diff --git a/mapping.csv b/mapping.csv index 16cc3465b42..8f59072219a 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248596,3 +248596,241 @@ vulnerability,CVE-2024-45203,vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec vulnerability,CVE-2024-45625,vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8 vulnerability,CVE-2024-45406,vulnerability--b3c995e8-6543-4238-8543-80477be10f8a vulnerability,CVE-2023-50883,vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3 +vulnerability,CVE-2022-45856,vulnerability--d0d86f3f-ac10-4cf6-94bf-33c03acfbff2 +vulnerability,CVE-2024-27257,vulnerability--14295a22-0e17-4d9c-942a-ae749f9146d4 +vulnerability,CVE-2024-37728,vulnerability--dda031cc-12c6-4200-95ee-c312c90c2bab +vulnerability,CVE-2024-37990,vulnerability--4d49a63e-0936-4947-9d1a-150dfc0713fa +vulnerability,CVE-2024-37994,vulnerability--0a518011-7836-40d3-b227-f96190425034 +vulnerability,CVE-2024-37340,vulnerability--158a3b55-852a-48ad-9ae0-6462fe54c4c0 +vulnerability,CVE-2024-37342,vulnerability--7b971b9c-f482-4439-9497-afd55077911b +vulnerability,CVE-2024-37980,vulnerability--24394d8b-cb0e-446c-a65e-c601ce68cda7 +vulnerability,CVE-2024-37991,vulnerability--3a472b04-da9a-49dd-a4c5-a8fe5d0c9416 +vulnerability,CVE-2024-37339,vulnerability--7815a52f-3290-4a40-916f-878deda4467b +vulnerability,CVE-2024-37995,vulnerability--1931be1a-cdee-4474-97fa-b92c14340af8 +vulnerability,CVE-2024-37993,vulnerability--307ecce2-9aeb-4777-9a94-ecf455bf516d +vulnerability,CVE-2024-37338,vulnerability--abec1876-1470-496f-919b-a7b40224cc06 +vulnerability,CVE-2024-37341,vulnerability--c85be5e4-c907-46c9-a2e4-7901a1132aa4 +vulnerability,CVE-2024-37966,vulnerability--14e5cfc1-a4d7-470f-acd9-b0c78d6c41bb +vulnerability,CVE-2024-37337,vulnerability--d90c1d5f-ea7f-4880-9a82-448cf9431936 +vulnerability,CVE-2024-37335,vulnerability--b1c4696d-72a5-4be5-b818-1a03c754d089 +vulnerability,CVE-2024-37965,vulnerability--d0ba6c31-0c75-4a99-a738-a473eac50d63 +vulnerability,CVE-2024-37992,vulnerability--b7b723fa-c918-494f-9734-0178b4c533bb +vulnerability,CVE-2024-32006,vulnerability--5671b7b8-3992-44e1-b0a3-a2004c2d1776 +vulnerability,CVE-2024-44116,vulnerability--66d6cde5-3878-4a73-93b7-b02bead836ec +vulnerability,CVE-2024-44114,vulnerability--0b527e01-94c1-47ad-a300-1a553b44f796 +vulnerability,CVE-2024-44106,vulnerability--b0a3000a-fecc-42fb-951f-cf6c28c3ee33 +vulnerability,CVE-2024-44815,vulnerability--d018124b-6f0a-4f74-bd81-179a1b035af5 +vulnerability,CVE-2024-44103,vulnerability--bd7a763b-58ef-4821-abe3-24fdc4ac8c7d +vulnerability,CVE-2024-44072,vulnerability--dc512e89-dab8-47a2-813f-469c19996b6a +vulnerability,CVE-2024-44121,vulnerability--b8aa8437-5dba-4351-b653-74db26af7144 +vulnerability,CVE-2024-44120,vulnerability--3d1f252f-25bf-4a83-92b4-88c919665485 +vulnerability,CVE-2024-44107,vulnerability--57366035-49f6-4805-9eed-45bfd06a0401 +vulnerability,CVE-2024-44113,vulnerability--4da7a38f-23b6-4ec6-a9f5-b52a7d947341 +vulnerability,CVE-2024-44872,vulnerability--a027d6bd-7717-444c-b2fe-81f412942167 +vulnerability,CVE-2024-44667,vulnerability--6146a1cc-e857-4067-8db0-2f50d96f6620 +vulnerability,CVE-2024-44115,vulnerability--30f2e243-eed5-44d0-bfb2-4abcdd164b9a +vulnerability,CVE-2024-44871,vulnerability--d23f1902-5440-42fb-af41-78194bd1ee1b +vulnerability,CVE-2024-44867,vulnerability--ad223aca-c2bf-4267-a211-10d1db9039cb +vulnerability,CVE-2024-44112,vulnerability--d167bfc5-276c-49eb-a28c-49edac4dd797 +vulnerability,CVE-2024-44677,vulnerability--cad8fdb5-43f3-4cfa-9c66-65f3e9bffd73 +vulnerability,CVE-2024-44676,vulnerability--21d123c2-9305-446b-9754-d5a4750e9315 +vulnerability,CVE-2024-44117,vulnerability--6cf55219-ba1c-49b7-8648-244b6b9276f3 +vulnerability,CVE-2024-44105,vulnerability--309a780c-6ee3-4b0a-9838-57d59be67d0b +vulnerability,CVE-2024-44104,vulnerability--0f293d3f-ea9c-4739-8413-7f490b398acd +vulnerability,CVE-2024-44893,vulnerability--d1bf6669-e50d-41dd-9993-7db49c15b1b1 +vulnerability,CVE-2024-44087,vulnerability--f1bbb71f-546a-4605-aebb-0dfad77ad1c8 +vulnerability,CVE-2024-25073,vulnerability--b7927678-c5cd-4c8f-a5a9-72af39e9d91e +vulnerability,CVE-2024-25074,vulnerability--b16cc53a-fd6e-4160-b3fb-d949cacf09ef +vulnerability,CVE-2024-6342,vulnerability--4ac2afd4-f282-4f08-bd0a-8b643418d4ba +vulnerability,CVE-2024-6282,vulnerability--b29229fb-ec14-4aa2-b5fa-269186b3c7c2 +vulnerability,CVE-2024-6509,vulnerability--54085701-9560-4f3a-969f-ce84f6b34978 +vulnerability,CVE-2024-6876,vulnerability--85ba9a16-1af1-40ea-99d8-de681571fa25 +vulnerability,CVE-2024-6173,vulnerability--606d0569-e7c6-457b-bb74-54493aec5f0a +vulnerability,CVE-2024-6596,vulnerability--3c3178f0-fb3a-45a8-9a97-a257c1fa6c15 +vulnerability,CVE-2024-6979,vulnerability--67df42bc-addf-47e4-96ea-15189d02daf4 +vulnerability,CVE-2024-42425,vulnerability--67710f55-6aa8-4941-b51d-a15db4022ba7 +vulnerability,CVE-2024-42371,vulnerability--21e6340c-905b-4cf1-aa80-f60b5f310250 +vulnerability,CVE-2024-42423,vulnerability--21cd771e-2721-4826-8fed-b307f4fe3dab +vulnerability,CVE-2024-42424,vulnerability--4aa5bab9-a776-4489-a59b-9d221fb0e5ee +vulnerability,CVE-2024-42380,vulnerability--9979fc5e-806f-4ec3-9f69-f114107498bd +vulnerability,CVE-2024-42427,vulnerability--a2464909-ddd4-4ddb-a4ca-1206f8f9c9fd +vulnerability,CVE-2024-42344,vulnerability--9652c0ee-b91f-4883-aec2-d9003e4897e7 +vulnerability,CVE-2024-42378,vulnerability--d377e21c-fe4a-49fa-b659-13989e7891a6 +vulnerability,CVE-2024-42345,vulnerability--b306a970-4d33-4ace-be26-107874b68834 +vulnerability,CVE-2024-30073,vulnerability--8c483aaf-8b75-41b8-8474-c1042852c625 +vulnerability,CVE-2024-38246,vulnerability--c6c18999-a701-4755-a1ee-f94f2b117dde +vulnerability,CVE-2024-38256,vulnerability--174da9af-d327-4798-bf0d-2c6d7ec86cba +vulnerability,CVE-2024-38237,vulnerability--06ad4a7b-adba-463d-9c7b-48473bb877ce +vulnerability,CVE-2024-38242,vulnerability--593d8ee8-4936-417d-8cda-689cf04226e5 +vulnerability,CVE-2024-38234,vulnerability--7db13356-2bd5-4075-8de7-791ea399c1df +vulnerability,CVE-2024-38188,vulnerability--9d848f45-6502-4815-aaf6-b6b13684b6c4 +vulnerability,CVE-2024-38259,vulnerability--45ad8880-d6a7-42f5-a3e8-989179d03e73 +vulnerability,CVE-2024-38014,vulnerability--31010f6a-1ed4-4c51-9e18-55b67bccbff4 +vulnerability,CVE-2024-38248,vulnerability--b7743236-0d3d-4d2d-b910-9d1f84630e1d +vulnerability,CVE-2024-38241,vulnerability--22d80e18-5f32-4103-841b-9ed47d27eaa8 +vulnerability,CVE-2024-38227,vulnerability--e73c6397-9569-4bb6-9977-c16ba3f770ad +vulnerability,CVE-2024-38217,vulnerability--2157fd30-fe71-48fc-ad4e-e01e5cb14788 +vulnerability,CVE-2024-38226,vulnerability--73ef5cf4-72d7-4972-a506-e2dc192a66c2 +vulnerability,CVE-2024-38230,vulnerability--d3eac526-2bca-43a9-b52e-f31cb0308a1f +vulnerability,CVE-2024-38216,vulnerability--578d7be7-4e43-4f79-8f63-42875e13d62f +vulnerability,CVE-2024-38046,vulnerability--81259b14-77e3-496f-afaf-3f2043be591b +vulnerability,CVE-2024-38231,vulnerability--4a03186e-66c2-4ee0-b2d7-2935f9edfc94 +vulnerability,CVE-2024-38253,vulnerability--e9d1e84a-fd28-49cd-9156-77117081bef9 +vulnerability,CVE-2024-38232,vulnerability--c509ea80-0060-4a10-b14d-7f5753bd8bc6 +vulnerability,CVE-2024-38239,vulnerability--08665cb1-b301-44db-8404-1fd15509929d +vulnerability,CVE-2024-38254,vulnerability--36adbd2d-0c38-4207-a950-7c5a5676f8c8 +vulnerability,CVE-2024-38250,vulnerability--f0662bdc-5ad8-4fb8-b5d6-dc632844ee9c +vulnerability,CVE-2024-38258,vulnerability--8d20d76a-191b-4ee8-92f9-6d82a2aad5a3 +vulnerability,CVE-2024-38245,vulnerability--5d9ea8f0-ef02-4abf-a694-78d8595322f8 +vulnerability,CVE-2024-38244,vulnerability--61561e72-0e55-418b-9467-8d57209aa243 +vulnerability,CVE-2024-38257,vulnerability--12a87db8-adc8-4359-8ccc-af8b7e7b281c +vulnerability,CVE-2024-38233,vulnerability--e9be99af-85fe-4cc9-b6d4-97fa456cbb1e +vulnerability,CVE-2024-38225,vulnerability--76bd9d71-bd8f-4744-a5a9-cae936443479 +vulnerability,CVE-2024-38252,vulnerability--e4e3a0bf-ed0a-410e-81f1-f618fb9621c2 +vulnerability,CVE-2024-38045,vulnerability--dd0e8e77-bed6-4e52-8fff-89f4ce2c1e48 +vulnerability,CVE-2024-38243,vulnerability--03ebaca2-7e80-42b3-87f0-ee7ce1736897 +vulnerability,CVE-2024-38260,vulnerability--803ae947-9632-4763-aa65-76fff986b89f +vulnerability,CVE-2024-38220,vulnerability--f9ea07e3-1bb2-4932-9d57-7e14903c3c08 +vulnerability,CVE-2024-38119,vulnerability--07592e83-73e4-47bf-b7b4-ca15119a5e6d +vulnerability,CVE-2024-38228,vulnerability--d1a521e9-0cc2-4607-a8d1-962bbcf4c7e8 +vulnerability,CVE-2024-38238,vulnerability--6c535414-8458-47c8-af76-8e727a556925 +vulnerability,CVE-2024-38236,vulnerability--bdc01dfc-0960-466a-a432-5e45f5b8522b +vulnerability,CVE-2024-38194,vulnerability--ed18231f-0a61-4568-b9b1-469448bf2cec +vulnerability,CVE-2024-38270,vulnerability--6e60ff85-2ccf-40b6-8a07-06f4aa9adaa6 +vulnerability,CVE-2024-38240,vulnerability--45eb3328-9ae6-4447-90b0-33a854b21752 +vulnerability,CVE-2024-38247,vulnerability--67122c6f-0188-4911-a248-89f54e59bd28 +vulnerability,CVE-2024-38249,vulnerability--e06fba3a-85ca-4576-9f80-ad4d68ab6e9c +vulnerability,CVE-2024-38263,vulnerability--38e27892-ab81-46e9-bdc7-d1ff1504b981 +vulnerability,CVE-2024-38018,vulnerability--a6b259d5-592f-42ca-9ef7-31c7a4e97582 +vulnerability,CVE-2024-38235,vulnerability--e99beadd-9ef1-48d7-b922-12dc11fbce5b +vulnerability,CVE-2024-0067,vulnerability--6710a469-bc58-439f-9269-b94aef93ace0 +vulnerability,CVE-2024-21528,vulnerability--20f29413-a26c-45f5-a36f-0928f8cce1b0 +vulnerability,CVE-2024-21753,vulnerability--b5a189f3-4cde-49fc-b585-039bb7c491c1 +vulnerability,CVE-2024-21416,vulnerability--f0d4a32a-9b74-453c-b909-72feed65554a +vulnerability,CVE-2024-35783,vulnerability--49b2aacf-5551-4257-b7d7-f44d497f1f6d +vulnerability,CVE-2024-35282,vulnerability--05218275-5fbe-4d4a-8aa1-119fc151da08 +vulnerability,CVE-2024-8503,vulnerability--8fcff19e-5f5b-441e-a5e8-76f387c0b853 +vulnerability,CVE-2024-8543,vulnerability--c46a8570-902f-424d-a213-7a2c30e42bab +vulnerability,CVE-2024-8241,vulnerability--dcd55d67-ea52-43dc-9c07-1146401e18dc +vulnerability,CVE-2024-8320,vulnerability--9e791b65-5278-4367-8611-8dea5a7b5550 +vulnerability,CVE-2024-8321,vulnerability--2d699eb4-8fcc-4780-beb6-a39b4fa2eedf +vulnerability,CVE-2024-8655,vulnerability--481db4a9-2060-43c7-b9d4-1de5812efcf5 +vulnerability,CVE-2024-8190,vulnerability--64f92196-ab9c-4bb3-8e02-4568c1aa7599 +vulnerability,CVE-2024-8478,vulnerability--a7048dc6-09e6-45f4-9095-0ee2f5b365b1 +vulnerability,CVE-2024-8191,vulnerability--46dc13b2-1203-49db-b7eb-dc923c72ee06 +vulnerability,CVE-2024-8441,vulnerability--437765c5-d1e1-4871-bb36-f758093af8b2 +vulnerability,CVE-2024-8369,vulnerability--9ed51325-00f0-45a8-a3e6-3bbaccdaa5d7 +vulnerability,CVE-2024-8322,vulnerability--85b5339b-db8d-47c7-8718-aa0b6b98a8fa +vulnerability,CVE-2024-8012,vulnerability--8070f3af-3f00-48c1-8190-0cd959c44549 +vulnerability,CVE-2024-8258,vulnerability--0501c108-e9c6-4621-b5bf-7bf53ddf73d7 +vulnerability,CVE-2024-8443,vulnerability--19b38d2e-2799-47ac-92a4-19e4dea6f146 +vulnerability,CVE-2024-8232,vulnerability--97a0b22b-0ef8-4f78-bcaf-471e7932636a +vulnerability,CVE-2024-8268,vulnerability--c8517032-4299-4939-acdc-abb8e2d381d7 +vulnerability,CVE-2024-8645,vulnerability--6b5ab191-3c30-471b-bdfd-c6d595d72774 +vulnerability,CVE-2024-8654,vulnerability--980e7b10-6b71-400c-b7f8-d653ef735d5f +vulnerability,CVE-2024-8504,vulnerability--c03aecca-c96e-48ee-87a4-d867e4266e87 +vulnerability,CVE-2024-39574,vulnerability--76f49be5-78e5-42c1-9623-79b227c185c8 +vulnerability,CVE-2024-39580,vulnerability--1a629d6f-59cb-467f-b3a4-45b1c48ccef9 +vulnerability,CVE-2024-39581,vulnerability--cdc42488-b533-45b2-ad3a-a845d36d3213 +vulnerability,CVE-2024-39582,vulnerability--a084825d-ffb8-481a-ad8a-76d0052893c3 +vulnerability,CVE-2024-39583,vulnerability--c5528f20-d5c5-4009-b915-41541e2f79ed +vulnerability,CVE-2024-26186,vulnerability--11fedeee-abeb-4e0d-b653-3d405b525e31 +vulnerability,CVE-2024-26191,vulnerability--c155a6da-7832-46ce-b4c5-3c332e47f900 +vulnerability,CVE-2024-36511,vulnerability--5bda800b-43d8-4cc4-b11d-c04fbb4080e8 +vulnerability,CVE-2024-33508,vulnerability--945fe602-ae61-464a-806a-73987927eb76 +vulnerability,CVE-2024-33698,vulnerability--a1eaa651-1159-44f9-b103-35ac5d0dce37 +vulnerability,CVE-2024-34831,vulnerability--a782c51d-4914-47aa-b1aa-0bd8576dbed0 +vulnerability,CVE-2024-7955,vulnerability--91c1b435-359f-420c-b11a-a0d1efbf1af4 +vulnerability,CVE-2024-7699,vulnerability--8b501d14-1baf-41ab-a881-42e8c5a7e0ff +vulnerability,CVE-2024-7618,vulnerability--73638ccc-5d7d-444a-8abf-aba9c94f692f +vulnerability,CVE-2024-7655,vulnerability--d4173610-91df-4d88-8c99-6145a1b52611 +vulnerability,CVE-2024-7891,vulnerability--d55635db-0036-4c64-a3b4-d192c0efdf71 +vulnerability,CVE-2024-7698,vulnerability--240a4fd5-2585-433c-948e-214acf66e295 +vulnerability,CVE-2024-7784,vulnerability--37be27b2-926c-48a4-864b-14e3751ba167 +vulnerability,CVE-2024-7770,vulnerability--d2e47b35-aeb1-4279-8154-60c244d9d95c +vulnerability,CVE-2024-7734,vulnerability--795b881c-3243-4085-a474-3c8e6ac920ae +vulnerability,CVE-2024-41729,vulnerability--43e2111f-36b7-41bb-8314-60adbdb89829 +vulnerability,CVE-2024-41728,vulnerability--45f2b092-9493-4ba6-8597-78f693af2755 +vulnerability,CVE-2024-41171,vulnerability--18df994d-7b6f-4067-ad1b-3f9815ca2c93 +vulnerability,CVE-2024-41170,vulnerability--c50e1828-26d4-4184-b340-bcf15875a506 +vulnerability,CVE-2024-43647,vulnerability--de36ab2f-53fe-4f33-828a-93e562b3fa64 +vulnerability,CVE-2024-43470,vulnerability--f1a407fe-1596-45ad-9df4-d4194c1e49f3 +vulnerability,CVE-2024-43474,vulnerability--2e56bcfd-31f7-44e4-952e-da056a41f8c8 +vulnerability,CVE-2024-43393,vulnerability--1874f087-30cd-45ef-b566-4d201155c28a +vulnerability,CVE-2024-43457,vulnerability--02be020b-fdd5-4528-84fc-c7fb4fcfc28e +vulnerability,CVE-2024-43495,vulnerability--eeca8413-698b-4994-894a-ef2c1336cec8 +vulnerability,CVE-2024-43487,vulnerability--84398808-ce1e-4cb1-85c6-a4bf0e498630 +vulnerability,CVE-2024-43461,vulnerability--c3b7f5ee-ebfd-4bf9-a812-373b2e2408be +vulnerability,CVE-2024-43467,vulnerability--c32de76a-eaf1-4b6c-b6a1-ab575217a097 +vulnerability,CVE-2024-43799,vulnerability--56ba9799-e1aa-4c91-bb7d-06d83f62d390 +vulnerability,CVE-2024-43385,vulnerability--c8133b3f-86a7-4c63-96d9-452b3e864ea1 +vulnerability,CVE-2024-43491,vulnerability--5ad6e3f2-7231-484a-9a23-f340645ba8b9 +vulnerability,CVE-2024-43388,vulnerability--03caaf06-017c-47bf-8f2f-13711ebdc977 +vulnerability,CVE-2024-43386,vulnerability--ae989624-0fea-4904-94d6-09a572f319a1 +vulnerability,CVE-2024-43391,vulnerability--e95c1972-2324-4062-a032-ff850cc76723 +vulnerability,CVE-2024-43464,vulnerability--b68e81a6-b68d-4526-8f9d-4d4c6713a5e9 +vulnerability,CVE-2024-43463,vulnerability--c17b0318-12d4-4cd7-a4c0-9bbb78a03d8d +vulnerability,CVE-2024-43390,vulnerability--5f929940-f53d-4e8c-a5be-584b31afbc92 +vulnerability,CVE-2024-43475,vulnerability--6ade7fba-a89a-4443-a27f-50331f6cd584 +vulnerability,CVE-2024-43389,vulnerability--f07484c7-31db-47f3-98e6-7eb62e318ca3 +vulnerability,CVE-2024-43781,vulnerability--b9f0af4f-beec-498c-b892-83b31ce8d608 +vulnerability,CVE-2024-43476,vulnerability--b960ef96-68ff-4b1f-bf47-f96e36707490 +vulnerability,CVE-2024-43392,vulnerability--fe1f44b1-f5df-4552-90c5-257117f371cd +vulnerability,CVE-2024-43469,vulnerability--fca57d05-da7b-4fbb-b1d6-f541640408c6 +vulnerability,CVE-2024-43492,vulnerability--9044e89c-6f8f-43da-972a-c789a00b7ee3 +vulnerability,CVE-2024-43800,vulnerability--d69e01ca-0e09-4570-94d4-c811073fa6d6 +vulnerability,CVE-2024-43482,vulnerability--87697e02-4e57-4974-ac97-8cd84849d65b +vulnerability,CVE-2024-43040,vulnerability--c98e22f1-ff74-4397-8177-d9d28ac3429a +vulnerability,CVE-2024-43796,vulnerability--4cf0fccf-6117-42c4-b43f-3b385204a84f +vulnerability,CVE-2024-43387,vulnerability--998eeae6-afb2-4914-a5c7-c4329341cca0 +vulnerability,CVE-2024-43465,vulnerability--675a2c5c-32b2-4a66-b08b-5dec332878fc +vulnerability,CVE-2024-43479,vulnerability--6ea61736-dfbb-4ccd-95fc-965ca7009106 +vulnerability,CVE-2024-43454,vulnerability--bbf8b2ba-4211-42e5-bff8-c33bbd6a5cf6 +vulnerability,CVE-2024-43455,vulnerability--fab71b4e-da7c-493d-aa23-f9178024a348 +vulnerability,CVE-2024-43458,vulnerability--312db703-20ad-437b-8472-23b703b81524 +vulnerability,CVE-2024-43466,vulnerability--d4afa1ef-7b48-4fd8-a171-0062e4ba82ad +vulnerability,CVE-2024-40754,vulnerability--1d15be28-b8c7-48e6-8917-08fc698dacb3 +vulnerability,CVE-2024-23184,vulnerability--b4e023cc-6119-49fd-8f8e-2858cfb1deb0 +vulnerability,CVE-2024-23185,vulnerability--36c5c546-039a-407d-bfaf-68c8bc80d2eb +vulnerability,CVE-2024-31490,vulnerability--09da533e-bce7-41b1-8871-ad3e39301ecd +vulnerability,CVE-2024-31489,vulnerability--4ffb523e-c32d-487f-9a1e-2ad1c952d5bf +vulnerability,CVE-2024-31960,vulnerability--9789acc2-149a-4b9a-b3bf-5f8843890eac +vulnerability,CVE-2024-45504,vulnerability--922eef45-eb90-445a-829e-98ca6596bf7a +vulnerability,CVE-2024-45409,vulnerability--810af123-9c84-4754-b058-b44878a63fbc +vulnerability,CVE-2024-45407,vulnerability--3463e7e2-9f73-4829-ada8-80aa4a32ea8c +vulnerability,CVE-2024-45280,vulnerability--7f339925-7257-4a3f-a3ba-88c787652bab +vulnerability,CVE-2024-45283,vulnerability--3632cddf-6484-4378-b297-b470d29756ca +vulnerability,CVE-2024-45281,vulnerability--560b54a1-a088-4777-9782-0536cc72176c +vulnerability,CVE-2024-45284,vulnerability--4c54b485-9ac1-4cd0-8ae7-0a0d5268f7be +vulnerability,CVE-2024-45591,vulnerability--a3738ff6-376a-400f-a1ad-e09b3181826b +vulnerability,CVE-2024-45279,vulnerability--e2595d94-be42-42d2-a185-fc525d342e64 +vulnerability,CVE-2024-45845,vulnerability--ce65a80e-c0d1-49bd-844d-7bb355bd3dac +vulnerability,CVE-2024-45323,vulnerability--0e0b3c92-f5d4-4ddf-aa5a-a878f061b5f2 +vulnerability,CVE-2024-45032,vulnerability--1272b791-6afd-40bd-8274-95aa577d76b3 +vulnerability,CVE-2024-45412,vulnerability--8ad15d36-6ea5-4148-8c2a-f2ced1ca7f29 +vulnerability,CVE-2024-45597,vulnerability--3573ca54-bc70-4db2-8d78-52068231e6e5 +vulnerability,CVE-2024-45590,vulnerability--e3639752-45ea-4ae0-8e38-cc3f1c4ed2e7 +vulnerability,CVE-2024-45285,vulnerability--2ae398bc-a0e8-4773-bb91-e25e45f5decb +vulnerability,CVE-2024-45593,vulnerability--76c2c132-bbf5-42ad-b9b8-39ad19d5e0d4 +vulnerability,CVE-2024-45286,vulnerability--4b8f0986-7641-473e-b094-9a78687db311 +vulnerability,CVE-2024-45596,vulnerability--b627674b-b886-4903-8186-698edf8ea543 +vulnerability,CVE-2024-45393,vulnerability--bc7b98bf-46fe-4688-9dfe-03551eff8f48 +vulnerability,CVE-2024-45595,vulnerability--f767f9ba-780c-45f0-aea5-2557df369278 +vulnerability,CVE-2024-45044,vulnerability--3e652213-b126-4235-866c-66d3790c1c86 +vulnerability,CVE-2024-45592,vulnerability--2c445e71-eaf3-45f9-be93-79dd8ba1662e +vulnerability,CVE-2023-37232,vulnerability--86685adf-606e-409f-b411-dd7aa2fc88a2 +vulnerability,CVE-2023-37234,vulnerability--67bdefae-4882-4a8f-bf6e-2937f792e2b7 +vulnerability,CVE-2023-37227,vulnerability--9c7a30b4-5272-4e8c-9f48-df9ececde828 +vulnerability,CVE-2023-37230,vulnerability--4af46272-925f-4f6a-8e5a-6b65d649819f +vulnerability,CVE-2023-37231,vulnerability--729eb8b7-91bf-4fa3-8fa4-5c6489f2c45f +vulnerability,CVE-2023-37233,vulnerability--890579e7-0c85-496a-b7e9-1e74ac69df6c +vulnerability,CVE-2023-37226,vulnerability--9e263c7b-e551-4afd-a2ab-bda43b004495 +vulnerability,CVE-2023-37229,vulnerability--0c26334f-179a-4bbb-9039-b6306d46badf +vulnerability,CVE-2023-44254,vulnerability--da25f514-7d1f-4504-a215-a21c5ecd41a2 +vulnerability,CVE-2023-6841,vulnerability--f61f2f96-5258-4881-a360-0c51c837aa1d +vulnerability,CVE-2023-30756,vulnerability--c0505726-b3f1-45e9-a622-06c242c555f1 +vulnerability,CVE-2023-30755,vulnerability--b25ca906-3a50-4aca-9373-e022c16e140c +vulnerability,CVE-2023-28827,vulnerability--e4a383f5-1d8f-4a2e-9491-d4fdc7e8e32e +vulnerability,CVE-2023-36103,vulnerability--5e371ee2-b7fd-42a7-bdaa-ab4fa842c93c +vulnerability,CVE-2023-2919,vulnerability--a1a73bbd-1280-4e9e-8b05-3fd33036c71c +vulnerability,CVE-2023-49069,vulnerability--e2ebac5b-03c6-4cc8-a13d-22ca8d659b97 diff --git a/objects/vulnerability/vulnerability--02be020b-fdd5-4528-84fc-c7fb4fcfc28e.json b/objects/vulnerability/vulnerability--02be020b-fdd5-4528-84fc-c7fb4fcfc28e.json new file mode 100644 index 00000000000..83150996f9c --- /dev/null +++ b/objects/vulnerability/vulnerability--02be020b-fdd5-4528-84fc-c7fb4fcfc28e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa0c3388-7292-46bd-8598-9f04f568c9cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02be020b-fdd5-4528-84fc-c7fb4fcfc28e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.505304Z", + "modified": "2024-09-11T00:19:24.505304Z", + "name": "CVE-2024-43457", + "description": "Windows Setup and Deployment Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03caaf06-017c-47bf-8f2f-13711ebdc977.json b/objects/vulnerability/vulnerability--03caaf06-017c-47bf-8f2f-13711ebdc977.json new file mode 100644 index 00000000000..236bea07711 --- /dev/null +++ b/objects/vulnerability/vulnerability--03caaf06-017c-47bf-8f2f-13711ebdc977.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdce0c69-b3a6-4219-9183-be10a573032b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03caaf06-017c-47bf-8f2f-13711ebdc977", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.51963Z", + "modified": "2024-09-11T00:19:24.51963Z", + "name": "CVE-2024-43388", + "description": "A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43388" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03ebaca2-7e80-42b3-87f0-ee7ce1736897.json b/objects/vulnerability/vulnerability--03ebaca2-7e80-42b3-87f0-ee7ce1736897.json new file mode 100644 index 00000000000..758bcf2948f --- /dev/null +++ b/objects/vulnerability/vulnerability--03ebaca2-7e80-42b3-87f0-ee7ce1736897.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff3fa3bf-2361-49b9-b0a7-8683f6e3c19a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03ebaca2-7e80-42b3-87f0-ee7ce1736897", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.550273Z", + "modified": "2024-09-11T00:19:23.550273Z", + "name": "CVE-2024-38243", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38243" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0501c108-e9c6-4621-b5bf-7bf53ddf73d7.json b/objects/vulnerability/vulnerability--0501c108-e9c6-4621-b5bf-7bf53ddf73d7.json new file mode 100644 index 00000000000..3e5c9c7e61f --- /dev/null +++ b/objects/vulnerability/vulnerability--0501c108-e9c6-4621-b5bf-7bf53ddf73d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4825a92f-d8cb-454d-b075-5e8eb61bc791", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0501c108-e9c6-4621-b5bf-7bf53ddf73d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.906321Z", + "modified": "2024-09-11T00:19:23.906321Z", + "name": "CVE-2024-8258", + "description": "Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05218275-5fbe-4d4a-8aa1-119fc151da08.json b/objects/vulnerability/vulnerability--05218275-5fbe-4d4a-8aa1-119fc151da08.json new file mode 100644 index 00000000000..b1df87c03ae --- /dev/null +++ b/objects/vulnerability/vulnerability--05218275-5fbe-4d4a-8aa1-119fc151da08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--497afcc4-d7de-411f-ba5e-015b4e7eadd8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05218275-5fbe-4d4a-8aa1-119fc151da08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.865843Z", + "modified": "2024-09-11T00:19:23.865843Z", + "name": "CVE-2024-35282", + "description": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06ad4a7b-adba-463d-9c7b-48473bb877ce.json b/objects/vulnerability/vulnerability--06ad4a7b-adba-463d-9c7b-48473bb877ce.json new file mode 100644 index 00000000000..c2122784d3b --- /dev/null +++ b/objects/vulnerability/vulnerability--06ad4a7b-adba-463d-9c7b-48473bb877ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--471217c2-36da-4487-b8db-78486a168ff7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06ad4a7b-adba-463d-9c7b-48473bb877ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.485804Z", + "modified": "2024-09-11T00:19:23.485804Z", + "name": "CVE-2024-38237", + "description": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07592e83-73e4-47bf-b7b4-ca15119a5e6d.json b/objects/vulnerability/vulnerability--07592e83-73e4-47bf-b7b4-ca15119a5e6d.json new file mode 100644 index 00000000000..bfeb826cc3f --- /dev/null +++ b/objects/vulnerability/vulnerability--07592e83-73e4-47bf-b7b4-ca15119a5e6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--581cb644-71fa-453e-8f8a-2a16db17e125", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07592e83-73e4-47bf-b7b4-ca15119a5e6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.556511Z", + "modified": "2024-09-11T00:19:23.556511Z", + "name": "CVE-2024-38119", + "description": "Windows Network Address Translation (NAT) Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38119" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08665cb1-b301-44db-8404-1fd15509929d.json b/objects/vulnerability/vulnerability--08665cb1-b301-44db-8404-1fd15509929d.json new file mode 100644 index 00000000000..3f31cffd132 --- /dev/null +++ b/objects/vulnerability/vulnerability--08665cb1-b301-44db-8404-1fd15509929d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6da273c4-a120-407c-8c0c-6763633cb52d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08665cb1-b301-44db-8404-1fd15509929d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.52997Z", + "modified": "2024-09-11T00:19:23.52997Z", + "name": "CVE-2024-38239", + "description": "Windows Kerberos Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09da533e-bce7-41b1-8871-ad3e39301ecd.json b/objects/vulnerability/vulnerability--09da533e-bce7-41b1-8871-ad3e39301ecd.json new file mode 100644 index 00000000000..4abda933b61 --- /dev/null +++ b/objects/vulnerability/vulnerability--09da533e-bce7-41b1-8871-ad3e39301ecd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--373bfda3-1816-4327-9e4b-c77c4787435d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09da533e-bce7-41b1-8871-ad3e39301ecd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.709651Z", + "modified": "2024-09-11T00:19:24.709651Z", + "name": "CVE-2024-31490", + "description": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a518011-7836-40d3-b227-f96190425034.json b/objects/vulnerability/vulnerability--0a518011-7836-40d3-b227-f96190425034.json new file mode 100644 index 00000000000..61ccbc7fdbc --- /dev/null +++ b/objects/vulnerability/vulnerability--0a518011-7836-40d3-b227-f96190425034.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--215d2740-3516-4522-b6d4-7f8c25b61a49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a518011-7836-40d3-b227-f96190425034", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.777235Z", + "modified": "2024-09-11T00:19:22.777235Z", + "name": "CVE-2024-37994", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37994" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b527e01-94c1-47ad-a300-1a553b44f796.json b/objects/vulnerability/vulnerability--0b527e01-94c1-47ad-a300-1a553b44f796.json new file mode 100644 index 00000000000..56901b2c3ff --- /dev/null +++ b/objects/vulnerability/vulnerability--0b527e01-94c1-47ad-a300-1a553b44f796.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3932a083-7050-4130-a7cf-61ea9a4ce1ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b527e01-94c1-47ad-a300-1a553b44f796", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.898218Z", + "modified": "2024-09-11T00:19:22.898218Z", + "name": "CVE-2024-44114", + "description": "SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c26334f-179a-4bbb-9039-b6306d46badf.json b/objects/vulnerability/vulnerability--0c26334f-179a-4bbb-9039-b6306d46badf.json new file mode 100644 index 00000000000..d8966bc1623 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c26334f-179a-4bbb-9039-b6306d46badf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5fc7d71-66b2-4da9-8b78-991f623f15fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c26334f-179a-4bbb-9039-b6306d46badf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.197881Z", + "modified": "2024-09-11T00:19:30.197881Z", + "name": "CVE-2023-37229", + "description": "Loftware Spectrum before 5.1 allows SSRF.