diff --git a/mapping.csv b/mapping.csv index 44f69b598b1..c7bfde085cf 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248074,3 +248074,73 @@ vulnerability,CVE-2024-6921,vulnerability--790a6737-335c-4c10-a246-19daeff76bcb vulnerability,CVE-2024-6919,vulnerability--f0b92ad2-40b0-4dbb-a422-de357185a8b4 vulnerability,CVE-2024-6920,vulnerability--66737ef6-33fb-4dfa-9c87-5c0ac5bfe775 vulnerability,CVE-2023-7279,vulnerability--6c1d6026-52a0-43d5-90d1-349216d81186 +vulnerability,CVE-2024-41436,vulnerability--5a2d0f2e-f1a5-4259-bbff-988dcf7ed3f7 +vulnerability,CVE-2024-41435,vulnerability--ce0d7b38-6e87-446e-aa68-5093483209b9 +vulnerability,CVE-2024-41434,vulnerability--a7151ac4-1453-4c54-9fbf-e8939bb17eec +vulnerability,CVE-2024-41433,vulnerability--7679ca98-7495-4b4a-aebb-86761b53be54 +vulnerability,CVE-2024-44809,vulnerability--496bb722-d75f-4274-93d6-3872c0b1b4ad +vulnerability,CVE-2024-44921,vulnerability--6f6b7296-52ac-4e85-b000-8619f0214c48 +vulnerability,CVE-2024-44920,vulnerability--e2dd7d10-b19b-430f-9668-693bf7cdaa18 +vulnerability,CVE-2024-34463,vulnerability--74a8cedb-6a3a-4b88-8d1e-c9a0b37a7a4f +vulnerability,CVE-2024-42057,vulnerability--45b90bba-a9d5-4d3f-8c38-02a257e937f2 +vulnerability,CVE-2024-42903,vulnerability--f6e5191b-5de6-4c6f-81c1-f916870aa48a +vulnerability,CVE-2024-42058,vulnerability--9b25fe7b-3856-49bd-89d0-d2aec5d8d690 +vulnerability,CVE-2024-42991,vulnerability--b37adafa-bd63-4586-9468-b863dc458cb0 +vulnerability,CVE-2024-42061,vulnerability--6bdea516-ad6f-4969-aded-5b6c3cc49c73 +vulnerability,CVE-2024-42902,vulnerability--39a69667-c905-4a8d-9453-152768b8c399 +vulnerability,CVE-2024-42059,vulnerability--7af0d1b7-e102-4497-acec-e5d4b9130c90 +vulnerability,CVE-2024-42904,vulnerability--d33ace75-db65-4628-a6c5-88edb98f9df2 +vulnerability,CVE-2024-42901,vulnerability--f0c0ce13-b93a-4ff1-b215-2056a53951ee +vulnerability,CVE-2024-42060,vulnerability--d960ed86-3c30-412a-9551-8790f45081cd +vulnerability,CVE-2024-38456,vulnerability--7af59fb7-3e85-434e-98c2-92457515b022 +vulnerability,CVE-2024-38811,vulnerability--a0e1b5eb-9339-4cef-b16b-056460e0b5eb +vulnerability,CVE-2024-33663,vulnerability--e14243d3-bb78-41d5-bb74-8fded7bb5414 +vulnerability,CVE-2024-7654,vulnerability--d0d7e8f4-4b3a-46b3-83c9-f019dc74b399 +vulnerability,CVE-2024-7203,vulnerability--874c4386-b959-4cb7-91d7-1a6ba6210436 +vulnerability,CVE-2024-7346,vulnerability--b5823286-2c82-4360-8843-43b8d62a4d66 +vulnerability,CVE-2024-7345,vulnerability--b63ed5e7-7a47-4dde-af7c-ba75f40412a4 +vulnerability,CVE-2024-7261,vulnerability--b87a0fae-0ef0-4270-984e-ec1aa03cb875 +vulnerability,CVE-2024-7970,vulnerability--f84465c7-c184-42ac-b34f-9627b67079c9 +vulnerability,CVE-2024-43412,vulnerability--23de53bc-0495-45a1-99c5-d90b98894bc3 +vulnerability,CVE-2024-43803,vulnerability--973002c9-8857-4425-a32e-fd36a18eb070 +vulnerability,CVE-2024-43413,vulnerability--300f3f18-7203-4f44-97dd-82e194c5e791 +vulnerability,CVE-2024-5412,vulnerability--93592a0e-e8d1-4a1e-b010-bb7455dddb91 +vulnerability,CVE-2024-37136,vulnerability--68038a3e-20f8-4a92-bae0-02b94e8d9fac +vulnerability,CVE-2024-4629,vulnerability--e266e631-5491-4420-bc67-e81c73fefe51 +vulnerability,CVE-2024-4259,vulnerability--1054d4f9-e931-4e4c-bed2-71c6780b5b28 +vulnerability,CVE-2024-8382,vulnerability--cd2a17a1-1ea6-4872-8ce9-1aa903e76c21 +vulnerability,CVE-2024-8389,vulnerability--25e32006-5ca5-4300-948c-48615e020916 +vulnerability,CVE-2024-8362,vulnerability--deb20ca3-d417-43e3-a03a-a1f8b39fc857 +vulnerability,CVE-2024-8383,vulnerability--c3edddac-4ae2-4ca1-b429-5bc745512ec5 +vulnerability,CVE-2024-8381,vulnerability--656be563-0e2d-4691-a0f0-86aa75001387 +vulnerability,CVE-2024-8387,vulnerability--9e5c6d33-f5c9-4db3-baeb-b119d5fc8a2f +vulnerability,CVE-2024-8385,vulnerability--94dfe4f0-d3d6-4e37-a03e-d10e39bb5bfa +vulnerability,CVE-2024-8388,vulnerability--250b90b3-ee18-417a-8660-8d37102a1212 +vulnerability,CVE-2024-8399,vulnerability--1c2078cd-0465-4b74-9bbd-409999679e1f +vulnerability,CVE-2024-8384,vulnerability--d8d59af0-2e62-4981-8248-ae2175065c7c +vulnerability,CVE-2024-8380,vulnerability--bfe10f8f-ad60-4b41-8ee1-37c0a5885969 +vulnerability,CVE-2024-8374,vulnerability--a79d0c05-eebe-45ab-9001-042ecd1b5d01 +vulnerability,CVE-2024-8386,vulnerability--e41d3504-fd3c-48c2-8921-145823d58959 +vulnerability,CVE-2024-3655,vulnerability--1eeacd15-bc20-4c7a-9f60-3661b222fef3 +vulnerability,CVE-2024-45616,vulnerability--ee3e1633-8fa2-4af6-b126-bc6d8df2168e +vulnerability,CVE-2024-45586,vulnerability--33bd66d5-5dca-48fb-98af-16c1e2efa91f +vulnerability,CVE-2024-45587,vulnerability--b2f794d7-42cc-422b-a78c-0d12a4e0a136 +vulnerability,CVE-2024-45615,vulnerability--b61074e0-dcd7-4b7b-919d-168b345f4047 +vulnerability,CVE-2024-45678,vulnerability--3b147ee4-de1d-4b9e-847d-1be0682c8b60 +vulnerability,CVE-2024-45619,vulnerability--18c8f684-1cc1-445a-88a4-2e79aa186b9f +vulnerability,CVE-2024-45390,vulnerability--f840d381-9fbb-46dc-bd3e-43d53fe087d8 +vulnerability,CVE-2024-45617,vulnerability--c823f4bb-d38f-4f8e-903e-b9d2310123e1 +vulnerability,CVE-2024-45310,vulnerability--c2b6f3a3-560e-47d2-9cdc-58996e561f31 +vulnerability,CVE-2024-45620,vulnerability--0b104850-b1c8-452b-87cd-6c8e08472686 +vulnerability,CVE-2024-45391,vulnerability--40d7163a-2405-4813-873c-f23604be5af8 +vulnerability,CVE-2024-45307,vulnerability--a1d884f4-5148-4221-a948-3e45a8154c77 +vulnerability,CVE-2024-45389,vulnerability--0ccfd071-781c-4e90-9c3d-043400c216cc +vulnerability,CVE-2024-45180,vulnerability--d6ee7a9b-6ec1-456b-8818-b5f9fe189bb9 +vulnerability,CVE-2024-45618,vulnerability--f63c9ffb-1484-4493-8b39-5d75d5c8ba02 +vulnerability,CVE-2024-45394,vulnerability--a23b665f-5a9a-46fa-bd87-4cb4a27c999a +vulnerability,CVE-2024-45588,vulnerability--7cf5f20d-9782-410f-bd4d-a5c82c8aea55 +vulnerability,CVE-2024-6473,vulnerability--72b0501e-764d-47ba-8e86-ae9e120cc870 +vulnerability,CVE-2024-6119,vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472 +vulnerability,CVE-2024-6343,vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1 +vulnerability,CVE-2024-6232,vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d +vulnerability,CVE-2023-49233,vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0 diff --git a/objects/vulnerability/vulnerability--0b104850-b1c8-452b-87cd-6c8e08472686.json b/objects/vulnerability/vulnerability--0b104850-b1c8-452b-87cd-6c8e08472686.json new file mode 100644 index 00000000000..3823238bdf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b104850-b1c8-452b-87cd-6c8e08472686.