00000000000..49f15ebb586 --- /dev/null +++ b/objects/vulnerability/vulnerability--c4916218-5077-446a-be4a-0ab72d85abe6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4263331a-7338-4611-ba30-72dbe3b7b58e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4916218-5077-446a-be4a-0ab72d85abe6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.585854Z", + "modified": "2024-11-27T00:22:10.585854Z", + "name": "CVE-2024-11676", + "description": "A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4b9ba42-40ee-46f3-8a0f-274ca61ffa9c.json b/objects/vulnerability/vulnerability--c4b9ba42-40ee-46f3-8a0f-274ca61ffa9c.json new file mode 100644 index 00000000000..4876c8993f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c4b9ba42-40ee-46f3-8a0f-274ca61ffa9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff4b8615-9f25-448a-8c07-d69228ac36ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4b9ba42-40ee-46f3-8a0f-274ca61ffa9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.32334Z", + "modified": "2024-11-27T00:22:10.32334Z", + "name": "CVE-2024-50366", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"applications_apply\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c65daae5-c30e-42e3-a8eb-673e268d3b7b.json b/objects/vulnerability/vulnerability--c65daae5-c30e-42e3-a8eb-673e268d3b7b.json new file mode 100644 index 00000000000..96bef34406f --- /dev/null +++ b/objects/vulnerability/vulnerability--c65daae5-c30e-42e3-a8eb-673e268d3b7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c87d7a71-9c20-4830-a158-50eb0eb8acf9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c65daae5-c30e-42e3-a8eb-673e268d3b7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.527647Z", + "modified": "2024-11-27T00:22:10.527647Z", + "name": "CVE-2024-11192", + "description": "The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11192" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb1736a6-de81-42f4-9565-a1a2beae8f7f.json b/objects/vulnerability/vulnerability--cb1736a6-de81-42f4-9565-a1a2beae8f7f.json new file mode 100644 index 00000000000..4126d7decff --- /dev/null +++ b/objects/vulnerability/vulnerability--cb1736a6-de81-42f4-9565-a1a2beae8f7f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a53eef1b-96bb-4534-90ca-e790a6af94ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb1736a6-de81-42f4-9565-a1a2beae8f7f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.114707Z", + "modified": "2024-11-27T00:22:10.114707Z", + "name": "CVE-2024-9928", + "description": "A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could\ncause account takeover and unauthorized access to the system\nwhen an attacker conducts brute-force attacks against the\nequipment login. Note that the system supports only one concurrent session and implements a delay of more than a second\nbetween failed login attempts making it difficult to automate the\nattacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9928" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb3af460-6272-41b6-921d-c0744584d29d.json b/objects/vulnerability/vulnerability--cb3af460-6272-41b6-921d-c0744584d29d.json new file mode 100644 index 00000000000..226f47ef167 --- /dev/null +++ b/objects/vulnerability/vulnerability--cb3af460-6272-41b6-921d-c0744584d29d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89bf944d-14d6-4376-b28a-c9c1450319f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb3af460-6272-41b6-921d-c0744584d29d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.597102Z", + "modified": "2024-11-27T00:22:10.597102Z", + "name": "CVE-2024-11669", + "description": "An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb63fb26-740f-4b4e-b33f-2bc4e7cafb16.json b/objects/vulnerability/vulnerability--cb63fb26-740f-4b4e-b33f-2bc4e7cafb16.json new file mode 100644 index 00000000000..8b28b17dfb6 --- /dev/null +++ b/objects/vulnerability/vulnerability--cb63fb26-740f-4b4e-b33f-2bc4e7cafb16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4fd6ab8-f2bf-4c09-92ac-57f97014cc90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb63fb26-740f-4b4e-b33f-2bc4e7cafb16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.146516Z", + "modified": "2024-11-27T00:22:10.146516Z", + "name": "CVE-2024-9461", + "description": "The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb843002-5fdd-4ae2-b50b-5c8f4a413f32.json b/objects/vulnerability/vulnerability--cb843002-5fdd-4ae2-b50b-5c8f4a413f32.json new file mode 100644 index 00000000000..2154c10a54e --- /dev/null +++ b/objects/vulnerability/vulnerability--cb843002-5fdd-4ae2-b50b-5c8f4a413f32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1359e7c6-1992-4214-8a91-da62e1bc24a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb843002-5fdd-4ae2-b50b-5c8f4a413f32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.305145Z", + "modified": "2024-11-27T00:22:10.305145Z", + "name": "CVE-2024-50373", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"restore_config_from_utility\" operation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50373" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc6fa055-4678-4306-bf8e-d9452f2907aa.json b/objects/vulnerability/vulnerability--cc6fa055-4678-4306-bf8e-d9452f2907aa.json new file mode 100644 index 00000000000..05caf9d0371 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc6fa055-4678-4306-bf8e-d9452f2907aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74fbbf2d-d0de-4e98-a80f-009314e2d217", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc6fa055-4678-4306-bf8e-d9452f2907aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.337738Z", + "modified": "2024-11-27T00:22:10.337738Z", + "name": "CVE-2024-50358", + "description": "A CWE-15 \"External Control of System or Configuration Setting\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50358" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd615707-c1ff-4410-b26b-c23480cf41a2.json b/objects/vulnerability/vulnerability--cd615707-c1ff-4410-b26b-c23480cf41a2.json new file mode 100644 index 00000000000..df7c8373c81 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd615707-c1ff-4410-b26b-c23480cf41a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d92490fd-374a-44dd-bd57-5fb424935d43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd615707-c1ff-4410-b26b-c23480cf41a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.049807Z", + "modified": "2024-11-27T00:22:10.049807Z", + "name": "CVE-2024-10542", + "description": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cdf447a2-ff15-4f04-8be7-8c6c4ccfa555.json b/objects/vulnerability/vulnerability--cdf447a2-ff15-4f04-8be7-8c6c4ccfa555.json new file mode 100644 index 00000000000..6eca44a4290 --- /dev/null +++ b/objects/vulnerability/vulnerability--cdf447a2-ff15-4f04-8be7-8c6c4ccfa555.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bcace8ed-417b-49a7-8a9f-d2912b92f1ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cdf447a2-ff15-4f04-8be7-8c6c4ccfa555", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.88354Z", + "modified": "2024-11-27T00:22:10.88354Z", + "name": "CVE-2024-53620", + "description": "A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce514050-7f71-4447-a876-efea371350d6.json b/objects/vulnerability/vulnerability--ce514050-7f71-4447-a876-efea371350d6.json new file mode 100644 index 00000000000..09c89e7600a --- /dev/null +++ b/objects/vulnerability/vulnerability--ce514050-7f71-4447-a876-efea371350d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f382dc3a-11bf-4fce-bdf1-f1bae7c6724c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce514050-7f71-4447-a876-efea371350d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.082122Z", + "modified": "2024-11-27T00:22:10.082122Z", + "name": "CVE-2024-10240", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cec2cce7-652d-44dd-ae4b-21397d900745.json b/objects/vulnerability/vulnerability--cec2cce7-652d-44dd-ae4b-21397d900745.json new file mode 100644 index 00000000000..2d5c2ea18aa --- /dev/null +++ b/objects/vulnerability/vulnerability--cec2cce7-652d-44dd-ae4b-21397d900745.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4db127f-669e-47b9-84d9-44bca891dc54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cec2cce7-652d-44dd-ae4b-21397d900745", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.842499Z", + "modified": "2024-11-27T00:22:10.842499Z", + "name": "CVE-2024-53844", + "description": "E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attacker to access sensitive files on the server by manipulating the `botFilename` parameter in requests. The application fails to sanitize user input, enabling malicious inputs such as `..%2f..%2fetc%2fpasswd` to access arbitrary files. However, the **severity of this vulnerability is significantly limited** because EDDI typically runs within a **Docker container**, which provides additional layers of isolation and restricted permissions. As a result, while this vulnerability exposes files within the container, it does not inherently threaten the underlying host system or other containers. A patch is required to sanitize and validate the botFilename input parameter. Users should ensure they are using version 5.4 which contains this patdch. For temporary mitigation, access to the vulnerable endpoint should be restricted through firewall rules or authentication mechanisms.