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e0b3c92-f5d4-4ddf-aa5a-a878f061b5f2.json b/objects/vulnerability/vulnerability--0e0b3c92-f5d4-4ddf-aa5a-a878f061b5f2.json new file mode 100644 index 00000000000..554518f08df --- /dev/null +++ b/objects/vulnerability/vulnerability--0e0b3c92-f5d4-4ddf-aa5a-a878f061b5f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--721b8ea7-fe05-422c-8f9c-38cd75ffa178", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e0b3c92-f5d4-4ddf-aa5a-a878f061b5f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.877761Z", + "modified": "2024-09-11T00:19:24.877761Z", + "name": "CVE-2024-45323", + "description": "An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f293d3f-ea9c-4739-8413-7f490b398acd.json b/objects/vulnerability/vulnerability--0f293d3f-ea9c-4739-8413-7f490b398acd.json new file mode 100644 index 00000000000..529f20ca6a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f293d3f-ea9c-4739-8413-7f490b398acd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b9420bd-6c4a-41c4-a817-729b13629fe6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f293d3f-ea9c-4739-8413-7f490b398acd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.058925Z", + "modified": "2024-09-11T00:19:23.058925Z", + "name": "CVE-2024-44104", + "description": "An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44104" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11fedeee-abeb-4e0d-b653-3d405b525e31.json b/objects/vulnerability/vulnerability--11fedeee-abeb-4e0d-b653-3d405b525e31.json new file mode 100644 index 00000000000..686c2fd9453 --- /dev/null +++ b/objects/vulnerability/vulnerability--11fedeee-abeb-4e0d-b653-3d405b525e31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42559294-2b5b-4d65-b4fe-bc7cbb1af906", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11fedeee-abeb-4e0d-b653-3d405b525e31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.1017Z", + "modified": "2024-09-11T00:19:24.1017Z", + "name": "CVE-2024-26186", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1272b791-6afd-40bd-8274-95aa577d76b3.json b/objects/vulnerability/vulnerability--1272b791-6afd-40bd-8274-95aa577d76b3.json new file mode 100644 index 00000000000..5c521837136 --- /dev/null +++ b/objects/vulnerability/vulnerability--1272b791-6afd-40bd-8274-95aa577d76b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61f56065-4e0b-4717-ae62-905a85a59172", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1272b791-6afd-40bd-8274-95aa577d76b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.880518Z", + "modified": "2024-09-11T00:19:24.880518Z", + "name": "CVE-2024-45032", + "description": "A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45032" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12a87db8-adc8-4359-8ccc-af8b7e7b281c.json b/objects/vulnerability/vulnerability--12a87db8-adc8-4359-8ccc-af8b7e7b281c.json new file mode 100644 index 00000000000..014a219d82c --- /dev/null +++ b/objects/vulnerability/vulnerability--12a87db8-adc8-4359-8ccc-af8b7e7b281c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddd616dd-961f-4aa6-bf3d-9ba228b12b68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12a87db8-adc8-4359-8ccc-af8b7e7b281c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.541441Z", + "modified": "2024-09-11T00:19:23.541441Z", + "name": "CVE-2024-38257", + "description": "Microsoft AllJoyn API Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38257" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14295a22-0e17-4d9c-942a-ae749f9146d4.json b/objects/vulnerability/vulnerability--14295a22-0e17-4d9c-942a-ae749f9146d4.json new file mode 100644 index 00000000000..c697223b2a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--14295a22-0e17-4d9c-942a-ae749f9146d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c8b4f19-f824-4156-aa46-9b41ade658e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14295a22-0e17-4d9c-942a-ae749f9146d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.753449Z", + "modified": "2024-09-11T00:19:22.753449Z", + "name": "CVE-2024-27257", + "description": "IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27257" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14e5cfc1-a4d7-470f-acd9-b0c78d6c41bb.json b/objects/vulnerability/vulnerability--14e5cfc1-a4d7-470f-acd9-b0c78d6c41bb.json new file mode 100644 index 00000000000..5f6bcb54a9a --- /dev/null +++ b/objects/vulnerability/vulnerability--14e5cfc1-a4d7-470f-acd9-b0c78d6c41bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20828e5c-e70d-4ddb-9972-1961a72de975", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14e5cfc1-a4d7-470f-acd9-b0c78d6c41bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.809648Z", + "modified": "2024-09-11T00:19:22.809648Z", + "name": "CVE-2024-37966", + "description": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--158a3b55-852a-48ad-9ae0-6462fe54c4c0.json b/objects/vulnerability/vulnerability--158a3b55-852a-48ad-9ae0-6462fe54c4c0.json new file mode 100644 index 00000000000..85ccf9ef316 --- /dev/null +++ b/objects/vulnerability/vulnerability--158a3b55-852a-48ad-9ae0-6462fe54c4c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fdf5256-f655-434f-ac9e-3e5b71dc6b86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--158a3b55-852a-48ad-9ae0-6462fe54c4c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.778233Z", + "modified": "2024-09-11T00:19:22.778233Z", + "name": "CVE-2024-37340", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37340" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--174da9af-d327-4798-bf0d-2c6d7ec86cba.json b/objects/vulnerability/vulnerability--174da9af-d327-4798-bf0d-2c6d7ec86cba.json new file mode 100644 index 00000000000..8a94364638e --- /dev/null +++ b/objects/vulnerability/vulnerability--174da9af-d327-4798-bf0d-2c6d7ec86cba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e36a7f15-abab-4b94-83c7-5887ed20d014", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--174da9af-d327-4798-bf0d-2c6d7ec86cba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.482456Z", + "modified": "2024-09-11T00:19:23.482456Z", + "name": "CVE-2024-38256", + "description": "Windows Kernel-Mode Driver Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1874f087-30cd-45ef-b566-4d201155c28a.json b/objects/vulnerability/vulnerability--1874f087-30cd-45ef-b566-4d201155c28a.json new file mode 100644 index 00000000000..68580de43be --- /dev/null +++ b/objects/vulnerability/vulnerability--1874f087-30cd-45ef-b566-4d201155c28a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32808cbd-eb54-4fb9-ba94-55772b27fbf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1874f087-30cd-45ef-b566-4d201155c28a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.5017Z", + "modified": "2024-09-11T00:19:24.5017Z", + "name": "CVE-2024-43393", + "description": "A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18df994d-7b6f-4067-ad1b-3f9815ca2c93.json b/objects/vulnerability/vulnerability--18df994d-7b6f-4067-ad1b-3f9815ca2c93.json new file mode 100644 index 00000000000..26d61f2ee5a --- /dev/null +++ b/objects/vulnerability/vulnerability--18df994d-7b6f-4067-ad1b-3f9815ca2c93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef18ae72-877b-4aa6-9c30-a8a21a5bcf69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18df994d-7b6f-4067-ad1b-3f9815ca2c93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.459418Z", + "modified": "2024-09-11T00:19:24.459418Z", + "name": "CVE-2024-41171", + "description": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1931be1a-cdee-4474-97fa-b92c14340af8.json b/objects/vulnerability/vulnerability--1931be1a-cdee-4474-97fa-b92c14340af8.json new file mode 100644 index 00000000000..064be3c69cf --- /dev/null +++ b/objects/vulnerability/vulnerability--1931be1a-cdee-4474-97fa-b92c14340af8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d57ca80-c015-491f-9c99-5fd6636dbf8d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1931be1a-cdee-4474-97fa-b92c14340af8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.800758Z", + "modified": "2024-09-11T00:19:22.800758Z", + "name": "CVE-2024-37995", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37995" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19b38d2e-2799-47ac-92a4-19e4dea6f146.json b/objects/vulnerability/vulnerability--19b38d2e-2799-47ac-92a4-19e4dea6f146.json new file mode 100644 index 00000000000..7556b63a7a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--19b38d2e-2799-47ac-92a4-19e4dea6f146.