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df16d69f-401b-4ef4-b065-b936006a88ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b104850-b1c8-452b-87cd-6c8e08472686", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.702342Z", + "modified": "2024-09-04T00:19:39.702342Z", + "name": "CVE-2024-45620", + "description": "A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ccfd071-781c-4e90-9c3d-043400c216cc.json b/objects/vulnerability/vulnerability--0ccfd071-781c-4e90-9c3d-043400c216cc.json new file mode 100644 index 00000000000..055ab6c3822 --- /dev/null +++ b/objects/vulnerability/vulnerability--0ccfd071-781c-4e90-9c3d-043400c216cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53d6fc36-57a7-4f8d-890d-70df17b11d58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ccfd071-781c-4e90-9c3d-043400c216cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.71265Z", + "modified": "2024-09-04T00:19:39.71265Z", + "name": "CVE-2024-45389", + "description": "Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to \"clobber\" this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the cross-site scripting vector. Pagefind has tightened this resolution in version 1.1.1 by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1054d4f9-e931-4e4c-bed2-71c6780b5b28.json b/objects/vulnerability/vulnerability--1054d4f9-e931-4e4c-bed2-71c6780b5b28.json new file mode 100644 index 00000000000..fb1ed12fc92 --- /dev/null +++ b/objects/vulnerability/vulnerability--1054d4f9-e931-4e4c-bed2-71c6780b5b28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f778296e-b34e-4b59-91ee-16432046eb0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1054d4f9-e931-4e4c-bed2-71c6780b5b28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.582042Z", + "modified": "2024-09-04T00:19:39.582042Z", + "name": "CVE-2024-4259", + "description": "Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4259" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0.json b/objects/vulnerability/vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0.json new file mode 100644 index 00000000000..2b1fc012477 --- /dev/null +++ b/objects/vulnerability/vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5eeec6e8-dc12-4577-93d2-8bd906dea57c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:41.74514Z", + "modified": "2024-09-04T00:19:41.74514Z", + "name": "CVE-2023-49233", + "description": "Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18c8f684-1cc1-445a-88a4-2e79aa186b9f.json b/objects/vulnerability/vulnerability--18c8f684-1cc1-445a-88a4-2e79aa186b9f.json new file mode 100644 index 00000000000..d95502779a5 --- /dev/null +++ b/objects/vulnerability/vulnerability--18c8f684-1cc1-445a-88a4-2e79aa186b9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69b164f9-bcb9-48d0-abeb-36e9726cc0ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18c8f684-1cc1-445a-88a4-2e79aa186b9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.695204Z", + "modified": "2024-09-04T00:19:39.695204Z", + "name": "CVE-2024-45619", + "description": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c2078cd-0465-4b74-9bbd-409999679e1f.json b/objects/vulnerability/vulnerability--1c2078cd-0465-4b74-9bbd-409999679e1f.json new file mode 100644 index 00000000000..2f637928c97 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c2078cd-0465-4b74-9bbd-409999679e1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb981ee6-0956-4d69-98c6-968f9ed5b216", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c2078cd-0465-4b74-9bbd-409999679e1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.611529Z", + "modified": "2024-09-04T00:19:39.611529Z", + "name": "CVE-2024-8399", + "description": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8399" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1eeacd15-bc20-4c7a-9f60-3661b222fef3.json b/objects/vulnerability/vulnerability--1eeacd15-bc20-4c7a-9f60-3661b222fef3.json new file mode 100644 index 00000000000..18227a94a2e --- /dev/null +++ b/objects/vulnerability/vulnerability--1eeacd15-bc20-4c7a-9f60-3661b222fef3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab051e36-95a3-410e-b4f1-06964308a341", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1eeacd15-bc20-4c7a-9f60-3661b222fef3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.657209Z", + "modified": "2024-09-04T00:19:39.657209Z", + "name": "CVE-2024-3655", + "description": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23de53bc-0495-45a1-99c5-d90b98894bc3.json b/objects/vulnerability/vulnerability--23de53bc-0495-45a1-99c5-d90b98894bc3.json new file mode 100644 index 00000000000..de0fe2750c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--23de53bc-0495-45a1-99c5-d90b98894bc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b17d200c-9ff4-4270-85d8-fdeccf071374", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23de53bc-0495-45a1-99c5-d90b98894bc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.17751Z", + "modified": "2024-09-04T00:19:39.17751Z", + "name": "CVE-2024-43412", + "description": "Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xibo Library via the Generic File module to be referenced on Displays and in Layouts. This is intended functionality. When previewing these resources from the Library and Layout editor they are executed in the users browser. This will be disabled in future releases, and users are encouraged to use the new developer tools in 4.1 to design their widgets which require this type of functionality. This behavior has been changed in 4.1.0 to preview previewing of generic files. There are no workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--250b90b3-ee18-417a-8660-8d37102a1212.json b/objects/vulnerability/vulnerability--250b90b3-ee18-417a-8660-8d37102a1212.json new file mode 100644 index 00000000000..0b96076e21b --- /dev/null +++ b/objects/vulnerability/vulnerability--250b90b3-ee18-417a-8660-8d37102a1212.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d973c5e-638f-43c7-babd-b77b9288f54e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--250b90b3-ee18-417a-8660-8d37102a1212", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.607619Z", + "modified": "2024-09-04T00:19:39.607619Z", + "name": "CVE-2024-8388", + "description": "Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. \n*This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8388" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25e32006-5ca5-4300-948c-48615e020916.json b/objects/vulnerability/vulnerability--25e32006-5ca5-4300-948c-48615e020916.json new file mode 100644 index 00000000000..95db6f99bc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--25e32006-5ca5-4300-948c-48615e020916.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc394bb1-1353-42cc-85dd-57387317872a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25e32006-5ca5-4300-948c-48615e020916", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.590885Z", + "modified": "2024-09-04T00:19:39.590885Z", + "name": "CVE-2024-8389", + "description": "Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--300f3f18-7203-4f44-97dd-82e194c5e791.json b/objects/vulnerability/vulnerability--300f3f18-7203-4f44-97dd-82e194c5e791.json new file mode 100644 index 00000000000..82eec34f2cd --- /dev/null +++ b/objects/vulnerability/vulnerability--300f3f18-7203-4f44-97dd-82e194c5e791.