diff --git a/mapping.csv b/mapping.csv index 82296e1899b..c6110b8c483 100644 --- a/mapping.csv +++ b/mapping.csv @@ -250481,3 +250481,70 @@ vulnerability,CVE-2024-9327,vulnerability--064ea39b-59b5-4cd9-8553-9a4f565a6ec1 vulnerability,CVE-2024-9326,vulnerability--7a9bee5b-7d36-4710-88e9-fecfa54df9ad vulnerability,CVE-2024-9324,vulnerability--aa10b9d7-48bd-47d2-8263-fd0fdde551ee vulnerability,CVE-2024-9325,vulnerability--cdb854ec-e0d4-43d1-8760-fa82affc38d1 +vulnerability,CVE-2024-42496,vulnerability--8bc4ab45-3e02-4653-9696-060a75dedb67 +vulnerability,CVE-2024-42017,vulnerability--54a365b2-cf68-40e5-9292-11f53b41a32b +vulnerability,CVE-2024-45993,vulnerability--246b0139-d695-4413-b0ac-25fc18716dcc +vulnerability,CVE-2024-45772,vulnerability--ab3c78c2-e14a-4c33-9b1e-1d8c5f500061 +vulnerability,CVE-2024-45920,vulnerability--50baace7-b4e2-4b80-b0ca-96ee1474762f +vulnerability,CVE-2024-45073,vulnerability--51a88192-c5cc-4027-9383-a5ee50049a4d +vulnerability,CVE-2024-45792,vulnerability--25b908b1-6f69-4d1f-ae00-68302c056bd2 +vulnerability,CVE-2024-45200,vulnerability--4a73dd45-48d0-417b-8c6d-0df2a2352c86 +vulnerability,CVE-2024-3635,vulnerability--382a9aea-0056-4830-8400-2c09ed553a51 +vulnerability,CVE-2024-35495,vulnerability--8c8385f7-19c2-4410-8135-9894b17667fd +vulnerability,CVE-2024-9329,vulnerability--9c1ccf10-1f39-47bf-9735-ad2ba4227b5b +vulnerability,CVE-2024-9158,vulnerability--0d24d6db-1c65-4735-ae6d-ead284420f2a +vulnerability,CVE-2024-9194,vulnerability--3b36b72a-b9ed-4850-8085-ea615a92fb5f +vulnerability,CVE-2024-8453,vulnerability--fcb414c2-94a3-46c8-a69e-5724da505162 +vulnerability,CVE-2024-8448,vulnerability--a0e90513-abf0-4027-b6e3-618d9d543d2e +vulnerability,CVE-2024-8450,vulnerability--e6ea4d0d-26e4-4639-92b8-c8dd85ffbaec +vulnerability,CVE-2024-8459,vulnerability--ba0d06df-80cc-4f15-a464-4b7c863d5a35 +vulnerability,CVE-2024-8379,vulnerability--f72b7e89-804c-4715-b58a-8f8355dde910 +vulnerability,CVE-2024-8283,vulnerability--0faa7e1e-c1e3-4bab-a4f4-b0892f5173c4 +vulnerability,CVE-2024-8455,vulnerability--135f8f48-9940-4488-9d58-b6b2279c5276 +vulnerability,CVE-2024-8452,vulnerability--c55212f8-2850-4437-b215-932999768e19 +vulnerability,CVE-2024-8449,vulnerability--ece0f1d3-bb17-457f-a71b-c2dcd774a201 +vulnerability,CVE-2024-8239,vulnerability--0aae116d-9f96-4e01-bc55-a5c0f2006657 +vulnerability,CVE-2024-8451,vulnerability--698161db-0c9a-4553-b57a-361374b20def +vulnerability,CVE-2024-8457,vulnerability--983c05d4-51fd-4510-b046-581dc6002588 +vulnerability,CVE-2024-8454,vulnerability--7fddb250-d007-4a4e-9fa3-fae65b3e31d8 +vulnerability,CVE-2024-8456,vulnerability--0ac614d3-41bc-4b15-899c-c921b43c0c9f +vulnerability,CVE-2024-8536,vulnerability--3aed8595-a9c2-4e30-9554-33044489c457 +vulnerability,CVE-2024-8458,vulnerability--ce297f21-7a3d-4ca7-b15c-d991c920ae88 +vulnerability,CVE-2024-46549,vulnerability--6d3c992d-f5b9-482d-8780-8fc5c0ff3e2b +vulnerability,CVE-2024-46313,vulnerability--f0f84f54-9481-477a-9b17-37e5e8dbae23 +vulnerability,CVE-2024-46540,vulnerability--a0652455-4e96-4b81-bcf7-454c37f00665 +vulnerability,CVE-2024-46511,vulnerability--1c5e54a0-54b4-4045-a4b0-ae343970985d +vulnerability,CVE-2024-46510,vulnerability--ee9f4d0c-a239-4c97-9214-d571b547aabb +vulnerability,CVE-2024-46869,vulnerability--0fae70c6-3c27-4768-a3f8-c534c3c87b74 +vulnerability,CVE-2024-46503,vulnerability--02c01c61-c401-41ef-b65d-4c789ab69269 +vulnerability,CVE-2024-46293,vulnerability--3eebafee-1d8a-480e-a207-f801a4a04c35 +vulnerability,CVE-2024-46635,vulnerability--0685a9ea-58d7-4cee-9806-4e685c7caaaa +vulnerability,CVE-2024-46548,vulnerability--39171148-70cf-4731-bcd1-2481c22136e7 +vulnerability,CVE-2024-46475,vulnerability--39c2925e-3cb8-43a5-b7a0-046783eaa6e3 +vulnerability,CVE-2024-46280,vulnerability--05c6f49a-6402-41db-bfc1-a94149b8a9b2 +vulnerability,CVE-2024-6051,vulnerability--eb25daad-6d8a-4e98-8fbd-5d464ccbe803 +vulnerability,CVE-2024-6394,vulnerability--1d641541-178e-4c1b-80d2-56d4280c9680 +vulnerability,CVE-2024-28810,vulnerability--202f1458-5b9b-48b8-aed5-d857ca7f6e37 +vulnerability,CVE-2024-28813,vulnerability--4babc917-eac3-4c23-b1c8-cf29ebba5344 +vulnerability,CVE-2024-28808,vulnerability--15396577-4c58-4f7f-ba6e-e8e6b61bd1bd +vulnerability,CVE-2024-28812,vulnerability--09f954b0-d738-4230-8560-d75e1eb704aa +vulnerability,CVE-2024-28809,vulnerability--8e12afb9-cb73-4ae5-98ed-5e083716791a +vulnerability,CVE-2024-28807,vulnerability--6bf07d1d-f573-47c8-88d2-1d7a76655da2 +vulnerability,CVE-2024-28811,vulnerability--9bfe4ca7-3507-472c-b3ce-79f8cbb741d9 +vulnerability,CVE-2024-7671,vulnerability--b1a5078f-bbbd-40a7-b087-a37e18ca8bf8 +vulnerability,CVE-2024-7675,vulnerability--7104ea51-6855-4322-8e50-c3afab7bb80d +vulnerability,CVE-2024-7672,vulnerability--d4f05b07-4634-44d1-b0d2-9a16d69f7196 +vulnerability,CVE-2024-7673,vulnerability--a384ec1b-e590-48e2-bbac-88bc217274c8 +vulnerability,CVE-2024-7670,vulnerability--8641ac17-a162-40cf-92cc-27798c4350f4 +vulnerability,CVE-2024-7674,vulnerability--631056c9-f6db-4916-ad05-4fc2a5ba3ec0 +vulnerability,CVE-2024-41999,vulnerability--4092dc58-6c12-46a9-b608-23f44f3adf33 +vulnerability,CVE-2024-47532,vulnerability--ec310c81-4cff-4245-9f2d-4d5922b7ce87 +vulnerability,CVE-2024-47536,vulnerability--d4e3e094-80a8-4451-a7e5-9de893df9790 +vulnerability,CVE-2024-47641,vulnerability--6507ac6b-1c5f-4ebf-bf86-1835e259b9c9 +vulnerability,CVE-2024-47530,vulnerability--ce29637e-aee3-4507-be64-3e998d43c6dc +vulnerability,CVE-2024-47178,vulnerability--4ad5dc2f-7b1f-417c-b46d-790a744687a0 +vulnerability,CVE-2024-47531,vulnerability--321184ec-d090-4fd3-8889-402e40f010c6 +vulnerability,CVE-2024-47067,vulnerability--b4a110d2-8ba5-4178-8108-4d20dbd7d18f +vulnerability,CVE-2024-47063,vulnerability--203e7813-143a-478b-8909-ef40fd103c3e +vulnerability,CVE-2024-47064,vulnerability--8558eb24-767f-48e4-96c8-39285f009bd2 +vulnerability,CVE-2024-47172,vulnerability--7c3ffd7e-6441-49f5-98f4-3d8bd68c62ac diff --git a/objects/vulnerability/vulnerability--02c01c61-c401-41ef-b65d-4c789ab69269.json b/objects/vulnerability/vulnerability--02c01c61-c401-41ef-b65d-4c789ab69269.json new file mode 100644 index 00000000000..a9d21ef5732 --- /dev/null +++ b/objects/vulnerability/vulnerability--02c01c61-c401-41ef-b65d-4c789ab69269.