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8aa7c6b0-5c95-4c40-950b-fa21f7bface7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19b38d2e-2799-47ac-92a4-19e4dea6f146", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.907768Z", + "modified": "2024-09-11T00:19:23.907768Z", + "name": "CVE-2024-8443", + "description": "A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8443" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a629d6f-59cb-467f-b3a4-45b1c48ccef9.json b/objects/vulnerability/vulnerability--1a629d6f-59cb-467f-b3a4-45b1c48ccef9.json new file mode 100644 index 00000000000..35d54d85c74 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a629d6f-59cb-467f-b3a4-45b1c48ccef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--720fc74a-5d94-4f12-8670-67effd817b7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a629d6f-59cb-467f-b3a4-45b1c48ccef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.037954Z", + "modified": "2024-09-11T00:19:24.037954Z", + "name": "CVE-2024-39580", + "description": "Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39580" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d15be28-b8c7-48e6-8917-08fc698dacb3.json b/objects/vulnerability/vulnerability--1d15be28-b8c7-48e6-8917-08fc698dacb3.json new file mode 100644 index 00000000000..5b1560fdb81 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d15be28-b8c7-48e6-8917-08fc698dacb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--435db93a-1b19-4fc0-a0e7-5b326976cc1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d15be28-b8c7-48e6-8917-08fc698dacb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.596675Z", + "modified": "2024-09-11T00:19:24.596675Z", + "name": "CVE-2024-40754", + "description": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20f29413-a26c-45f5-a36f-0928f8cce1b0.json b/objects/vulnerability/vulnerability--20f29413-a26c-45f5-a36f-0928f8cce1b0.json new file mode 100644 index 00000000000..43784ec611c --- /dev/null +++ b/objects/vulnerability/vulnerability--20f29413-a26c-45f5-a36f-0928f8cce1b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1cbf74ee-76be-4126-9468-6f61585dfdfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20f29413-a26c-45f5-a36f-0928f8cce1b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.669679Z", + "modified": "2024-09-11T00:19:23.669679Z", + "name": "CVE-2024-21528", + "description": "All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2157fd30-fe71-48fc-ad4e-e01e5cb14788.json b/objects/vulnerability/vulnerability--2157fd30-fe71-48fc-ad4e-e01e5cb14788.json new file mode 100644 index 00000000000..b58f964aac7 --- /dev/null +++ b/objects/vulnerability/vulnerability--2157fd30-fe71-48fc-ad4e-e01e5cb14788.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68262ec3-ba82-4fee-9ce2-b771889e746d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2157fd30-fe71-48fc-ad4e-e01e5cb14788", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.511424Z", + "modified": "2024-09-11T00:19:23.511424Z", + "name": "CVE-2024-38217", + "description": "Windows Mark of the Web Security Feature Bypass Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38217" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21cd771e-2721-4826-8fed-b307f4fe3dab.json b/objects/vulnerability/vulnerability--21cd771e-2721-4826-8fed-b307f4fe3dab.json new file mode 100644 index 00000000000..1e0ae9b9e6b --- /dev/null +++ b/objects/vulnerability/vulnerability--21cd771e-2721-4826-8fed-b307f4fe3dab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a88232b6-daeb-4370-bbd4-c65ecd2790bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21cd771e-2721-4826-8fed-b307f4fe3dab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.276767Z", + "modified": "2024-09-11T00:19:23.276767Z", + "name": "CVE-2024-42423", + "description": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42423" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21d123c2-9305-446b-9754-d5a4750e9315.json b/objects/vulnerability/vulnerability--21d123c2-9305-446b-9754-d5a4750e9315.json new file mode 100644 index 00000000000..eafbe5c3091 --- /dev/null +++ b/objects/vulnerability/vulnerability--21d123c2-9305-446b-9754-d5a4750e9315.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81c6dc96-740d-45b8-8752-eb18be8bfd70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21d123c2-9305-446b-9754-d5a4750e9315", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.042068Z", + "modified": "2024-09-11T00:19:23.042068Z", + "name": "CVE-2024-44676", + "description": "eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21e6340c-905b-4cf1-aa80-f60b5f310250.json b/objects/vulnerability/vulnerability--21e6340c-905b-4cf1-aa80-f60b5f310250.json new file mode 100644 index 00000000000..87829e4bacc --- /dev/null +++ b/objects/vulnerability/vulnerability--21e6340c-905b-4cf1-aa80-f60b5f310250.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2454cb1a-d657-44a2-bc7f-793ca3000a7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21e6340c-905b-4cf1-aa80-f60b5f310250", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.266818Z", + "modified": "2024-09-11T00:19:23.266818Z", + "name": "CVE-2024-42371", + "description": "The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22d80e18-5f32-4103-841b-9ed47d27eaa8.json b/objects/vulnerability/vulnerability--22d80e18-5f32-4103-841b-9ed47d27eaa8.json new file mode 100644 index 00000000000..aae9e62b774 --- /dev/null +++ b/objects/vulnerability/vulnerability--22d80e18-5f32-4103-841b-9ed47d27eaa8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--645bef7c-df84-4d45-9c1f-ba1d9c1f8860", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22d80e18-5f32-4103-841b-9ed47d27eaa8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.5069Z", + "modified": "2024-09-11T00:19:23.5069Z", + "name": "CVE-2024-38241", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38241" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--240a4fd5-2585-433c-948e-214acf66e295.json b/objects/vulnerability/vulnerability--240a4fd5-2585-433c-948e-214acf66e295.json new file mode 100644 index 00000000000..750a00595fe --- /dev/null +++ b/objects/vulnerability/vulnerability--240a4fd5-2585-433c-948e-214acf66e295.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2980186-fd19-471b-9d27-17222cf77203", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--240a4fd5-2585-433c-948e-214acf66e295", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.421089Z", + "modified": "2024-09-11T00:19:24.421089Z", + "name": "CVE-2024-7698", + "description": "A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24394d8b-cb0e-446c-a65e-c601ce68cda7.json b/objects/vulnerability/vulnerability--24394d8b-cb0e-446c-a65e-c601ce68cda7.json new file mode 100644 index 00000000000..298cae324bb --- /dev/null +++ b/objects/vulnerability/vulnerability--24394d8b-cb0e-446c-a65e-c601ce68cda7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73e37542-1d31-4b7d-b06d-22041a986bb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24394d8b-cb0e-446c-a65e-c601ce68cda7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.789645Z", + "modified": "2024-09-11T00:19:22.789645Z", + "name": "CVE-2024-37980", + "description": "Microsoft SQL Server Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ae398bc-a0e8-4773-bb91-e25e45f5decb.json b/objects/vulnerability/vulnerability--2ae398bc-a0e8-4773-bb91-e25e45f5decb.json new file mode 100644 index 00000000000..b4d97ed2492 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ae398bc-a0e8-4773-bb91-e25e45f5decb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95722cab-49ef-40fc-b760-c2cd74a87225", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ae398bc-a0e8-4773-bb91-e25e45f5decb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.887807Z", + "modified": "2024-09-11T00:19:24.887807Z", + "name": "CVE-2024-45285", + "description": "The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45285" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c445e71-eaf3-45f9-be93-79dd8ba1662e.json b/objects/vulnerability/vulnerability--2c445e71-eaf3-45f9-be93-79dd8ba1662e.json new file mode 100644 index 00000000000..468319037af --- /dev/null +++ b/objects/vulnerability/vulnerability--2c445e71-eaf3-45f9-be93-79dd8ba1662e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--324c5157-8eb0-4766-abac-b8b107cade14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c445e71-eaf3-45f9-be93-79dd8ba1662e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.907513Z", + "modified": "2024-09-11T00:19:24.907513Z", + "name": "CVE-2024-45592", + "description": "auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to 6.0.0, there is an unescaped entity property enabling Javascript injection. This is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in 6.