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4348594f-8cf4-4616-80cf-c41d31483d0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--300f3f18-7203-4f44-97dd-82e194c5e791", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.183012Z", + "modified": "2024-09-04T00:19:39.183012Z", + "name": "CVE-2024-43413", + "description": "Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which contains JavaScript, which is intended functionality. The JavaScript gets executed on the Data Entry page and in any Layouts which reference it. This behavior has been changed in 4.1.0 to show HTML/CSS/JS as code on the Data Entry page. There are no workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33bd66d5-5dca-48fb-98af-16c1e2efa91f.json b/objects/vulnerability/vulnerability--33bd66d5-5dca-48fb-98af-16c1e2efa91f.json new file mode 100644 index 00000000000..88f79305ac3 --- /dev/null +++ b/objects/vulnerability/vulnerability--33bd66d5-5dca-48fb-98af-16c1e2efa91f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b67dcbe7-fb85-41fc-8881-f4f8843e77bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33bd66d5-5dca-48fb-98af-16c1e2efa91f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.68419Z", + "modified": "2024-09-04T00:19:39.68419Z", + "name": "CVE-2024-45586", + "description": "This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45586" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39a69667-c905-4a8d-9453-152768b8c399.json b/objects/vulnerability/vulnerability--39a69667-c905-4a8d-9453-152768b8c399.json new file mode 100644 index 00000000000..441c5e90867 --- /dev/null +++ b/objects/vulnerability/vulnerability--39a69667-c905-4a8d-9453-152768b8c399.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc359eee-369b-46fb-9bd3-9b8a5747ce0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39a69667-c905-4a8d-9453-152768b8c399", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.36236Z", + "modified": "2024-09-04T00:19:38.36236Z", + "name": "CVE-2024-42902", + "description": "An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b147ee4-de1d-4b9e-847d-1be0682c8b60.json b/objects/vulnerability/vulnerability--3b147ee4-de1d-4b9e-847d-1be0682c8b60.json new file mode 100644 index 00000000000..f370cf218f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b147ee4-de1d-4b9e-847d-1be0682c8b60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db40039f-3b76-4f27-90e0-22b9de8272b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b147ee4-de1d-4b9e-847d-1be0682c8b60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.68947Z", + "modified": "2024-09-04T00:19:39.68947Z", + "name": "CVE-2024-45678", + "description": "Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40d7163a-2405-4813-873c-f23604be5af8.json b/objects/vulnerability/vulnerability--40d7163a-2405-4813-873c-f23604be5af8.json new file mode 100644 index 00000000000..bc4b48f0205 --- /dev/null +++ b/objects/vulnerability/vulnerability--40d7163a-2405-4813-873c-f23604be5af8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74c907b0-5557-4b09-ad19-02b2f0805690", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40d7163a-2405-4813-873c-f23604be5af8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.703632Z", + "modified": "2024-09-04T00:19:39.703632Z", + "name": "CVE-2024-45391", + "description": "Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45391" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45b90bba-a9d5-4d3f-8c38-02a257e937f2.json b/objects/vulnerability/vulnerability--45b90bba-a9d5-4d3f-8c38-02a257e937f2.json new file mode 100644 index 00000000000..ce13afdafca --- /dev/null +++ b/objects/vulnerability/vulnerability--45b90bba-a9d5-4d3f-8c38-02a257e937f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e342e504-136f-4780-bbf0-c32cf68b465a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45b90bba-a9d5-4d3f-8c38-02a257e937f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.323336Z", + "modified": "2024-09-04T00:19:38.323336Z", + "name": "CVE-2024-42057", + "description": "A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--496bb722-d75f-4274-93d6-3872c0b1b4ad.json b/objects/vulnerability/vulnerability--496bb722-d75f-4274-93d6-3872c0b1b4ad.json new file mode 100644 index 00000000000..e64f6d6621b --- /dev/null +++ b/objects/vulnerability/vulnerability--496bb722-d75f-4274-93d6-3872c0b1b4ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee8b2e3b-a7f6-4117-8302-70b0d01ad19a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--496bb722-d75f-4274-93d6-3872c0b1b4ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.915493Z", + "modified": "2024-09-04T00:19:37.915493Z", + "name": "CVE-2024-44809", + "description": "A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the \"position\" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44809" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1.json b/objects/vulnerability/vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1.json new file mode 100644 index 00000000000..aa563d6d38e --- /dev/null +++ b/objects/vulnerability/vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83c5eede-33d8-4b86-bd29-2ddf9db06948", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.762162Z", + "modified": "2024-09-04T00:19:39.762162Z", + "name": "CVE-2024-6343", + "description": "A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6343" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a2d0f2e-f1a5-4259-bbff-988dcf7ed3f7.json b/objects/vulnerability/vulnerability--5a2d0f2e-f1a5-4259-bbff-988dcf7ed3f7.json new file mode 100644 index 00000000000..e405e1e66d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a2d0f2e-f1a5-4259-bbff-988dcf7ed3f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3219b1e5-110f-4a20-baa5-e0aa12d0c521", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a2d0f2e-f1a5-4259-bbff-988dcf7ed3f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.702131Z", + "modified": "2024-09-04T00:19:37.702131Z", + "name": "CVE-2024-41436", + "description": "ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--656be563-0e2d-4691-a0f0-86aa75001387.json b/objects/vulnerability/vulnerability--656be563-0e2d-4691-a0f0-86aa75001387.json new file mode 100644 index 00000000000..4b9d7110152 --- /dev/null +++ b/objects/vulnerability/vulnerability--656be563-0e2d-4691-a0f0-86aa75001387.