diff --git a/mapping.csv b/mapping.csv
index c7bfde085cf..61c5a9fbc33 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -248144,3 +248144,180 @@ vulnerability,CVE-2024-6119,vulnerability--8b0b6611-d013-4b84-b5df-102cd3716472
vulnerability,CVE-2024-6343,vulnerability--500baed5-4cde-48b0-b1a7-509e0d94e7f1
vulnerability,CVE-2024-6232,vulnerability--c2621e6e-ff39-4bc9-8c99-4b67b61e044d
vulnerability,CVE-2023-49233,vulnerability--16aa053d-6a0f-4b44-a196-184d2be3a2f0
+vulnerability,CVE-2024-44957,vulnerability--4016d9a1-237d-44c8-9011-bccbd5ec78e4
+vulnerability,CVE-2024-44949,vulnerability--35186636-d995-44b8-bbc3-d791c82fc943
+vulnerability,CVE-2024-44962,vulnerability--0a3914d2-357b-483f-9c5d-95fdcd6801a5
+vulnerability,CVE-2024-44953,vulnerability--62375671-6685-455e-9512-a6747ee845b3
+vulnerability,CVE-2024-44976,vulnerability--38e55648-02fb-4261-9c8d-4765ac5a1ada
+vulnerability,CVE-2024-44964,vulnerability--3fa725be-0bf6-46dc-bdff-08851a7499d6
+vulnerability,CVE-2024-44819,vulnerability--e22f1acd-392d-4dd9-baac-50c97586a870
+vulnerability,CVE-2024-44965,vulnerability--eee64a26-430b-4c9e-8f73-18cf82468d0e
+vulnerability,CVE-2024-44400,vulnerability--f3917da4-956f-43b1-ab11-7cba978bbdb7
+vulnerability,CVE-2024-44951,vulnerability--71755cfd-e7d5-4b1d-af99-f3210407cd1b
+vulnerability,CVE-2024-44997,vulnerability--5b507624-0fbf-40fe-ab5b-1bd2499b0c6f
+vulnerability,CVE-2024-44993,vulnerability--e6ef725e-4126-4cf9-9d16-e2eaee0473fe
+vulnerability,CVE-2024-44980,vulnerability--fd23f71e-ee5d-4576-9717-c9a46faf4322
+vulnerability,CVE-2024-44971,vulnerability--c60080f0-e42c-411b-afbd-df190a1323c4
+vulnerability,CVE-2024-44818,vulnerability--3a238bcd-49a1-4390-bcce-84005b3f18f5
+vulnerability,CVE-2024-44988,vulnerability--6f7bc1bd-b930-465b-ac00-c1ce55fc28ff
+vulnerability,CVE-2024-44982,vulnerability--b987ec50-e74e-4dfe-af11-637a1fb2c0e5
+vulnerability,CVE-2024-44999,vulnerability--6ad339e3-2259-4a72-adcd-0f06faf2143a
+vulnerability,CVE-2024-44808,vulnerability--e5f543b0-93df-4a21-b490-d5da9f5fe672
+vulnerability,CVE-2024-44956,vulnerability--47d218dd-fbb1-49f9-8335-3d871fcfe5d5
+vulnerability,CVE-2024-44969,vulnerability--8475c9d7-8105-44ce-b3a7-af6599c39979
+vulnerability,CVE-2024-44966,vulnerability--05f9439e-236c-4d8b-b4b0-13db1bc3dcb0
+vulnerability,CVE-2024-44959,vulnerability--8046485b-6435-4304-bcc8-14575663a077
+vulnerability,CVE-2024-44948,vulnerability--c10d692c-9c21-4381-b49d-1abb6c11a93f
+vulnerability,CVE-2024-44986,vulnerability--c4874c95-a507-4f2a-bda3-039011503273
+vulnerability,CVE-2024-44820,vulnerability--26a33fb6-51ff-4733-a5f9-bba75a77adfe
+vulnerability,CVE-2024-44977,vulnerability--36666ae3-4ea0-44a2-8b66-d0da44d08dea
+vulnerability,CVE-2024-44383,vulnerability--670c24fd-942f-46f5-97eb-3dd47a891fb8
+vulnerability,CVE-2024-44975,vulnerability--5819866c-05da-49dd-8204-a8e5d4cb7dbf
+vulnerability,CVE-2024-44984,vulnerability--d5b660c1-0893-4a7c-9e68-876fb8d222d0
+vulnerability,CVE-2024-44955,vulnerability--6c190049-1f81-462c-8467-3c30ac646d23
+vulnerability,CVE-2024-44963,vulnerability--105d57bb-fcfc-4dbb-a060-5e3a951c502a
+vulnerability,CVE-2024-44981,vulnerability--c2e4f360-63ce-4a1e-8ee4-752f64117b74
+vulnerability,CVE-2024-44952,vulnerability--7e5410d3-8403-4d96-9976-99118bcbb0ba
+vulnerability,CVE-2024-44994,vulnerability--19f795cf-12d1-48b3-a448-6f9fd3f43bf0
+vulnerability,CVE-2024-44985,vulnerability--d7a7322f-005d-4299-a5ee-c2ff2207fc1e
+vulnerability,CVE-2024-44961,vulnerability--9f7f7206-1389-407d-ab2a-395607fcb239
+vulnerability,CVE-2024-44821,vulnerability--222a63ea-2d05-40c5-8ee0-30791a718e0c
+vulnerability,CVE-2024-44859,vulnerability--6028fb8b-3b78-4dfe-a7c8-bdb2f7120289
+vulnerability,CVE-2024-44989,vulnerability--31efa31e-4c24-404e-b519-9102439a41c0
+vulnerability,CVE-2024-44979,vulnerability--0a0269fb-fa83-408f-8eb7-5226ac71625d
+vulnerability,CVE-2024-44968,vulnerability--72f0baba-580c-4955-adb2-5fb5cbce664a
+vulnerability,CVE-2024-44990,vulnerability--661f662e-b46c-40d1-8882-daa809efe7ad
+vulnerability,CVE-2024-44974,vulnerability--5d9c6ed1-2b4c-4149-b17a-905f73fc6d19
+vulnerability,CVE-2024-44992,vulnerability--30df9cea-840f-48df-acfc-9db0d58e5e50
+vulnerability,CVE-2024-44954,vulnerability--72149dcc-988a-4254-a969-7fee36f31df8
+vulnerability,CVE-2024-44967,vulnerability--59fb98cb-39e5-45d8-b2b4-4dbf14cc437e
+vulnerability,CVE-2024-44983,vulnerability--fb8919da-aca1-4360-8047-1f5764fbadc8
+vulnerability,CVE-2024-44958,vulnerability--fb4516e8-8c9f-462d-8736-7feb8bcb4070
+vulnerability,CVE-2024-44817,vulnerability--9de16b29-97ad-4aa7-a230-171fecc02cab
+vulnerability,CVE-2024-44995,vulnerability--7df677b4-0bcc-4d71-b363-ad5ff4ae5ebd
+vulnerability,CVE-2024-44960,vulnerability--b547f751-1b4a-4aa5-bc24-2656e888a65a
+vulnerability,CVE-2024-44996,vulnerability--076988e3-2c79-4148-bed3-3ec7d6250b2c
+vulnerability,CVE-2024-44991,vulnerability--2d3d2c00-294e-4a6b-8395-aa6f915bfbdf
+vulnerability,CVE-2024-44972,vulnerability--14f0f73b-3658-4ece-be41-0444d782f8a6
+vulnerability,CVE-2024-44987,vulnerability--9e6b3f08-fe15-4604-b352-2a1bb74b4eb6
+vulnerability,CVE-2024-44998,vulnerability--fe63ff0a-a1c3-48dc-b6ef-fb40ead2f0b4
+vulnerability,CVE-2024-44950,vulnerability--13579950-3ee5-4c1f-9200-1297b9f93e60
+vulnerability,CVE-2024-44978,vulnerability--429df43a-4457-4056-8fb8-e099f68a53b8
+vulnerability,CVE-2024-44970,vulnerability--ca1fbf6b-ba2b-4510-a6c5-13ecd5c5e221
+vulnerability,CVE-2024-44973,vulnerability--be991b75-b1cf-4b65-8eed-93582efc60c5
+vulnerability,CVE-2024-6926,vulnerability--ad804364-65ec-4777-826f-67c89a5b79e9
+vulnerability,CVE-2024-6888,vulnerability--6aa3255a-9d3f-4a83-8a3a-a6d866cc6072
+vulnerability,CVE-2024-6722,vulnerability--1c578baa-767a-472f-b8cd-1ba031e939f1
+vulnerability,CVE-2024-6889,vulnerability--6adeeb77-7632-4736-b79c-5a9d301b586b
+vulnerability,CVE-2024-6020,vulnerability--7517301c-ce35-4fd6-903f-cd9d2afe3f03
+vulnerability,CVE-2024-42039,vulnerability--305a87a6-eb67-46f1-86b0-1e4dff1a7ba2
+vulnerability,CVE-2024-42642,vulnerability--00cc8cfd-1707-4c22-a6d3-a91cf419d87b
+vulnerability,CVE-2024-20503,vulnerability--7cf2dfb7-8390-48bc-806d-59699c4ed3f9
+vulnerability,CVE-2024-20505,vulnerability--2fba7ef6-7db2-4ffd-808e-8b9020cc334d
+vulnerability,CVE-2024-20469,vulnerability--ca4f28a3-fe4b-46a6-af83-0d14d02cdbe3
+vulnerability,CVE-2024-20497,vulnerability--7c7aae01-c131-4261-8a13-c1c652ae7ed7
+vulnerability,CVE-2024-20439,vulnerability--60558e66-83a5-4906-8a6f-55cb95cab72a
+vulnerability,CVE-2024-20506,vulnerability--51b2455d-d127-465f-9da1-c6f2c785535a
+vulnerability,CVE-2024-20440,vulnerability--ece4760d-da14-4bf6-907d-ddf18d1d7781
+vulnerability,CVE-2024-8325,vulnerability--91957e58-a976-4af9-bfc1-b617d04873a0
+vulnerability,CVE-2024-8119,vulnerability--bd601f0c-5d56-40df-9967-f37f185d1e4a
+vulnerability,CVE-2024-8416,vulnerability--56d58479-e006-4cbb-993b-09da76eac40d
+vulnerability,CVE-2024-8102,vulnerability--e76cc310-3ec6-4d8d-af63-23fb23ea8f1d
+vulnerability,CVE-2024-8409,vulnerability--87e5ca26-753a-456e-9c33-2728bae188b0
+vulnerability,CVE-2024-8117,vulnerability--2075d1c3-c139-42d0-a3cb-611d56285bf0
+vulnerability,CVE-2024-8106,vulnerability--3cf0caed-c0be-4a03-ab19-0797cb27b20b
+vulnerability,CVE-2024-8121,vulnerability--0c000f7d-0754-4cce-8330-b8aa521c4cfa
+vulnerability,CVE-2024-8410,vulnerability--8723e4c3-e379-4157-9f84-38bf7c24cfac
+vulnerability,CVE-2024-8415,vulnerability--46fd8673-a3e6-49dc-8cf2-37e2d28d37d0
+vulnerability,CVE-2024-8417,vulnerability--7dcdd964-6fb4-4e35-88be-d1d8c7419bee
+vulnerability,CVE-2024-8412,vulnerability--5abb03a3-e8be-4c85-a63c-6dedc2d7ebd8
+vulnerability,CVE-2024-8408,vulnerability--9443176e-dbb0-4f2c-a51a-2c6633c344f9
+vulnerability,CVE-2024-8289,vulnerability--7d46ad56-740e-43b9-8d5d-01756e36e132
+vulnerability,CVE-2024-8123,vulnerability--61cdf83b-2434-4d8f-8500-52a6a4ca9e55
+vulnerability,CVE-2024-8411,vulnerability--1a64c8bd-dab8-4cd6-8f13-34fab8f6ded1
+vulnerability,CVE-2024-8418,vulnerability--b0d3815e-6d70-42ab-ba15-fda7e1013664
+vulnerability,CVE-2024-8318,vulnerability--578a2215-eedb-4f73-98f1-770ff5c3fc7e
+vulnerability,CVE-2024-8391,vulnerability--f59854db-1e03-487f-afb2-4b72c3d215f9
+vulnerability,CVE-2024-8298,vulnerability--6884c0fa-0d3f-4923-bd07-36d06b5dfc59
+vulnerability,CVE-2024-8407,vulnerability--aadf2efe-6b81-4e0f-b5d9-4b8338a5c153
+vulnerability,CVE-2024-8414,vulnerability--78751ec4-d04a-44bc-b05c-45f5f35ef9f8
+vulnerability,CVE-2024-8104,vulnerability--1c7104cf-8564-4c57-bc44-7441fa822249
+vulnerability,CVE-2024-8413,vulnerability--aa1bf261-8185-40b7-9661-4b5c1b5e160b
+vulnerability,CVE-2024-39921,vulnerability--adba3f73-a259-4dab-9540-10b84f0a75ea
+vulnerability,CVE-2024-34640,vulnerability--1841d0c4-1de7-477f-bcb8-3d1827a72d72
+vulnerability,CVE-2024-34655,vulnerability--4fa02f7a-1f97-4d00-a9e4-289441dbad29
+vulnerability,CVE-2024-34645,vulnerability--97c1917e-9724-4e42-b651-cfda6650b477
+vulnerability,CVE-2024-34641,vulnerability--063fdefd-deb9-4182-bca3-3dd55797df7d
+vulnerability,CVE-2024-34649,vulnerability--82f5dfe8-300a-40b5-8684-229cbb47d94d
+vulnerability,CVE-2024-34653,vulnerability--f41fccf0-73cf-42d0-82bb-1962dd92a30c
+vulnerability,CVE-2024-34656,vulnerability--8894554b-6451-4dde-898f-33e01adea865
+vulnerability,CVE-2024-34648,vulnerability--406771c5-fa6b-4e54-a2ad-9babf9c7d359
+vulnerability,CVE-2024-34658,vulnerability--19428281-13e3-431a-bf45-6657fef78c50
+vulnerability,CVE-2024-34661,vulnerability--29ce0093-6203-4be2-8e17-37ec0ff2dfb9
+vulnerability,CVE-2024-34659,vulnerability--b86c9195-aa1e-47c7-84ef-e4f910b4e1ac
+vulnerability,CVE-2024-34647,vulnerability--5b48ffa3-c4fa-49ac-887e-43fb42651922
+vulnerability,CVE-2024-34660,vulnerability--3954fcef-258b-400a-9808-57e711a48d46
+vulnerability,CVE-2024-34642,vulnerability--e468470b-d0fe-406d-aed7-a73b1886f3df
+vulnerability,CVE-2024-34643,vulnerability--de444fd2-5393-48de-a619-b45831c92fb3
+vulnerability,CVE-2024-34646,vulnerability--506cfc90-0cc0-4e2e-857c-3939186ad12e
+vulnerability,CVE-2024-34638,vulnerability--a2f509f4-d3bf-4613-a8cd-90759c64b811
+vulnerability,CVE-2024-34654,vulnerability--8a2d8bda-3d10-43e7-ae82-9776ae3d546c
+vulnerability,CVE-2024-34651,vulnerability--f86c1ea8-4080-4b8c-9d24-cfb204261d13
+vulnerability,CVE-2024-34652,vulnerability--f541039f-e729-4309-a438-546545ba77a1
+vulnerability,CVE-2024-34644,vulnerability--bae4d3ad-bc58-4ce6-9edd-d05c959ed243
+vulnerability,CVE-2024-34657,vulnerability--0fc045a6-bb74-4f38-9bc0-f8d4f60ae9d0
+vulnerability,CVE-2024-34639,vulnerability--b9cdea19-6fe2-4144-a61e-56f7ed75b72c
+vulnerability,CVE-2024-34637,vulnerability--90c4ba99-3b06-47e3-8eb5-c8e402476c5e
+vulnerability,CVE-2024-34650,vulnerability--df9bc0a9-3951-41f4-bee5-2340f9b6ace0
+vulnerability,CVE-2024-7950,vulnerability--701caa6f-bbca-4df4-a24f-039f5753c2b0
+vulnerability,CVE-2024-7786,vulnerability--95885127-ba25-463c-9dcf-a224e99ee4f7
+vulnerability,CVE-2024-7834,vulnerability--0c4da37a-7e39-4f84-a986-564e00e7b1fb
+vulnerability,CVE-2024-7012,vulnerability--fee3def9-f5e8-4ff5-8d46-623c11e3cbe0
+vulnerability,CVE-2024-7870,vulnerability--3a241fa1-1f32-46dd-8049-e15d18902a10
+vulnerability,CVE-2024-7077,vulnerability--a89355b4-f854-4dca-b691-e7b9874dd817
+vulnerability,CVE-2024-7078,vulnerability--66728ef5-9753-459f-b769-872ea2d9f747
+vulnerability,CVE-2024-7076,vulnerability--583a3156-07c7-41b8-93c4-6e62574a0204
+vulnerability,CVE-2024-7923,vulnerability--b2c868fa-5a13-4c19-9476-d15060c531e5
+vulnerability,CVE-2024-41716,vulnerability--9fa38d99-14a7-4829-9599-1ff74fcc8f30
+vulnerability,CVE-2024-41927,vulnerability--6df8067e-42c3-4674-9f5c-45f313c850e2
+vulnerability,CVE-2024-43402,vulnerability--cb4648d5-93c7-48c9-bbaa-bd146cc85a95
+vulnerability,CVE-2024-43853,vulnerability--907c0407-dd19-4597-886b-e15c21cbe50c
+vulnerability,CVE-2024-43405,vulnerability--d38a3450-4a60-4c13-b053-6aa5ac0d25bb
+vulnerability,CVE-2024-2166,vulnerability--066db537-d1c2-4559-a463-6556c58d7802
+vulnerability,CVE-2024-45443,vulnerability--03ebf39d-9a6e-4ee9-971b-1dbadab3a091
+vulnerability,CVE-2024-45692,vulnerability--aafd1188-971b-492c-855a-1bdf3e83f1d5
+vulnerability,CVE-2024-45050,vulnerability--bd507e96-fd5f-49a9-b4a0-b28f1abaa28a
+vulnerability,CVE-2024-45447,vulnerability--a1d3a653-c1ca-4e98-b521-4cdbf3732213
+vulnerability,CVE-2024-45008,vulnerability--740d8372-06c3-4ae1-843c-572255b22c04
+vulnerability,CVE-2024-45170,vulnerability--9e78453b-2cb0-449d-98f5-cd6b23c10ffe
+vulnerability,CVE-2024-45006,vulnerability--1ffcda4a-a517-44b7-a87f-f24472e6d09e
+vulnerability,CVE-2024-45172,vulnerability--9b0876fd-c929-4c4e-9053-54342939e639
+vulnerability,CVE-2024-45003,vulnerability--6a836865-2375-4eb2-b84e-f029cc9d9577
+vulnerability,CVE-2024-45001,vulnerability--9a4d8584-4a33-42b8-ba30-1d7c29cc5814
+vulnerability,CVE-2024-45506,vulnerability--06d0a43b-a15f-4c11-b374-2caac892ba6d
+vulnerability,CVE-2024-45449,vulnerability--258bdce2-db18-4bc7-9eaf-651e924ab1c4
+vulnerability,CVE-2024-45450,vulnerability--ebf66ec6-c8ed-4c66-8360-099e88894f59
+vulnerability,CVE-2024-45314,vulnerability--424c96bb-52a7-4ccb-a2ed-c07ced8282d5
+vulnerability,CVE-2024-45052,vulnerability--a4abbf45-ad4e-4aae-b693-55935ee31dc9
+vulnerability,CVE-2024-45399,vulnerability--e08c55db-0ea1-4d86-bada-41e04be323a9
+vulnerability,CVE-2024-45177,vulnerability--99059bed-1301-4d90-bb0d-483e6f19fcab
+vulnerability,CVE-2024-45507,vulnerability--f3e6cb8e-a7d5-4b26-a1b7-e073b5228a4f
+vulnerability,CVE-2024-45004,vulnerability--6a5ce122-621b-4d23-a18b-b084c48092ff
+vulnerability,CVE-2024-45195,vulnerability--d4f13b5a-29ff-4352-8bcf-309aca22fdf8
+vulnerability,CVE-2024-45076,vulnerability--e6e6bcb7-cb8e-4eae-b215-214f65d49b61
+vulnerability,CVE-2024-45005,vulnerability--08fe4833-f3e4-41c5-b647-08ffd6c6504c
+vulnerability,CVE-2024-45444,vulnerability--0ce6d1b4-5de1-4d33-8dec-2eeedf6c217c
+vulnerability,CVE-2024-45446,vulnerability--726b9970-4280-4af6-a00c-588953194f72
+vulnerability,CVE-2024-45007,vulnerability--fa7e00ae-173d-469a-a8c7-c21433711c52
+vulnerability,CVE-2024-45429,vulnerability--6e1ef55d-9c74-4bb9-b201-a6c688f22a22
+vulnerability,CVE-2024-45053,vulnerability--1d07e766-fe7c-4adf-aaca-0ae26c904209
+vulnerability,CVE-2024-45174,vulnerability--a9390f3f-9b45-4ff8-b943-7a9ff86f1d64
+vulnerability,CVE-2024-45441,vulnerability--9d85f7dc-25a8-4b12-8035-7bb07a315b6a
+vulnerability,CVE-2024-45074,vulnerability--14e4fca4-5d98-4ac8-a42b-052ef1d7cdf0
+vulnerability,CVE-2024-45002,vulnerability--18485a36-31f6-49fc-aebb-e0f41363542a
+vulnerability,CVE-2024-45395,vulnerability--58a6c61c-d958-4646-9a48-3561840fe98b
+vulnerability,CVE-2024-45448,vulnerability--44b9caba-984b-4901-ad46-79c1f20ecdfb
+vulnerability,CVE-2024-45075,vulnerability--aac05c24-1b97-43ec-bccf-96802f013d86
+vulnerability,CVE-2024-45442,vulnerability--6d148919-b744-4279-87de-a7477ca5b36f
+vulnerability,CVE-2024-45000,vulnerability--308e7756-305b-4fc9-891c-aac0c97df13c
+vulnerability,CVE-2024-45445,vulnerability--18bc1acc-188f-40d7-a09e-4522c09ff04c
diff --git a/objects/vulnerability/vulnerability--00cc8cfd-1707-4c22-a6d3-a91cf419d87b.json b/objects/vulnerability/vulnerability--00cc8cfd-1707-4c22-a6d3-a91cf419d87b.json
new file mode 100644
index 00000000000..49cf3b7b686
--- /dev/null
+++ b/objects/vulnerability/vulnerability--00cc8cfd-1707-4c22-a6d3-a91cf419d87b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e7aad53c-655d-40c3-a2e0-4ce0b72558aa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--00cc8cfd-1707-4c22-a6d3-a91cf419d87b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.535855Z",
+ "modified": "2024-09-05T00:19:27.535855Z",
+ "name": "CVE-2024-42642",
+ "description": "Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42642"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--03ebf39d-9a6e-4ee9-971b-1dbadab3a091.json b/objects/vulnerability/vulnerability--03ebf39d-9a6e-4ee9-971b-1dbadab3a091.json
new file mode 100644
index 00000000000..bf5ca686dc5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--03ebf39d-9a6e-4ee9-971b-1dbadab3a091.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4985ec69-b07a-44f3-b13b-fd8f2a15a437",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--03ebf39d-9a6e-4ee9-971b-1dbadab3a091",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.991171Z",
+ "modified": "2024-09-05T00:19:28.991171Z",
+ "name": "CVE-2024-45443",
+ "description": "Directory traversal vulnerability in the cust module\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45443"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--05f9439e-236c-4d8b-b4b0-13db1bc3dcb0.json b/objects/vulnerability/vulnerability--05f9439e-236c-4d8b-b4b0-13db1bc3dcb0.json
new file mode 100644
index 00000000000..1517ab22d2a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--05f9439e-236c-4d8b-b4b0-13db1bc3dcb0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--01603d4b-9f70-49aa-a99a-48cb8e562987",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--05f9439e-236c-4d8b-b4b0-13db1bc3dcb0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.153067Z",
+ "modified": "2024-09-05T00:19:27.153067Z",
+ "name": "CVE-2024-44966",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 (\"binfmt_flat: allow not offsetting data start\")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44966"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--063fdefd-deb9-4182-bca3-3dd55797df7d.json b/objects/vulnerability/vulnerability--063fdefd-deb9-4182-bca3-3dd55797df7d.json
new file mode 100644
index 00000000000..b477f9bd5ab
--- /dev/null
+++ b/objects/vulnerability/vulnerability--063fdefd-deb9-4182-bca3-3dd55797df7d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0919598a-2075-4fd9-930a-39283e58db3b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--063fdefd-deb9-4182-bca3-3dd55797df7d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.490631Z",
+ "modified": "2024-09-05T00:19:28.490631Z",
+ "name": "CVE-2024-34641",
+ "description": "Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34641"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--066db537-d1c2-4559-a463-6556c58d7802.json b/objects/vulnerability/vulnerability--066db537-d1c2-4559-a463-6556c58d7802.json
new file mode 100644
index 00000000000..d5bf8c12ef8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--066db537-d1c2-4559-a463-6556c58d7802.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0108d686-b353-424d-94cf-5af915bd4695",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--066db537-d1c2-4559-a463-6556c58d7802",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.949735Z",
+ "modified": "2024-09-05T00:19:28.949735Z",
+ "name": "CVE-2024-2166",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-2166"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--06d0a43b-a15f-4c11-b374-2caac892ba6d.json b/objects/vulnerability/vulnerability--06d0a43b-a15f-4c11-b374-2caac892ba6d.json
new file mode 100644
index 00000000000..3a2a8a8c1d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--06d0a43b-a15f-4c11-b374-2caac892ba6d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9306b15b-dd39-4590-95c3-e29809249560",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--06d0a43b-a15f-4c11-b374-2caac892ba6d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.013521Z",
+ "modified": "2024-09-05T00:19:29.013521Z",
+ "name": "CVE-2024-45506",
+ "description": "HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45506"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--076988e3-2c79-4148-bed3-3ec7d6250b2c.json b/objects/vulnerability/vulnerability--076988e3-2c79-4148-bed3-3ec7d6250b2c.json
new file mode 100644
index 00000000000..076966dc110
--- /dev/null
+++ b/objects/vulnerability/vulnerability--076988e3-2c79-4148-bed3-3ec7d6250b2c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--46daedbf-6452-4bb6-a10a-243bc5d0cf7e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--076988e3-2c79-4148-bed3-3ec7d6250b2c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.321411Z",
+ "modified": "2024-09-05T00:19:27.321411Z",
+ "name": "CVE-2024-44996",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n -> vsock_connectible_recvmsg()\n -> prot->recvmsg()\n -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44996"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--08fe4833-f3e4-41c5-b647-08ffd6c6504c.json b/objects/vulnerability/vulnerability--08fe4833-f3e4-41c5-b647-08ffd6c6504c.json
new file mode 100644
index 00000000000..61ef5340d5e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--08fe4833-f3e4-41c5-b647-08ffd6c6504c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8b9305a7-ae7d-4b74-8905-f75a91da5838",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--08fe4833-f3e4-41c5-b647-08ffd6c6504c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.028681Z",