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97edc7d6-4b4a-43ae-b369-634962124f89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02c01c61-c401-41ef-b65d-4c789ab69269", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.791275Z", + "modified": "2024-10-01T00:22:59.791275Z", + "name": "CVE-2024-46503", + "description": "An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05c6f49a-6402-41db-bfc1-a94149b8a9b2.json b/objects/vulnerability/vulnerability--05c6f49a-6402-41db-bfc1-a94149b8a9b2.json new file mode 100644 index 00000000000..a0a465e95e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--05c6f49a-6402-41db-bfc1-a94149b8a9b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4fe7155-3780-4641-8432-a65a2dc0db09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05c6f49a-6402-41db-bfc1-a94149b8a9b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.814988Z", + "modified": "2024-10-01T00:22:59.814988Z", + "name": "CVE-2024-46280", + "description": "PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0685a9ea-58d7-4cee-9806-4e685c7caaaa.json b/objects/vulnerability/vulnerability--0685a9ea-58d7-4cee-9806-4e685c7caaaa.json new file mode 100644 index 00000000000..c220efc3ddf --- /dev/null +++ b/objects/vulnerability/vulnerability--0685a9ea-58d7-4cee-9806-4e685c7caaaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a5070da-0d2d-4844-91e0-5e8c3eee3ee4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0685a9ea-58d7-4cee-9806-4e685c7caaaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.806788Z", + "modified": "2024-10-01T00:22:59.806788Z", + "name": "CVE-2024-46635", + "description": "An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09f954b0-d738-4230-8560-d75e1eb704aa.json b/objects/vulnerability/vulnerability--09f954b0-d738-4230-8560-d75e1eb704aa.json new file mode 100644 index 00000000000..7213c4427c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--09f954b0-d738-4230-8560-d75e1eb704aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09308ead-ef23-43df-befa-e8050d93f05a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09f954b0-d738-4230-8560-d75e1eb704aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.243387Z", + "modified": "2024-10-01T00:23:00.243387Z", + "name": "CVE-2024-28812", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28812" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0aae116d-9f96-4e01-bc55-a5c0f2006657.json b/objects/vulnerability/vulnerability--0aae116d-9f96-4e01-bc55-a5c0f2006657.json new file mode 100644 index 00000000000..6fd0af5ac54 --- /dev/null +++ b/objects/vulnerability/vulnerability--0aae116d-9f96-4e01-bc55-a5c0f2006657.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a9f09d6-92f9-4af7-90fb-0a9ce135e0f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0aae116d-9f96-4e01-bc55-a5c0f2006657", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.687165Z", + "modified": "2024-10-01T00:22:59.687165Z", + "name": "CVE-2024-8239", + "description": "The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ac614d3-41bc-4b15-899c-c921b43c0c9f.json b/objects/vulnerability/vulnerability--0ac614d3-41bc-4b15-899c-c921b43c0c9f.json new file mode 100644 index 00000000000..df2a9b591dd --- /dev/null +++ b/objects/vulnerability/vulnerability--0ac614d3-41bc-4b15-899c-c921b43c0c9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16e19b94-2e29-4d0d-88ca-27139cfb8552", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ac614d3-41bc-4b15-899c-c921b43c0c9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.696882Z", + "modified": "2024-10-01T00:22:59.696882Z", + "name": "CVE-2024-8456", + "description": "Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8456" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d24d6db-1c65-4735-ae6d-ead284420f2a.json b/objects/vulnerability/vulnerability--0d24d6db-1c65-4735-ae6d-ead284420f2a.json new file mode 100644 index 00000000000..6a8da8d66d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d24d6db-1c65-4735-ae6d-ead284420f2a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--294c0085-f19f-4988-b744-fbe91d72326c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d24d6db-1c65-4735-ae6d-ead284420f2a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.62022Z", + "modified": "2024-10-01T00:22:59.62022Z", + "name": "CVE-2024-9158", + "description": "A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9158" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0faa7e1e-c1e3-4bab-a4f4-b0892f5173c4.json b/objects/vulnerability/vulnerability--0faa7e1e-c1e3-4bab-a4f4-b0892f5173c4.json new file mode 100644 index 00000000000..060e8303527 --- /dev/null +++ b/objects/vulnerability/vulnerability--0faa7e1e-c1e3-4bab-a4f4-b0892f5173c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1ae86e2-7921-49b6-a887-ddda24111f01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0faa7e1e-c1e3-4bab-a4f4-b0892f5173c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.663245Z", + "modified": "2024-10-01T00:22:59.663245Z", + "name": "CVE-2024-8283", + "description": "The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8283" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fae70c6-3c27-4768-a3f8-c534c3c87b74.json b/objects/vulnerability/vulnerability--0fae70c6-3c27-4768-a3f8-c534c3c87b74.json new file mode 100644 index 00000000000..c47497303b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fae70c6-3c27-4768-a3f8-c534c3c87b74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21cac601-1a2a-4f09-a2c1-5f090fb93718", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fae70c6-3c27-4768-a3f8-c534c3c87b74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.789713Z", + "modified": "2024-10-01T00:22:59.789713Z", + "name": "CVE-2024-46869", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel_pcie: Allocate memory for driver private data\n\nFix driver not allocating memory for struct btintel_data which is used\nto store internal data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46869" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--135f8f48-9940-4488-9d58-b6b2279c5276.json b/objects/vulnerability/vulnerability--135f8f48-9940-4488-9d58-b6b2279c5276.json new file mode 100644 index 00000000000..3db76bbe55c --- /dev/null +++ b/objects/vulnerability/vulnerability--135f8f48-9940-4488-9d58-b6b2279c5276.