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2747adbb-5ebb-4d33-aa89-d932923af261", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--656be563-0e2d-4691-a0f0-86aa75001387", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.597485Z", + "modified": "2024-09-04T00:19:39.597485Z", + "name": "CVE-2024-8381", + "description": "A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8381" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68038a3e-20f8-4a92-bae0-02b94e8d9fac.json b/objects/vulnerability/vulnerability--68038a3e-20f8-4a92-bae0-02b94e8d9fac.json new file mode 100644 index 00000000000..0856d70a001 --- /dev/null +++ b/objects/vulnerability/vulnerability--68038a3e-20f8-4a92-bae0-02b94e8d9fac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8009958-5113-459f-963e-bdd4e1913919", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68038a3e-20f8-4a92-bae0-02b94e8d9fac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.446648Z", + "modified": "2024-09-04T00:19:39.446648Z", + "name": "CVE-2024-37136", + "description": "Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bdea516-ad6f-4969-aded-5b6c3cc49c73.json b/objects/vulnerability/vulnerability--6bdea516-ad6f-4969-aded-5b6c3cc49c73.json new file mode 100644 index 00000000000..48f74818824 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bdea516-ad6f-4969-aded-5b6c3cc49c73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed97883d-01fb-426f-846f-313ee23f7297", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bdea516-ad6f-4969-aded-5b6c3cc49c73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.347025Z", + "modified": "2024-09-04T00:19:38.347025Z", + "name": "CVE-2024-42061", + "description": "A reflected cross-site scripting (XSS) vulnerability in the CGI program \"dynamic_script.cgi\" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f6b7296-52ac-4e85-b000-8619f0214c48.json b/objects/vulnerability/vulnerability--6f6b7296-52ac-4e85-b000-8619f0214c48.json new file mode 100644 index 00000000000..6434266fba7 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f6b7296-52ac-4e85-b000-8619f0214c48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ca3b2bf-51de-4de8-a2ce-78324bcd0630", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f6b7296-52ac-4e85-b000-8619f0214c48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.923753Z", + "modified": "2024-09-04T00:19:37.923753Z", + "name": "CVE-2024-44921", + "description": "SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72b0501e-764d-47ba-8e86-ae9e120cc870.json b/objects/vulnerability/vulnerability--72b0501e-764d-47ba-8e86-ae9e120cc870.json new file mode 100644 index 00000000000..586a1ff72cc --- /dev/null +++ b/objects/vulnerability/vulnerability--72b0501e-764d-47ba-8e86-ae9e120cc870.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df1066bf-8593-4418-be57-202e832107ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72b0501e-764d-47ba-8e86-ae9e120cc870", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.727788Z", + "modified": "2024-09-04T00:19:39.727788Z", + "name": "CVE-2024-6473", + "description": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74a8cedb-6a3a-4b88-8d1e-c9a0b37a7a4f.json b/objects/vulnerability/vulnerability--74a8cedb-6a3a-4b88-8d1e-c9a0b37a7a4f.json new file mode 100644 index 00000000000..603ea928527 --- /dev/null +++ b/objects/vulnerability/vulnerability--74a8cedb-6a3a-4b88-8d1e-c9a0b37a7a4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7cfa3d7-b24a-4971-9888-efc37feaeebb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74a8cedb-6a3a-4b88-8d1e-c9a0b37a7a4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.147692Z", + "modified": "2024-09-04T00:19:38.147692Z", + "name": "CVE-2024-34463", + "description": "BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7679ca98-7495-4b4a-aebb-86761b53be54.json b/objects/vulnerability/vulnerability--7679ca98-7495-4b4a-aebb-86761b53be54.json new file mode 100644 index 00000000000..56ceb38552b --- /dev/null +++ b/objects/vulnerability/vulnerability--7679ca98-7495-4b4a-aebb-86761b53be54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad9d09ff-0afd-4d26-97b7-806ee0648c39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7679ca98-7495-4b4a-aebb-86761b53be54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.739204Z", + "modified": "2024-09-04T00:19:37.739204Z", + "name": "CVE-2024-41433", + "description": "PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41433" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7af0d1b7-e102-4497-acec-e5d4b9130c90.json b/objects/vulnerability/vulnerability--7af0d1b7-e102-4497-acec-e5d4b9130c90.json new file mode 100644 index 00000000000..2addb5f0087 --- /dev/null +++ b/objects/vulnerability/vulnerability--7af0d1b7-e102-4497-acec-e5d4b9130c90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b71bfca-1b48-42f0-aaf6-858b7e0a864e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7af0d1b7-e102-4497-acec-e5d4b9130c90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.367649Z", + "modified": "2024-09-04T00:19:38.367649Z", + "name": "CVE-2024-42059", + "description": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7af59fb7-3e85-434e-98c2-92457515b022.json b/objects/vulnerability/vulnerability--7af59fb7-3e85-434e-98c2-92457515b022.json new file mode 100644 index 00000000000..73eb925a5ef --- /dev/null +++ b/objects/vulnerability/vulnerability--7af59fb7-3e85-434e-98c2-92457515b022.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d01e5b69-e12f-49fe-a956-26a4a7cd8ba7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7af59fb7-3e85-434e-98c2-92457515b022", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.457888Z", + "modified": "2024-09-04T00:19:38.457888Z", + "name": "CVE-2024-38456", + "description": "HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\\SYSTEM.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38456" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7cf5f20d-9782-410f-bd4d-a5c82c8aea55.json b/objects/vulnerability/vulnerability--7cf5f20d-9782-410f-bd4d-a5c82c8aea55.json new file mode 100644 index 00000000000..b4b467aa854 --- /dev/null +++ b/objects/vulnerability/vulnerability--7cf5f20d-9782-410f-bd4d-a5c82c8aea55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d09f9f4-dd28-4560-9956-306e12d5279e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7cf5f20d-9782-410f-bd4d-a5c82c8aea55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.724653Z", + "modified": "2024-09-04T00:19:39.724653Z", + "name": "CVE-2024-45588", + "description": "This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45588" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--874c4386-b959-4cb7-91d7-1a6ba6210436.json b/objects/vulnerability/vulnerability--874c4386-b959-4cb7-91d7-1a6ba6210436.json new file mode 100644 index 00000000000..c499d0c972f --- /dev/null +++ b/objects/vulnerability/vulnerability--874c4386-b959-4cb7-91d7-1a6ba6210436.