+ "modified": "2024-09-05T00:19:29.028681Z",
+ "name": "CVE-2024-45005",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter \"kvm.use_gisa=0\" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block's\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n 000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n 000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n 000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n 000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n #000003d93deb011e: af000000\t\tmc\t0,0\n >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n 000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n 000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n 000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n 000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45005"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0a0269fb-fa83-408f-8eb7-5226ac71625d.json b/objects/vulnerability/vulnerability--0a0269fb-fa83-408f-8eb7-5226ac71625d.json
new file mode 100644
index 00000000000..0f6b3ada99b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0a0269fb-fa83-408f-8eb7-5226ac71625d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bc1253fa-cf11-470c-bb53-b59e6a969220",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0a0269fb-fa83-408f-8eb7-5226ac71625d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.194448Z",
+ "modified": "2024-09-05T00:19:27.194448Z",
+ "name": "CVE-2024-44979",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44979"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0a3914d2-357b-483f-9c5d-95fdcd6801a5.json b/objects/vulnerability/vulnerability--0a3914d2-357b-483f-9c5d-95fdcd6801a5.json
new file mode 100644
index 00000000000..6d8a63c5237
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0a3914d2-357b-483f-9c5d-95fdcd6801a5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8ae326e8-5327-44fe-9bc2-eed7b4544070",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0a3914d2-357b-483f-9c5d-95fdcd6801a5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.110401Z",
+ "modified": "2024-09-05T00:19:27.110401Z",
+ "name": "CVE-2024-44962",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart]\n CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1\n Hardware name: NXP i.MX95 19X19 board (DT)\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0xffff80007a2cf464\n lr : call_timer_fn.isra.0+0x24/0x80\n...\n Call trace:\n 0xffff80007a2cf464\n __run_timers+0x234/0x280\n run_timer_softirq+0x20/0x40\n __do_softirq+0x100/0x26c\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x24/0x4c\n do_softirq_own_stack+0x1c/0x2c\n irq_exit_rcu+0xc0/0xdc\n el0_interrupt+0x54/0xd8\n __el0_irq_handler_common+0x18/0x24\n el0t_64_irq_handler+0x10/0x1c\n el0t_64_irq+0x190/0x194\n Code: ???????? ???????? ???????? ???????? (????????)\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Oops: Fatal exception in interrupt\n SMP: stopping secondary CPUs\n Kernel Offset: disabled\n CPU features: 0x0,c0000000,40028143,1000721b\n Memory Limit: none\n ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44962"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0c000f7d-0754-4cce-8330-b8aa521c4cfa.json b/objects/vulnerability/vulnerability--0c000f7d-0754-4cce-8330-b8aa521c4cfa.json
new file mode 100644
index 00000000000..daa11b378db
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0c000f7d-0754-4cce-8330-b8aa521c4cfa.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--233fa097-cc76-4949-8806-c7b6ae66dd5a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0c000f7d-0754-4cce-8330-b8aa521c4cfa",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.078971Z",
+ "modified": "2024-09-05T00:19:28.078971Z",
+ "name": "CVE-2024-8121",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8121"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0c4da37a-7e39-4f84-a986-564e00e7b1fb.json b/objects/vulnerability/vulnerability--0c4da37a-7e39-4f84-a986-564e00e7b1fb.json
new file mode 100644
index 00000000000..edbb57732fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0c4da37a-7e39-4f84-a986-564e00e7b1fb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21346685-2024-4998-887c-807ba5c6093a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0c4da37a-7e39-4f84-a986-564e00e7b1fb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.585676Z",
+ "modified": "2024-09-05T00:19:28.585676Z",
+ "name": "CVE-2024-7834",
+ "description": "A local privilege escalation is caused by Overwolf\nloading and executing certain dynamic link library files from a user-writeable\nfolder in SYSTEM context on launch. This allows an attacker with unprivileged\naccess to the system to run arbitrary code with SYSTEM privileges by placing a\nmalicious .dll file in the respective location.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7834"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0ce6d1b4-5de1-4d33-8dec-2eeedf6c217c.json b/objects/vulnerability/vulnerability--0ce6d1b4-5de1-4d33-8dec-2eeedf6c217c.json
new file mode 100644
index 00000000000..b90f858cc9c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0ce6d1b4-5de1-4d33-8dec-2eeedf6c217c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8b699a4d-020d-46d7-8418-66fa26c8cd92",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0ce6d1b4-5de1-4d33-8dec-2eeedf6c217c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.03002Z",
+ "modified": "2024-09-05T00:19:29.03002Z",
+ "name": "CVE-2024-45444",
+ "description": "Access permission verification vulnerability in the WMS module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45444"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0fc045a6-bb74-4f38-9bc0-f8d4f60ae9d0.json b/objects/vulnerability/vulnerability--0fc045a6-bb74-4f38-9bc0-f8d4f60ae9d0.json
new file mode 100644
index 00000000000..8a0166702fa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0fc045a6-bb74-4f38-9bc0-f8d4f60ae9d0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4bcd017d-5fcd-4492-bb25-a7d6ac0f24de",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0fc045a6-bb74-4f38-9bc0-f8d4f60ae9d0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.542307Z",
+ "modified": "2024-09-05T00:19:28.542307Z",
+ "name": "CVE-2024-34657",
+ "description": "Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34657"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--105d57bb-fcfc-4dbb-a060-5e3a951c502a.json b/objects/vulnerability/vulnerability--105d57bb-fcfc-4dbb-a060-5e3a951c502a.json
new file mode 100644
index 00000000000..6c3dc00d1d2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--105d57bb-fcfc-4dbb-a060-5e3a951c502a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6667640b-5ae5-435a-8c30-ebb4991ff95e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--105d57bb-fcfc-4dbb-a060-5e3a951c502a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.169125Z",
+ "modified": "2024-09-05T00:19:27.169125Z",
+ "name": "CVE-2024-44963",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44963"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--13579950-3ee5-4c1f-9200-1297b9f93e60.json b/objects/vulnerability/vulnerability--13579950-3ee5-4c1f-9200-1297b9f93e60.json
new file mode 100644
index 00000000000..fcafbeb9cae
--- /dev/null
+++ b/objects/vulnerability/vulnerability--13579950-3ee5-4c1f-9200-1297b9f93e60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6b0aaed2-6816-42eb-bea8-f41de45655b5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--13579950-3ee5-4c1f-9200-1297b9f93e60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.329327Z",
+ "modified": "2024-09-05T00:19:27.329327Z",
+ "name": "CVE-2024-44950",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n sc16is7xx_startup(): entry\n sc16is7xx_ms_proc(): entry\n sc16is7xx_set_termios(): entry\n sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n sc16is7xx_port_irq() entry --> IIR is 0x0C\n sc16is7xx_handle_rx() entry\n sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n mapped to DLL (LCR=LCR_CONF_MODE_A)\n sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44950"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--14e4fca4-5d98-4ac8-a42b-052ef1d7cdf0.json b/objects/vulnerability/vulnerability--14e4fca4-5d98-4ac8-a42b-052ef1d7cdf0.json
new file mode 100644
index 00000000000..eba2cb42550
--- /dev/null
+++ b/objects/vulnerability/vulnerability--14e4fca4-5d98-4ac8-a42b-052ef1d7cdf0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--710b1962-6dae-4591-9233-bb3fd08dd5b0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--14e4fca4-5d98-4ac8-a42b-052ef1d7cdf0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.044434Z",
+ "modified": "2024-09-05T00:19:29.044434Z",
+ "name": "CVE-2024-45074",
+ "description": "IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45074"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--14f0f73b-3658-4ece-be41-0444d782f8a6.json b/objects/vulnerability/vulnerability--14f0f73b-3658-4ece-be41-0444d782f8a6.json
new file mode 100644
index 00000000000..4c3f41fe3b8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--14f0f73b-3658-4ece-be41-0444d782f8a6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f168b151-47c9-454c-926a-930232e7fc79",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--14f0f73b-3658-4ece-be41-0444d782f8a6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.324367Z",
+ "modified": "2024-09-05T00:19:27.324367Z",
+ "name": "CVE-2024-44972",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n # mkfs.btrfs -f -s 4k $dev\n # mount $dev $mnt\n # fsstress -w -n 8 -d $mnt -s 1709539240\n 0/0: fiemap - no filename\n 0/1: copyrange read - no filename\n 0/2: write - no filename\n 0/3: rename - no source filename\n 0/4: creat f0 x:0 0 0\n 0/4: creat add id=0,parent=-1\n 0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n 0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n 0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n 0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n 704K 768K 832K 896K\n I |////I/////////////////I///////////| I\n 756K 868K\n\n |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n boundary.\n\n Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n flag set.\n\n > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44972"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1841d0c4-1de7-477f-bcb8-3d1827a72d72.json b/objects/vulnerability/vulnerability--1841d0c4-1de7-477f-bcb8-3d1827a72d72.json
new file mode 100644
index 00000000000..89aa82c8ef0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1841d0c4-1de7-477f-bcb8-3d1827a72d72.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--85f3371a-3f43-472b-824b-2f5dd35e37a0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1841d0c4-1de7-477f-bcb8-3d1827a72d72",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.48574Z",
+ "modified": "2024-09-05T00:19:28.48574Z",
+ "name": "CVE-2024-34640",
+ "description": "Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34640"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--18485a36-31f6-49fc-aebb-e0f41363542a.json b/objects/vulnerability/vulnerability--18485a36-31f6-49fc-aebb-e0f41363542a.json
new file mode 100644
index 00000000000..3c68ed9cf9b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--18485a36-31f6-49fc-aebb-e0f41363542a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2d899e5b-590b-4af9-a911-a3370fd34b83",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--18485a36-31f6-49fc-aebb-e0f41363542a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.045534Z",
+ "modified": "2024-09-05T00:19:29.045534Z",
+ "name": "CVE-2024-45002",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the \"tool->data\" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45002"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--18bc1acc-188f-40d7-a09e-4522c09ff04c.json b/objects/vulnerability/vulnerability--18bc1acc-188f-40d7-a09e-4522c09ff04c.json
new file mode 100644
index 00000000000..ba7ea80146d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--18bc1acc-188f-40d7-a09e-4522c09ff04c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8457c3ed-4caa-47b6-b226-dad5ff1e069d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--18bc1acc-188f-40d7-a09e-4522c09ff04c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.055965Z",
+ "modified": "2024-09-05T00:19:29.055965Z",
+ "name": "CVE-2024-45445",
+ "description": "Vulnerability of resources not being closed or released in the keystore module\nImpact: Successful exploitation of this vulnerability will affect availability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45445"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--19428281-13e3-431a-bf45-6657fef78c50.json b/objects/vulnerability/vulnerability--19428281-13e3-431a-bf45-6657fef78c50.json
new file mode 100644
index 00000000000..03f24cc0cbf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--19428281-13e3-431a-bf45-6657fef78c50.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c4194caf-7a0a-4146-bbf0-83702cd48b5f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--19428281-13e3-431a-bf45-6657fef78c50",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.506183Z",
+ "modified": "2024-09-05T00:19:28.506183Z",
+ "name": "CVE-2024-34658",
+ "description": "Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34658"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--19f795cf-12d1-48b3-a448-6f9fd3f43bf0.json b/objects/vulnerability/vulnerability--19f795cf-12d1-48b3-a448-6f9fd3f43bf0.json
new file mode 100644
index 00000000000..a6206cc78fe
--- /dev/null
+++ b/objects/vulnerability/vulnerability--19f795cf-12d1-48b3-a448-6f9fd3f43bf0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fd7fcf85-9674-4796-9b1f-34cfc17fcfdb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--19f795cf-12d1-48b3-a448-6f9fd3f43bf0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.184663Z",
+ "modified": "2024-09-05T00:19:27.184663Z",
+ "name": "CVE-2024-44994",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Restore lost return in iommu_report_device_fault()\n\nWhen iommu_report_device_fault gets called with a partial fault it is\nsupposed to collect the fault into the group and then return.\n\nInstead the return was accidently deleted which results in trying to\nprocess the fault and an eventual crash.\n\nDeleting the return was a typo, put it back.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44994"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1a64c8bd-dab8-4cd6-8f13-34fab8f6ded1.json b/objects/vulnerability/vulnerability--1a64c8bd-dab8-4cd6-8f13-34fab8f6ded1.json
new file mode 100644
index 00000000000..e241776e77e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1a64c8bd-dab8-4cd6-8f13-34fab8f6ded1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4a656613-02f5-467e-94bc-69790d0c815b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1a64c8bd-dab8-4cd6-8f13-34fab8f6ded1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.097805Z",
+ "modified": "2024-09-05T00:19:28.097805Z",
+ "name": "CVE-2024-8411",
+ "description": "A vulnerability, which was classified as problematic, has been found in ABCD ABCD2 up to 2.2.0-beta-1. This issue affects some unknown processing of the file /buscar_integrada.php. The manipulation of the argument Sub_Expresion leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8411"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1c578baa-767a-472f-b8cd-1ba031e939f1.json b/objects/vulnerability/vulnerability--1c578baa-767a-472f-b8cd-1ba031e939f1.json
new file mode 100644
index 00000000000..64513b6f46f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1c578baa-767a-472f-b8cd-1ba031e939f1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b469367a-40ea-425d-bb3a-e8b99e56f876",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1c578baa-767a-472f-b8cd-1ba031e939f1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.477158Z",
+ "modified": "2024-09-05T00:19:27.477158Z",
+ "name": "CVE-2024-6722",
+ "description": "The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6722"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1c7104cf-8564-4c57-bc44-7441fa822249.json b/objects/vulnerability/vulnerability--1c7104cf-8564-4c57-bc44-7441fa822249.json
new file mode 100644
index 00000000000..10dde2d6189
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1c7104cf-8564-4c57-bc44-7441fa822249.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e72f2bea-e90d-4e2b-8ee1-acc46128eb48",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1c7104cf-8564-4c57-bc44-7441fa822249",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.109121Z",
+ "modified": "2024-09-05T00:19:28.109121Z",
+ "name": "CVE-2024-8104",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8104"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1d07e766-fe7c-4adf-aaca-0ae26c904209.json b/objects/vulnerability/vulnerability--1d07e766-fe7c-4adf-aaca-0ae26c904209.json
new file mode 100644
index 00000000000..17ecd1a27ea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1d07e766-fe7c-4adf-aaca-0ae26c904209.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7c95a3bd-ac3c-4771-8c96-3a675bbafb7a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1d07e766-fe7c-4adf-aaca-0ae26c904209",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.036689Z",
+ "modified": "2024-09-05T00:19:29.036689Z",
+ "name": "CVE-2024-45053",
+ "description": "Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45053"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1ffcda4a-a517-44b7-a87f-f24472e6d09e.json b/objects/vulnerability/vulnerability--1ffcda4a-a517-44b7-a87f-f24472e6d09e.json
new file mode 100644
index 00000000000..dfd370a2e23
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1ffcda4a-a517-44b7-a87f-f24472e6d09e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6eea22f5-c0ec-4a71-9fac-13b87948089e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1ffcda4a-a517-44b7-a87f-f24472e6d09e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.008206Z",
+ "modified": "2024-09-05T00:19:29.008206Z",
+ "name": "CVE-2024-45006",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45006"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2075d1c3-c139-42d0-a3cb-611d56285bf0.json b/objects/vulnerability/vulnerability--2075d1c3-c139-42d0-a3cb-611d56285bf0.json
new file mode 100644
index 00000000000..5acf969578b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2075d1c3-c139-42d0-a3cb-611d56285bf0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e6273eb0-360a-4f96-b652-08fd8dd171ef",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2075d1c3-c139-42d0-a3cb-611d56285bf0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.076696Z",
+ "modified": "2024-09-05T00:19:28.076696Z",
+ "name": "CVE-2024-8117",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8117"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--222a63ea-2d05-40c5-8ee0-30791a718e0c.json b/objects/vulnerability/vulnerability--222a63ea-2d05-40c5-8ee0-30791a718e0c.json
new file mode 100644
index 00000000000..474e523ba39
--- /dev/null
+++ b/objects/vulnerability/vulnerability--222a63ea-2d05-40c5-8ee0-30791a718e0c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3bcd22d4-a5ac-4c7e-b5f0-c18a1efbcf4a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--222a63ea-2d05-40c5-8ee0-30791a718e0c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.189583Z",
+ "modified": "2024-09-05T00:19:27.189583Z",
+ "name": "CVE-2024-44821",
+ "description": "ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44821"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--258bdce2-db18-4bc7-9eaf-651e924ab1c4.json b/objects/vulnerability/vulnerability--258bdce2-db18-4bc7-9eaf-651e924ab1c4.json
new file mode 100644
index 00000000000..181c2369b2b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--258bdce2-db18-4bc7-9eaf-651e924ab1c4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a0ed7dbb-a527-496c-b3aa-9c4a98197a49",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--258bdce2-db18-4bc7-9eaf-651e924ab1c4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.015585Z",
+ "modified": "2024-09-05T00:19:29.015585Z",
+ "name": "CVE-2024-45449",
+ "description": "Access permission verification vulnerability in the ringtone setting module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45449"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--26a33fb6-51ff-4733-a5f9-bba75a77adfe.json b/objects/vulnerability/vulnerability--26a33fb6-51ff-4733-a5f9-bba75a77adfe.json