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53844" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf6e6003-2afb-4206-b5be-8d27474a9e26.json b/objects/vulnerability/vulnerability--cf6e6003-2afb-4206-b5be-8d27474a9e26.json new file mode 100644 index 00000000000..a176deb4255 --- /dev/null +++ b/objects/vulnerability/vulnerability--cf6e6003-2afb-4206-b5be-8d27474a9e26.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbb0050d-294a-4a86-b171-37dfea9ac9c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf6e6003-2afb-4206-b5be-8d27474a9e26", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.542715Z", + "modified": "2024-11-27T00:22:10.542715Z", + "name": "CVE-2024-11699", + "description": "Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfc36348-91fb-4184-956f-58f022c78f21.json b/objects/vulnerability/vulnerability--cfc36348-91fb-4184-956f-58f022c78f21.json new file mode 100644 index 00000000000..eb13adac4c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfc36348-91fb-4184-956f-58f022c78f21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3aa5af27-913c-4aa2-8e61-64a48660f39b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfc36348-91fb-4184-956f-58f022c78f21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.280753Z", + "modified": "2024-11-27T00:22:10.280753Z", + "name": "CVE-2024-50377", + "description": "A CWE-798 \"Use of Hard-coded Credentials\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50377" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0739e48-af99-46a3-b75e-672cbb3a3a16.json b/objects/vulnerability/vulnerability--d0739e48-af99-46a3-b75e-672cbb3a3a16.json new file mode 100644 index 00000000000..7f8167a5d3d --- /dev/null +++ b/objects/vulnerability/vulnerability--d0739e48-af99-46a3-b75e-672cbb3a3a16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61776066-3796-43ff-bb71-4509d52d24a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0739e48-af99-46a3-b75e-672cbb3a3a16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.574813Z", + "modified": "2024-11-27T00:22:10.574813Z", + "name": "CVE-2024-11680", + "description": "ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d223796f-038d-447b-abf3-c6fb929d926e.json b/objects/vulnerability/vulnerability--d223796f-038d-447b-abf3-c6fb929d926e.json new file mode 100644 index 00000000000..19ddcc6787a --- /dev/null +++ b/objects/vulnerability/vulnerability--d223796f-038d-447b-abf3-c6fb929d926e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8349355e-738f-4adf-9074-d74f41cd456e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d223796f-038d-447b-abf3-c6fb929d926e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.572026Z", + "modified": "2024-11-27T00:22:10.572026Z", + "name": "CVE-2024-11202", + "description": "Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11202" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d26c3c5f-eb02-4e37-ba26-4c3b6128ac1d.json b/objects/vulnerability/vulnerability--d26c3c5f-eb02-4e37-ba26-4c3b6128ac1d.json new file mode 100644 index 00000000000..d7178795804 --- /dev/null +++ b/objects/vulnerability/vulnerability--d26c3c5f-eb02-4e37-ba26-4c3b6128ac1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2968f5f-caef-49b7-9726-8c432c571093", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d26c3c5f-eb02-4e37-ba26-4c3b6128ac1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.916026Z", + "modified": "2024-11-27T00:22:10.916026Z", + "name": "CVE-2024-8177", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d34449b8-ff51-4721-bc8d-165c3f8cb0f7.json b/objects/vulnerability/vulnerability--d34449b8-ff51-4721-bc8d-165c3f8cb0f7.json new file mode 100644 index 00000000000..d7e5c10f21d --- /dev/null +++ b/objects/vulnerability/vulnerability--d34449b8-ff51-4721-bc8d-165c3f8cb0f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea3c3b36-d917-494d-ae0e-af365bdcca9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d34449b8-ff51-4721-bc8d-165c3f8cb0f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.940421Z", + "modified": "2024-11-27T00:22:10.940421Z", + "name": "CVE-2024-8237", + "description": "A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3fa664c-886e-404a-8a66-09c630ec7768.json b/objects/vulnerability/vulnerability--d3fa664c-886e-404a-8a66-09c630ec7768.json new file mode 100644 index 00000000000..bbd7eda0dc1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3fa664c-886e-404a-8a66-09c630ec7768.