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45592" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d699eb4-8fcc-4780-beb6-a39b4fa2eedf.json b/objects/vulnerability/vulnerability--2d699eb4-8fcc-4780-beb6-a39b4fa2eedf.json new file mode 100644 index 00000000000..823411af769 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d699eb4-8fcc-4780-beb6-a39b4fa2eedf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8457972-ee09-4cbc-954e-538f690e217a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d699eb4-8fcc-4780-beb6-a39b4fa2eedf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.881168Z", + "modified": "2024-09-11T00:19:23.881168Z", + "name": "CVE-2024-8321", + "description": "Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e56bcfd-31f7-44e4-952e-da056a41f8c8.json b/objects/vulnerability/vulnerability--2e56bcfd-31f7-44e4-952e-da056a41f8c8.json new file mode 100644 index 00000000000..9b0a0eaf56d --- /dev/null +++ b/objects/vulnerability/vulnerability--2e56bcfd-31f7-44e4-952e-da056a41f8c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22b37ed8-17b4-4fce-9138-aa180c66815f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e56bcfd-31f7-44e4-952e-da056a41f8c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.5006Z", + "modified": "2024-09-11T00:19:24.5006Z", + "name": "CVE-2024-43474", + "description": "Microsoft SQL Server Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--307ecce2-9aeb-4777-9a94-ecf455bf516d.json b/objects/vulnerability/vulnerability--307ecce2-9aeb-4777-9a94-ecf455bf516d.json new file mode 100644 index 00000000000..fe18233d7fb --- /dev/null +++ b/objects/vulnerability/vulnerability--307ecce2-9aeb-4777-9a94-ecf455bf516d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4ad7251-5816-4bdd-813c-f084ee7ada7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--307ecce2-9aeb-4777-9a94-ecf455bf516d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.803809Z", + "modified": "2024-09-11T00:19:22.803809Z", + "name": "CVE-2024-37993", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37993" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--309a780c-6ee3-4b0a-9838-57d59be67d0b.json b/objects/vulnerability/vulnerability--309a780c-6ee3-4b0a-9838-57d59be67d0b.json new file mode 100644 index 00000000000..ace456194a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--309a780c-6ee3-4b0a-9838-57d59be67d0b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35a92f34-8718-4b31-9e16-bdedbef0d1d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--309a780c-6ee3-4b0a-9838-57d59be67d0b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.057966Z", + "modified": "2024-09-11T00:19:23.057966Z", + "name": "CVE-2024-44105", + "description": "Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44105" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30f2e243-eed5-44d0-bfb2-4abcdd164b9a.json b/objects/vulnerability/vulnerability--30f2e243-eed5-44d0-bfb2-4abcdd164b9a.json new file mode 100644 index 00000000000..09ca03576ef --- /dev/null +++ b/objects/vulnerability/vulnerability--30f2e243-eed5-44d0-bfb2-4abcdd164b9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84d9c67c-4d75-4f70-ad5e-d57e8980e3fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30f2e243-eed5-44d0-bfb2-4abcdd164b9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.927514Z", + "modified": "2024-09-11T00:19:22.927514Z", + "name": "CVE-2024-44115", + "description": "The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31010f6a-1ed4-4c51-9e18-55b67bccbff4.json b/objects/vulnerability/vulnerability--31010f6a-1ed4-4c51-9e18-55b67bccbff4.json new file mode 100644 index 00000000000..2c9167ffe64 --- /dev/null +++ b/objects/vulnerability/vulnerability--31010f6a-1ed4-4c51-9e18-55b67bccbff4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc0fa90c-216d-4e55-91d2-399400ca473f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31010f6a-1ed4-4c51-9e18-55b67bccbff4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.503104Z", + "modified": "2024-09-11T00:19:23.503104Z", + "name": "CVE-2024-38014", + "description": "Windows Installer Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--312db703-20ad-437b-8472-23b703b81524.json b/objects/vulnerability/vulnerability--312db703-20ad-437b-8472-23b703b81524.json new file mode 100644 index 00000000000..0184a2a18e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--312db703-20ad-437b-8472-23b703b81524.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2018a295-7e4f-41fd-9fae-52ac8e0396bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--312db703-20ad-437b-8472-23b703b81524", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.574967Z", + "modified": "2024-09-11T00:19:24.574967Z", + "name": "CVE-2024-43458", + "description": "Windows Networking Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3463e7e2-9f73-4829-ada8-80aa4a32ea8c.json b/objects/vulnerability/vulnerability--3463e7e2-9f73-4829-ada8-80aa4a32ea8c.json new file mode 100644 index 00000000000..7a4163488d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--3463e7e2-9f73-4829-ada8-80aa4a32ea8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a203a2f-8e2b-4815-817b-a12e38214970", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3463e7e2-9f73-4829-ada8-80aa4a32ea8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.860742Z", + "modified": "2024-09-11T00:19:24.860742Z", + "name": "CVE-2024-45407", + "description": "Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45407" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3573ca54-bc70-4db2-8d78-52068231e6e5.json b/objects/vulnerability/vulnerability--3573ca54-bc70-4db2-8d78-52068231e6e5.json new file mode 100644 index 00000000000..9e5116ec0f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3573ca54-bc70-4db2-8d78-52068231e6e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--828ebb7f-e5c3-4b42-9061-63c62d0004e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3573ca54-bc70-4db2-8d78-52068231e6e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.88424Z", + "modified": "2024-09-11T00:19:24.88424Z", + "name": "CVE-2024-45597", + "description": "Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3632cddf-6484-4378-b297-b470d29756ca.json b/objects/vulnerability/vulnerability--3632cddf-6484-4378-b297-b470d29756ca.json new file mode 100644 index 00000000000..693b0f236a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3632cddf-6484-4378-b297-b470d29756ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74daeda5-13d0-44be-81c1-a1d123f1673f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3632cddf-6484-4378-b297-b470d29756ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.864727Z", + "modified": "2024-09-11T00:19:24.864727Z", + "name": "CVE-2024-45283", + "description": "SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45283" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36adbd2d-0c38-4207-a950-7c5a5676f8c8.json b/objects/vulnerability/vulnerability--36adbd2d-0c38-4207-a950-7c5a5676f8c8.json new file mode 100644 index 00000000000..4798195881b --- /dev/null +++ b/objects/vulnerability/vulnerability--36adbd2d-0c38-4207-a950-7c5a5676f8c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb616540-97ec-4eda-833c-363a3eea2141", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36adbd2d-0c38-4207-a950-7c5a5676f8c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.531725Z", + "modified": "2024-09-11T00:19:23.531725Z", + "name": "CVE-2024-38254", + "description": "Windows Authentication Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36c5c546-039a-407d-bfaf-68c8bc80d2eb.json b/objects/vulnerability/vulnerability--36c5c546-039a-407d-bfaf-68c8bc80d2eb.json new file mode 100644 index 00000000000..bf57f3d97b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--36c5c546-039a-407d-bfaf-68c8bc80d2eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c39cf13-081f-4cf4-b919-0f4949cc54f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36c5c546-039a-407d-bfaf-68c8bc80d2eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.659918Z", + "modified": "2024-09-11T00:19:24.659918Z", + "name": "CVE-2024-23185", + "description": "Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23185" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37be27b2-926c-48a4-864b-14e3751ba167.json b/objects/vulnerability/vulnerability--37be27b2-926c-48a4-864b-14e3751ba167.json new file mode 100644 index 00000000000..c62b99996ce --- /dev/null +++ b/objects/vulnerability/vulnerability--37be27b2-926c-48a4-864b-14e3751ba167.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--efb84591-d2bb-4aff-b4be-52d23c248434", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37be27b2-926c-48a4-864b-14e3751ba167", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.423072Z", + "modified": "2024-09-11T00:19:24.423072Z", + "name": "CVE-2024-7784", + "description": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38e27892-ab81-46e9-bdc7-d1ff1504b981.json b/objects/vulnerability/vulnerability--38e27892-ab81-46e9-bdc7-d1ff1504b981.json new file mode 100644 index 00000000000..dc7a4f7e1de --- /dev/null +++ b/objects/vulnerability/vulnerability--38e27892-ab81-46e9-bdc7-d1ff1504b981.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e49f34e5-4c4b-4ab4-b230-7cdb8061182e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38e27892-ab81-46e9-bdc7-d1ff1504b981", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.57445Z", + "modified": "2024-09-11T00:19:23.57445Z", + "name": "CVE-2024-38263", + "description": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a472b04-da9a-49dd-a4c5-a8fe5d0c9416.json b/objects/vulnerability/vulnerability--3a472b04-da9a-49dd-a4c5-a8fe5d0c9416.json new file mode 100644 index 00000000000..8942c6a14e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a472b04-da9a-49dd-a4c5-a8fe5d0c9416.