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--455c13d0-d206-437f-ba03-6f9e1a44e890", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--874c4386-b959-4cb7-91d7-1a6ba6210436", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.892223Z", + "modified": "2024-09-04T00:19:38.892223Z", + "name": "CVE-2024-7203", + "description": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472.json b/objects/vulnerability/vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472.json new file mode 100644 index 00000000000..b9f87b0e1d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37ad7dba-7ce3-466c-ad75-711b03345d7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.758024Z", + "modified": "2024-09-04T00:19:39.758024Z", + "name": "CVE-2024-6119", + "description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6119" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93592a0e-e8d1-4a1e-b010-bb7455dddb91.json b/objects/vulnerability/vulnerability--93592a0e-e8d1-4a1e-b010-bb7455dddb91.json new file mode 100644 index 00000000000..ed8409ab4e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--93592a0e-e8d1-4a1e-b010-bb7455dddb91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ab2b29c-c55a-466c-a640-1aa560125aba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93592a0e-e8d1-4a1e-b010-bb7455dddb91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.328076Z", + "modified": "2024-09-04T00:19:39.328076Z", + "name": "CVE-2024-5412", + "description": "A buffer overflow vulnerability in the library \"libclinkc\" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94dfe4f0-d3d6-4e37-a03e-d10e39bb5bfa.json b/objects/vulnerability/vulnerability--94dfe4f0-d3d6-4e37-a03e-d10e39bb5bfa.json new file mode 100644 index 00000000000..b3e6b03ba9c --- /dev/null +++ b/objects/vulnerability/vulnerability--94dfe4f0-d3d6-4e37-a03e-d10e39bb5bfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f476ab3-ed95-47a3-9d78-2d671e3b2482", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94dfe4f0-d3d6-4e37-a03e-d10e39bb5bfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.605908Z", + "modified": "2024-09-04T00:19:39.605908Z", + "name": "CVE-2024-8385", + "description": "A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8385" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--973002c9-8857-4425-a32e-fd36a18eb070.json b/objects/vulnerability/vulnerability--973002c9-8857-4425-a32e-fd36a18eb070.json new file mode 100644 index 00000000000..1d56810bc1a --- /dev/null +++ b/objects/vulnerability/vulnerability--973002c9-8857-4425-a32e-fd36a18eb070.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42030bea-4520-49f8-9df1-8a8ec08e6738", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--973002c9-8857-4425-a32e-fd36a18eb070", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.18174Z", + "modified": "2024-09-04T00:19:39.18174Z", + "name": "CVE-2024-43803", + "description": "The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that versions of the baremetal-operator prior to 0.8.0, 0.6.2, and 0.5.2 will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).\n\nBMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable. It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users' privileges are limited to their respective namespaces.\n\nThe patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only. The problem is patched in BMO releases v0.7.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets. As a workaround, an operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b25fe7b-3856-49bd-89d0-d2aec5d8d690.json b/objects/vulnerability/vulnerability--9b25fe7b-3856-49bd-89d0-d2aec5d8d690.json new file mode 100644 index 00000000000..24394adab45 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b25fe7b-3856-49bd-89d0-d2aec5d8d690.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--490bfa65-b100-4f77-854b-b653f0456e25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b25fe7b-3856-49bd-89d0-d2aec5d8d690", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.335022Z", + "modified": "2024-09-04T00:19:38.335022Z", + "name": "CVE-2024-42058", + "description": "A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e5c6d33-f5c9-4db3-baeb-b119d5fc8a2f.json b/objects/vulnerability/vulnerability--9e5c6d33-f5c9-4db3-baeb-b119d5fc8a2f.json new file mode 100644 index 00000000000..3c3f8e7d818 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e5c6d33-f5c9-4db3-baeb-b119d5fc8a2f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c46ddfe5-d306-4d5d-8e34-63af874811bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e5c6d33-f5c9-4db3-baeb-b119d5fc8a2f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.598685Z", + "modified": "2024-09-04T00:19:39.598685Z", + "name": "CVE-2024-8387", + "description": "Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0e1b5eb-9339-4cef-b16b-056460e0b5eb.json b/objects/vulnerability/vulnerability--a0e1b5eb-9339-4cef-b16b-056460e0b5eb.json new file mode 100644 index 00000000000..f9828f26bfc --- /dev/null +++ b/objects/vulnerability/vulnerability--a0e1b5eb-9339-4cef-b16b-056460e0b5eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b576eea-1c25-4b07-9d16-74d1d4a884f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0e1b5eb-9339-4cef-b16b-056460e0b5eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.465139Z", + "modified": "2024-09-04T00:19:38.465139Z", + "name": "CVE-2024-38811", + "description": "VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38811" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1d884f4-5148-4221-a948-3e45a8154c77.json b/objects/vulnerability/vulnerability--a1d884f4-5148-4221-a948-3e45a8154c77.json new file mode 100644 index 00000000000..e05b6975d90 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1d884f4-5148-4221-a948-3e45a8154c77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78a30884-c63b-4c47-9e0e-dca93c9505df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1d884f4-5148-4221-a948-3e45a8154c77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.704667Z", + "modified": "2024-09-04T00:19:39.704667Z", + "name": "CVE-2024-45307", + "description": "SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is affected. Other versions (e.g. v8) are not affected. Users should upgrade to version 9.26.7 to receive a patch. A workaround would be to create a command permission overwrite in the Database. A SQL statement provided in the GitHub Security Advisor can be executed to create a overwrite that disallows users without `ManageGuild` permission to run the `-config` command. Run the SQL statement for every server the bot is in, and replace `` with the appropriate Guild ID each time.