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81a9aab6-676e-446f-bd24-a0078ef3072b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3fa664c-886e-404a-8a66-09c630ec7768", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.559281Z", + "modified": "2024-11-27T00:22:10.559281Z", + "name": "CVE-2024-11706", + "description": "A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11706" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4a12959-5069-4f94-8b81-96c3f1b78811.json b/objects/vulnerability/vulnerability--d4a12959-5069-4f94-8b81-96c3f1b78811.json new file mode 100644 index 00000000000..e0ffc34f166 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4a12959-5069-4f94-8b81-96c3f1b78811.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00aff360-22b8-464c-bd43-3150acdcc1e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4a12959-5069-4f94-8b81-96c3f1b78811", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.51553Z", + "modified": "2024-11-27T00:22:11.51553Z", + "name": "CVE-2024-49597", + "description": "Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4fdcd01-9416-46ef-8b1a-abe4241c7974.json b/objects/vulnerability/vulnerability--d4fdcd01-9416-46ef-8b1a-abe4241c7974.json new file mode 100644 index 00000000000..23394c704a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4fdcd01-9416-46ef-8b1a-abe4241c7974.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21bfd0bb-0b59-419e-92af-f4d73eac1f5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4fdcd01-9416-46ef-8b1a-abe4241c7974", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.977431Z", + "modified": "2024-11-27T00:22:10.977431Z", + "name": "CVE-2024-38833", + "description": "VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38833" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d658bdbf-9182-473b-9a4a-2820de4645a9.json b/objects/vulnerability/vulnerability--d658bdbf-9182-473b-9a4a-2820de4645a9.json new file mode 100644 index 00000000000..a94bcc34664 --- /dev/null +++ b/objects/vulnerability/vulnerability--d658bdbf-9182-473b-9a4a-2820de4645a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1834ae6e-5bf6-47bf-8681-fe25358cbd0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d658bdbf-9182-473b-9a4a-2820de4645a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.286032Z", + "modified": "2024-11-27T00:22:10.286032Z", + "name": "CVE-2024-50371", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"wlan_scan\" operation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d749a406-7a92-4b7b-826b-80b8c32a1115.json b/objects/vulnerability/vulnerability--d749a406-7a92-4b7b-826b-80b8c32a1115.json new file mode 100644 index 00000000000..a45d699e7ef --- /dev/null +++ b/objects/vulnerability/vulnerability--d749a406-7a92-4b7b-826b-80b8c32a1115.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbfa2b3b-8604-4794-ba44-d4814a058dd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d749a406-7a92-4b7b-826b-80b8c32a1115", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.872883Z", + "modified": "2024-11-27T00:22:10.872883Z", + "name": "CVE-2024-53555", + "description": "A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53555" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da53f9f6-e70c-4d03-8e01-d67e739d9d07.json b/objects/vulnerability/vulnerability--da53f9f6-e70c-4d03-8e01-d67e739d9d07.json new file mode 100644 index 00000000000..f8f2e1aa511 --- /dev/null +++ b/objects/vulnerability/vulnerability--da53f9f6-e70c-4d03-8e01-d67e739d9d07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b786c5b6-89a3-4aef-a328-857f57119192", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da53f9f6-e70c-4d03-8e01-d67e739d9d07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.075415Z", + "modified": "2024-11-27T00:22:09.075415Z", + "name": "CVE-2017-17772", + "description": "In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-17772" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da6964d0-9286-4ce3-b57b-3fdb1f9f5a97.json b/objects/vulnerability/vulnerability--da6964d0-9286-4ce3-b57b-3fdb1f9f5a97.json new file mode 100644 index 00000000000..d99c964ac5a --- /dev/null +++ b/objects/vulnerability/vulnerability--da6964d0-9286-4ce3-b57b-3fdb1f9f5a97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5498db7b-cf54-4f66-a85d-4a8337f91efa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da6964d0-9286-4ce3-b57b-3fdb1f9f5a97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.596804Z", + "modified": "2024-11-27T00:22:11.596804Z", + "name": "CVE-2024-49035", + "description": "An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49035" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da8d949e-6306-47cf-8ca0-7c139bad73f5.json