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--022e9b0c-b30c-4d76-9edd-59dc7ef4df68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--135f8f48-9940-4488-9d58-b6b2279c5276", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.678664Z", + "modified": "2024-10-01T00:22:59.678664Z", + "name": "CVE-2024-8455", + "description": "The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8455" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15396577-4c58-4f7f-ba6e-e8e6b61bd1bd.json b/objects/vulnerability/vulnerability--15396577-4c58-4f7f-ba6e-e8e6b61bd1bd.json new file mode 100644 index 00000000000..f7295b5efbd --- /dev/null +++ b/objects/vulnerability/vulnerability--15396577-4c58-4f7f-ba6e-e8e6b61bd1bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cbf8f7e-46e9-4666-bb4a-74a4ebd877a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15396577-4c58-4f7f-ba6e-e8e6b61bd1bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.228909Z", + "modified": "2024-10-01T00:23:00.228909Z", + "name": "CVE-2024-28808", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28808" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c5e54a0-54b4-4045-a4b0-ae343970985d.json b/objects/vulnerability/vulnerability--1c5e54a0-54b4-4045-a4b0-ae343970985d.json new file mode 100644 index 00000000000..e8efc54735a --- /dev/null +++ b/objects/vulnerability/vulnerability--1c5e54a0-54b4-4045-a4b0-ae343970985d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f72faa6-b2ac-4ea1-bd1d-4ffd575a1946", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c5e54a0-54b4-4045-a4b0-ae343970985d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.780185Z", + "modified": "2024-10-01T00:22:59.780185Z", + "name": "CVE-2024-46511", + "description": "LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d641541-178e-4c1b-80d2-56d4280c9680.json b/objects/vulnerability/vulnerability--1d641541-178e-4c1b-80d2-56d4280c9680.json new file mode 100644 index 00000000000..4a2aa3f6305 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d641541-178e-4c1b-80d2-56d4280c9680.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c202f81-968f-4bff-af8d-bb621f7908ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d641541-178e-4c1b-80d2-56d4280c9680", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.026456Z", + "modified": "2024-10-01T00:23:00.026456Z", + "name": "CVE-2024-6394", + "description": "A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--202f1458-5b9b-48b8-aed5-d857ca7f6e37.json b/objects/vulnerability/vulnerability--202f1458-5b9b-48b8-aed5-d857ca7f6e37.json new file mode 100644 index 00000000000..7feeaead44a --- /dev/null +++ b/objects/vulnerability/vulnerability--202f1458-5b9b-48b8-aed5-d857ca7f6e37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a2ca539-592b-44f7-8fcb-a9909ce230a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--202f1458-5b9b-48b8-aed5-d857ca7f6e37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.214668Z", + "modified": "2024-10-01T00:23:00.214668Z", + "name": "CVE-2024-28810", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28810" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--203e7813-143a-478b-8909-ef40fd103c3e.json b/objects/vulnerability/vulnerability--203e7813-143a-478b-8909-ef40fd103c3e.json new file mode 100644 index 00000000000..849565208c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--203e7813-143a-478b-8909-ef40fd103c3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92950b79-ce3c-436c-8fda-32bd008af17d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--203e7813-143a-478b-8909-ef40fd103c3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.912731Z", + "modified": "2024-10-01T00:23:00.912731Z", + "name": "CVE-2024-47063", + "description": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47063" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--246b0139-d695-4413-b0ac-25fc18716dcc.json b/objects/vulnerability/vulnerability--246b0139-d695-4413-b0ac-25fc18716dcc.json new file mode 100644 index 00000000000..33a5da4b106 --- /dev/null +++ b/objects/vulnerability/vulnerability--246b0139-d695-4413-b0ac-25fc18716dcc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6be31520-34db-4392-82d7-3cceadb099e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--246b0139-d695-4413-b0ac-25fc18716dcc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.409264Z", + "modified": "2024-10-01T00:22:59.409264Z", + "name": "CVE-2024-45993", + "description": "Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45993" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25b908b1-6f69-4d1f-ae00-68302c056bd2.json b/objects/vulnerability/vulnerability--25b908b1-6f69-4d1f-ae00-68302c056bd2.json new file mode 100644 index 00000000000..7c7d43c597f --- /dev/null +++ b/objects/vulnerability/vulnerability--25b908b1-6f69-4d1f-ae00-68302c056bd2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b48d07d-e1d8-4fd7-bb34-7038d25a1b0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25b908b1-6f69-4d1f-ae00-68302c056bd2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.50444Z", + "modified": "2024-10-01T00:22:59.50444Z", + "name": "CVE-2024-45792", + "description": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--321184ec-d090-4fd3-8889-402e40f010c6.json b/objects/vulnerability/vulnerability--321184ec-d090-4fd3-8889-402e40f010c6.json new file mode 100644 index 00000000000..a7c02d9bada --- /dev/null +++ b/objects/vulnerability/vulnerability--321184ec-d090-4fd3-8889-402e40f010c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e736f6ca-e50a-4e35-9f46-ce2b67b81c03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--321184ec-d090-4fd3-8889-402e40f010c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.897482Z", + "modified": "2024-10-01T00:23:00.897482Z", + "name": "CVE-2024-47531", + "description": "Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--382a9aea-0056-4830-8400-2c09ed553a51.json b/objects/vulnerability/vulnerability--382a9aea-0056-4830-8400-2c09ed553a51.json new file mode 100644 index 00000000000..a994797e42a --- /dev/null +++ b/objects/vulnerability/vulnerability--382a9aea-0056-4830-8400-2c09ed553a51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c8a0a74-0756-4d2c-a2d9-425dec80db06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--382a9aea-0056-4830-8400-2c09ed553a51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.538018Z", + "modified": "2024-10-01T00:22:59.538018Z", + "name": "CVE-2024-3635", + "description": "The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39171148-70cf-4731-bcd1-2481c22136e7.json b/objects/vulnerability/vulnerability--39171148-70cf-4731-bcd1-2481c22136e7.json new file mode 100644 index 00000000000..c28e95eb324 --- /dev/null +++ b/objects/vulnerability/vulnerability--39171148-70cf-4731-bcd1-2481c22136e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e502292-ff58-4de0-b7bd-c2f957291294", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39171148-70cf-4731-bcd1-2481c22136e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.809551Z", + "modified": "2024-10-01T00:22:59.809551Z", + "name": "CVE-2024-46548", + "description": "TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39c2925e-3cb8-43a5-b7a0-046783eaa6e3.json b/objects/vulnerability/vulnerability--39c2925e-3cb8-43a5-b7a0-046783eaa6e3.json new file mode 100644 index 00000000000..c1672197fd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--39c2925e-3cb8-43a5-b7a0-046783eaa6e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--045ac302-e485-4481-8f6e-df120b7abba2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39c2925e-3cb8-43a5-b7a0-046783eaa6e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.810764Z", + "modified": "2024-10-01T00:22:59.810764Z", + "name": "CVE-2024-46475", + "description": "A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3aed8595-a9c2-4e30-9554-33044489c457.json b/objects/vulnerability/vulnerability--3aed8595-a9c2-4e30-9554-33044489c457.json new file mode 100644 index 00000000000..650f20fab64 --- /dev/null +++ b/objects/vulnerability/vulnerability--3aed8595-a9c2-4e30-9554-33044489c457.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c5ad8b4-1c37-47d6-a875-1fc086011da8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3aed8595-a9c2-4e30-9554-33044489c457", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.70298Z", + "modified": "2024-10-01T00:22:59.70298Z", + "name": "CVE-2024-8536", + "description": "The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b36b72a-b9ed-4850-8085-ea615a92fb5f.json b/objects/vulnerability/vulnerability--3b36b72a-b9ed-4850-8085-ea615a92fb5f.json new file mode 100644 index 00000000000..63709633a61 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b36b72a-b9ed-4850-8085-ea615a92fb5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--245ecaa8-ac1d-45d1-8741-87bfd7d3de6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b36b72a-b9ed-4850-8085-ea615a92fb5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.634628Z", + "modified": "2024-10-01T00:22:59.634628Z", + "name": "CVE-2024-9194", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3eebafee-1d8a-480e-a207-f801a4a04c35.json b/objects/vulnerability/vulnerability--3eebafee-1d8a-480e-a207-f801a4a04c35.json new file mode 100644 index 00000000000..7e4a75a06da --- /dev/null +++ b/objects/vulnerability/vulnerability--3eebafee-1d8a-480e-a207-f801a4a04c35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ebed285-9506-48af-8c6b-68a366f9ceed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3eebafee-1d8a-480e-a207-f801a4a04c35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.802903Z", + "modified": "2024-10-01T00:22:59.802903Z", + "name": "CVE-2024-46293", + "description": "Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46293" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4092dc58-6c12-46a9-b608-23f44f3adf33.json b/objects/vulnerability/vulnerability--4092dc58-6c12-46a9-b608-23f44f3adf33.json new file mode 100644 index 00000000000..fef30635fa7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4092dc58-6c12-46a9-b608-23f44f3adf33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea56b184-720d-4bf3-bd10-94d5d87b4103", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4092dc58-6c12-46a9-b608-23f44f3adf33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.772205Z", + "modified": "2024-10-01T00:23:00.772205Z", + "name": "CVE-2024-41999", + "description": "Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41999" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a73dd45-48d0-417b-8c6d-0df2a2352c86.json b/objects/vulnerability/vulnerability--4a73dd45-48d0-417b-8c6d-0df2a2352c86.json new file mode 100644 index 00000000000..65bfdc517f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a73dd45-48d0-417b-8c6d-0df2a2352c86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3f3b5f2-3c73-4e13-a08a-53ba9a8b6210", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a73dd45-48d0-417b-8c6d-0df2a2352c86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.50769Z", + "modified": "2024-10-01T00:22:59.50769Z", + "name": "CVE-2024-45200", + "description": "In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the \"Wireless Play\" (or \"LAN Play\") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library,", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ad5dc2f-7b1f-417c-b46d-790a744687a0.json b/objects/vulnerability/vulnerability--4ad5dc2f-7b1f-417c-b46d-790a744687a0.json new file mode 100644 index 00000000000..fadb7c69543 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ad5dc2f-7b1f-417c-b46d-790a744687a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87a3daf7-f076-48a0-bf54-ba40e3ed98ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ad5dc2f-7b1f-417c-b46d-790a744687a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.894253Z", + "modified": "2024-10-01T00:23:00.894253Z", + "name": "CVE-2024-47178", + "description": "basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4babc917-eac3-4c23-b1c8-cf29ebba5344.json b/objects/vulnerability/vulnerability--4babc917-eac3-4c23-b1c8-cf29ebba5344.json new file mode 100644 index 00000000000..5c0087d8953 --- /dev/null +++ b/objects/vulnerability/vulnerability--4babc917-eac3-4c23-b1c8-cf29ebba5344.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e335dc5-9611-46b8-9ddb-6230d873b9f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4babc917-eac3-4c23-b1c8-cf29ebba5344", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.220672Z", + "modified": "2024-10-01T00:23:00.220672Z", + "name": "CVE-2024-28813", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28813" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50baace7-b4e2-4b80-b0ca-96ee1474762f.json b/objects/vulnerability/vulnerability--50baace7-b4e2-4b80-b0ca-96ee1474762f.json new file mode 100644 index 00000000000..ceb06fc0b8d --- /dev/null +++ b/objects/vulnerability/vulnerability--50baace7-b4e2-4b80-b0ca-96ee1474762f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d76194d0-083c-43de-bb2c-4f575c52ea0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50baace7-b4e2-4b80-b0ca-96ee1474762f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.484941Z", + "modified": "2024-10-01T00:22:59.484941Z", + "name": "CVE-2024-45920", + "description": "A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in \"Intrest\" feature.