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45307" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a23b665f-5a9a-46fa-bd87-4cb4a27c999a.json b/objects/vulnerability/vulnerability--a23b665f-5a9a-46fa-bd87-4cb4a27c999a.json new file mode 100644 index 00000000000..e14f3538f7a --- /dev/null +++ b/objects/vulnerability/vulnerability--a23b665f-5a9a-46fa-bd87-4cb4a27c999a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e69d251-434d-46d5-8429-91da5476247e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a23b665f-5a9a-46fa-bd87-4cb4a27c999a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.719439Z", + "modified": "2024-09-04T00:19:39.719439Z", + "name": "CVE-2024-45394", + "description": "Authenticator is a browser extensions that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7151ac4-1453-4c54-9fbf-e8939bb17eec.json b/objects/vulnerability/vulnerability--a7151ac4-1453-4c54-9fbf-e8939bb17eec.json new file mode 100644 index 00000000000..5a7bb513c3b --- /dev/null +++ b/objects/vulnerability/vulnerability--a7151ac4-1453-4c54-9fbf-e8939bb17eec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85d21fd5-0f38-4af7-979b-3ff2a8f0ed23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7151ac4-1453-4c54-9fbf-e8939bb17eec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.723605Z", + "modified": "2024-09-04T00:19:37.723605Z", + "name": "CVE-2024-41434", + "description": "PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a79d0c05-eebe-45ab-9001-042ecd1b5d01.json b/objects/vulnerability/vulnerability--a79d0c05-eebe-45ab-9001-042ecd1b5d01.json new file mode 100644 index 00000000000..b5286b57976 --- /dev/null +++ b/objects/vulnerability/vulnerability--a79d0c05-eebe-45ab-9001-042ecd1b5d01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8db2edb1-04a1-4e67-8764-e724d270a9eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a79d0c05-eebe-45ab-9001-042ecd1b5d01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.619558Z", + "modified": "2024-09-04T00:19:39.619558Z", + "name": "CVE-2024-8374", + "description": "UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2f794d7-42cc-422b-a78c-0d12a4e0a136.json b/objects/vulnerability/vulnerability--b2f794d7-42cc-422b-a78c-0d12a4e0a136.json new file mode 100644 index 00000000000..849b34ea95d --- /dev/null +++ b/objects/vulnerability/vulnerability--b2f794d7-42cc-422b-a78c-0d12a4e0a136.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d447069a-4f9f-4e90-be37-6431a4f14edd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2f794d7-42cc-422b-a78c-0d12a4e0a136", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.685306Z", + "modified": "2024-09-04T00:19:39.685306Z", + "name": "CVE-2024-45587", + "description": "This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b37adafa-bd63-4586-9468-b863dc458cb0.json b/objects/vulnerability/vulnerability--b37adafa-bd63-4586-9468-b863dc458cb0.json new file mode 100644 index 00000000000..205324f511b --- /dev/null +++ b/objects/vulnerability/vulnerability--b37adafa-bd63-4586-9468-b863dc458cb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65943141-a30e-4cbb-a0ca-056766462e4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b37adafa-bd63-4586-9468-b863dc458cb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.341481Z", + "modified": "2024-09-04T00:19:38.341481Z", + "name": "CVE-2024-42991", + "description": "MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5823286-2c82-4360-8843-43b8d62a4d66.json b/objects/vulnerability/vulnerability--b5823286-2c82-4360-8843-43b8d62a4d66.json new file mode 100644 index 00000000000..94cc6edef82 --- /dev/null +++ b/objects/vulnerability/vulnerability--b5823286-2c82-4360-8843-43b8d62a4d66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbe46df1-a820-48ea-b768-d1512ecad4b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5823286-2c82-4360-8843-43b8d62a4d66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.909676Z", + "modified": "2024-09-04T00:19:38.909676Z", + "name": "CVE-2024-7346", + "description": "Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7346" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b61074e0-dcd7-4b7b-919d-168b345f4047.json b/objects/vulnerability/vulnerability--b61074e0-dcd7-4b7b-919d-168b345f4047.json new file mode 100644 index 00000000000..d14b5e43257 --- /dev/null +++ b/objects/vulnerability/vulnerability--b61074e0-dcd7-4b7b-919d-168b345f4047.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae5b6b5a-1caa-4400-9935-814b0ff73e89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b61074e0-dcd7-4b7b-919d-168b345f4047", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.687618Z", + "modified": "2024-09-04T00:19:39.687618Z", + "name": "CVE-2024-45615", + "description": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b63ed5e7-7a47-4dde-af7c-ba75f40412a4.json b/objects/vulnerability/vulnerability--b63ed5e7-7a47-4dde-af7c-ba75f40412a4.json new file mode 100644 index 00000000000..167bb29971c --- /dev/null +++ b/objects/vulnerability/vulnerability--b63ed5e7-7a47-4dde-af7c-ba75f40412a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70b07e5f-a08b-45f7-bbca-f828df590f0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b63ed5e7-7a47-4dde-af7c-ba75f40412a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.916283Z", + "modified": "2024-09-04T00:19:38.916283Z", + "name": "CVE-2024-7345", + "description": "Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b87a0fae-0ef0-4270-984e-ec1aa03cb875.json b/objects/vulnerability/vulnerability--b87a0fae-0ef0-4270-984e-ec1aa03cb875.json new file mode 100644 index 00000000000..a4e52fbf9ce --- /dev/null +++ b/objects/vulnerability/vulnerability--b87a0fae-0ef0-4270-984e-ec1aa03cb875.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e7791f2-56c9-4d77-80d5-02a52a2ea374", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b87a0fae-0ef0-4270-984e-ec1aa03cb875", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.924149Z", + "modified": "2024-09-04T00:19:38.924149Z", + "name": "CVE-2024-7261", + "description": "The improper neutralization of special elements in the parameter \"host\" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) \n\nand earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) \n\nand earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7261" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfe10f8f-ad60-4b41-8ee1-37c0a5885969.json b/objects/vulnerability/vulnerability--bfe10f8f-ad60-4b41-8ee1-37c0a5885969.json new file mode 100644 index 00000000000..318fda3e347 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfe10f8f-ad60-4b41-8ee1-37c0a5885969.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29c05c77-e9ac-49d4-bcef-7d6c5973c3b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfe10f8f-ad60-4b41-8ee1-37c0a5885969", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.617881Z", + "modified": "2024-09-04T00:19:39.617881Z", + "name": "CVE-2024-8380", + "description": "A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8380" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d.json b/objects/vulnerability/vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d.json new file mode 100644 index 00000000000..fa16cbfa1a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ad8f76e-fd51-4840-94c7-2e998b105539", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.76677Z", + "modified": "2024-09-04T00:19:39.76677Z", + "name": "CVE-2024-6232", + "description": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2b6f3a3-560e-47d2-9cdc-58996e561f31.json b/objects/vulnerability/vulnerability--c2b6f3a3-560e-47d2-9cdc-58996e561f31.json new file mode 100644 index 00000000000..26aadd38d99 