b/objects/vulnerability/vulnerability--da8d949e-6306-47cf-8ca0-7c139bad73f5.json new file mode 100644 index 00000000000..51750f4ae27 --- /dev/null +++ b/objects/vulnerability/vulnerability--da8d949e-6306-47cf-8ca0-7c139bad73f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfdfe39e-24ea-4c71-ad87-e6c1de6d6b4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da8d949e-6306-47cf-8ca0-7c139bad73f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.891078Z", + "modified": "2024-11-27T00:22:10.891078Z", + "name": "CVE-2024-53619", + "description": "An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbed5476-e203-402b-9b0e-945fd5ed0788.json b/objects/vulnerability/vulnerability--dbed5476-e203-402b-9b0e-945fd5ed0788.json new file mode 100644 index 00000000000..10b8b05964a --- /dev/null +++ b/objects/vulnerability/vulnerability--dbed5476-e203-402b-9b0e-945fd5ed0788.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b09f11f-e1c5-45ab-8fff-ee2ee7d5a5bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbed5476-e203-402b-9b0e-945fd5ed0788", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.567561Z", + "modified": "2024-11-27T00:22:10.567561Z", + "name": "CVE-2024-11697", + "description": "When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11697" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--def4af2a-9cac-4e4e-9d63-b87d4ec56dac.json b/objects/vulnerability/vulnerability--def4af2a-9cac-4e4e-9d63-b87d4ec56dac.json new file mode 100644 index 00000000000..53787c71035 --- /dev/null +++ b/objects/vulnerability/vulnerability--def4af2a-9cac-4e4e-9d63-b87d4ec56dac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee38d70a-1150-4ab5-9f96-1b25edeffc90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--def4af2a-9cac-4e4e-9d63-b87d4ec56dac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:08.991668Z", + "modified": "2024-11-27T00:22:08.991668Z", + "name": "CVE-2017-18307", + "description": "Information disclosure possible while audio playback.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-18307" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1a7a338-3c29-4694-845b-fe82271c6081.json b/objects/vulnerability/vulnerability--e1a7a338-3c29-4694-845b-fe82271c6081.json new file mode 100644 index 00000000000..b123d175ebd --- /dev/null +++ b/objects/vulnerability/vulnerability--e1a7a338-3c29-4694-845b-fe82271c6081.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3ecbc66-69cc-4c72-9443-64c3af2b9e6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1a7a338-3c29-4694-845b-fe82271c6081", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.019693Z", + "modified": "2024-11-27T00:22:11.019693Z", + "name": "CVE-2024-38832", + "description": "VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e314b93a-bc90-4fb6-aec4-ce0bd3aaa709.json b/objects/vulnerability/vulnerability--e314b93a-bc90-4fb6-aec4-ce0bd3aaa709.json new file mode 100644 index 00000000000..1f4aff3eb89 --- /dev/null +++ b/objects/vulnerability/vulnerability--e314b93a-bc90-4fb6-aec4-ce0bd3aaa709.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--671db70c-9390-4e01-b2b9-559df3ad303d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e314b93a-bc90-4fb6-aec4-ce0bd3aaa709", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.959813Z", + "modified": "2024-11-27T00:22:10.959813Z", + "name": "CVE-2024-8236", + "description": "The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5484002-4bdc-4522-956b-b883a7f54be6.json b/objects/vulnerability/vulnerability--e5484002-4bdc-4522-956b-b883a7f54be6.json new file mode 100644 index 00000000000..8392a9b952c --- /dev/null +++ b/objects/vulnerability/vulnerability--e5484002-4bdc-4522-956b-b883a7f54be6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84fe4e03-c76d-4d7a-aef9-a13846f18fa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5484002-4bdc-4522-956b-b883a7f54be6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.577201Z", + "modified": "2024-11-27T00:22:10.577201Z", + "name": "CVE-2024-11743", + "description": "A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11743" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5a22087-74d0-4026-aeb3-a11fb883dac5.json b/objects/vulnerability/vulnerability--e5a22087-74d0-4026-aeb3-a11fb883dac5.json new file mode 100644 index 00000000000..bd4cc335e3f --- /dev/null +++ b/objects/vulnerability/vulnerability--e5a22087-74d0-4026-aeb3-a11fb883dac5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70394003-1fe6-4b79-a3ce-e1dfe31686ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5a22087-74d0-4026-aeb3-a11fb883dac5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.349873Z", + "modified": "2024-11-27T00:22:10.349873Z", + "name": "CVE-2024-50376", + "description": "A CWE-79 \"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50376" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5f97305-bd99-489f-bce3-ccbf303530de.json b/objects/vulnerability/vulnerability--e5f97305-bd99-489f-bce3-ccbf303530de.json new file mode 100644 index 00000000000..76bad17fe94 --- /dev/null +++ b/objects/vulnerability/vulnerability--e5f97305-bd99-489f-bce3-ccbf303530de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af318642-2440-401f-a805-0c3c1f260a01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5f97305-bd99-489f-bce3-ccbf303530de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.858875Z", + "modified": "2024-11-27T00:22:10.858875Z", + "name": "CVE-2024-53674", + "description": "An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea7c7edd-0000-44bc-8844-f09c3156f709.json b/objects/vulnerability/vulnerability--ea7c7edd-0000-44bc-8844-f09c3156f709.json new file mode 100644 index 00000000000..3684c6d9753 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea7c7edd-0000-44bc-8844-f09c3156f709.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--519af105-b87b-431f-8c62-497190599831", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea7c7edd-0000-44bc-8844-f09c3156f709", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:21.32016Z", + "modified": "2024-11-27T00:22:21.32016Z", + "name": "CVE-2023-0163", + "description": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict.\n\nThis allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash.\n\n\nThe main use case of Convict is for handling server-side \nconfigurations written by the admins owning the servers, and not random \nusers. So it's unlikely that an admin would deliberately sabotage their \nown server. Still, a situation can happen where an admin not \nknowledgeable about JavaScript could be tricked by an attacker into \nwriting the malicious JavaScript code into some config files.\n\n\n\nThis issue affects Convict: before 6.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-0163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eaa4bd72-14c6-4087-8395-9e15a1368d2c.json b/objects/vulnerability/vulnerability--eaa4bd72-14c6-4087-8395-9e15a1368d2c.json new file mode 100644 index 00000000000..4a811d99729 --- /dev/null +++ b/objects/vulnerability/vulnerability--eaa4bd72-14c6-4087-8395-9e15a1368d2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df4ee99c-249c-4de4-bf51-e21dd28661bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eaa4bd72-14c6-4087-8395-9e15a1368d2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:21.389894Z", + "modified": "2024-11-27T00:22:21.389894Z", + "name": "CVE-2023-1521", + "description": "On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.\n\n\nIf the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-1521" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb70b4e6-119b-41a5-b1cd-7979609e938d.json b/objects/vulnerability/vulnerability--eb70b4e6-119b-41a5-b1cd-7979609e938d.json new file mode 100644 index 00000000000..6eda9c35821 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb70b4e6-119b-41a5-b1cd-7979609e938d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c638dbd-f3c0-4465-ab27-243de1be0bf9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb70b4e6-119b-41a5-b1cd-7979609e938d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.39642Z", + "modified": "2024-11-27T00:22:12.39642Z", + "name": "CVE-2024-43784", + "description": "lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebdccf98-d666-4172-8c3e-6920a373cb34.json b/objects/vulnerability/vulnerability--ebdccf98-d666-4172-8c3e-6920a373cb34.json new file mode 100644 index 00000000000..93a90edd549 --- /dev/null +++ b/objects/vulnerability/vulnerability--ebdccf98-d666-4172-8c3e-6920a373cb34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30625aea-274e-46ec-a51a-875822ae481d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebdccf98-d666-4172-8c3e-6920a373cb34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.5895Z", + "modified": "2024-11-27T00:22:10.5895Z", + "name": "CVE-2024-11418", + "description": "The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec9f1a40-7b7e-4e9f-b480-c4eb25bbecf8.json