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51a88192-c5cc-4027-9383-a5ee50049a4d.json b/objects/vulnerability/vulnerability--51a88192-c5cc-4027-9383-a5ee50049a4d.json new file mode 100644 index 00000000000..7ef9869cc71 --- /dev/null +++ b/objects/vulnerability/vulnerability--51a88192-c5cc-4027-9383-a5ee50049a4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--badd75e6-72b3-473f-8afe-58828a158c2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51a88192-c5cc-4027-9383-a5ee50049a4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.495121Z", + "modified": "2024-10-01T00:22:59.495121Z", + "name": "CVE-2024-45073", + "description": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54a365b2-cf68-40e5-9292-11f53b41a32b.json b/objects/vulnerability/vulnerability--54a365b2-cf68-40e5-9292-11f53b41a32b.json new file mode 100644 index 00000000000..28e8973a5ad --- /dev/null +++ b/objects/vulnerability/vulnerability--54a365b2-cf68-40e5-9292-11f53b41a32b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80f7e0f2-7439-40f4-ae51-8f1f494748cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54a365b2-cf68-40e5-9292-11f53b41a32b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.1941Z", + "modified": "2024-10-01T00:22:59.1941Z", + "name": "CVE-2024-42017", + "description": "An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--631056c9-f6db-4916-ad05-4fc2a5ba3ec0.json b/objects/vulnerability/vulnerability--631056c9-f6db-4916-ad05-4fc2a5ba3ec0.json new file mode 100644 index 00000000000..198712de713 --- /dev/null +++ b/objects/vulnerability/vulnerability--631056c9-f6db-4916-ad05-4fc2a5ba3ec0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2a75ba8-5b23-416a-9f74-3785d3ac9c2b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--631056c9-f6db-4916-ad05-4fc2a5ba3ec0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.459093Z", + "modified": "2024-10-01T00:23:00.459093Z", + "name": "CVE-2024-7674", + "description": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6507ac6b-1c5f-4ebf-bf86-1835e259b9c9.json b/objects/vulnerability/vulnerability--6507ac6b-1c5f-4ebf-bf86-1835e259b9c9.json new file mode 100644 index 00000000000..4ff0cc7b05c --- /dev/null +++ b/objects/vulnerability/vulnerability--6507ac6b-1c5f-4ebf-bf86-1835e259b9c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--445401eb-38ad-4d70-b218-9181f308a5af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6507ac6b-1c5f-4ebf-bf86-1835e259b9c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.890461Z", + "modified": "2024-10-01T00:23:00.890461Z", + "name": "CVE-2024-47641", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--698161db-0c9a-4553-b57a-361374b20def.json b/objects/vulnerability/vulnerability--698161db-0c9a-4553-b57a-361374b20def.json new file mode 100644 index 00000000000..188f91eefe0 --- /dev/null +++ b/objects/vulnerability/vulnerability--698161db-0c9a-4553-b57a-361374b20def.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e5be3e7-12b0-4764-a11a-5a0907bbe983", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--698161db-0c9a-4553-b57a-361374b20def", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.690249Z", + "modified": "2024-10-01T00:22:59.690249Z", + "name": "CVE-2024-8451", + "description": "Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bf07d1d-f573-47c8-88d2-1d7a76655da2.json b/objects/vulnerability/vulnerability--6bf07d1d-f573-47c8-88d2-1d7a76655da2.json new file mode 100644 index 00000000000..401d3888557 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bf07d1d-f573-47c8-88d2-1d7a76655da2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76b763db-299a-4a06-a59a-920e79cba5da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bf07d1d-f573-47c8-88d2-1d7a76655da2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.25842Z", + "modified": "2024-10-01T00:23:00.25842Z", + "name": "CVE-2024-28807", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28807" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d3c992d-f5b9-482d-8780-8fc5c0ff3e2b.json b/objects/vulnerability/vulnerability--6d3c992d-f5b9-482d-8780-8fc5c0ff3e2b.json new file mode 100644 index 00000000000..e64fa568efd --- /dev/null +++ b/objects/vulnerability/vulnerability--6d3c992d-f5b9-482d-8780-8fc5c0ff3e2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62471ef6-9556-4cbf-a54b-1c35d461cb2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d3c992d-f5b9-482d-8780-8fc5c0ff3e2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.764475Z", + "modified": "2024-10-01T00:22:59.764475Z", + "name": "CVE-2024-46549", + "description": "An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7104ea51-6855-4322-8e50-c3afab7bb80d.json b/objects/vulnerability/vulnerability--7104ea51-6855-4322-8e50-c3afab7bb80d.json new file mode 100644 index 00000000000..dda8a550b04 --- /dev/null +++ b/objects/vulnerability/vulnerability--7104ea51-6855-4322-8e50-c3afab7bb80d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22229920-dce1-4557-80e9-2295f25a24fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7104ea51-6855-4322-8e50-c3afab7bb80d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.445618Z", + "modified": "2024-10-01T00:23:00.445618Z", + "name": "CVE-2024-7675", + "description": "A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c3ffd7e-6441-49f5-98f4-3d8bd68c62ac.json b/objects/vulnerability/vulnerability--7c3ffd7e-6441-49f5-98f4-3d8bd68c62ac.json new file mode 100644 index 00000000000..0892f02d8ae --- /dev/null +++ b/objects/vulnerability/vulnerability--7c3ffd7e-6441-49f5-98f4-3d8bd68c62ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a243a5f8-0aa5-4019-b7f8-06fe5fe121a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c3ffd7e-6441-49f5-98f4-3d8bd68c62ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.91597Z", + "modified": "2024-10-01T00:23:00.91597Z", + "name": "CVE-2024-47172", + "description": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7fddb250-d007-4a4e-9fa3-fae65b3e31d8.json b/objects/vulnerability/vulnerability--7fddb250-d007-4a4e-9fa3-fae65b3e31d8.json new file mode 100644 index 00000000000..12047f53363 --- /dev/null +++ b/objects/vulnerability/vulnerability--7fddb250-d007-4a4e-9fa3-fae65b3e31d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6859c016-ee5b-4997-8412-1bbcf9ec966d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7fddb250-d007-4a4e-9fa3-fae65b3e31d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.695755Z", + "modified": "2024-10-01T00:22:59.695755Z", + "name": "CVE-2024-8454", + "description": "The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8558eb24-767f-48e4-96c8-39285f009bd2.json b/objects/vulnerability/vulnerability--8558eb24-767f-48e4-96c8-39285f009bd2.json new file mode 100644 index 00000000000..c9f2dc5dbd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--8558eb24-767f-48e4-96c8-39285f009bd2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d083b87f-cb16-48eb-8762-ceec1a3859df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8558eb24-767f-48e4-96c8-39285f009bd2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.914299Z", + "modified": "2024-10-01T00:23:00.914299Z", + "name": "CVE-2024-47064", + "description": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8641ac17-a162-40cf-92cc-27798c4350f4.json b/objects/vulnerability/vulnerability--8641ac17-a162-40cf-92cc-27798c4350f4.json new file mode 100644 index 00000000000..feb4a423678 --- /dev/null +++ b/objects/vulnerability/vulnerability--8641ac17-a162-40cf-92cc-27798c4350f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5bbcc75-6bbc-437b-8a4a-2b4ab9fb8ba4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8641ac17-a162-40cf-92cc-27798c4350f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.457247Z", + "modified": "2024-10-01T00:23:00.457247Z", + "name": "CVE-2024-7670", + "description": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bc4ab45-3e02-4653-9696-060a75dedb67.json b/objects/vulnerability/vulnerability--8bc4ab45-3e02-4653-9696-060a75dedb67.json new file mode 100644 index 00000000000..5f6e9e64f43 --- /dev/null +++ b/objects/vulnerability/vulnerability--8bc4ab45-3e02-4653-9696-060a75dedb67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79a70b8f-63f5-4c73-954e-dac3dd19d672", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bc4ab45-3e02-4653-9696-060a75dedb67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.180974Z", + "modified": "2024-10-01T00:22:59.180974Z", + "name": "CVE-2024-42496", + "description": "Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c8385f7-19c2-4410-8135-9894b17667fd.json b/objects/vulnerability/vulnerability--8c8385f7-19c2-4410-8135-9894b17667fd.json new file mode 100644 index 00000000000..e70c9c3ff37 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c8385f7-19c2-4410-8135-9894b17667fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--400aec8c-6ed0-4e83-896b-6e6f09af0f7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c8385f7-19c2-4410-8135-9894b17667fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.592129Z", + "modified": "2024-10-01T00:22:59.592129Z", + "name": "CVE-2024-35495", + "description": "An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e12afb9-cb73-4ae5-98ed-5e083716791a.json b/objects/vulnerability/vulnerability--8e12afb9-cb73-4ae5-98ed-5e083716791a.json new file mode 100644 index 00000000000..11991dabe38 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e12afb9-cb73-4ae5-98ed-5e083716791a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60e96e1b-136c-43a9-9b02-e1878a3c47a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e12afb9-cb73-4ae5-98ed-5e083716791a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.252979Z", + "modified": "2024-10-01T00:23:00.252979Z", + "name": "CVE-2024-28809", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28809" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--983c05d4-51fd-4510-b046-581dc6002588.json b/objects/vulnerability/vulnerability--983c05d4-51fd-4510-b046-581dc6002588.json new file mode 100644 index 00000000000..e3db317c805 --- /dev/null +++ b/objects/vulnerability/vulnerability--983c05d4-51fd-4510-b046-581dc6002588.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9556c70e-50e5-4504-bc11-34b114efcc01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--983c05d4-51fd-4510-b046-581dc6002588", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.693723Z", + "modified": "2024-10-01T00:22:59.693723Z", + "name": "CVE-2024-8457", + "description": "Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bfe4ca7-3507-472c-b3ce-79f8cbb741d9.json b/objects/vulnerability/vulnerability--9bfe4ca7-3507-472c-b3ce-79f8cbb741d9.json new file mode 100644 index 00000000000..53078c120b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9bfe4ca7-3507-472c-b3ce-79f8cbb741d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36896ea7-a66b-4fcf-b588-1341bec9c99f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bfe4ca7-3507-472c-b3ce-79f8cbb741d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.26342Z", + "modified": "2024-10-01T00:23:00.26342Z", + "name": "CVE-2024-28811", + "description": "An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28811" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c1ccf10-1f39-47bf-9735-ad2ba4227b5b.json b/objects/vulnerability/vulnerability--9c1ccf10-1f39-47bf-9735-ad2ba4227b5b.json new file mode 100644 index 00000000000..f11e1ef4701 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c1ccf10-1f39-47bf-9735-ad2ba4227b5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d005a51-2c77-4bfb-bc0b-4fbb5a02b58d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c1ccf10-1f39-47bf-9735-ad2ba4227b5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.618799Z", + "modified": "2024-10-01T00:22:59.618799Z", + "name": "CVE-2024-9329", + "description": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0652455-4e96-4b81-bcf7-454c37f00665.json b/objects/vulnerability/vulnerability--a0652455-4e96-4b81-bcf7-454c37f00665.json new file mode 100644 index 00000000000..0d2a26626b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0652455-4e96-4b81-bcf7-454c37f00665.