new file mode 100644
index 00000000000..63604f53ee5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--26a33fb6-51ff-4733-a5f9-bba75a77adfe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--329b82c2-ee60-4310-a397-4c60426ab9f7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--26a33fb6-51ff-4733-a5f9-bba75a77adfe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.159266Z",
+ "modified": "2024-09-05T00:19:27.159266Z",
+ "name": "CVE-2024-44820",
+ "description": "A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44820"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--29ce0093-6203-4be2-8e17-37ec0ff2dfb9.json b/objects/vulnerability/vulnerability--29ce0093-6203-4be2-8e17-37ec0ff2dfb9.json
new file mode 100644
index 00000000000..85b6e377d77
--- /dev/null
+++ b/objects/vulnerability/vulnerability--29ce0093-6203-4be2-8e17-37ec0ff2dfb9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e2eeb251-6612-4975-ba49-98e7b77c68f3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--29ce0093-6203-4be2-8e17-37ec0ff2dfb9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.507496Z",
+ "modified": "2024-09-05T00:19:28.507496Z",
+ "name": "CVE-2024-34661",
+ "description": "Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34661"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2d3d2c00-294e-4a6b-8395-aa6f915bfbdf.json b/objects/vulnerability/vulnerability--2d3d2c00-294e-4a6b-8395-aa6f915bfbdf.json
new file mode 100644
index 00000000000..53d2cdccaf6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2d3d2c00-294e-4a6b-8395-aa6f915bfbdf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--313cf170-4aa3-4f37-b0de-1865094519ee",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2d3d2c00-294e-4a6b-8395-aa6f915bfbdf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.322736Z",
+ "modified": "2024-09-05T00:19:27.322736Z",
+ "name": "CVE-2024-44991",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns. In the latter case, error unwinding calls the exit handlers\nin reverse order for the 'failed' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 (\"net: Batch inet_twsk_purge\"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can \"steal\" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn't seem like an actual bug (no tw sockets got lost and I don't\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44991"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2fba7ef6-7db2-4ffd-808e-8b9020cc334d.json b/objects/vulnerability/vulnerability--2fba7ef6-7db2-4ffd-808e-8b9020cc334d.json
new file mode 100644
index 00000000000..df767c7fdf8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2fba7ef6-7db2-4ffd-808e-8b9020cc334d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b5564396-6e04-400a-974a-5424c4697ead",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2fba7ef6-7db2-4ffd-808e-8b9020cc334d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.909468Z",
+ "modified": "2024-09-05T00:19:27.909468Z",
+ "name": "CVE-2024-20505",
+ "description": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20505"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--305a87a6-eb67-46f1-86b0-1e4dff1a7ba2.json b/objects/vulnerability/vulnerability--305a87a6-eb67-46f1-86b0-1e4dff1a7ba2.json
new file mode 100644
index 00000000000..0f990a23866
--- /dev/null
+++ b/objects/vulnerability/vulnerability--305a87a6-eb67-46f1-86b0-1e4dff1a7ba2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7686f310-e9e9-413e-81a1-473e35d8656f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--305a87a6-eb67-46f1-86b0-1e4dff1a7ba2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.523371Z",
+ "modified": "2024-09-05T00:19:27.523371Z",
+ "name": "CVE-2024-42039",
+ "description": "Access control vulnerability in the SystemUI module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42039"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--308e7756-305b-4fc9-891c-aac0c97df13c.json b/objects/vulnerability/vulnerability--308e7756-305b-4fc9-891c-aac0c97df13c.json
new file mode 100644
index 00000000000..0f062c9474d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--308e7756-305b-4fc9-891c-aac0c97df13c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a7c803b0-3f72-4668-9d47-e761e2ef42e2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--308e7756-305b-4fc9-891c-aac0c97df13c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.053447Z",
+ "modified": "2024-09-05T00:19:29.053447Z",
+ "name": "CVE-2024-45000",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing \"n_accesses\" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP PTI\n CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n Workqueue: events_unbound netfs_rreq_write_to_cache_work\n RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n Call Trace:\n \n ? __die+0x1f/0x70\n ? page_fault_oops+0x15d/0x440\n ? search_module_extables+0xe/0x40\n ? fixup_exception+0x22/0x2f0\n ? exc_page_fault+0x5f/0x100\n ? asm_exc_page_fault+0x22/0x30\n ? cachefiles_prepare_write+0x30/0xa0\n netfs_rreq_write_to_cache_work+0x135/0x2e0\n process_one_work+0x137/0x2c0\n worker_thread+0x2e9/0x400\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \n Modules linked in:\n CR2: 0000000000000008\n ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the \"n_accesses\" counter is\nnon-zero (via fscache_begin_operation()). The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in \"case\nFSCACHE_COOKIE_STATE_FAILED\"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING (\"case\nFSCACHE_COOKIE_STATE_ACTIVE\").\n\nThis patch adds the missing check. With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45000"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--30df9cea-840f-48df-acfc-9db0d58e5e50.json b/objects/vulnerability/vulnerability--30df9cea-840f-48df-acfc-9db0d58e5e50.json
new file mode 100644
index 00000000000..5ff4b091b66
--- /dev/null
+++ b/objects/vulnerability/vulnerability--30df9cea-840f-48df-acfc-9db0d58e5e50.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--71357912-efbd-4481-af38-8715fc95a82e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--30df9cea-840f-48df-acfc-9db0d58e5e50",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.300937Z",
+ "modified": "2024-09-05T00:19:27.300937Z",
+ "name": "CVE-2024-44992",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid possible NULL dereference in cifs_free_subrequest()\n\nClang static checker (scan-build) warning:\n\tcifsglob.h:line 890, column 3\n\tAccess to field 'ops' results in a dereference of a null pointer.\n\nCommit 519be989717c (\"cifs: Add a tracepoint to track credits involved in\nR/W requests\") adds a check for 'rdata->server', and let clang throw this\nwarning about NULL dereference.\n\nWhen 'rdata->credits.value != 0 && rdata->server == NULL' happens,\nadd_credits_and_wake_if() will call rdata->server->ops->add_credits().\nThis will cause NULL dereference problem. Add a check for 'rdata->server'\nto avoid NULL dereference.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44992"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--31efa31e-4c24-404e-b519-9102439a41c0.json b/objects/vulnerability/vulnerability--31efa31e-4c24-404e-b519-9102439a41c0.json
new file mode 100644
index 00000000000..2bb22853e0e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--31efa31e-4c24-404e-b519-9102439a41c0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--36c1f251-6da9-4812-a2e3-cb1e3a373289",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--31efa31e-4c24-404e-b519-9102439a41c0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.193303Z",
+ "modified": "2024-09-05T00:19:27.193303Z",
+ "name": "CVE-2024-44989",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: \n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44989"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--35186636-d995-44b8-bbc3-d791c82fc943.json b/objects/vulnerability/vulnerability--35186636-d995-44b8-bbc3-d791c82fc943.json
new file mode 100644
index 00000000000..6a96b6c9414
--- /dev/null
+++ b/objects/vulnerability/vulnerability--35186636-d995-44b8-bbc3-d791c82fc943.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--32e54255-baf0-4b67-aa60-3d00c39e05d8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--35186636-d995-44b8-bbc3-d791c82fc943",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.109024Z",
+ "modified": "2024-09-05T00:19:27.109024Z",
+ "name": "CVE-2024-44949",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44949"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--36666ae3-4ea0-44a2-8b66-d0da44d08dea.json b/objects/vulnerability/vulnerability--36666ae3-4ea0-44a2-8b66-d0da44d08dea.json
new file mode 100644
index 00000000000..0a5ef1b07b7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--36666ae3-4ea0-44a2-8b66-d0da44d08dea.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3b1e749b-5fb0-4fbf-a506-012bb38b8532",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--36666ae3-4ea0-44a2-8b66-d0da44d08dea",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.161905Z",
+ "modified": "2024-09-05T00:19:27.161905Z",
+ "name": "CVE-2024-44977",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44977"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--38e55648-02fb-4261-9c8d-4765ac5a1ada.json b/objects/vulnerability/vulnerability--38e55648-02fb-4261-9c8d-4765ac5a1ada.json
new file mode 100644
index 00000000000..fbbb04c7d02
--- /dev/null
+++ b/objects/vulnerability/vulnerability--38e55648-02fb-4261-9c8d-4765ac5a1ada.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--538b8a87-c5dc-4a9b-ba8d-bee437cff63e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--38e55648-02fb-4261-9c8d-4765ac5a1ada",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.121913Z",
+ "modified": "2024-09-05T00:19:27.121913Z",
+ "name": "CVE-2024-44976",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_macio: Fix DMA table overflow\n\nKolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing\nin pata-macio since commit 09fe2bfa6b83 (\"ata: pata_macio: Fix\nmax_segment_size with PAGE_SIZE == 64K\").\n\nFor example:\n\n kernel BUG at drivers/ata/pata_macio.c:544!\n Oops: Exception in kernel mode, sig: 5 [#1]\n BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac\n ...\n NIP pata_macio_qc_prep+0xf4/0x190\n LR pata_macio_qc_prep+0xfc/0x190\n Call Trace:\n 0xc1421660 (unreliable)\n ata_qc_issue+0x14c/0x2d4\n __ata_scsi_queuecmd+0x200/0x53c\n ata_scsi_queuecmd+0x50/0xe0\n scsi_queue_rq+0x788/0xb1c\n __blk_mq_issue_directly+0x58/0xf4\n blk_mq_plug_issue_direct+0x8c/0x1b4\n blk_mq_flush_plug_list.part.0+0x584/0x5e0\n __blk_flush_plug+0xf8/0x194\n __submit_bio+0x1b8/0x2e0\n submit_bio_noacct_nocheck+0x230/0x304\n btrfs_work_helper+0x200/0x338\n process_one_work+0x1a8/0x338\n worker_thread+0x364/0x4c0\n kthread+0x100/0x104\n start_kernel_thread+0x10/0x14\n\nThat commit increased max_segment_size to 64KB, with the justification\nthat the SCSI core was already using that size when PAGE_SIZE == 64KB,\nand that there was existing logic to split over-sized requests.\n\nHowever with a sufficiently large request, the splitting logic causes\neach sg to be split into two commands in the DMA table, leading to\noverflow of the DMA table, triggering the BUG_ON().\n\nWith default settings the bug doesn't trigger, because the request size\nis limited by max_sectors_kb == 1280, however max_sectors_kb can be\nincreased, and apparently some distros do that by default using udev\nrules.\n\nFix the bug for 4KB kernels by reverting to the old max_segment_size.\n\nFor 64KB kernels the sg_tablesize needs to be halved, to allow for the\npossibility that each sg will be split into two.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44976"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3954fcef-258b-400a-9808-57e711a48d46.json b/objects/vulnerability/vulnerability--3954fcef-258b-400a-9808-57e711a48d46.json
new file mode 100644
index 00000000000..ab18ecba8ad
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3954fcef-258b-400a-9808-57e711a48d46.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e20c4a89-783f-49ce-96ef-cf61ff1a0045",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3954fcef-258b-400a-9808-57e711a48d46",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.513962Z",
+ "modified": "2024-09-05T00:19:28.513962Z",
+ "name": "CVE-2024-34660",
+ "description": "Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34660"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3a238bcd-49a1-4390-bcce-84005b3f18f5.json b/objects/vulnerability/vulnerability--3a238bcd-49a1-4390-bcce-84005b3f18f5.json
new file mode 100644
index 00000000000..457315ee51f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3a238bcd-49a1-4390-bcce-84005b3f18f5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7db1ed15-48b8-453d-b609-b7df868e31bd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3a238bcd-49a1-4390-bcce-84005b3f18f5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.139795Z",
+ "modified": "2024-09-05T00:19:27.139795Z",
+ "name": "CVE-2024-44818",
+ "description": "Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTP_Referer header of the caina.php component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44818"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3a241fa1-1f32-46dd-8049-e15d18902a10.json b/objects/vulnerability/vulnerability--3a241fa1-1f32-46dd-8049-e15d18902a10.json
new file mode 100644
index 00000000000..eba80eac903
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3a241fa1-1f32-46dd-8049-e15d18902a10.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9b3e05bd-ad2c-4ee3-bec6-a16e9637b87e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3a241fa1-1f32-46dd-8049-e15d18902a10",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.593002Z",
+ "modified": "2024-09-05T00:19:28.593002Z",
+ "name": "CVE-2024-7870",
+ "description": "The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7870"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3cf0caed-c0be-4a03-ab19-0797cb27b20b.json b/objects/vulnerability/vulnerability--3cf0caed-c0be-4a03-ab19-0797cb27b20b.json
new file mode 100644
index 00000000000..7e29ebc615f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3cf0caed-c0be-4a03-ab19-0797cb27b20b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--78aec8ba-247b-4a34-84b9-852d5bfe7ef8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3cf0caed-c0be-4a03-ab19-0797cb27b20b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.077758Z",
+ "modified": "2024-09-05T00:19:28.077758Z",
+ "name": "CVE-2024-8106",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8106"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3fa725be-0bf6-46dc-bdff-08851a7499d6.json b/objects/vulnerability/vulnerability--3fa725be-0bf6-46dc-bdff-08851a7499d6.json
new file mode 100644
index 00000000000..4b82977dc5d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3fa725be-0bf6-46dc-bdff-08851a7499d6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--70256e8c-2d3c-4dd5-83f0-96c11b665c30",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3fa725be-0bf6-46dc-bdff-08851a7499d6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.123605Z",
+ "modified": "2024-09-05T00:19:27.123605Z",
+ "name": "CVE-2024-44964",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there's\na clear memory leak here.\n\nJust don't allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44964"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4016d9a1-237d-44c8-9011-bccbd5ec78e4.json b/objects/vulnerability/vulnerability--4016d9a1-237d-44c8-9011-bccbd5ec78e4.json
new file mode 100644
index 00000000000..516e5970690
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4016d9a1-237d-44c8-9011-bccbd5ec78e4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5b1e1482-7bc2-4b2a-a8c1-bdf77c992592",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4016d9a1-237d-44c8-9011-bccbd5ec78e4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.107197Z",
+ "modified": "2024-09-05T00:19:27.107197Z",
+ "name": "CVE-2024-44957",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44957"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--406771c5-fa6b-4e54-a2ad-9babf9c7d359.json b/objects/vulnerability/vulnerability--406771c5-fa6b-4e54-a2ad-9babf9c7d359.json
new file mode 100644
index 00000000000..1f424932901
--- /dev/null
+++ b/objects/vulnerability/vulnerability--406771c5-fa6b-4e54-a2ad-9babf9c7d359.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--db82c510-a54e-41e3-9207-6d1794fdb413",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--406771c5-fa6b-4e54-a2ad-9babf9c7d359",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.503505Z",
+ "modified": "2024-09-05T00:19:28.503505Z",
+ "name": "CVE-2024-34648",
+ "description": "Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34648"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--424c96bb-52a7-4ccb-a2ed-c07ced8282d5.json b/objects/vulnerability/vulnerability--424c96bb-52a7-4ccb-a2ed-c07ced8282d5.json
new file mode 100644
index 00000000000..955e454b8fe
--- /dev/null
+++ b/objects/vulnerability/vulnerability--424c96bb-52a7-4ccb-a2ed-c07ced8282d5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4df0bf37-c418-493d-aa34-1c07be3f9fe5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--424c96bb-52a7-4ccb-a2ed-c07ced8282d5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.018065Z",
+ "modified": "2024-09-05T00:19:29.018065Z",
+ "name": "CVE-2024-45314",
+ "description": "Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45314"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--429df43a-4457-4056-8fb8-e099f68a53b8.json b/objects/vulnerability/vulnerability--429df43a-4457-4056-8fb8-e099f68a53b8.json
new file mode 100644
index 00000000000..3ec924bfbbc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--429df43a-4457-4056-8fb8-e099f68a53b8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bea4ca54-542b-413a-96c8-7600c1e66b10",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--429df43a-4457-4056-8fb8-e099f68a53b8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.330726Z",
+ "modified": "2024-09-05T00:19:27.330726Z",
+ "name": "CVE-2024-44978",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44978"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--44b9caba-984b-4901-ad46-79c1f20ecdfb.json b/objects/vulnerability/vulnerability--44b9caba-984b-4901-ad46-79c1f20ecdfb.json
new file mode 100644
index 00000000000..bdc7d2eff56
--- /dev/null
+++ b/objects/vulnerability/vulnerability--44b9caba-984b-4901-ad46-79c1f20ecdfb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6d768929-1719-44ed-b018-f13f38644274",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--44b9caba-984b-4901-ad46-79c1f20ecdfb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.048899Z",
+ "modified": "2024-09-05T00:19:29.048899Z",
+ "name": "CVE-2024-45448",
+ "description": "Page table protection configuration vulnerability in the trusted firmware module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45448"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--46fd8673-a3e6-49dc-8cf2-37e2d28d37d0.json b/objects/vulnerability/vulnerability--46fd8673-a3e6-49dc-8cf2-37e2d28d37d0.json
new file mode 100644
index 00000000000..4877c9a4a95
--- /dev/null
+++ b/objects/vulnerability/vulnerability--46fd8673-a3e6-49dc-8cf2-37e2d28d37d0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--39d6427c-0b27-497a-8111-99b1cb33a7f3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--46fd8673-a3e6-49dc-8cf2-37e2d28d37d0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.084745Z",
+ "modified": "2024-09-05T00:19:28.084745Z",
+ "name": "CVE-2024-8415",
+ "description": "A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /routers/add-ticket.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8415"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--47d218dd-fbb1-49f9-8335-3d871fcfe5d5.json b/objects/vulnerability/vulnerability--47d218dd-fbb1-49f9-8335-3d871fcfe5d5.json
new file mode 100644
index 00000000000..4486b351233
--- /dev/null
+++ b/objects/vulnerability/vulnerability--47d218dd-fbb1-49f9-8335-3d871fcfe5d5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--de6e2d2b-b811-48d8-9111-2bbfce862c1a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--47d218dd-fbb1-49f9-8335-3d871fcfe5d5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.148847Z",
+ "modified": "2024-09-05T00:19:27.148847Z",