b/objects/vulnerability/vulnerability--ec9f1a40-7b7e-4e9f-b480-c4eb25bbecf8.json new file mode 100644 index 00000000000..9a7093d9629 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec9f1a40-7b7e-4e9f-b480-c4eb25bbecf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b5b2014-7add-4d58-aff5-91aa21bb2a59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec9f1a40-7b7e-4e9f-b480-c4eb25bbecf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.930141Z", + "modified": "2024-11-27T00:22:10.930141Z", + "name": "CVE-2024-8772", + "description": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8772" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed7891b8-fc06-4f56-8ba5-d55a6a803b13.json b/objects/vulnerability/vulnerability--ed7891b8-fc06-4f56-8ba5-d55a6a803b13.json new file mode 100644 index 00000000000..d99baaf9c71 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed7891b8-fc06-4f56-8ba5-d55a6a803b13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08028f8a-3b56-4f9f-9cf8-d7d2ac25ba81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed7891b8-fc06-4f56-8ba5-d55a6a803b13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.815612Z", + "modified": "2024-11-27T00:22:10.815612Z", + "name": "CVE-2024-33610", + "description": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users' session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed9c4ba4-a968-4478-a7be-400827c47625.json b/objects/vulnerability/vulnerability--ed9c4ba4-a968-4478-a7be-400827c47625.json new file mode 100644 index 00000000000..07eefe7062a --- /dev/null +++ b/objects/vulnerability/vulnerability--ed9c4ba4-a968-4478-a7be-400827c47625.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ecbf66d-0166-4bcb-b104-e591e1af4028", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed9c4ba4-a968-4478-a7be-400827c47625", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.350934Z", + "modified": "2024-11-27T00:22:10.350934Z", + "name": "CVE-2024-50362", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"connection_profile_apply\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f236c037-87e4-4fb6-a5a8-a9936436184a.json b/objects/vulnerability/vulnerability--f236c037-87e4-4fb6-a5a8-a9936436184a.json new file mode 100644 index 00000000000..7c98810f479 --- /dev/null +++ b/objects/vulnerability/vulnerability--f236c037-87e4-4fb6-a5a8-a9936436184a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e3a1899-474c-49f1-a11b-83edddbebc30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f236c037-87e4-4fb6-a5a8-a9936436184a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.557757Z", + "modified": "2024-11-27T00:22:10.557757Z", + "name": "CVE-2024-11692", + "description": "An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11692" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f34d9260-b3ae-4d85-b664-de7f16117832.json b/objects/vulnerability/vulnerability--f34d9260-b3ae-4d85-b664-de7f16117832.json new file mode 100644 index 00000000000..d070ecc2538 --- /dev/null +++ b/objects/vulnerability/vulnerability--f34d9260-b3ae-4d85-b664-de7f16117832.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db356262-ab73-41ae-a65e-4f01105d0dd1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f34d9260-b3ae-4d85-b664-de7f16117832", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.131032Z", + "modified": "2024-11-27T00:22:10.131032Z", + "name": "CVE-2024-9170", + "description": "The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6c48afa-c475-416b-b2b6-992431ab9e95.json b/objects/vulnerability/vulnerability--f6c48afa-c475-416b-b2b6-992431ab9e95.json new file mode 100644 index 00000000000..59c9f4772b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6c48afa-c475-416b-b2b6-992431ab9e95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--714faddd-3ce9-453e-a3c1-002ee25df6cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6c48afa-c475-416b-b2b6-992431ab9e95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.294231Z", + "modified": "2024-11-27T00:22:10.294231Z", + "name": "CVE-2024-50368", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"basic_htm\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f991728a-b290-471b-ace0-530b02b32f86.json b/objects/vulnerability/vulnerability--f991728a-b290-471b-ace0-530b02b32f86.json new file mode 100644 index 00000000000..9a5f43316aa --- /dev/null +++ b/objects/vulnerability/vulnerability--f991728a-b290-471b-ace0-530b02b32f86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f85b2db5-3208-40c8-aa86-4c563e22bab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f991728a-b290-471b-ace0-530b02b32f86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.185419Z", + "modified": "2024-11-27T00:22:09.185419Z", + "name": "CVE-2017-15832", + "description": "Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-15832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa07d155-4f60-4b6c-8fdd-bafa64a56cbe.json b/objects/vulnerability/vulnerability--fa07d155-4f60-4b6c-8fdd-bafa64a56cbe.json new file mode 100644 index 00000000000..5c0fabb14a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa07d155-4f60-4b6c-8fdd-bafa64a56cbe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a60d8f26-a25f-4582-b979-bad8303e95f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa07d155-4f60-4b6c-8fdd-bafa64a56cbe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.287056Z", + "modified": "2024-11-27T00:22:10.287056Z", + "name": "CVE-2024-50364", + "description": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"export_log\" API which are not properly sanitized before being concatenated to OS level commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fadb8c87-7339-46d3-9dc7-a8391b8d851d.json b/objects/vulnerability/vulnerability--fadb8c87-7339-46d3-9dc7-a8391b8d851d.json new file mode 100644 index 00000000000..3f5697b0a19 --- /dev/null +++ b/objects/vulnerability/vulnerability--fadb8c87-7339-46d3-9dc7-a8391b8d851d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0740234-b5ea-48c1-bf5d-bf3cb6eb52fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fadb8c87-7339-46d3-9dc7-a8391b8d851d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:09.771213Z", + "modified": "2024-11-27T00:22:09.771213Z", + "name": "CVE-2024-51569", + "description": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc2306af-129d-40a0-a637-cbc3c476f09c.json b/objects/vulnerability/vulnerability--fc2306af-129d-40a0-a637-cbc3c476f09c.json new file mode 100644 index 00000000000..e13ee644092 --- /dev/null +++ b/objects/vulnerability/vulnerability--fc2306af-129d-40a0-a637-cbc3c476f09c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--682e55ae-1389-4bf2-8c28-a6427fd2ab58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc2306af-129d-40a0-a637-cbc3c476f09c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.443215Z", + "modified": "2024-11-27T00:22:12.443215Z", + "name": "CVE-2024-6831", + "description": "Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. \nAxis has released patched versions for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe1d2a62-148d-4d6e-933a-d9beab4702fc.json b/objects/vulnerability/vulnerability--fe1d2a62-148d-4d6e-933a-d9beab4702fc.json new file mode 100644 index 00000000000..67df41334e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe1d2a62-148d-4d6e-933a-d9beab4702fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e392177-c8be-442e-b2d6-42a1bfd9fa0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe1d2a62-148d-4d6e-933a-d9beab4702fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:10.58272Z", + "modified": "2024-11-27T00:22:10.58272Z", + "name": "CVE-2024-11091", + "description": "The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11091" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe20c7f5-9613-4bc7-b9e8-ac6fd3802c73.json b/objects/vulnerability/vulnerability--fe20c7f5-9613-4bc7-b9e8-ac6fd3802c73.json new file mode 100644 index 00000000000..d0ddc8fc007 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe20c7f5-9613-4bc7-b9e8-ac6fd3802c73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f283a4e-2662-41f6-ba76-9d42b40a8984", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe20c7f5-9613-4bc7-b9e8-ac6fd3802c73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:12.251311Z", + "modified": "2024-11-27T00:22:12.251311Z", + "name": "CVE-2024-29978", + "description": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff5ae3da-b246-4237-9186-e6bbbde2a53e.json b/objects/vulnerability/vulnerability--ff5ae3da-b246-4237-9186-e6bbbde2a53e.json new file mode 100644 index 00000000000..5049a1a6064 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff5ae3da-b246-4237-9186-e6bbbde2a53e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d70fba5-6d6b-4930-93bf-498a2ac77fcd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff5ae3da-b246-4237-9186-e6bbbde2a53e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-27T00:22:11.907512Z", + "modified": "2024-11-27T00:22:11.907512Z", + "name": "CVE-2024-32151", + "description": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32151" + } + ] + } + ] +} \ No newline at end of file