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61bf38b9-4c71-4648-bc49-63ed20cb46b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0652455-4e96-4b81-bcf7-454c37f00665", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.775789Z", + "modified": "2024-10-01T00:22:59.775789Z", + "name": "CVE-2024-46540", + "description": "A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0e90513-abf0-4027-b6e3-618d9d543d2e.json b/objects/vulnerability/vulnerability--a0e90513-abf0-4027-b6e3-618d9d543d2e.json new file mode 100644 index 00000000000..12073e99bb8 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0e90513-abf0-4027-b6e3-618d9d543d2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f90814b-eb53-47b2-bc5a-d544e07c0594", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0e90513-abf0-4027-b6e3-618d9d543d2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.646562Z", + "modified": "2024-10-01T00:22:59.646562Z", + "name": "CVE-2024-8448", + "description": "Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8448" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a384ec1b-e590-48e2-bbac-88bc217274c8.json b/objects/vulnerability/vulnerability--a384ec1b-e590-48e2-bbac-88bc217274c8.json new file mode 100644 index 00000000000..7e552aa1735 --- /dev/null +++ b/objects/vulnerability/vulnerability--a384ec1b-e590-48e2-bbac-88bc217274c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2efe065-6cf8-409e-8c50-07dbe75b1976", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a384ec1b-e590-48e2-bbac-88bc217274c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.452571Z", + "modified": "2024-10-01T00:23:00.452571Z", + "name": "CVE-2024-7673", + "description": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab3c78c2-e14a-4c33-9b1e-1d8c5f500061.json b/objects/vulnerability/vulnerability--ab3c78c2-e14a-4c33-9b1e-1d8c5f500061.json new file mode 100644 index 00000000000..7d9ce5b8dd6 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab3c78c2-e14a-4c33-9b1e-1d8c5f500061.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d8d3db4-a7e1-4cf5-9b01-b1475198f07c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab3c78c2-e14a-4c33-9b1e-1d8c5f500061", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.475937Z", + "modified": "2024-10-01T00:22:59.475937Z", + "name": "CVE-2024-45772", + "description": "Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\nJava serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45772" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1a5078f-bbbd-40a7-b087-a37e18ca8bf8.json b/objects/vulnerability/vulnerability--b1a5078f-bbbd-40a7-b087-a37e18ca8bf8.json new file mode 100644 index 00000000000..038a9569d6a --- /dev/null +++ b/objects/vulnerability/vulnerability--b1a5078f-bbbd-40a7-b087-a37e18ca8bf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77605a18-690f-4729-ba6d-88a9912fa509", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1a5078f-bbbd-40a7-b087-a37e18ca8bf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.428149Z", + "modified": "2024-10-01T00:23:00.428149Z", + "name": "CVE-2024-7671", + "description": "A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4a110d2-8ba5-4178-8108-4d20dbd7d18f.json b/objects/vulnerability/vulnerability--b4a110d2-8ba5-4178-8108-4d20dbd7d18f.json new file mode 100644 index 00000000000..e92d04aa48c --- /dev/null +++ b/objects/vulnerability/vulnerability--b4a110d2-8ba5-4178-8108-4d20dbd7d18f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a2b4f26-03ab-4e1f-a20e-777ab722153b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4a110d2-8ba5-4178-8108-4d20dbd7d18f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.902186Z", + "modified": "2024-10-01T00:23:00.902186Z", + "name": "CVE-2024-47067", + "description": "AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47067" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba0d06df-80cc-4f15-a464-4b7c863d5a35.json b/objects/vulnerability/vulnerability--ba0d06df-80cc-4f15-a464-4b7c863d5a35.json new file mode 100644 index 00000000000..27267109245 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba0d06df-80cc-4f15-a464-4b7c863d5a35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33a7c04e-8ee0-452d-8a32-978b84546d39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba0d06df-80cc-4f15-a464-4b7c863d5a35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.64995Z", + "modified": "2024-10-01T00:22:59.64995Z", + "name": "CVE-2024-8459", + "description": "Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8459" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c55212f8-2850-4437-b215-932999768e19.json b/objects/vulnerability/vulnerability--c55212f8-2850-4437-b215-932999768e19.json new file mode 100644 index 00000000000..e0cf601e560 --- /dev/null +++ b/objects/vulnerability/vulnerability--c55212f8-2850-4437-b215-932999768e19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0787ae6e-d818-4afd-b42b-7c0bc3fafbd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c55212f8-2850-4437-b215-932999768e19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.682642Z", + "modified": "2024-10-01T00:22:59.682642Z", + "name": "CVE-2024-8452", + "description": "Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8452" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce29637e-aee3-4507-be64-3e998d43c6dc.json b/objects/vulnerability/vulnerability--ce29637e-aee3-4507-be64-3e998d43c6dc.json new file mode 100644 index 00000000000..ee2860d9d55 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce29637e-aee3-4507-be64-3e998d43c6dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86072aa8-65f3-4916-817d-38ed196673cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce29637e-aee3-4507-be64-3e998d43c6dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.892266Z", + "modified": "2024-10-01T00:23:00.892266Z", + "name": "CVE-2024-47530", + "description": "Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce297f21-7a3d-4ca7-b15c-d991c920ae88.json b/objects/vulnerability/vulnerability--ce297f21-7a3d-4ca7-b15c-d991c920ae88.json new file mode 100644 index 00000000000..0864de16495 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce297f21-7a3d-4ca7-b15c-d991c920ae88.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fb50474-1fa6-49a6-8dc5-10101a47806b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce297f21-7a3d-4ca7-b15c-d991c920ae88", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.705705Z", + "modified": "2024-10-01T00:22:59.705705Z", + "name": "CVE-2024-8458", + "description": "Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4e3e094-80a8-4451-a7e5-9de893df9790.json b/objects/vulnerability/vulnerability--d4e3e094-80a8-4451-a7e5-9de893df9790.json new file mode 100644 index 00000000000..3826b7f7634 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4e3e094-80a8-4451-a7e5-9de893df9790.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2392057d-0093-4c7d-8e0e-d0e6dd33328f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4e3e094-80a8-4451-a7e5-9de893df9790", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.888985Z", + "modified": "2024-10-01T00:23:00.888985Z", + "name": "CVE-2024-47536", + "description": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their \"real name\" to an XSS payload. This vulnerability is fixed in 2.31.