+ "name": "CVE-2024-44956",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44956"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4fa02f7a-1f97-4d00-a9e4-289441dbad29.json b/objects/vulnerability/vulnerability--4fa02f7a-1f97-4d00-a9e4-289441dbad29.json
new file mode 100644
index 00000000000..97c395a3c85
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4fa02f7a-1f97-4d00-a9e4-289441dbad29.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e2856414-43dc-476a-9d04-38ab8e54d4cc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4fa02f7a-1f97-4d00-a9e4-289441dbad29",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.486907Z",
+ "modified": "2024-09-05T00:19:28.486907Z",
+ "name": "CVE-2024-34655",
+ "description": "Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34655"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--506cfc90-0cc0-4e2e-857c-3939186ad12e.json b/objects/vulnerability/vulnerability--506cfc90-0cc0-4e2e-857c-3939186ad12e.json
new file mode 100644
index 00000000000..cf76e581796
--- /dev/null
+++ b/objects/vulnerability/vulnerability--506cfc90-0cc0-4e2e-857c-3939186ad12e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a4d0063e-ec2a-4167-bdb8-62b15fb4d0dc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--506cfc90-0cc0-4e2e-857c-3939186ad12e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.522661Z",
+ "modified": "2024-09-05T00:19:28.522661Z",
+ "name": "CVE-2024-34646",
+ "description": "Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34646"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--51b2455d-d127-465f-9da1-c6f2c785535a.json b/objects/vulnerability/vulnerability--51b2455d-d127-465f-9da1-c6f2c785535a.json
new file mode 100644
index 00000000000..0f445bfa987
--- /dev/null
+++ b/objects/vulnerability/vulnerability--51b2455d-d127-465f-9da1-c6f2c785535a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1deaa45d-94de-43fd-bf1a-4a9ef73b5803",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--51b2455d-d127-465f-9da1-c6f2c785535a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.929237Z",
+ "modified": "2024-09-05T00:19:27.929237Z",
+ "name": "CVE-2024-20506",
+ "description": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20506"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--56d58479-e006-4cbb-993b-09da76eac40d.json b/objects/vulnerability/vulnerability--56d58479-e006-4cbb-993b-09da76eac40d.json
new file mode 100644
index 00000000000..adca88d9f5b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--56d58479-e006-4cbb-993b-09da76eac40d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--66ef4003-a6eb-480a-afef-458d50263da5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--56d58479-e006-4cbb-993b-09da76eac40d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.070323Z",
+ "modified": "2024-09-05T00:19:28.070323Z",
+ "name": "CVE-2024-8416",
+ "description": "A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8416"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--578a2215-eedb-4f73-98f1-770ff5c3fc7e.json b/objects/vulnerability/vulnerability--578a2215-eedb-4f73-98f1-770ff5c3fc7e.json
new file mode 100644
index 00000000000..4dfe22dc0df
--- /dev/null
+++ b/objects/vulnerability/vulnerability--578a2215-eedb-4f73-98f1-770ff5c3fc7e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f7f786d8-47a9-43ee-ab98-1a269c898dca",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--578a2215-eedb-4f73-98f1-770ff5c3fc7e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.101034Z",
+ "modified": "2024-09-05T00:19:28.101034Z",
+ "name": "CVE-2024-8318",
+ "description": "The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8318"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5819866c-05da-49dd-8204-a8e5d4cb7dbf.json b/objects/vulnerability/vulnerability--5819866c-05da-49dd-8204-a8e5d4cb7dbf.json
new file mode 100644
index 00000000000..d91a0d9038d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5819866c-05da-49dd-8204-a8e5d4cb7dbf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b727fdd0-3e0f-4f58-8def-ead639787a16",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5819866c-05da-49dd-8204-a8e5d4cb7dbf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.164187Z",
+ "modified": "2024-09-05T00:19:27.164187Z",
+ "name": "CVE-2024-44975",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n \n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44975"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--583a3156-07c7-41b8-93c4-6e62574a0204.json b/objects/vulnerability/vulnerability--583a3156-07c7-41b8-93c4-6e62574a0204.json
new file mode 100644
index 00000000000..96b72526b9a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--583a3156-07c7-41b8-93c4-6e62574a0204.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9f78c77e-806a-499b-8db7-18fcc08c335f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--583a3156-07c7-41b8-93c4-6e62574a0204",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.610046Z",
+ "modified": "2024-09-05T00:19:28.610046Z",
+ "name": "CVE-2024-7076",
+ "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7076"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--58a6c61c-d958-4646-9a48-3561840fe98b.json b/objects/vulnerability/vulnerability--58a6c61c-d958-4646-9a48-3561840fe98b.json
new file mode 100644
index 00000000000..ab21fcdddb4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--58a6c61c-d958-4646-9a48-3561840fe98b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21851e6f-ec0c-464b-b7f5-5b89e2f0ce6d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--58a6c61c-d958-4646-9a48-3561840fe98b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.046738Z",
+ "modified": "2024-09-05T00:19:29.046738Z",
+ "name": "CVE-2024-45395",
+ "description": "sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these data structures is computationally expensive. This can be used to consume excessive CPU resources, leading to a denial of service attack. TUF's security model labels this type of vulnerability an \"Endless data attack,\" and can lead to verification failing to complete and disrupting services that rely on sigstore-go for verification. This vulnerability is addressed with sigstore-go 0.6.1, which adds hard limits to the number of verifiable data structures that can be processed in a bundle. Verification will fail if a bundle has data that exceeds these limits. The limits are 32 signed transparency log entries, 32 RFC 3161 timestamps, 1024 attestation subjects, and 32 digests per attestation subject. These limits are intended to be high enough to accommodate the vast majority of use cases, while preventing the verification of maliciously crafted bundles that contain large amounts of verifiable data. Users who are vulnerable but unable to quickly upgrade may consider adding manual bundle validation to enforce limits similar to those in the referenced patch prior to calling sigstore-go's verification functions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45395"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--59fb98cb-39e5-45d8-b2b4-4dbf14cc437e.json b/objects/vulnerability/vulnerability--59fb98cb-39e5-45d8-b2b4-4dbf14cc437e.json
new file mode 100644
index 00000000000..33c48835945
--- /dev/null
+++ b/objects/vulnerability/vulnerability--59fb98cb-39e5-45d8-b2b4-4dbf14cc437e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ca5bba4b-7a62-4916-801f-0adda688aa3e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--59fb98cb-39e5-45d8-b2b4-4dbf14cc437e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.305238Z",
+ "modified": "2024-09-05T00:19:27.305238Z",
+ "name": "CVE-2024-44967",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44967"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5abb03a3-e8be-4c85-a63c-6dedc2d7ebd8.json b/objects/vulnerability/vulnerability--5abb03a3-e8be-4c85-a63c-6dedc2d7ebd8.json
new file mode 100644
index 00000000000..36ff169e016
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5abb03a3-e8be-4c85-a63c-6dedc2d7ebd8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1a83ae33-9c44-4613-bf80-7d5a92e1fbe4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5abb03a3-e8be-4c85-a63c-6dedc2d7ebd8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.088947Z",
+ "modified": "2024-09-05T00:19:28.088947Z",
+ "name": "CVE-2024-8412",
+ "description": "A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8412"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5b48ffa3-c4fa-49ac-887e-43fb42651922.json b/objects/vulnerability/vulnerability--5b48ffa3-c4fa-49ac-887e-43fb42651922.json
new file mode 100644
index 00000000000..71a56e50aa1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5b48ffa3-c4fa-49ac-887e-43fb42651922.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7a683366-41c4-4b80-976e-61424a186163",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5b48ffa3-c4fa-49ac-887e-43fb42651922",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.512133Z",
+ "modified": "2024-09-05T00:19:28.512133Z",
+ "name": "CVE-2024-34647",
+ "description": "Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34647"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5b507624-0fbf-40fe-ab5b-1bd2499b0c6f.json b/objects/vulnerability/vulnerability--5b507624-0fbf-40fe-ab5b-1bd2499b0c6f.json
new file mode 100644
index 00000000000..24139777d63
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5b507624-0fbf-40fe-ab5b-1bd2499b0c6f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--23fb92c9-575f-4eef-a093-de8734f05e31",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5b507624-0fbf-40fe-ab5b-1bd2499b0c6f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.133072Z",
+ "modified": "2024-09-05T00:19:27.133072Z",
+ "name": "CVE-2024-44997",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()\n\nWhen there are multiple ap interfaces on one band and with WED on,\nturning the interface down will cause a kernel panic on MT798X.\n\nPreviously, cb_priv was freed in mtk_wed_setup_tc_block() without\nmarking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too.\n\nAssign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL\nin mtk_wed_setup_tc_block_cb().\n\n----------\nUnable to handle kernel paging request at virtual address 0072460bca32b4f5\nCall trace:\n mtk_wed_setup_tc_block_cb+0x4/0x38\n 0xffffffc0794084bc\n tcf_block_playback_offloads+0x70/0x1e8\n tcf_block_unbind+0x6c/0xc8\n...\n---------",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44997"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5d9c6ed1-2b4c-4149-b17a-905f73fc6d19.json b/objects/vulnerability/vulnerability--5d9c6ed1-2b4c-4149-b17a-905f73fc6d19.json
new file mode 100644
index 00000000000..f691ba576fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5d9c6ed1-2b4c-4149-b17a-905f73fc6d19.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--472f545e-974b-4a87-8bc0-8f4cc13e3052",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5d9c6ed1-2b4c-4149-b17a-905f73fc6d19",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.299809Z",
+ "modified": "2024-09-05T00:19:27.299809Z",
+ "name": "CVE-2024-44974",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44974"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6028fb8b-3b78-4dfe-a7c8-bdb2f7120289.json b/objects/vulnerability/vulnerability--6028fb8b-3b78-4dfe-a7c8-bdb2f7120289.json
new file mode 100644
index 00000000000..ae8c36963c5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6028fb8b-3b78-4dfe-a7c8-bdb2f7120289.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9674b904-134a-46b2-bc9e-eefd6e062576",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6028fb8b-3b78-4dfe-a7c8-bdb2f7120289",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.191318Z",
+ "modified": "2024-09-05T00:19:27.191318Z",
+ "name": "CVE-2024-44859",
+ "description": "Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44859"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--60558e66-83a5-4906-8a6f-55cb95cab72a.json b/objects/vulnerability/vulnerability--60558e66-83a5-4906-8a6f-55cb95cab72a.json
new file mode 100644
index 00000000000..b018b8a011a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--60558e66-83a5-4906-8a6f-55cb95cab72a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8cf5d144-eaf8-4611-a96d-d775db10d07d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--60558e66-83a5-4906-8a6f-55cb95cab72a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.926245Z",
+ "modified": "2024-09-05T00:19:27.926245Z",
+ "name": "CVE-2024-20439",
+ "description": "A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.\r\n\r\nThis vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20439"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--61cdf83b-2434-4d8f-8500-52a6a4ca9e55.json b/objects/vulnerability/vulnerability--61cdf83b-2434-4d8f-8500-52a6a4ca9e55.json
new file mode 100644
index 00000000000..ef50e71afc0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--61cdf83b-2434-4d8f-8500-52a6a4ca9e55.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0d81b1a4-e7ed-4316-9138-4db287a1f5b2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--61cdf83b-2434-4d8f-8500-52a6a4ca9e55",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.09595Z",
+ "modified": "2024-09-05T00:19:28.09595Z",
+ "name": "CVE-2024-8123",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8123"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--62375671-6685-455e-9512-a6747ee845b3.json b/objects/vulnerability/vulnerability--62375671-6685-455e-9512-a6747ee845b3.json
new file mode 100644
index 00000000000..0fc65000fc8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--62375671-6685-455e-9512-a6747ee845b3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cc46043f-99bf-44c7-84b2-0ef3a2bcd817",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--62375671-6685-455e-9512-a6747ee845b3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.119613Z",
+ "modified": "2024-09-05T00:19:27.119613Z",
+ "name": "CVE-2024-44953",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n __switch_to+0x1a8/0x2d4\n __schedule+0x684/0xa98\n schedule+0x48/0xc8\n schedule_timeout+0x48/0x170\n do_wait_for_common+0x108/0x1b0\n wait_for_completion+0x44/0x60\n __flush_work+0x39c/0x424\n __cancel_work_sync+0xd8/0x208\n cancel_delayed_work_sync+0x14/0x28\n __ufshcd_wl_suspend+0x19c/0x480\n ufshcd_wl_runtime_suspend+0x3c/0x1d4\n scsi_runtime_suspend+0x78/0xc8\n __rpm_callback+0x94/0x3e0\n rpm_suspend+0x2d4/0x65c\n __pm_runtime_suspend+0x80/0x114\n scsi_runtime_idle+0x38/0x6c\n rpm_idle+0x264/0x338\n __pm_runtime_idle+0x80/0x110\n ufshcd_rtc_work+0x128/0x1e4\n process_one_work+0x26c/0x650\n worker_thread+0x260/0x3d8\n kthread+0x110/0x134\n ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44953"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--661f662e-b46c-40d1-8882-daa809efe7ad.json b/objects/vulnerability/vulnerability--661f662e-b46c-40d1-8882-daa809efe7ad.json
new file mode 100644
index 00000000000..5cafacdbc6b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--661f662e-b46c-40d1-8882-daa809efe7ad.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3543010b-62c8-4376-9af9-995ea3c17770",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--661f662e-b46c-40d1-8882-daa809efe7ad",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.29874Z",
+ "modified": "2024-09-05T00:19:27.29874Z",
+ "name": "CVE-2024-44990",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44990"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--66728ef5-9753-459f-b769-872ea2d9f747.json b/objects/vulnerability/vulnerability--66728ef5-9753-459f-b769-872ea2d9f747.json
new file mode 100644
index 00000000000..b2a713cc7ee
--- /dev/null
+++ b/objects/vulnerability/vulnerability--66728ef5-9753-459f-b769-872ea2d9f747.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0f898ef0-22f2-4c76-b114-511498c52923",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--66728ef5-9753-459f-b769-872ea2d9f747",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.603784Z",
+ "modified": "2024-09-05T00:19:28.603784Z",
+ "name": "CVE-2024-7078",
+ "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7078"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--670c24fd-942f-46f5-97eb-3dd47a891fb8.json b/objects/vulnerability/vulnerability--670c24fd-942f-46f5-97eb-3dd47a891fb8.json
new file mode 100644
index 00000000000..5d1624f13de
--- /dev/null
+++ b/objects/vulnerability/vulnerability--670c24fd-942f-46f5-97eb-3dd47a891fb8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ce0d5430-f44e-4cfb-a874-8f5bc025f99c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--670c24fd-942f-46f5-97eb-3dd47a891fb8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.16295Z",
+ "modified": "2024-09-05T00:19:27.16295Z",
+ "name": "CVE-2024-44383",
+ "description": "WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44383"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6884c0fa-0d3f-4923-bd07-36d06b5dfc59.json b/objects/vulnerability/vulnerability--6884c0fa-0d3f-4923-bd07-36d06b5dfc59.json
new file mode 100644
index 00000000000..ed976574512
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6884c0fa-0d3f-4923-bd07-36d06b5dfc59.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6717cdaa-e65c-469b-a750-313fea3dba90",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6884c0fa-0d3f-4923-bd07-36d06b5dfc59",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.104919Z",
+ "modified": "2024-09-05T00:19:28.104919Z",
+ "name": "CVE-2024-8298",
+ "description": "Memory request vulnerability in the memory management module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8298"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6a5ce122-621b-4d23-a18b-b084c48092ff.json b/objects/vulnerability/vulnerability--6a5ce122-621b-4d23-a18b-b084c48092ff.json
new file mode 100644
index 00000000000..057cfdd0fbe
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6a5ce122-621b-4d23-a18b-b084c48092ff.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ae4d7474-d11a-4788-b987-c5fc4ba8ff37",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6a5ce122-621b-4d23-a18b-b084c48092ff",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.025327Z",
+ "modified": "2024-09-05T00:19:29.025327Z",
+ "name": "CVE-2024-45004",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix leak of blob encryption key\n\nTrusted keys unseal the key blob on load, but keep the sealed payload in\nthe blob field so that every subsequent read (export) will simply\nconvert this field to hex and send it to userspace.\n\nWith DCP-based trusted keys, we decrypt the blob encryption key (BEK)\nin the Kernel due hardware limitations and then decrypt the blob payload.\nBEK decryption is done in-place which means that the trusted key blob\nfield is modified and it consequently holds the BEK in plain text.\nEvery subsequent read of that key thus send the plain text BEK instead\nof the encrypted BEK to userspace.\n\nThis issue only occurs when importing a trusted DCP-based key and\nthen exporting it again. This should rarely happen as the common use cases\nare to either create a new trusted key and export it, or import a key\nblob and then just use it without exporting it again.\n\nFix this by performing BEK decryption and encryption in a dedicated\nbuffer. Further always wipe the plain text BEK buffer to prevent leaking\nthe key via uninitialized memory.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45004"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6a836865-2375-4eb2-b84e-f029cc9d9577.json b/objects/vulnerability/vulnerability--6a836865-2375-4eb2-b84e-f029cc9d9577.json
new file mode 100644
index 00000000000..7ff2eb24168
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6a836865-2375-4eb2-b84e-f029cc9d9577.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8f2dc3b5-6fc8-4908-84c8-ffd5db089022",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6a836865-2375-4eb2-b84e-f029cc9d9577",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.010331Z",
+ "modified": "2024-09-05T00:19:29.010331Z",