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2b6f3a3-560e-47d2-9cdc-58996e561f31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--153a5814-fdfc-4fa8-acd0-c665760bf7f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2b6f3a3-560e-47d2-9cdc-58996e561f31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.700735Z", + "modified": "2024-09-04T00:19:39.700735Z", + "name": "CVE-2024-45310", + "description": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45310" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3edddac-4ae2-4ca1-b429-5bc745512ec5.json b/objects/vulnerability/vulnerability--c3edddac-4ae2-4ca1-b429-5bc745512ec5.json new file mode 100644 index 00000000000..5fbfdb8e66a --- /dev/null +++ b/objects/vulnerability/vulnerability--c3edddac-4ae2-4ca1-b429-5bc745512ec5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65b864d8-242f-4f89-9dc2-555a4cd2465e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3edddac-4ae2-4ca1-b429-5bc745512ec5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.596341Z", + "modified": "2024-09-04T00:19:39.596341Z", + "name": "CVE-2024-8383", + "description": "Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c823f4bb-d38f-4f8e-903e-b9d2310123e1.json b/objects/vulnerability/vulnerability--c823f4bb-d38f-4f8e-903e-b9d2310123e1.json new file mode 100644 index 00000000000..6f9d3fa06de --- /dev/null +++ b/objects/vulnerability/vulnerability--c823f4bb-d38f-4f8e-903e-b9d2310123e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28d81f11-5bf8-4039-84ef-3032475cb192", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c823f4bb-d38f-4f8e-903e-b9d2310123e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.697909Z", + "modified": "2024-09-04T00:19:39.697909Z", + "name": "CVE-2024-45617", + "description": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd2a17a1-1ea6-4872-8ce9-1aa903e76c21.json b/objects/vulnerability/vulnerability--cd2a17a1-1ea6-4872-8ce9-1aa903e76c21.json new file mode 100644 index 00000000000..cd2f6d90ce3 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd2a17a1-1ea6-4872-8ce9-1aa903e76c21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36df7ff1-d6f5-435a-8cf8-7f2616261d7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd2a17a1-1ea6-4872-8ce9-1aa903e76c21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.588746Z", + "modified": "2024-09-04T00:19:39.588746Z", + "name": "CVE-2024-8382", + "description": "Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8382" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce0d7b38-6e87-446e-aa68-5093483209b9.json b/objects/vulnerability/vulnerability--ce0d7b38-6e87-446e-aa68-5093483209b9.json new file mode 100644 index 00000000000..bd2b4904ad2 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce0d7b38-6e87-446e-aa68-5093483209b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5818171a-5401-4d17-aa2d-70887d7a7fc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce0d7b38-6e87-446e-aa68-5093483209b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.716008Z", + "modified": "2024-09-04T00:19:37.716008Z", + "name": "CVE-2024-41435", + "description": "YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the \"insert into\" parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0d7e8f4-4b3a-46b3-83c9-f019dc74b399.json b/objects/vulnerability/vulnerability--d0d7e8f4-4b3a-46b3-83c9-f019dc74b399.json new file mode 100644 index 00000000000..a6874167f82 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0d7e8f4-4b3a-46b3-83c9-f019dc74b399.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--888905ff-5880-43de-a809-3f14fb6a8f8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0d7e8f4-4b3a-46b3-83c9-f019dc74b399", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.881104Z", + "modified": "2024-09-04T00:19:38.881104Z", + "name": "CVE-2024-7654", + "description": "An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d33ace75-db65-4628-a6c5-88edb98f9df2.json b/objects/vulnerability/vulnerability--d33ace75-db65-4628-a6c5-88edb98f9df2.json new file mode 100644 index 00000000000..dbce76b7a01 --- /dev/null +++ b/objects/vulnerability/vulnerability--d33ace75-db65-4628-a6c5-88edb98f9df2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86fb3207-756a-49c9-91d2-6615de628946", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d33ace75-db65-4628-a6c5-88edb98f9df2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.369026Z", + "modified": "2024-09-04T00:19:38.369026Z", + "name": "CVE-2024-42904", + "description": "A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42904" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6ee7a9b-6ec1-456b-8818-b5f9fe189bb9.json b/objects/vulnerability/vulnerability--d6ee7a9b-6ec1-456b-8818-b5f9fe189bb9.json new file mode 100644 index 00000000000..8c0e8ed378e --- /dev/null +++ b/objects/vulnerability/vulnerability--d6ee7a9b-6ec1-456b-8818-b5f9fe189bb9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09495359-624b-4278-9b43-354483aa1e10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6ee7a9b-6ec1-456b-8818-b5f9fe189bb9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.714975Z", + "modified": "2024-09-04T00:19:39.714975Z", + "name": "CVE-2024-45180", + "description": "SquaredUp DS for SCOM 6.2.1.11104 allows XSS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45180" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8d59af0-2e62-4981-8248-ae2175065c7c.json b/objects/vulnerability/vulnerability--d8d59af0-2e62-4981-8248-ae2175065c7c.json new file mode 100644 index 00000000000..704b0ea17dd --- /dev/null +++ b/objects/vulnerability/vulnerability--d8d59af0-2e62-4981-8248-ae2175065c7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3eef805-7242-4939-811c-742f4107fa9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8d59af0-2e62-4981-8248-ae2175065c7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.615981Z", + "modified": "2024-09-04T00:19:39.615981Z", + "name": "CVE-2024-8384", + "description": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8384" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d960ed86-3c30-412a-9551-8790f45081cd.json b/objects/vulnerability/vulnerability--d960ed86-3c30-412a-9551-8790f45081cd.json new file mode 100644 index 00000000000..bb7179fbf29 --- /dev/null +++ b/objects/vulnerability/vulnerability--d960ed86-3c30-412a-9551-8790f45081cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43999a93-01e0-4499-a604-5471162a893b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d960ed86-3c30-412a-9551-8790f45081cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.385838Z", + "modified": "2024-09-04T00:19:38.385838Z", + "name": "CVE-2024-42060", + "description": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--deb20ca3-d417-43e3-a03a-a1f8b39fc857.json b/objects/vulnerability/vulnerability--deb20ca3-d417-43e3-a03a-a1f8b39fc857.json new file mode 100644 index 00000000000..7e88c350456 --- /dev/null +++ b/objects/vulnerability/vulnerability--deb20ca3-d417-43e3-a03a-a1f8b39fc857.