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4f05b07-4634-44d1-b0d2-9a16d69f7196.json b/objects/vulnerability/vulnerability--d4f05b07-4634-44d1-b0d2-9a16d69f7196.json new file mode 100644 index 00000000000..73be914ed46 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4f05b07-4634-44d1-b0d2-9a16d69f7196.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0918a8b-8907-4d19-b6dd-f04acc89971a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4f05b07-4634-44d1-b0d2-9a16d69f7196", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.449568Z", + "modified": "2024-10-01T00:23:00.449568Z", + "name": "CVE-2024-7672", + "description": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6ea4d0d-26e4-4639-92b8-c8dd85ffbaec.json b/objects/vulnerability/vulnerability--e6ea4d0d-26e4-4639-92b8-c8dd85ffbaec.json new file mode 100644 index 00000000000..8e6a0070344 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6ea4d0d-26e4-4639-92b8-c8dd85ffbaec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5b31c54-9d6d-48e9-98c4-e3c5b3cd0050", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6ea4d0d-26e4-4639-92b8-c8dd85ffbaec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.647582Z", + "modified": "2024-10-01T00:22:59.647582Z", + "name": "CVE-2024-8450", + "description": "Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb25daad-6d8a-4e98-8fbd-5d464ccbe803.json b/objects/vulnerability/vulnerability--eb25daad-6d8a-4e98-8fbd-5d464ccbe803.json new file mode 100644 index 00000000000..32b49fb1274 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb25daad-6d8a-4e98-8fbd-5d464ccbe803.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--caa14276-ba78-4cce-869c-a3d9a0f11023", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb25daad-6d8a-4e98-8fbd-5d464ccbe803", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.008149Z", + "modified": "2024-10-01T00:23:00.008149Z", + "name": "CVE-2024-6051", + "description": "Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6051" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec310c81-4cff-4245-9f2d-4d5922b7ce87.json b/objects/vulnerability/vulnerability--ec310c81-4cff-4245-9f2d-4d5922b7ce87.json new file mode 100644 index 00000000000..071410835be --- /dev/null +++ b/objects/vulnerability/vulnerability--ec310c81-4cff-4245-9f2d-4d5922b7ce87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1804e4fd-fdc2-483a-b263-c4bee14a1699", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec310c81-4cff-4245-9f2d-4d5922b7ce87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:23:00.887089Z", + "modified": "2024-10-01T00:23:00.887089Z", + "name": "CVE-2024-47532", + "description": "RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ece0f1d3-bb17-457f-a71b-c2dcd774a201.json b/objects/vulnerability/vulnerability--ece0f1d3-bb17-457f-a71b-c2dcd774a201.json new file mode 100644 index 00000000000..8e636af54bb --- /dev/null +++ b/objects/vulnerability/vulnerability--ece0f1d3-bb17-457f-a71b-c2dcd774a201.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aace4558-4a20-4af9-bc38-f0d19594372d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ece0f1d3-bb17-457f-a71b-c2dcd774a201", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.684662Z", + "modified": "2024-10-01T00:22:59.684662Z", + "name": "CVE-2024-8449", + "description": "Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8449" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee9f4d0c-a239-4c97-9214-d571b547aabb.json b/objects/vulnerability/vulnerability--ee9f4d0c-a239-4c97-9214-d571b547aabb.json new file mode 100644 index 00000000000..72dec07e69e --- /dev/null +++ b/objects/vulnerability/vulnerability--ee9f4d0c-a239-4c97-9214-d571b547aabb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fd78c2b-8e1c-4da8-9432-d378d73a0d77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee9f4d0c-a239-4c97-9214-d571b547aabb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.786156Z", + "modified": "2024-10-01T00:22:59.786156Z", + "name": "CVE-2024-46510", + "description": "ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0f84f54-9481-477a-9b17-37e5e8dbae23.json b/objects/vulnerability/vulnerability--f0f84f54-9481-477a-9b17-37e5e8dbae23.json new file mode 100644 index 00000000000..ad15b21dfdd --- /dev/null +++ b/objects/vulnerability/vulnerability--f0f84f54-9481-477a-9b17-37e5e8dbae23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b4f76eb-803f-482d-b6da-ec5957d8e47b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0f84f54-9481-477a-9b17-37e5e8dbae23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.771248Z", + "modified": "2024-10-01T00:22:59.771248Z", + "name": "CVE-2024-46313", + "description": "TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46313" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f72b7e89-804c-4715-b58a-8f8355dde910.json b/objects/vulnerability/vulnerability--f72b7e89-804c-4715-b58a-8f8355dde910.json new file mode 100644 index 00000000000..02e3c11ccf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f72b7e89-804c-4715-b58a-8f8355dde910.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0657782f-3597-4968-a59b-0f57d593ee25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f72b7e89-804c-4715-b58a-8f8355dde910", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.651237Z", + "modified": "2024-10-01T00:22:59.651237Z", + "name": "CVE-2024-8379", + "description": "The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8379" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fcb414c2-94a3-46c8-a69e-5724da505162.json b/objects/vulnerability/vulnerability--fcb414c2-94a3-46c8-a69e-5724da505162.json new file mode 100644 index 00000000000..cf092cf0595 --- /dev/null +++ b/objects/vulnerability/vulnerability--fcb414c2-94a3-46c8-a69e-5724da505162.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--862a217a-de6c-4991-9efd-08fda624b756", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fcb414c2-94a3-46c8-a69e-5724da505162", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-01T00:22:59.640918Z", + "modified": "2024-10-01T00:22:59.640918Z", + "name": "CVE-2024-8453", + "description": "Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8453" + } + ] + } + ] +} \ No newline at end of file