+ "name": "CVE-2024-45003",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n PA PB\n echo 2 > /proc/sys/vm/drop_caches\n shrink_slab\n prune_dcache_sb\n // i_reg is added into lru, lru->i_ea->i_reg\n prune_icache_sb\n list_lru_walk_one\n inode_lru_isolate\n i_ea->i_state |= I_FREEING // set inode state\n inode_lru_isolate\n __iget(i_reg)\n spin_unlock(&i_reg->i_lock)\n spin_unlock(lru_lock)\n rm file A\n i_reg->nlink = 0\n iput(i_reg) // i_reg->nlink is 0, do evict\n ext4_evict_inode\n ext4_xattr_delete_inode\n ext4_xattr_inode_dec_ref_all\n ext4_xattr_inode_iget\n ext4_iget(i_ea->i_ino)\n iget_locked\n find_inode_fast\n __wait_on_freeing_inode(i_ea) ----→ AA deadlock\n dispose_list // cannot be executed by prune_icache_sb\n wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n PA PB PC\n echo 2 > /proc/sys/vm/drop_caches\n shrink_slab\n prune_dcache_sb\n // ib and ia are added into lru, lru->ixa->ib->ia\n prune_icache_sb\n list_lru_walk_one\n inode_lru_isolate\n ixa->i_state |= I_FREEING // set inode state\n inode_lru_isolate\n __iget(ib)\n spin_unlock(&ib->i_lock)\n spin_unlock(lru_lock)\n rm file B\n ib->nlink = 0\n rm file A\n iput(ia)\n ubifs_evict_inode(ia)\n ubifs_jnl_delete_inode(ia)\n ubifs_jnl_write_inode(ia)\n make_reservation(BASEHD) // Lock wbuf->io_mutex\n ubifs_iget(ixa->i_ino)\n iget_locked\n find_inode_fast\n __wait_on_freeing_inode(ixa)\n | iput(ib) // ib->nlink is 0, do evict\n | ubifs_evict_inode\n | ubifs_jnl_delete_inode(ib)\n ↓ ubifs_jnl_write_inode\n ABBA deadlock ←-----make_reservation(BASEHD)\n dispose_list // cannot be executed by prune_icache_sb\n wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45003"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6aa3255a-9d3f-4a83-8a3a-a6d866cc6072.json b/objects/vulnerability/vulnerability--6aa3255a-9d3f-4a83-8a3a-a6d866cc6072.json
new file mode 100644
index 00000000000..c8dd2ff7849
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6aa3255a-9d3f-4a83-8a3a-a6d866cc6072.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--22a22307-f26c-4a82-9255-79cbc85acce4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6aa3255a-9d3f-4a83-8a3a-a6d866cc6072",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.472478Z",
+ "modified": "2024-09-05T00:19:27.472478Z",
+ "name": "CVE-2024-6888",
+ "description": "The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6888"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6ad339e3-2259-4a72-adcd-0f06faf2143a.json b/objects/vulnerability/vulnerability--6ad339e3-2259-4a72-adcd-0f06faf2143a.json
new file mode 100644
index 00000000000..3058f35fdf9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6ad339e3-2259-4a72-adcd-0f06faf2143a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8818979d-542b-4e66-983b-eaab159aee33",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6ad339e3-2259-4a72-adcd-0f06faf2143a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.144556Z",
+ "modified": "2024-09-05T00:19:27.144556Z",
+ "name": "CVE-2024-44999",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n xmit_one net/core/dev.c:3580 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3145 [inline]\n packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3994 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n alloc_skb include/linux/skbuff.h:1320 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n packet_snd net/packet/af_packet.c:3088 [inline]\n packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44999"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6adeeb77-7632-4736-b79c-5a9d301b586b.json b/objects/vulnerability/vulnerability--6adeeb77-7632-4736-b79c-5a9d301b586b.json
new file mode 100644
index 00000000000..7eceaee2943
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6adeeb77-7632-4736-b79c-5a9d301b586b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--be76dd19-d2d4-4e88-9028-9c88ab3abd9b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6adeeb77-7632-4736-b79c-5a9d301b586b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.478365Z",
+ "modified": "2024-09-05T00:19:27.478365Z",
+ "name": "CVE-2024-6889",
+ "description": "The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6889"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6c190049-1f81-462c-8467-3c30ac646d23.json b/objects/vulnerability/vulnerability--6c190049-1f81-462c-8467-3c30ac646d23.json
new file mode 100644
index 00000000000..2d7bb6cac5d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6c190049-1f81-462c-8467-3c30ac646d23.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c1251dc5-2554-4e9b-adf2-328945b23800",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6c190049-1f81-462c-8467-3c30ac646d23",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.167333Z",
+ "modified": "2024-09-05T00:19:27.167333Z",
+ "name": "CVE-2024-44955",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44955"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6d148919-b744-4279-87de-a7477ca5b36f.json b/objects/vulnerability/vulnerability--6d148919-b744-4279-87de-a7477ca5b36f.json
new file mode 100644
index 00000000000..9ec49dd53ee
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6d148919-b744-4279-87de-a7477ca5b36f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6f692bb9-9f31-41c4-b1b8-414cc8164e2e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6d148919-b744-4279-87de-a7477ca5b36f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.05189Z",
+ "modified": "2024-09-05T00:19:29.05189Z",
+ "name": "CVE-2024-45442",
+ "description": "Vulnerability of permission verification for APIs in the DownloadProviderMain module\nImpact: Successful exploitation of this vulnerability will affect availability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45442"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6df8067e-42c3-4674-9f5c-45f313c850e2.json b/objects/vulnerability/vulnerability--6df8067e-42c3-4674-9f5c-45f313c850e2.json
new file mode 100644
index 00000000000..08419985e00
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6df8067e-42c3-4674-9f5c-45f313c850e2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b9ad78b2-fa2d-48d4-b0d2-d990509c8df8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6df8067e-42c3-4674-9f5c-45f313c850e2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.657529Z",
+ "modified": "2024-09-05T00:19:28.657529Z",
+ "name": "CVE-2024-41927",
+ "description": "Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41927"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6e1ef55d-9c74-4bb9-b201-a6c688f22a22.json b/objects/vulnerability/vulnerability--6e1ef55d-9c74-4bb9-b201-a6c688f22a22.json
new file mode 100644
index 00000000000..aff612f6bc2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6e1ef55d-9c74-4bb9-b201-a6c688f22a22.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b334c8f4-0854-48bd-9afa-452a8d5b64f6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6e1ef55d-9c74-4bb9-b201-a6c688f22a22",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.034161Z",
+ "modified": "2024-09-05T00:19:29.034161Z",
+ "name": "CVE-2024-45429",
+ "description": "Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45429"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6f7bc1bd-b930-465b-ac00-c1ce55fc28ff.json b/objects/vulnerability/vulnerability--6f7bc1bd-b930-465b-ac00-c1ce55fc28ff.json
new file mode 100644
index 00000000000..28116ee2955
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6f7bc1bd-b930-465b-ac00-c1ce55fc28ff.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6b12a5ec-acbb-4d5d-9924-4c40d95a4c90",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6f7bc1bd-b930-465b-ac00-c1ce55fc28ff",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.142184Z",
+ "modified": "2024-09-05T00:19:27.142184Z",
+ "name": "CVE-2024-44988",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44988"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--701caa6f-bbca-4df4-a24f-039f5753c2b0.json b/objects/vulnerability/vulnerability--701caa6f-bbca-4df4-a24f-039f5753c2b0.json
new file mode 100644
index 00000000000..58031f2ad32
--- /dev/null
+++ b/objects/vulnerability/vulnerability--701caa6f-bbca-4df4-a24f-039f5753c2b0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7ce41363-7531-4fe2-9c38-e8113a64be05",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--701caa6f-bbca-4df4-a24f-039f5753c2b0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.580454Z",
+ "modified": "2024-09-05T00:19:28.580454Z",
+ "name": "CVE-2024-7950",
+ "description": "The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7950"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71755cfd-e7d5-4b1d-af99-f3210407cd1b.json b/objects/vulnerability/vulnerability--71755cfd-e7d5-4b1d-af99-f3210407cd1b.json
new file mode 100644
index 00000000000..aeedb5e0e28
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71755cfd-e7d5-4b1d-af99-f3210407cd1b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--229df942-0cc0-4cf6-8a37-824947e693ea",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71755cfd-e7d5-4b1d-af99-f3210407cd1b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.130417Z",
+ "modified": "2024-09-05T00:19:27.130417Z",
+ "name": "CVE-2024-44951",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 (\"serial: sc16is7xx: change\nEFR lock to operate on each channels\"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44951"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--72149dcc-988a-4254-a969-7fee36f31df8.json b/objects/vulnerability/vulnerability--72149dcc-988a-4254-a969-7fee36f31df8.json
new file mode 100644
index 00000000000..471647c481d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--72149dcc-988a-4254-a969-7fee36f31df8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7aa3c2b6-ea18-4740-b2bc-d660aada7290",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--72149dcc-988a-4254-a969-7fee36f31df8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.303926Z",
+ "modified": "2024-09-05T00:19:27.303926Z",
+ "name": "CVE-2024-44954",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access. This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44954"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--726b9970-4280-4af6-a00c-588953194f72.json b/objects/vulnerability/vulnerability--726b9970-4280-4af6-a00c-588953194f72.json
new file mode 100644
index 00000000000..8eb8c990eaa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--726b9970-4280-4af6-a00c-588953194f72.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9a387bda-f675-41bb-8dea-df24378b87dd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--726b9970-4280-4af6-a00c-588953194f72",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.031075Z",
+ "modified": "2024-09-05T00:19:29.031075Z",
+ "name": "CVE-2024-45446",
+ "description": "Access permission verification vulnerability in the camera driver module\nImpact: Successful exploitation of this vulnerability will affect availability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45446"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--72f0baba-580c-4955-adb2-5fb5cbce664a.json b/objects/vulnerability/vulnerability--72f0baba-580c-4955-adb2-5fb5cbce664a.json
new file mode 100644
index 00000000000..3794d62759b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--72f0baba-580c-4955-adb2-5fb5cbce664a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--40d767d9-bf4c-4646-8729-9829df28da9a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--72f0baba-580c-4955-adb2-5fb5cbce664a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.297493Z",
+ "modified": "2024-09-05T00:19:27.297493Z",
+ "name": "CVE-2024-44968",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n BUG: using smp_processor_id() in preemptible [00000000] code:\n caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44968"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--740d8372-06c3-4ae1-843c-572255b22c04.json b/objects/vulnerability/vulnerability--740d8372-06c3-4ae1-843c-572255b22c04.json
new file mode 100644
index 00000000000..b92b9a9461f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--740d8372-06c3-4ae1-843c-572255b22c04.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3cf66d85-3082-47e7-9929-3bcdc84706e2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--740d8372-06c3-4ae1-843c-572255b22c04",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.000103Z",
+ "modified": "2024-09-05T00:19:29.000103Z",
+ "name": "CVE-2024-45008",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45008"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7517301c-ce35-4fd6-903f-cd9d2afe3f03.json b/objects/vulnerability/vulnerability--7517301c-ce35-4fd6-903f-cd9d2afe3f03.json
new file mode 100644
index 00000000000..b52ab110c58
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7517301c-ce35-4fd6-903f-cd9d2afe3f03.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18b4b502-53a1-46b4-ab7f-922128758df4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7517301c-ce35-4fd6-903f-cd9d2afe3f03",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.493138Z",
+ "modified": "2024-09-05T00:19:27.493138Z",
+ "name": "CVE-2024-6020",
+ "description": "The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6020"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--78751ec4-d04a-44bc-b05c-45f5f35ef9f8.json b/objects/vulnerability/vulnerability--78751ec4-d04a-44bc-b05c-45f5f35ef9f8.json
new file mode 100644
index 00000000000..e9a15cc6967
--- /dev/null
+++ b/objects/vulnerability/vulnerability--78751ec4-d04a-44bc-b05c-45f5f35ef9f8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bb3be966-c826-4016-a245-155bc1b1e9b4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--78751ec4-d04a-44bc-b05c-45f5f35ef9f8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.10746Z",
+ "modified": "2024-09-05T00:19:28.10746Z",
+ "name": "CVE-2024-8414",
+ "description": "A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8414"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7c7aae01-c131-4261-8a13-c1c652ae7ed7.json b/objects/vulnerability/vulnerability--7c7aae01-c131-4261-8a13-c1c652ae7ed7.json
new file mode 100644
index 00000000000..92d3d5874dc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7c7aae01-c131-4261-8a13-c1c652ae7ed7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8bf09344-1a38-4280-bd17-d85de57733fb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7c7aae01-c131-4261-8a13-c1c652ae7ed7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.921902Z",
+ "modified": "2024-09-05T00:19:27.921902Z",
+ "name": "CVE-2024-20497",
+ "description": "A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system.\r\n\r\nThis vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20497"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7cf2dfb7-8390-48bc-806d-59699c4ed3f9.json b/objects/vulnerability/vulnerability--7cf2dfb7-8390-48bc-806d-59699c4ed3f9.json
new file mode 100644
index 00000000000..0e60e77f4d2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7cf2dfb7-8390-48bc-806d-59699c4ed3f9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2c8de48f-2517-4a73-b165-631d098bf1f9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7cf2dfb7-8390-48bc-806d-59699c4ed3f9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.896904Z",
+ "modified": "2024-09-05T00:19:27.896904Z",
+ "name": "CVE-2024-20503",
+ "description": "A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system.\r\n\r\nThis vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20503"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7d46ad56-740e-43b9-8d5d-01756e36e132.json b/objects/vulnerability/vulnerability--7d46ad56-740e-43b9-8d5d-01756e36e132.json
new file mode 100644
index 00000000000..9df8cd0ba19
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7d46ad56-740e-43b9-8d5d-01756e36e132.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a3d84c55-7cfc-4626-82a7-68abe8f06fb1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7d46ad56-740e-43b9-8d5d-01756e36e132",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.092142Z",
+ "modified": "2024-09-05T00:19:28.092142Z",
+ "name": "CVE-2024-8289",
+ "description": "The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8289"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7dcdd964-6fb4-4e35-88be-d1d8c7419bee.json b/objects/vulnerability/vulnerability--7dcdd964-6fb4-4e35-88be-d1d8c7419bee.json
new file mode 100644
index 00000000000..4a0f3a91205
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7dcdd964-6fb4-4e35-88be-d1d8c7419bee.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a124ff85-03b9-475b-8532-36e6ab10611f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7dcdd964-6fb4-4e35-88be-d1d8c7419bee",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.085892Z",
+ "modified": "2024-09-05T00:19:28.085892Z",
+ "name": "CVE-2024-8417",
+ "description": "A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.6 is able to address this issue. It is recommended to upgrade the affected component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8417"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7df677b4-0bcc-4d71-b363-ad5ff4ae5ebd.json b/objects/vulnerability/vulnerability--7df677b4-0bcc-4d71-b363-ad5ff4ae5ebd.json
new file mode 100644
index 00000000000..3f91035efcd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7df677b4-0bcc-4d71-b363-ad5ff4ae5ebd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d613f55b-2963-45db-a07a-47bb70a82cfa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7df677b4-0bcc-4d71-b363-ad5ff4ae5ebd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.318618Z",
+ "modified": "2024-09-05T00:19:27.318618Z",
+ "name": "CVE-2024-44995",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n │\n ▼\n ......\nsetup tc │\n │ ▼\n ▼ DOWN: napi_disable()\nnapi_disable()(skip) │\n │ │\n ▼ ▼\n ...... ......\n │ │\n ▼ │\nnapi_enable() │\n ▼\n UINIT: netif_napi_del()\n │\n ▼\n ......\n │\n ▼\n INIT: netif_napi_add()\n │\n ▼\n ...... global reset start\n │ │\n ▼ ▼\n UP: napi_enable()(skip) ......\n │ │\n ▼ ▼\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44995"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7e5410d3-8403-4d96-9976-99118bcbb0ba.json b/objects/vulnerability/vulnerability--7e5410d3-8403-4d96-9976-99118bcbb0ba.json
new file mode 100644
index 00000000000..5395c4c1422
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7e5410d3-8403-4d96-9976-99118bcbb0ba.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5862b334-b6f6-4e43-bc01-185a60100315",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7e5410d3-8403-4d96-9976-99118bcbb0ba",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.174397Z",
+ "modified": "2024-09-05T00:19:27.174397Z",
+ "name": "CVE-2024-44952",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G OE N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n __mutex_lock+0x99/0xc30\n uevent_show+0xac/0x130\n dev_attr_show+0x18/0x40\n sysfs_kf_seq_show+0xac/0xf0\n seq_read_iter+0x110/0x450\n vfs_read+0x25b/0x340\n ksys_read+0x67/0xf0\n do_syscall_64+0x75/0x190\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n __lock_acquire+0x121a/0x1fa0\n lock_acquire+0xd6/0x2e0\n kernfs_drain+0x1e9/0x200\n __kernfs_remove+0xde/0x220\n kernfs_remove_by_name_ns+0x5e/0xa0\n device_del+0x168/0x410\n device_unregister+0x13/0x60\n devres_release_all+0xb8/0x110\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1c7/0x210\n driver_detach+0x47/0x90\n bus_remove_driver+0x6c/0xf0\n cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n __do_sys_delete_module.isra.0+0x181/0x260\n do_syscall_64+0x75/0x190\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces. It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44952"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8046485b-6435-4304-bcc8-14575663a077.json b/objects/vulnerability/vulnerability--8046485b-6435-4304-bcc8-14575663a077.json
new file mode 100644
index 00000000000..4c9a661a393
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8046485b-6435-4304-bcc8-14575663a077.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fc56ec23-530d-498d-9db2-b2e6ea61d79b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8046485b-6435-4304-bcc8-14575663a077",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.154103Z",
+ "modified": "2024-09-05T00:19:27.154103Z",
+ "name": "CVE-2024-44959",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G N 6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS: 00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>] ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>] ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>] 0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>] \n[<...>] [] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>] [] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>] [] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>] [] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>] [] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>] [] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>] [] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>] [] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>] [] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>] [] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>] [] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>] [] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>] [] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>] [] ? do_one_tre\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44959"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--82f5dfe8-300a-40b5-8684-229cbb47d94d.json b/objects/vulnerability/vulnerability--82f5dfe8-300a-40b5-8684-229cbb47d94d.json