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b85136d0-4bee-4d41-8e8b-495b403ec806", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--deb20ca3-d417-43e3-a03a-a1f8b39fc857", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.59382Z", + "modified": "2024-09-04T00:19:39.59382Z", + "name": "CVE-2024-8362", + "description": "Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e14243d3-bb78-41d5-bb74-8fded7bb5414.json b/objects/vulnerability/vulnerability--e14243d3-bb78-41d5-bb74-8fded7bb5414.json new file mode 100644 index 00000000000..1794da1345c --- /dev/null +++ b/objects/vulnerability/vulnerability--e14243d3-bb78-41d5-bb74-8fded7bb5414.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db0ae9c6-3e10-4176-a237-9bb219f5dd71", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e14243d3-bb78-41d5-bb74-8fded7bb5414", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.523382Z", + "modified": "2024-09-04T00:19:38.523382Z", + "name": "CVE-2024-33663", + "description": "python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33663" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e266e631-5491-4420-bc67-e81c73fefe51.json b/objects/vulnerability/vulnerability--e266e631-5491-4420-bc67-e81c73fefe51.json new file mode 100644 index 00000000000..165d1e8f067 --- /dev/null +++ b/objects/vulnerability/vulnerability--e266e631-5491-4420-bc67-e81c73fefe51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce722be7-6282-4df2-9da9-1758d30e3225", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e266e631-5491-4420-bc67-e81c73fefe51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.566761Z", + "modified": "2024-09-04T00:19:39.566761Z", + "name": "CVE-2024-4629", + "description": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2dd7d10-b19b-430f-9668-693bf7cdaa18.json b/objects/vulnerability/vulnerability--e2dd7d10-b19b-430f-9668-693bf7cdaa18.json new file mode 100644 index 00000000000..7409f6ec940 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2dd7d10-b19b-430f-9668-693bf7cdaa18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90480b1e-881e-436d-a2cc-f76a143b0534", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2dd7d10-b19b-430f-9668-693bf7cdaa18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:37.935663Z", + "modified": "2024-09-04T00:19:37.935663Z", + "name": "CVE-2024-44920", + "description": "A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e41d3504-fd3c-48c2-8921-145823d58959.json b/objects/vulnerability/vulnerability--e41d3504-fd3c-48c2-8921-145823d58959.json new file mode 100644 index 00000000000..d9b767da663 --- /dev/null +++ b/objects/vulnerability/vulnerability--e41d3504-fd3c-48c2-8921-145823d58959.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--944495f0-ff43-460e-b23d-973ae39a4e22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e41d3504-fd3c-48c2-8921-145823d58959", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.621896Z", + "modified": "2024-09-04T00:19:39.621896Z", + "name": "CVE-2024-8386", + "description": "If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee3e1633-8fa2-4af6-b126-bc6d8df2168e.json b/objects/vulnerability/vulnerability--ee3e1633-8fa2-4af6-b126-bc6d8df2168e.json new file mode 100644 index 00000000000..75fdad15ca0 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee3e1633-8fa2-4af6-b126-bc6d8df2168e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4bd98690-4e3c-4ebe-a078-f85b54ca0af5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee3e1633-8fa2-4af6-b126-bc6d8df2168e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.681514Z", + "modified": "2024-09-04T00:19:39.681514Z", + "name": "CVE-2024-45616", + "description": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0c0ce13-b93a-4ff1-b215-2056a53951ee.json b/objects/vulnerability/vulnerability--f0c0ce13-b93a-4ff1-b215-2056a53951ee.json new file mode 100644 index 00000000000..89d3893de6d --- /dev/null +++ b/objects/vulnerability/vulnerability--f0c0ce13-b93a-4ff1-b215-2056a53951ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bba407d6-e18b-4844-8373-23a3ee5e2cf3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0c0ce13-b93a-4ff1-b215-2056a53951ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.371266Z", + "modified": "2024-09-04T00:19:38.371266Z", + "name": "CVE-2024-42901", + "description": "A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f63c9ffb-1484-4493-8b39-5d75d5c8ba02.json b/objects/vulnerability/vulnerability--f63c9ffb-1484-4493-8b39-5d75d5c8ba02.json new file mode 100644 index 00000000000..1038137d633 --- /dev/null +++ b/objects/vulnerability/vulnerability--f63c9ffb-1484-4493-8b39-5d75d5c8ba02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b7c0294-40b2-49f7-ada3-7dc8619bdc5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f63c9ffb-1484-4493-8b39-5d75d5c8ba02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.716109Z", + "modified": "2024-09-04T00:19:39.716109Z", + "name": "CVE-2024-45618", + "description": "A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6e5191b-5de6-4c6f-81c1-f916870aa48a.json b/objects/vulnerability/vulnerability--f6e5191b-5de6-4c6f-81c1-f916870aa48a.json new file mode 100644 index 00000000000..7aca56aa280 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6e5191b-5de6-4c6f-81c1-f916870aa48a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd30f86d-b7e6-46d2-81bb-afcc07528c97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6e5191b-5de6-4c6f-81c1-f916870aa48a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.327724Z", + "modified": "2024-09-04T00:19:38.327724Z", + "name": "CVE-2024-42903", + "description": "A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42903" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f840d381-9fbb-46dc-bd3e-43d53fe087d8.json b/objects/vulnerability/vulnerability--f840d381-9fbb-46dc-bd3e-43d53fe087d8.json new file mode 100644 index 00000000000..334f82af788 --- /dev/null +++ b/objects/vulnerability/vulnerability--f840d381-9fbb-46dc-bd3e-43d53fe087d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e24e866-d0f0-49d8-bd60-f0416481fcb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f840d381-9fbb-46dc-bd3e-43d53fe087d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:39.696236Z", + "modified": "2024-09-04T00:19:39.696236Z", + "name": "CVE-2024-45390", + "description": "@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f84465c7-c184-42ac-b34f-9627b67079c9.json b/objects/vulnerability/vulnerability--f84465c7-c184-42ac-b34f-9627b67079c9.json new file mode 100644 index 00000000000..8ad86f8df16 --- /dev/null +++ b/objects/vulnerability/vulnerability--f84465c7-c184-42ac-b34f-9627b67079c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d73390a6-6875-407e-8f73-a6de05e6a51e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f84465c7-c184-42ac-b34f-9627b67079c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-04T00:19:38.93235Z", + "modified": "2024-09-04T00:19:38.93235Z", + "name": "CVE-2024-7970", + "description": "Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7970" + } + ] + } + ] +} \ No newline at end of file