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4b955d9-85ae-45dc-bb16-7a3764153599", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a472b04-da9a-49dd-a4c5-a8fe5d0c9416", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.791981Z", + "modified": "2024-09-11T00:19:22.791981Z", + "name": "CVE-2024-37991", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c3178f0-fb3a-45a8-9a97-a257c1fa6c15.json b/objects/vulnerability/vulnerability--3c3178f0-fb3a-45a8-9a97-a257c1fa6c15.json new file mode 100644 index 00000000000..86ebb207f8e --- /dev/null +++ b/objects/vulnerability/vulnerability--3c3178f0-fb3a-45a8-9a97-a257c1fa6c15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc42cdf7-0f26-4aec-a13a-c8ab78559828", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c3178f0-fb3a-45a8-9a97-a257c1fa6c15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.233723Z", + "modified": "2024-09-11T00:19:23.233723Z", + "name": "CVE-2024-6596", + "description": "An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d1f252f-25bf-4a83-92b4-88c919665485.json b/objects/vulnerability/vulnerability--3d1f252f-25bf-4a83-92b4-88c919665485.json new file mode 100644 index 00000000000..59d48c88382 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d1f252f-25bf-4a83-92b4-88c919665485.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04d95de1-f1fd-42bb-a9ab-abd12d6f58ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d1f252f-25bf-4a83-92b4-88c919665485", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.915452Z", + "modified": "2024-09-11T00:19:22.915452Z", + "name": "CVE-2024-44120", + "description": "SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44120" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e652213-b126-4235-866c-66d3790c1c86.json b/objects/vulnerability/vulnerability--3e652213-b126-4235-866c-66d3790c1c86.json new file mode 100644 index 00000000000..e0c96bc72cb --- /dev/null +++ b/objects/vulnerability/vulnerability--3e652213-b126-4235-866c-66d3790c1c86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67b59a3b-c95d-4cb9-8e11-f3cfa51dd6d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e652213-b126-4235-866c-66d3790c1c86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.904819Z", + "modified": "2024-09-11T00:19:24.904819Z", + "name": "CVE-2024-45044", + "description": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. \"w\" for \"whoami\") the ACL check did not apply to the full form (i.e. \"whoami\") but to the abbreviated form (i.e. \"w\"). If the command ACL is configured with negative ACL that should forbid using the \"whoami\" command, you could still use \"w\" or \"who\" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45044" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--437765c5-d1e1-4871-bb36-f758093af8b2.json b/objects/vulnerability/vulnerability--437765c5-d1e1-4871-bb36-f758093af8b2.json new file mode 100644 index 00000000000..323ea6a49c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--437765c5-d1e1-4871-bb36-f758093af8b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3db1078d-c521-4d47-996f-b9b8bd3976f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--437765c5-d1e1-4871-bb36-f758093af8b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.899122Z", + "modified": "2024-09-11T00:19:23.899122Z", + "name": "CVE-2024-8441", + "description": "An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8441" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43e2111f-36b7-41bb-8314-60adbdb89829.json b/objects/vulnerability/vulnerability--43e2111f-36b7-41bb-8314-60adbdb89829.json new file mode 100644 index 00000000000..504c52d745e --- /dev/null +++ b/objects/vulnerability/vulnerability--43e2111f-36b7-41bb-8314-60adbdb89829.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9625ace2-deee-4e87-aa96-1cdee4e9505d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43e2111f-36b7-41bb-8314-60adbdb89829", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.450337Z", + "modified": "2024-09-11T00:19:24.450337Z", + "name": "CVE-2024-41729", + "description": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45ad8880-d6a7-42f5-a3e8-989179d03e73.json b/objects/vulnerability/vulnerability--45ad8880-d6a7-42f5-a3e8-989179d03e73.json new file mode 100644 index 00000000000..57b389377ed --- /dev/null +++ b/objects/vulnerability/vulnerability--45ad8880-d6a7-42f5-a3e8-989179d03e73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4c6b510-4080-4316-8c0b-72638b49cd79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45ad8880-d6a7-42f5-a3e8-989179d03e73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.501783Z", + "modified": "2024-09-11T00:19:23.501783Z", + "name": "CVE-2024-38259", + "description": "Microsoft Management Console Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38259" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45eb3328-9ae6-4447-90b0-33a854b21752.json b/objects/vulnerability/vulnerability--45eb3328-9ae6-4447-90b0-33a854b21752.json new file mode 100644 index 00000000000..93a2357d518 --- /dev/null +++ b/objects/vulnerability/vulnerability--45eb3328-9ae6-4447-90b0-33a854b21752.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acaa0f43-49b7-41c1-a3c8-9d02636ca637", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45eb3328-9ae6-4447-90b0-33a854b21752", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.570226Z", + "modified": "2024-09-11T00:19:23.570226Z", + "name": "CVE-2024-38240", + "description": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45f2b092-9493-4ba6-8597-78f693af2755.json b/objects/vulnerability/vulnerability--45f2b092-9493-4ba6-8597-78f693af2755.json new file mode 100644 index 00000000000..370d2f0bea4 --- /dev/null +++ b/objects/vulnerability/vulnerability--45f2b092-9493-4ba6-8597-78f693af2755.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be7ce96f-b02e-429c-ba60-718df9d08e69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45f2b092-9493-4ba6-8597-78f693af2755", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.457456Z", + "modified": "2024-09-11T00:19:24.457456Z", + "name": "CVE-2024-41728", + "description": "Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46dc13b2-1203-49db-b7eb-dc923c72ee06.json b/objects/vulnerability/vulnerability--46dc13b2-1203-49db-b7eb-dc923c72ee06.json new file mode 100644 index 00000000000..09b576bed41 --- /dev/null +++ b/objects/vulnerability/vulnerability--46dc13b2-1203-49db-b7eb-dc923c72ee06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e54afcb-b896-4689-9a87-1fb729b5a0f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46dc13b2-1203-49db-b7eb-dc923c72ee06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.895362Z", + "modified": "2024-09-11T00:19:23.895362Z", + "name": "CVE-2024-8191", + "description": "SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--481db4a9-2060-43c7-b9d4-1de5812efcf5.json b/objects/vulnerability/vulnerability--481db4a9-2060-43c7-b9d4-1de5812efcf5.json new file mode 100644 index 00000000000..2ababe556fd --- /dev/null +++ b/objects/vulnerability/vulnerability--481db4a9-2060-43c7-b9d4-1de5812efcf5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7248b890-4cc9-4206-8662-49dcb3ec7d40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--481db4a9-2060-43c7-b9d4-1de5812efcf5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.883091Z", + "modified": "2024-09-11T00:19:23.883091Z", + "name": "CVE-2024-8655", + "description": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49b2aacf-5551-4257-b7d7-f44d497f1f6d.json b/objects/vulnerability/vulnerability--49b2aacf-5551-4257-b7d7-f44d497f1f6d.json new file mode 100644 index 00000000000..00eadd93495 --- /dev/null +++ b/objects/vulnerability/vulnerability--49b2aacf-5551-4257-b7d7-f44d497f1f6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9bcd103e-dda2-4bdb-8f88-e4fa6f292ea1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49b2aacf-5551-4257-b7d7-f44d497f1f6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.846979Z", + "modified": "2024-09-11T00:19:23.846979Z", + "name": "CVE-2024-35783", + "description": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a03186e-66c2-4ee0-b2d7-2935f9edfc94.json b/objects/vulnerability/vulnerability--4a03186e-66c2-4ee0-b2d7-2935f9edfc94.json new file mode 100644 index 00000000000..0c748eeabb6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a03186e-66c2-4ee0-b2d7-2935f9edfc94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfb9c066-01ff-4475-b004-cea894318973", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a03186e-66c2-4ee0-b2d7-2935f9edfc94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.51857Z", + "modified": "2024-09-11T00:19:23.51857Z", + "name": "CVE-2024-38231", + "description": "Windows Remote Desktop Licensing Service Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38231" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4aa5bab9-a776-4489-a59b-9d221fb0e5ee.json b/objects/vulnerability/vulnerability--4aa5bab9-a776-4489-a59b-9d221fb0e5ee.json new file mode 100644 index 00000000000..064981b2d31 --- /dev/null +++ b/objects/vulnerability/vulnerability--4aa5bab9-a776-4489-a59b-9d221fb0e5ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66d4b638-94b8-4bb1-a91c-4ccdff48de8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4aa5bab9-a776-4489-a59b-9d221fb0e5ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.287726Z", + "modified": "2024-09-11T00:19:23.287726Z", + "name": "CVE-2024-42424", + "description": "Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42424" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ac2afd4-f282-4f08-bd0a-8b643418d4ba.json