new file mode 100644
index 00000000000..73904e6aa8c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--82f5dfe8-300a-40b5-8684-229cbb47d94d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0ccb22a8-e5d2-4935-a03e-22e938851762",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--82f5dfe8-300a-40b5-8684-229cbb47d94d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.493025Z",
+ "modified": "2024-09-05T00:19:28.493025Z",
+ "name": "CVE-2024-34649",
+ "description": "Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34649"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8475c9d7-8105-44ce-b3a7-af6599c39979.json b/objects/vulnerability/vulnerability--8475c9d7-8105-44ce-b3a7-af6599c39979.json
new file mode 100644
index 00000000000..50f396ef99c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8475c9d7-8105-44ce-b3a7-af6599c39979.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c77a9d49-b56e-450d-99e8-23c37624b600",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8475c9d7-8105-44ce-b3a7-af6599c39979",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.15053Z",
+ "modified": "2024-09-05T00:19:27.15053Z",
+ "name": "CVE-2024-44969",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44969"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8723e4c3-e379-4157-9f84-38bf7c24cfac.json b/objects/vulnerability/vulnerability--8723e4c3-e379-4157-9f84-38bf7c24cfac.json
new file mode 100644
index 00000000000..84186a32606
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8723e4c3-e379-4157-9f84-38bf7c24cfac.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4b2b4a03-2b89-4c9e-9ac0-3ca7f60300f9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8723e4c3-e379-4157-9f84-38bf7c24cfac",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.081076Z",
+ "modified": "2024-09-05T00:19:28.081076Z",
+ "name": "CVE-2024-8410",
+ "description": "A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8410"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--87e5ca26-753a-456e-9c33-2728bae188b0.json b/objects/vulnerability/vulnerability--87e5ca26-753a-456e-9c33-2728bae188b0.json
new file mode 100644
index 00000000000..167eb42741d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--87e5ca26-753a-456e-9c33-2728bae188b0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4c56df2c-a310-4cfa-b47a-b16146fc4234",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--87e5ca26-753a-456e-9c33-2728bae188b0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.074799Z",
+ "modified": "2024-09-05T00:19:28.074799Z",
+ "name": "CVE-2024-8409",
+ "description": "A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8409"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8894554b-6451-4dde-898f-33e01adea865.json b/objects/vulnerability/vulnerability--8894554b-6451-4dde-898f-33e01adea865.json
new file mode 100644
index 00000000000..84bf2bacb9e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8894554b-6451-4dde-898f-33e01adea865.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4ca6ed61-5340-459c-9467-1b277599215b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8894554b-6451-4dde-898f-33e01adea865",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.501369Z",
+ "modified": "2024-09-05T00:19:28.501369Z",
+ "name": "CVE-2024-34656",
+ "description": "Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34656"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8a2d8bda-3d10-43e7-ae82-9776ae3d546c.json b/objects/vulnerability/vulnerability--8a2d8bda-3d10-43e7-ae82-9776ae3d546c.json
new file mode 100644
index 00000000000..cfd67d61025
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8a2d8bda-3d10-43e7-ae82-9776ae3d546c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c618d5fe-8237-4ccc-b0ee-39ae09b247bc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8a2d8bda-3d10-43e7-ae82-9776ae3d546c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.532572Z",
+ "modified": "2024-09-05T00:19:28.532572Z",
+ "name": "CVE-2024-34654",
+ "description": "Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34654"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--907c0407-dd19-4597-886b-e15c21cbe50c.json b/objects/vulnerability/vulnerability--907c0407-dd19-4597-886b-e15c21cbe50c.json
new file mode 100644
index 00000000000..bf355856ffc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--907c0407-dd19-4597-886b-e15c21cbe50c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--33e3de1d-0a8c-4420-bc03-a57cb2772a01",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--907c0407-dd19-4597-886b-e15c21cbe50c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.689593Z",
+ "modified": "2024-09-05T00:19:28.689593Z",
+ "name": "CVE-2024-43853",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc//cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc//cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss->cgroup won't be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43853"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--90c4ba99-3b06-47e3-8eb5-c8e402476c5e.json b/objects/vulnerability/vulnerability--90c4ba99-3b06-47e3-8eb5-c8e402476c5e.json
new file mode 100644
index 00000000000..cb62d3608e1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--90c4ba99-3b06-47e3-8eb5-c8e402476c5e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4333cdc0-7b13-470d-a2f0-a14cf6467957",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--90c4ba99-3b06-47e3-8eb5-c8e402476c5e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.553215Z",
+ "modified": "2024-09-05T00:19:28.553215Z",
+ "name": "CVE-2024-34637",
+ "description": "Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34637"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--91957e58-a976-4af9-bfc1-b617d04873a0.json b/objects/vulnerability/vulnerability--91957e58-a976-4af9-bfc1-b617d04873a0.json
new file mode 100644
index 00000000000..330287d961c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--91957e58-a976-4af9-bfc1-b617d04873a0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a38c56d0-29bb-431a-aa9e-89d70af43dba",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--91957e58-a976-4af9-bfc1-b617d04873a0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.066685Z",
+ "modified": "2024-09-05T00:19:28.066685Z",
+ "name": "CVE-2024-8325",
+ "description": "The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8325"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9443176e-dbb0-4f2c-a51a-2c6633c344f9.json b/objects/vulnerability/vulnerability--9443176e-dbb0-4f2c-a51a-2c6633c344f9.json
new file mode 100644
index 00000000000..1632c71a0c0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9443176e-dbb0-4f2c-a51a-2c6633c344f9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--505bc334-b853-4757-a9e0-a49ce863526a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9443176e-dbb0-4f2c-a51a-2c6633c344f9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.089934Z",
+ "modified": "2024-09-05T00:19:28.089934Z",
+ "name": "CVE-2024-8408",
+ "description": "A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8408"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--95885127-ba25-463c-9dcf-a224e99ee4f7.json b/objects/vulnerability/vulnerability--95885127-ba25-463c-9dcf-a224e99ee4f7.json
new file mode 100644
index 00000000000..a2445f02d24
--- /dev/null
+++ b/objects/vulnerability/vulnerability--95885127-ba25-463c-9dcf-a224e99ee4f7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--640c7901-4bc6-4199-80d9-53451921d0ea",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--95885127-ba25-463c-9dcf-a224e99ee4f7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.583823Z",
+ "modified": "2024-09-05T00:19:28.583823Z",
+ "name": "CVE-2024-7786",
+ "description": "The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7786"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--97c1917e-9724-4e42-b651-cfda6650b477.json b/objects/vulnerability/vulnerability--97c1917e-9724-4e42-b651-cfda6650b477.json
new file mode 100644
index 00000000000..87c3f385ff2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--97c1917e-9724-4e42-b651-cfda6650b477.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--49a88f05-36d8-4465-9560-ff03d2846f10",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--97c1917e-9724-4e42-b651-cfda6650b477",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.48792Z",
+ "modified": "2024-09-05T00:19:28.48792Z",
+ "name": "CVE-2024-34645",
+ "description": "Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34645"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--99059bed-1301-4d90-bb0d-483e6f19fcab.json b/objects/vulnerability/vulnerability--99059bed-1301-4d90-bb0d-483e6f19fcab.json
new file mode 100644
index 00000000000..79185a183c6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--99059bed-1301-4d90-bb0d-483e6f19fcab.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--95b9a65c-863f-4544-8d80-788330fd017f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--99059bed-1301-4d90-bb0d-483e6f19fcab",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.022492Z",
+ "modified": "2024-09-05T00:19:29.022492Z",
+ "name": "CVE-2024-45177",
+ "description": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45177"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9a4d8584-4a33-42b8-ba30-1d7c29cc5814.json b/objects/vulnerability/vulnerability--9a4d8584-4a33-42b8-ba30-1d7c29cc5814.json
new file mode 100644
index 00000000000..d6b55151c29
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9a4d8584-4a33-42b8-ba30-1d7c29cc5814.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--683af5ad-8a92-4fa9-902f-44fcc4f97230",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9a4d8584-4a33-42b8-ba30-1d7c29cc5814",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.0121Z",
+ "modified": "2024-09-05T00:19:29.0121Z",
+ "name": "CVE-2024-45001",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[ 253.300900] Mem abort info:\n[ 253.301760] ESR = 0x0000000096000021\n[ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 253.304268] SET = 0, FnV = 0\n[ 253.305172] EA = 0, S1PTW = 0\n[ 253.306103] FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45001"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9b0876fd-c929-4c4e-9053-54342939e639.json b/objects/vulnerability/vulnerability--9b0876fd-c929-4c4e-9053-54342939e639.json
new file mode 100644
index 00000000000..eb372b5d0a1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9b0876fd-c929-4c4e-9053-54342939e639.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--166c1ba0-c261-44cc-bc52-49ca79d27b39",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9b0876fd-c929-4c4e-9053-54342939e639",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.009332Z",
+ "modified": "2024-09-05T00:19:29.009332Z",
+ "name": "CVE-2024-45172",
+ "description": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45172"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9d85f7dc-25a8-4b12-8035-7bb07a315b6a.json b/objects/vulnerability/vulnerability--9d85f7dc-25a8-4b12-8035-7bb07a315b6a.json
new file mode 100644
index 00000000000..0950fa4662e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9d85f7dc-25a8-4b12-8035-7bb07a315b6a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--723b3910-11c3-45bb-88b5-89b3f76bc871",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9d85f7dc-25a8-4b12-8035-7bb07a315b6a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.040324Z",
+ "modified": "2024-09-05T00:19:29.040324Z",
+ "name": "CVE-2024-45441",
+ "description": "Input verification vulnerability in the system service module\nImpact: Successful exploitation of this vulnerability will affect availability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45441"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9de16b29-97ad-4aa7-a230-171fecc02cab.json b/objects/vulnerability/vulnerability--9de16b29-97ad-4aa7-a230-171fecc02cab.json
new file mode 100644
index 00000000000..c69ae295111
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9de16b29-97ad-4aa7-a230-171fecc02cab.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bc87880b-12cb-4326-95a6-2197e22ea9be",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9de16b29-97ad-4aa7-a230-171fecc02cab",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.317501Z",
+ "modified": "2024-09-05T00:19:27.317501Z",
+ "name": "CVE-2024-44817",
+ "description": "SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44817"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9e6b3f08-fe15-4604-b352-2a1bb74b4eb6.json b/objects/vulnerability/vulnerability--9e6b3f08-fe15-4604-b352-2a1bb74b4eb6.json
new file mode 100644
index 00000000000..90fb00f61d7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9e6b3f08-fe15-4604-b352-2a1bb74b4eb6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9da9c5f3-6197-47b7-bac6-d405f33d10a4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9e6b3f08-fe15-4604-b352-2a1bb74b4eb6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.326167Z",
+ "modified": "2024-09-05T00:19:27.326167Z",
+ "name": "CVE-2024-44987",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n do_writev+0x1b1/0x350 fs/read_write.c:1018\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \n\nAllocated by task 6530:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n dst_alloc+0x12b/0x190 net/core/dst.c:89\n ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kmem_cache_free+0x145/0x350 mm/slub.c:4548\n dst_destroy+0x2ac/0x460 net/core/dst.c:124\n rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44987"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9e78453b-2cb0-449d-98f5-cd6b23c10ffe.json b/objects/vulnerability/vulnerability--9e78453b-2cb0-449d-98f5-cd6b23c10ffe.json
new file mode 100644
index 00000000000..513c02766cb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9e78453b-2cb0-449d-98f5-cd6b23c10ffe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3dc2b0c1-a27f-47ae-82fb-6b356171514e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9e78453b-2cb0-449d-98f5-cd6b23c10ffe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.002583Z",
+ "modified": "2024-09-05T00:19:29.002583Z",
+ "name": "CVE-2024-45170",
+ "description": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45170"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f7f7206-1389-407d-ab2a-395607fcb239.json b/objects/vulnerability/vulnerability--9f7f7206-1389-407d-ab2a-395607fcb239.json
new file mode 100644
index 00000000000..e38b6673e68
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f7f7206-1389-407d-ab2a-395607fcb239.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--02749ecc-eab6-4ed2-b6eb-a79e38dbfa72",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f7f7206-1389-407d-ab2a-395607fcb239",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.188233Z",
+ "modified": "2024-09-05T00:19:27.188233Z",
+ "name": "CVE-2024-44961",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44961"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9fa38d99-14a7-4829-9599-1ff74fcc8f30.json b/objects/vulnerability/vulnerability--9fa38d99-14a7-4829-9599-1ff74fcc8f30.json
new file mode 100644
index 00000000000..4f6f341dafb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9fa38d99-14a7-4829-9599-1ff74fcc8f30.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--795451fd-72d3-4ed7-99f4-d849075a0b71",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9fa38d99-14a7-4829-9599-1ff74fcc8f30",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.641059Z",
+ "modified": "2024-09-05T00:19:28.641059Z",
+ "name": "CVE-2024-41716",
+ "description": "Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41716"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a1d3a653-c1ca-4e98-b521-4cdbf3732213.json b/objects/vulnerability/vulnerability--a1d3a653-c1ca-4e98-b521-4cdbf3732213.json
new file mode 100644
index 00000000000..daa8481e2c9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a1d3a653-c1ca-4e98-b521-4cdbf3732213.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c0f84e49-0414-4639-b48a-faddcbb4a267",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a1d3a653-c1ca-4e98-b521-4cdbf3732213",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.998692Z",
+ "modified": "2024-09-05T00:19:28.998692Z",
+ "name": "CVE-2024-45447",
+ "description": "Access control vulnerability in the camera framework module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45447"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a2f509f4-d3bf-4613-a8cd-90759c64b811.json b/objects/vulnerability/vulnerability--a2f509f4-d3bf-4613-a8cd-90759c64b811.json
new file mode 100644
index 00000000000..6c3edae8a51
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a2f509f4-d3bf-4613-a8cd-90759c64b811.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a67d4965-1364-44c4-8741-9e32f35cf6a7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a2f509f4-d3bf-4613-a8cd-90759c64b811",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.528325Z",
+ "modified": "2024-09-05T00:19:28.528325Z",
+ "name": "CVE-2024-34638",
+ "description": "Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34638"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a4abbf45-ad4e-4aae-b693-55935ee31dc9.json b/objects/vulnerability/vulnerability--a4abbf45-ad4e-4aae-b693-55935ee31dc9.json
new file mode 100644
index 00000000000..560caf00ec7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a4abbf45-ad4e-4aae-b693-55935ee31dc9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5825bf87-151f-4fb0-8e8d-1ffd0f7eb527",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a4abbf45-ad4e-4aae-b693-55935ee31dc9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.020288Z",
+ "modified": "2024-09-05T00:19:29.020288Z",
+ "name": "CVE-2024-45052",
+ "description": "Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it takes for the server to respond to login requests. The discrepancy in response times between valid and invalid usernames can be leveraged to enumerate users on the system. This vulnerability enables a timing-based username enumeration attack. An attacker can systematically guess and verify which usernames are valid by measuring the server's response time to authentication requests. This information can be used to conduct further attacks on authentication such as password brute-forcing and credential stuffing. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45052"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a89355b4-f854-4dca-b691-e7b9874dd817.json b/objects/vulnerability/vulnerability--a89355b4-f854-4dca-b691-e7b9874dd817.json
new file mode 100644
index 00000000000..87d974772c8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a89355b4-f854-4dca-b691-e7b9874dd817.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c433c778-d1d4-403f-8993-372d5301d7d8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a89355b4-f854-4dca-b691-e7b9874dd817",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.596695Z",
+ "modified": "2024-09-05T00:19:28.596695Z",
+ "name": "CVE-2024-7077",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects Semtek Sempos: through 31072024.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7077"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a9390f3f-9b45-4ff8-b943-7a9ff86f1d64.json b/objects/vulnerability/vulnerability--a9390f3f-9b45-4ff8-b943-7a9ff86f1d64.json
new file mode 100644
index 00000000000..8eeeea33c19
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a9390f3f-9b45-4ff8-b943-7a9ff86f1d64.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--272e19b2-1357-4832-a8ef-89634901d8ee",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a9390f3f-9b45-4ff8-b943-7a9ff86f1d64",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.038696Z",
+ "modified": "2024-09-05T00:19:29.038696Z",
+ "name": "CVE-2024-45174",
+ "description": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45174"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aa1bf261-8185-40b7-9661-4b5c1b5e160b.json b/objects/vulnerability/vulnerability--aa1bf261-8185-40b7-9661-4b5c1b5e160b.json
new file mode 100644
index 00000000000..dc78a5ef914
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aa1bf261-8185-40b7-9661-4b5c1b5e160b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--796f18c9-7cfb-4100-af99-22412c87f58d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aa1bf261-8185-40b7-9661-4b5c1b5e160b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.110389Z",
+ "modified": "2024-09-05T00:19:28.110389Z",
+ "name": "CVE-2024-8413",
+ "description": "Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details.\n\nReferences list",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8413"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aac05c24-1b97-43ec-bccf-96802f013d86.json b/objects/vulnerability/vulnerability--aac05c24-1b97-43ec-bccf-96802f013d86.json
new file mode 100644
index 00000000000..f6d1c6d9392
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aac05c24-1b97-43ec-bccf-96802f013d86.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--250eb7ce-d1c6-4c01-a248-b697c06d8301",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aac05c24-1b97-43ec-bccf-96802f013d86",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.050507Z",
+ "modified": "2024-09-05T00:19:29.050507Z",
+ "name": "CVE-2024-45075",
+ "description": "IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45075"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aadf2efe-6b81-4e0f-b5d9-4b8338a5c153.json b/objects/vulnerability/vulnerability--aadf2efe-6b81-4e0f-b5d9-4b8338a5c153.json
new file mode 100644
index 00000000000..8d81b918538
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aadf2efe-6b81-4e0f-b5d9-4b8338a5c153.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--376b6e20-a019-4f0e-b77e-5fe821697055",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aadf2efe-6b81-4e0f-b5d9-4b8338a5c153",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.106349Z",
+ "modified": "2024-09-05T00:19:28.106349Z",
+ "name": "CVE-2024-8407",
+ "description": "A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the argument emailAddress leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8407"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aafd1188-971b-492c-855a-1bdf3e83f1d5.json b/objects/vulnerability/vulnerability--aafd1188-971b-492c-855a-1bdf3e83f1d5.json
new file mode 100644
index 00000000000..7950bc91719
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aafd1188-971b-492c-855a-1bdf3e83f1d5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4d32621e-e0e6-4cae-923e-9026f7e4d68e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aafd1188-971b-492c-855a-1bdf3e83f1d5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.992617Z",
+ "modified": "2024-09-05T00:19:28.992617Z",
+ "name": "CVE-2024-45692",
+ "description": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45692"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ad804364-65ec-4777-826f-67c89a5b79e9.json b/objects/vulnerability/vulnerability--ad804364-65ec-4777-826f-67c89a5b79e9.json
new file mode 100644
index 00000000000..5e68481bdfb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ad804364-65ec-4777-826f-67c89a5b79e9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5a9cd3a2-f567-4766-b692-d18a70924e3f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ad804364-65ec-4777-826f-67c89a5b79e9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.467141Z",
+ "modified": "2024-09-05T00:19:27.467141Z",
+ "name": "CVE-2024-6926",
+ "description": "The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6926"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--adba3f73-a259-4dab-9540-10b84f0a75ea.json b/objects/vulnerability/vulnerability--adba3f73-a259-4dab-9540-10b84f0a75ea.json
new file mode 100644
index 00000000000..eeaea24325c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--adba3f73-a259-4dab-9540-10b84f0a75ea.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1fb1d7bb-5b91-439d-bda1-b6df05e622ce",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--adba3f73-a259-4dab-9540-10b84f0a75ea",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.214183Z",
+ "modified": "2024-09-05T00:19:28.214183Z",
+ "name": "CVE-2024-39921",
+ "description": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-39921"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b0d3815e-6d70-42ab-ba15-fda7e1013664.json b/objects/vulnerability/vulnerability--b0d3815e-6d70-42ab-ba15-fda7e1013664.json
new file mode 100644
index 00000000000..c3dec534d3f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b0d3815e-6d70-42ab-ba15-fda7e1013664.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1116b357-db09-4666-b507-c4afe43e8ff9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b0d3815e-6d70-42ab-ba15-fda7e1013664",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.099695Z",
+ "modified": "2024-09-05T00:19:28.099695Z",
+ "name": "CVE-2024-8418",
+ "description": "A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8418"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b2c868fa-5a13-4c19-9476-d15060c531e5.json b/objects/vulnerability/vulnerability--b2c868fa-5a13-4c19-9476-d15060c531e5.json
new file mode 100644
index 00000000000..b20c099988d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b2c868fa-5a13-4c19-9476-d15060c531e5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ef87d011-df32-407d-ade2-af56cb03a625",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b2c868fa-5a13-4c19-9476-d15060c531e5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.615729Z",
+ "modified": "2024-09-05T00:19:28.615729Z",
+ "name": "CVE-2024-7923",
+ "description": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7923"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b547f751-1b4a-4aa5-bc24-2656e888a65a.json b/objects/vulnerability/vulnerability--b547f751-1b4a-4aa5-bc24-2656e888a65a.json
new file mode 100644
index 00000000000..fa3651738bb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b547f751-1b4a-4aa5-bc24-2656e888a65a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--710e4460-e42b-4290-9e96-aac818b91ae8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b547f751-1b4a-4aa5-bc24-2656e888a65a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.32006Z",
+ "modified": "2024-09-05T00:19:27.32006Z",
+ "name": "CVE-2024-44960",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44960"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b86c9195-aa1e-47c7-84ef-e4f910b4e1ac.json b/objects/vulnerability/vulnerability--b86c9195-aa1e-47c7-84ef-e4f910b4e1ac.json
new file mode 100644
index 00000000000..843947df4c8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b86c9195-aa1e-47c7-84ef-e4f910b4e1ac.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--adb1b48e-aeba-41aa-b048-cb0a41fe439a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b86c9195-aa1e-47c7-84ef-e4f910b4e1ac",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.510271Z",
+ "modified": "2024-09-05T00:19:28.510271Z",
+ "name": "CVE-2024-34659",
+ "description": "Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34659"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b987ec50-e74e-4dfe-af11-637a1fb2c0e5.json b/objects/vulnerability/vulnerability--b987ec50-e74e-4dfe-af11-637a1fb2c0e5.json
new file mode 100644
index 00000000000..954fc861152
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b987ec50-e74e-4dfe-af11-637a1fb2c0e5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--27363de4-3eb0-425b-9215-4a4bd139e02b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b987ec50-e74e-4dfe-af11-637a1fb2c0e5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.143515Z",
+ "modified": "2024-09-05T00:19:27.143515Z",
+ "name": "CVE-2024-44982",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last enabled at (129817): [] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [] el1_dbg+0x24/0x8c\nsoftirqs last enabled at (129808): [] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44982"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b9cdea19-6fe2-4144-a61e-56f7ed75b72c.json b/objects/vulnerability/vulnerability--b9cdea19-6fe2-4144-a61e-56f7ed75b72c.json
new file mode 100644
index 00000000000..8550cc0c84e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b9cdea19-6fe2-4144-a61e-56f7ed75b72c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1ab0809d-06b3-4d79-bd90-c2ec297121b2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b9cdea19-6fe2-4144-a61e-56f7ed75b72c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.546611Z",
+ "modified": "2024-09-05T00:19:28.546611Z",
+ "name": "CVE-2024-34639",
+ "description": "Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34639"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bae4d3ad-bc58-4ce6-9edd-d05c959ed243.json b/objects/vulnerability/vulnerability--bae4d3ad-bc58-4ce6-9edd-d05c959ed243.json
new file mode 100644
index 00000000000..f6340312a74
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bae4d3ad-bc58-4ce6-9edd-d05c959ed243.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d6fdb4a1-6f29-4cbd-ac19-eeb79c75543e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bae4d3ad-bc58-4ce6-9edd-d05c959ed243",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.539065Z",
+ "modified": "2024-09-05T00:19:28.539065Z",
+ "name": "CVE-2024-34644",
+ "description": "Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34644"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bd507e96-fd5f-49a9-b4a0-b28f1abaa28a.json b/objects/vulnerability/vulnerability--bd507e96-fd5f-49a9-b4a0-b28f1abaa28a.json
new file mode 100644
index 00000000000..909c9c6f341
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bd507e96-fd5f-49a9-b4a0-b28f1abaa28a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4876a7ab-cc8b-443c-87f2-9880d41297f1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bd507e96-fd5f-49a9-b4a0-b28f1abaa28a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.996072Z",
+ "modified": "2024-09-05T00:19:28.996072Z",
+ "name": "CVE-2024-45050",
+ "description": "Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45050"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bd601f0c-5d56-40df-9967-f37f185d1e4a.json b/objects/vulnerability/vulnerability--bd601f0c-5d56-40df-9967-f37f185d1e4a.json
new file mode 100644
index 00000000000..b645a77ce8b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bd601f0c-5d56-40df-9967-f37f185d1e4a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--53f0ac81-86da-4998-b864-f733522b79bb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bd601f0c-5d56-40df-9967-f37f185d1e4a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.067693Z",
+ "modified": "2024-09-05T00:19:28.067693Z",
+ "name": "CVE-2024-8119",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8119"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--be991b75-b1cf-4b65-8eed-93582efc60c5.json b/objects/vulnerability/vulnerability--be991b75-b1cf-4b65-8eed-93582efc60c5.json
new file mode 100644
index 00000000000..84a6d292ee2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--be991b75-b1cf-4b65-8eed-93582efc60c5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--07e61f38-925e-4978-92ae-1df862fb1bbf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--be991b75-b1cf-4b65-8eed-93582efc60c5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.334954Z",
+ "modified": "2024-09-05T00:19:27.334954Z",
+ "name": "CVE-2024-44973",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S B E ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44973"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c10d692c-9c21-4381-b49d-1abb6c11a93f.json b/objects/vulnerability/vulnerability--c10d692c-9c21-4381-b49d-1abb6c11a93f.json
new file mode 100644
index 00000000000..7ac3e45eccb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c10d692c-9c21-4381-b49d-1abb6c11a93f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fe7c2438-168d-4626-8e0a-d8f8ec823654",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c10d692c-9c21-4381-b49d-1abb6c11a93f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.156206Z",
+ "modified": "2024-09-05T00:19:27.156206Z",
+ "name": "CVE-2024-44948",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP. The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44948"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c2e4f360-63ce-4a1e-8ee4-752f64117b74.json b/objects/vulnerability/vulnerability--c2e4f360-63ce-4a1e-8ee4-752f64117b74.json
new file mode 100644
index 00000000000..2f665c1cef8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c2e4f360-63ce-4a1e-8ee4-752f64117b74.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63725bbf-d717-41b8-a007-7ca85cfd6283",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c2e4f360-63ce-4a1e-8ee4-752f64117b74",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.173066Z",
+ "modified": "2024-09-05T00:19:27.173066Z",
+ "name": "CVE-2024-44981",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()\n\nUBSAN reports the following 'subtraction overflow' error when booting\nin a virtual machine on Android:\n\n | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4\n | Hardware name: linux,dummy-virt (DT)\n | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : cancel_delayed_work+0x34/0x44\n | lr : cancel_delayed_work+0x2c/0x44\n | sp : ffff80008002ba60\n | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000\n | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0\n | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058\n | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d\n | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000\n | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000\n | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553\n | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620\n | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000\n | Call trace:\n | cancel_delayed_work+0x34/0x44\n | deferred_probe_extend_timeout+0x20/0x70\n | driver_register+0xa8/0x110\n | __platform_driver_register+0x28/0x3c\n | syscon_init+0x24/0x38\n | do_one_initcall+0xe4/0x338\n | do_initcall_level+0xac/0x178\n | do_initcalls+0x5c/0xa0\n | do_basic_setup+0x20/0x30\n | kernel_init_freeable+0x8c/0xf8\n | kernel_init+0x28/0x1b4\n | ret_from_fork+0x10/0x20\n | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0)\n | ---[ end trace 0000000000000000 ]---\n | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception\n\nThis is due to shift_and_mask() using a signed immediate to construct\nthe mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so\nthat it ends up decrementing from INT_MIN.\n\nUse an unsigned constant '1U' to generate the mask in shift_and_mask().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44981"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c4874c95-a507-4f2a-bda3-039011503273.json b/objects/vulnerability/vulnerability--c4874c95-a507-4f2a-bda3-039011503273.json
new file mode 100644
index 00000000000..8b61e1fb65d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c4874c95-a507-4f2a-bda3-039011503273.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--22389f6c-93da-46b4-9859-ea8c8cb5b309",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c4874c95-a507-4f2a-bda3-039011503273",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.157965Z",
+ "modified": "2024-09-05T00:19:27.157965Z",
+ "name": "CVE-2024-44986",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44986"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c60080f0-e42c-411b-afbd-df190a1323c4.json b/objects/vulnerability/vulnerability--c60080f0-e42c-411b-afbd-df190a1323c4.json
new file mode 100644
index 00000000000..209610361ae
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c60080f0-e42c-411b-afbd-df190a1323c4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--79b6affd-09b8-402f-9e7c-cd27b6a1c767",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c60080f0-e42c-411b-afbd-df190a1323c4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.138768Z",
+ "modified": "2024-09-05T00:19:27.138768Z",
+ "name": "CVE-2024-44971",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44971"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ca1fbf6b-ba2b-4510-a6c5-13ecd5c5e221.json b/objects/vulnerability/vulnerability--ca1fbf6b-ba2b-4510-a6c5-13ecd5c5e221.json
new file mode 100644
index 00000000000..6a25747eaab
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ca1fbf6b-ba2b-4510-a6c5-13ecd5c5e221.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--17053a7b-7047-42a3-be90-ce1334681e6f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ca1fbf6b-ba2b-4510-a6c5-13ecd5c5e221",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.333917Z",
+ "modified": "2024-09-05T00:19:27.333917Z",
+ "name": "CVE-2024-44970",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44970"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ca4f28a3-fe4b-46a6-af83-0d14d02cdbe3.json b/objects/vulnerability/vulnerability--ca4f28a3-fe4b-46a6-af83-0d14d02cdbe3.json
new file mode 100644
index 00000000000..411378c819d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ca4f28a3-fe4b-46a6-af83-0d14d02cdbe3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bc5c26be-3cf6-406a-8cbf-81e53a338cfb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ca4f28a3-fe4b-46a6-af83-0d14d02cdbe3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.916134Z",
+ "modified": "2024-09-05T00:19:27.916134Z",
+ "name": "CVE-2024-20469",
+ "description": "A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20469"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cb4648d5-93c7-48c9-bbaa-bd146cc85a95.json b/objects/vulnerability/vulnerability--cb4648d5-93c7-48c9-bbaa-bd146cc85a95.json
new file mode 100644
index 00000000000..b816e574e88
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cb4648d5-93c7-48c9-bbaa-bd146cc85a95.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e8c341ac-90f5-40fc-9691-e92256b06276",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cb4648d5-93c7-48c9-bbaa-bd146cc85a95",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.686563Z",
+ "modified": "2024-09-05T00:19:28.686563Z",
+ "name": "CVE-2024-43402",
+ "description": "Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43402"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d38a3450-4a60-4c13-b053-6aa5ac0d25bb.json b/objects/vulnerability/vulnerability--d38a3450-4a60-4c13-b053-6aa5ac0d25bb.json
new file mode 100644
index 00000000000..395004fa22a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d38a3450-4a60-4c13-b053-6aa5ac0d25bb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b55a92df-03b8-4af1-9c11-178bcbc098b4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d38a3450-4a60-4c13-b053-6aa5ac0d25bb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.697434Z",
+ "modified": "2024-09-05T00:19:28.697434Z",
+ "name": "CVE-2024-43405",
+ "description": "Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43405"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d4f13b5a-29ff-4352-8bcf-309aca22fdf8.json b/objects/vulnerability/vulnerability--d4f13b5a-29ff-4352-8bcf-309aca22fdf8.json
new file mode 100644
index 00000000000..c561cbc140b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d4f13b5a-29ff-4352-8bcf-309aca22fdf8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b0e9de3a-2929-4022-8d7d-3dc5989cee76",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d4f13b5a-29ff-4352-8bcf-309aca22fdf8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.026589Z",
+ "modified": "2024-09-05T00:19:29.026589Z",
+ "name": "CVE-2024-45195",
+ "description": "Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.16.\n\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45195"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d5b660c1-0893-4a7c-9e68-876fb8d222d0.json b/objects/vulnerability/vulnerability--d5b660c1-0893-4a7c-9e68-876fb8d222d0.json
new file mode 100644
index 00000000000..124ec489851
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d5b660c1-0893-4a7c-9e68-876fb8d222d0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--39031fdd-a846-4ca2-99c9-c2e5fd89f0d5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d5b660c1-0893-4a7c-9e68-876fb8d222d0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.165841Z",
+ "modified": "2024-09-05T00:19:27.165841Z",
+ "name": "CVE-2024-44984",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path. This should have been removed when we let the page pool\nhandle the DMA mapping. This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G W 6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS: 0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44984"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d7a7322f-005d-4299-a5ee-c2ff2207fc1e.json b/objects/vulnerability/vulnerability--d7a7322f-005d-4299-a5ee-c2ff2207fc1e.json
new file mode 100644
index 00000000000..d803a89fcf3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d7a7322f-005d-4299-a5ee-c2ff2207fc1e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c108f6a0-5fe1-49ce-8aed-9dce15922ac9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d7a7322f-005d-4299-a5ee-c2ff2207fc1e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.186934Z",
+ "modified": "2024-09-05T00:19:27.186934Z",
+ "name": "CVE-2024-44985",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44985"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--de444fd2-5393-48de-a619-b45831c92fb3.json b/objects/vulnerability/vulnerability--de444fd2-5393-48de-a619-b45831c92fb3.json
new file mode 100644
index 00000000000..c092804b55d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--de444fd2-5393-48de-a619-b45831c92fb3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2ac86b56-2094-445d-aad1-4c905d62da03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--de444fd2-5393-48de-a619-b45831c92fb3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.517254Z",
+ "modified": "2024-09-05T00:19:28.517254Z",
+ "name": "CVE-2024-34643",
+ "description": "Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34643"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--df9bc0a9-3951-41f4-bee5-2340f9b6ace0.json b/objects/vulnerability/vulnerability--df9bc0a9-3951-41f4-bee5-2340f9b6ace0.json
new file mode 100644
index 00000000000..c596d9c34bf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--df9bc0a9-3951-41f4-bee5-2340f9b6ace0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bf7e9e11-6bc5-468f-88f2-bdc974f349bb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--df9bc0a9-3951-41f4-bee5-2340f9b6ace0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.557513Z",
+ "modified": "2024-09-05T00:19:28.557513Z",
+ "name": "CVE-2024-34650",
+ "description": "Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34650"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e08c55db-0ea1-4d86-bada-41e04be323a9.json b/objects/vulnerability/vulnerability--e08c55db-0ea1-4d86-bada-41e04be323a9.json
new file mode 100644
index 00000000000..47e5e0def46
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e08c55db-0ea1-4d86-bada-41e04be323a9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f01de27c-eddc-44ef-b04d-2125da5ad9da",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e08c55db-0ea1-4d86-bada-41e04be323a9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.021333Z",
+ "modified": "2024-09-05T00:19:29.021333Z",
+ "name": "CVE-2024-45399",
+ "description": "Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the `next` URL. Exploitation requires initiating the account creation process with a maliciously crafted link, and then finalizing the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users. Indico 3.3.4 upgrades the dependency on Flask-Multipass to version 0.5.5, which fixes the issue. Those who build the Indico package themselves and cannot upgrade can update the `flask-multipass` dependency to `>=0.5.5` which fixes the vulnerability. Otherwise one could configure one's web server to disallow requests containing a query string with a `next` parameter that starts with `javascript:`.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45399"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e22f1acd-392d-4dd9-baac-50c97586a870.json b/objects/vulnerability/vulnerability--e22f1acd-392d-4dd9-baac-50c97586a870.json
new file mode 100644
index 00000000000..6f499ba7ca5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e22f1acd-392d-4dd9-baac-50c97586a870.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bd0b6cc3-3e34-4894-aac6-f09be9a34658",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e22f1acd-392d-4dd9-baac-50c97586a870",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.124846Z",
+ "modified": "2024-09-05T00:19:27.124846Z",
+ "name": "CVE-2024-44819",
+ "description": "Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44819"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e468470b-d0fe-406d-aed7-a73b1886f3df.json b/objects/vulnerability/vulnerability--e468470b-d0fe-406d-aed7-a73b1886f3df.json
new file mode 100644
index 00000000000..b16abd51493
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e468470b-d0fe-406d-aed7-a73b1886f3df.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7bacd044-e4ef-45f1-906f-d99310d3ed37",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e468470b-d0fe-406d-aed7-a73b1886f3df",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.515385Z",
+ "modified": "2024-09-05T00:19:28.515385Z",
+ "name": "CVE-2024-34642",
+ "description": "Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34642"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e5f543b0-93df-4a21-b490-d5da9f5fe672.json b/objects/vulnerability/vulnerability--e5f543b0-93df-4a21-b490-d5da9f5fe672.json
new file mode 100644
index 00000000000..5f3796c45dc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e5f543b0-93df-4a21-b490-d5da9f5fe672.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--911f45ca-3fe0-4aac-807e-84b2f96728a0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e5f543b0-93df-4a21-b490-d5da9f5fe672",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.147217Z",
+ "modified": "2024-09-05T00:19:27.147217Z",
+ "name": "CVE-2024-44808",
+ "description": "An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44808"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e6e6bcb7-cb8e-4eae-b215-214f65d49b61.json b/objects/vulnerability/vulnerability--e6e6bcb7-cb8e-4eae-b215-214f65d49b61.json
new file mode 100644
index 00000000000..e07d3a7d73a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e6e6bcb7-cb8e-4eae-b215-214f65d49b61.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f1a3440d-ccaa-4ef8-9e33-be7e1e382c23",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e6e6bcb7-cb8e-4eae-b215-214f65d49b61",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.027659Z",
+ "modified": "2024-09-05T00:19:29.027659Z",
+ "name": "CVE-2024-45076",
+ "description": "IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45076"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e6ef725e-4126-4cf9-9d16-e2eaee0473fe.json b/objects/vulnerability/vulnerability--e6ef725e-4126-4cf9-9d16-e2eaee0473fe.json
new file mode 100644
index 00000000000..49d16003de9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e6ef725e-4126-4cf9-9d16-e2eaee0473fe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18cf9f08-4918-4b9b-b75e-e93978fc79fd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e6ef725e-4126-4cf9-9d16-e2eaee0473fe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.134168Z",
+ "modified": "2024-09-05T00:19:27.134168Z",
+ "name": "CVE-2024-44993",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[ 387.903868] index 7 is out of range for type '__u32 [7]'\n[ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151\n[ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[ 387.932525] Call trace:\n[ 387.935296] dump_backtrace+0x170/0x1b8\n[ 387.939403] show_stack+0x20/0x38\n[ 387.942907] dump_stack_lvl+0x90/0xd0\n[ 387.946785] dump_stack+0x18/0x28\n[ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0\n[ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d]\n[ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[ 387.966862] process_one_work+0x62c/0xb48\n[ 387.971296] worker_thread+0x468/0x5b0\n[ 387.975317] kthread+0x1c4/0x1e0\n[ 387.978818] ret_from_fork+0x10/0x20\n[ 387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44993"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e76cc310-3ec6-4d8d-af63-23fb23ea8f1d.json b/objects/vulnerability/vulnerability--e76cc310-3ec6-4d8d-af63-23fb23ea8f1d.json
new file mode 100644
index 00000000000..05bea37180e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e76cc310-3ec6-4d8d-af63-23fb23ea8f1d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--309c1831-c74d-4d80-b4ee-47fcc6e2d0a4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e76cc310-3ec6-4d8d-af63-23fb23ea8f1d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.07219Z",
+ "modified": "2024-09-05T00:19:28.07219Z",
+ "name": "CVE-2024-8102",
+ "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8102"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ebf66ec6-c8ed-4c66-8360-099e88894f59.json b/objects/vulnerability/vulnerability--ebf66ec6-c8ed-4c66-8360-099e88894f59.json
new file mode 100644
index 00000000000..87d81fc80c2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ebf66ec6-c8ed-4c66-8360-099e88894f59.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e728227e-b3b6-4165-a467-688b8a439948",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ebf66ec6-c8ed-4c66-8360-099e88894f59",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.017097Z",
+ "modified": "2024-09-05T00:19:29.017097Z",
+ "name": "CVE-2024-45450",
+ "description": "Permission control vulnerability in the software update module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45450"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ece4760d-da14-4bf6-907d-ddf18d1d7781.json b/objects/vulnerability/vulnerability--ece4760d-da14-4bf6-907d-ddf18d1d7781.json
new file mode 100644
index 00000000000..508f2265eb8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ece4760d-da14-4bf6-907d-ddf18d1d7781.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1444f629-9570-4717-80cd-c423830f4e1e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ece4760d-da14-4bf6-907d-ddf18d1d7781",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.938795Z",
+ "modified": "2024-09-05T00:19:27.938795Z",
+ "name": "CVE-2024-20440",
+ "description": "A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.\r\n\r\nThis vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20440"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--eee64a26-430b-4c9e-8f73-18cf82468d0e.json b/objects/vulnerability/vulnerability--eee64a26-430b-4c9e-8f73-18cf82468d0e.json
new file mode 100644
index 00000000000..dac09593471
--- /dev/null
+++ b/objects/vulnerability/vulnerability--eee64a26-430b-4c9e-8f73-18cf82468d0e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--deef594b-6d40-4f99-943c-64a835f6a915",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--eee64a26-430b-4c9e-8f73-18cf82468d0e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.126611Z",
+ "modified": "2024-09-05T00:19:27.126611Z",
+ "name": "CVE-2024-44965",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44965"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f3917da4-956f-43b1-ab11-7cba978bbdb7.json b/objects/vulnerability/vulnerability--f3917da4-956f-43b1-ab11-7cba978bbdb7.json
new file mode 100644
index 00000000000..6da22d6f587
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f3917da4-956f-43b1-ab11-7cba978bbdb7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c4efee9d-b4b8-4074-b5f7-0dd49c9e2cd8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f3917da4-956f-43b1-ab11-7cba978bbdb7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.128419Z",
+ "modified": "2024-09-05T00:19:27.128419Z",
+ "name": "CVE-2024-44400",
+ "description": "D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44400"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f3e6cb8e-a7d5-4b26-a1b7-e073b5228a4f.json b/objects/vulnerability/vulnerability--f3e6cb8e-a7d5-4b26-a1b7-e073b5228a4f.json
new file mode 100644
index 00000000000..254ea24a776
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f3e6cb8e-a7d5-4b26-a1b7-e073b5228a4f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3d80cc9c-0582-402e-a763-127886f0e071",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f3e6cb8e-a7d5-4b26-a1b7-e073b5228a4f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.024258Z",
+ "modified": "2024-09-05T00:19:29.024258Z",
+ "name": "CVE-2024-45507",
+ "description": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.16.\n\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45507"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f41fccf0-73cf-42d0-82bb-1962dd92a30c.json b/objects/vulnerability/vulnerability--f41fccf0-73cf-42d0-82bb-1962dd92a30c.json
new file mode 100644
index 00000000000..fcb9f644de4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f41fccf0-73cf-42d0-82bb-1962dd92a30c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--55231313-e53b-4bf6-80f7-7ae9a79421a4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f41fccf0-73cf-42d0-82bb-1962dd92a30c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.498916Z",
+ "modified": "2024-09-05T00:19:28.498916Z",
+ "name": "CVE-2024-34653",
+ "description": "Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34653"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f541039f-e729-4309-a438-546545ba77a1.json b/objects/vulnerability/vulnerability--f541039f-e729-4309-a438-546545ba77a1.json
new file mode 100644
index 00000000000..3f530379f94
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f541039f-e729-4309-a438-546545ba77a1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c10f1a54-3dcd-44cb-9caa-0d3dc75e0051",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f541039f-e729-4309-a438-546545ba77a1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.537269Z",
+ "modified": "2024-09-05T00:19:28.537269Z",
+ "name": "CVE-2024-34652",
+ "description": "Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34652"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f59854db-1e03-487f-afb2-4b72c3d215f9.json b/objects/vulnerability/vulnerability--f59854db-1e03-487f-afb2-4b72c3d215f9.json
new file mode 100644
index 00000000000..450c1711427
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f59854db-1e03-487f-afb2-4b72c3d215f9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cf373192-bb9e-4e7a-8bac-ef450b4bf437",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f59854db-1e03-487f-afb2-4b72c3d215f9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.102398Z",
+ "modified": "2024-09-05T00:19:28.102398Z",
+ "name": "CVE-2024-8391",
+ "description": "In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). \n\n\n\n\nThis is fixed in the 4.5.10 version. \n\n\n\n\nNote this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8391"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f86c1ea8-4080-4b8c-9d24-cfb204261d13.json b/objects/vulnerability/vulnerability--f86c1ea8-4080-4b8c-9d24-cfb204261d13.json
new file mode 100644
index 00000000000..dc10aa9f9e4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f86c1ea8-4080-4b8c-9d24-cfb204261d13.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9d7f37cf-f819-4a48-bdfa-3918d298937d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f86c1ea8-4080-4b8c-9d24-cfb204261d13",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.533966Z",
+ "modified": "2024-09-05T00:19:28.533966Z",
+ "name": "CVE-2024-34651",
+ "description": "Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-34651"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fa7e00ae-173d-469a-a8c7-c21433711c52.json b/objects/vulnerability/vulnerability--fa7e00ae-173d-469a-a8c7-c21433711c52.json
new file mode 100644
index 00000000000..0b924c6b35e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fa7e00ae-173d-469a-a8c7-c21433711c52.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0478702f-e42a-43a4-b257-9db8e04a601d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fa7e00ae-173d-469a-a8c7-c21433711c52",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:29.032321Z",
+ "modified": "2024-09-05T00:19:29.032321Z",
+ "name": "CVE-2024-45007",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45007"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fb4516e8-8c9f-462d-8736-7feb8bcb4070.json b/objects/vulnerability/vulnerability--fb4516e8-8c9f-462d-8736-7feb8bcb4070.json
new file mode 100644
index 00000000000..fb655dc7a11
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fb4516e8-8c9f-462d-8736-7feb8bcb4070.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--064bbb00-3ab4-4fc5-a084-937ac949f0ff",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fb4516e8-8c9f-462d-8736-7feb8bcb4070",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.315113Z",
+ "modified": "2024-09-05T00:19:27.315113Z",
+ "name": "CVE-2024-44958",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44958"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fb8919da-aca1-4360-8047-1f5764fbadc8.json b/objects/vulnerability/vulnerability--fb8919da-aca1-4360-8047-1f5764fbadc8.json
new file mode 100644
index 00000000000..3782f67d82a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fb8919da-aca1-4360-8047-1f5764fbadc8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3716acc5-07d1-4cbf-a16c-7a3775d314e0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fb8919da-aca1-4360-8047-1f5764fbadc8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.314047Z",
+ "modified": "2024-09-05T00:19:27.314047Z",
+ "name": "CVE-2024-44983",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44983"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fd23f71e-ee5d-4576-9717-c9a46faf4322.json b/objects/vulnerability/vulnerability--fd23f71e-ee5d-4576-9717-c9a46faf4322.json
new file mode 100644
index 00000000000..9a5d70111ab
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fd23f71e-ee5d-4576-9717-c9a46faf4322.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1ca2097f-960f-4ca9-b049-0a0f919d59ed",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fd23f71e-ee5d-4576-9717-c9a46faf4322",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.136785Z",
+ "modified": "2024-09-05T00:19:27.136785Z",
+ "name": "CVE-2024-44980",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n comm \"modprobe\", pid 4354, jiffies 4295647021\n hex dump (first 32 bytes):\n 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............\n 18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace (crc 99260e31):\n [] kmemleak_alloc+0x4b/0x80\n [] kmalloc_trace_noprof+0x312/0x3d0\n [] intel_opregion_setup+0x89/0x700 [xe]\n [] xe_display_init_noirq+0x2f/0x90 [xe]\n [] xe_device_probe+0x7a3/0xbf0 [xe]\n [] xe_pci_probe+0x333/0x5b0 [xe]\n [] local_pci_probe+0x48/0xb0\n [] pci_device_probe+0xc8/0x280\n [] really_probe+0xf8/0x390\n [] __driver_probe_device+0x8a/0x170\n [] driver_probe_device+0x23/0xb0\n [] __driver_attach+0xc7/0x190\n [] bus_for_each_dev+0x7d/0xd0\n [] driver_attach+0x1e/0x30\n [] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44980"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fe63ff0a-a1c3-48dc-b6ef-fb40ead2f0b4.json b/objects/vulnerability/vulnerability--fe63ff0a-a1c3-48dc-b6ef-fb40ead2f0b4.json
new file mode 100644
index 00000000000..667135945e2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fe63ff0a-a1c3-48dc-b6ef-fb40ead2f0b4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--89c76430-6ab6-4c36-89b1-2f2c4f742a38",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fe63ff0a-a1c3-48dc-b6ef-fb40ead2f0b4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:27.32833Z",
+ "modified": "2024-09-05T00:19:27.32833Z",
+ "name": "CVE-2024-44998",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can't dereference \"skb\" after calling vcc->push() because the skb\nis released.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-44998"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fee3def9-f5e8-4ff5-8d46-623c11e3cbe0.json b/objects/vulnerability/vulnerability--fee3def9-f5e8-4ff5-8d46-623c11e3cbe0.json
new file mode 100644
index 00000000000..5cafb902ff6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fee3def9-f5e8-4ff5-8d46-623c11e3cbe0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dadaa532-9077-4b19-9acf-d21ffbbbb9a2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fee3def9-f5e8-4ff5-8d46-623c11e3cbe0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-09-05T00:19:28.587328Z",
+ "modified": "2024-09-05T00:19:28.587328Z",
+ "name": "CVE-2024-7012",
+ "description": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7012"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file