b/objects/vulnerability/vulnerability--4ac2afd4-f282-4f08-bd0a-8b643418d4ba.json new file mode 100644 index 00000000000..4150c3d1e0c --- /dev/null +++ b/objects/vulnerability/vulnerability--4ac2afd4-f282-4f08-bd0a-8b643418d4ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ee103f2-bf0b-4d01-85ee-3dfe17aad601", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ac2afd4-f282-4f08-bd0a-8b643418d4ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.195962Z", + "modified": "2024-09-11T00:19:23.195962Z", + "name": "CVE-2024-6342", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4af46272-925f-4f6a-8e5a-6b65d649819f.json b/objects/vulnerability/vulnerability--4af46272-925f-4f6a-8e5a-6b65d649819f.json new file mode 100644 index 00000000000..91087b00c9a --- /dev/null +++ b/objects/vulnerability/vulnerability--4af46272-925f-4f6a-8e5a-6b65d649819f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f54ff57e-2f5c-4d05-b8e8-1c863c8ebace", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4af46272-925f-4f6a-8e5a-6b65d649819f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.169745Z", + "modified": "2024-09-11T00:19:30.169745Z", + "name": "CVE-2023-37230", + "description": "Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b8f0986-7641-473e-b094-9a78687db311.json b/objects/vulnerability/vulnerability--4b8f0986-7641-473e-b094-9a78687db311.json new file mode 100644 index 00000000000..6dd8d18491d --- /dev/null +++ b/objects/vulnerability/vulnerability--4b8f0986-7641-473e-b094-9a78687db311.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43ae2a41-41ff-4be5-ac78-aa6b8ff0e1fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b8f0986-7641-473e-b094-9a78687db311", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.896079Z", + "modified": "2024-09-11T00:19:24.896079Z", + "name": "CVE-2024-45286", + "description": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45286" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c54b485-9ac1-4cd0-8ae7-0a0d5268f7be.json b/objects/vulnerability/vulnerability--4c54b485-9ac1-4cd0-8ae7-0a0d5268f7be.json new file mode 100644 index 00000000000..505f76e2abc --- /dev/null +++ b/objects/vulnerability/vulnerability--4c54b485-9ac1-4cd0-8ae7-0a0d5268f7be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--148d0730-6711-4d40-8aeb-576fcfd43040", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c54b485-9ac1-4cd0-8ae7-0a0d5268f7be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.868663Z", + "modified": "2024-09-11T00:19:24.868663Z", + "name": "CVE-2024-45284", + "description": "An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45284" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cf0fccf-6117-42c4-b43f-3b385204a84f.json b/objects/vulnerability/vulnerability--4cf0fccf-6117-42c4-b43f-3b385204a84f.json new file mode 100644 index 00000000000..97d8e710607 --- /dev/null +++ b/objects/vulnerability/vulnerability--4cf0fccf-6117-42c4-b43f-3b385204a84f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f71ba087-886a-4f88-943c-a1a0bdb237d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cf0fccf-6117-42c4-b43f-3b385204a84f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.561004Z", + "modified": "2024-09-11T00:19:24.561004Z", + "name": "CVE-2024-43796", + "description": "Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d49a63e-0936-4947-9d1a-150dfc0713fa.json b/objects/vulnerability/vulnerability--4d49a63e-0936-4947-9d1a-150dfc0713fa.json new file mode 100644 index 00000000000..9847477af02 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d49a63e-0936-4947-9d1a-150dfc0713fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--635958bd-61df-456b-a833-a41334ab5720", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d49a63e-0936-4947-9d1a-150dfc0713fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.774139Z", + "modified": "2024-09-11T00:19:22.774139Z", + "name": "CVE-2024-37990", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37990" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4da7a38f-23b6-4ec6-a9f5-b52a7d947341.json b/objects/vulnerability/vulnerability--4da7a38f-23b6-4ec6-a9f5-b52a7d947341.json new file mode 100644 index 00000000000..8c29f47e428 --- /dev/null +++ b/objects/vulnerability/vulnerability--4da7a38f-23b6-4ec6-a9f5-b52a7d947341.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b85c0985-ecd8-4ed2-bde2-925f0416eded", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4da7a38f-23b6-4ec6-a9f5-b52a7d947341", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.920667Z", + "modified": "2024-09-11T00:19:22.920667Z", + "name": "CVE-2024-44113", + "description": "Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ffb523e-c32d-487f-9a1e-2ad1c952d5bf.json b/objects/vulnerability/vulnerability--4ffb523e-c32d-487f-9a1e-2ad1c952d5bf.json new file mode 100644 index 00000000000..dfedc56d750 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ffb523e-c32d-487f-9a1e-2ad1c952d5bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c594a99e-8209-4dbf-baac-9bcb5c1fc568", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ffb523e-c32d-487f-9a1e-2ad1c952d5bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.713693Z", + "modified": "2024-09-11T00:19:24.713693Z", + "name": "CVE-2024-31489", + "description": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54085701-9560-4f3a-969f-ce84f6b34978.json b/objects/vulnerability/vulnerability--54085701-9560-4f3a-969f-ce84f6b34978.json new file mode 100644 index 00000000000..257ec880e9e --- /dev/null +++ b/objects/vulnerability/vulnerability--54085701-9560-4f3a-969f-ce84f6b34978.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94bc0b60-1689-4f8d-bbcb-c8a3bed36f60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54085701-9560-4f3a-969f-ce84f6b34978", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.214834Z", + "modified": "2024-09-11T00:19:23.214834Z", + "name": "CVE-2024-6509", + "description": "Marinus Pfund, member of the AXIS OS Bug Bounty Program, \nhas found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--560b54a1-a088-4777-9782-0536cc72176c.json b/objects/vulnerability/vulnerability--560b54a1-a088-4777-9782-0536cc72176c.json new file mode 100644 index 00000000000..a38f3a4eb34 --- /dev/null +++ b/objects/vulnerability/vulnerability--560b54a1-a088-4777-9782-0536cc72176c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a67518b6-4b40-43a9-bfac-e5eddfc82847", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--560b54a1-a088-4777-9782-0536cc72176c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.866842Z", + "modified": "2024-09-11T00:19:24.866842Z", + "name": "CVE-2024-45281", + "description": "SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45281" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5671b7b8-3992-44e1-b0a3-a2004c2d1776.json b/objects/vulnerability/vulnerability--5671b7b8-3992-44e1-b0a3-a2004c2d1776.json new file mode 100644 index 00000000000..84f3ffd8e83 --- /dev/null +++ b/objects/vulnerability/vulnerability--5671b7b8-3992-44e1-b0a3-a2004c2d1776.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d94a433-af1c-4a4a-8f54-0a6a6aeb6b15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5671b7b8-3992-44e1-b0a3-a2004c2d1776", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.837258Z", + "modified": "2024-09-11T00:19:22.837258Z", + "name": "CVE-2024-32006", + "description": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32006" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56ba9799-e1aa-4c91-bb7d-06d83f62d390.json b/objects/vulnerability/vulnerability--56ba9799-e1aa-4c91-bb7d-06d83f62d390.json new file mode 100644 index 00000000000..7875552c09d --- /dev/null +++ b/objects/vulnerability/vulnerability--56ba9799-e1aa-4c91-bb7d-06d83f62d390.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4173e32f-c833-4208-8141-863a4097d0e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56ba9799-e1aa-4c91-bb7d-06d83f62d390", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.515399Z", + "modified": "2024-09-11T00:19:24.515399Z", + "name": "CVE-2024-43799", + "description": "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57366035-49f6-4805-9eed-45bfd06a0401.json b/objects/vulnerability/vulnerability--57366035-49f6-4805-9eed-45bfd06a0401.json new file mode 100644 index 00000000000..edc8685335c --- /dev/null +++ b/objects/vulnerability/vulnerability--57366035-49f6-4805-9eed-45bfd06a0401.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84b976b5-b34a-4b4e-b786-733cb59f8c0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57366035-49f6-4805-9eed-45bfd06a0401", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.917519Z", + "modified": "2024-09-11T00:19:22.917519Z", + "name": "CVE-2024-44107", + "description": "DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44107" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--578d7be7-4e43-4f79-8f63-42875e13d62f.json b/objects/vulnerability/vulnerability--578d7be7-4e43-4f79-8f63-42875e13d62f.json new file mode 100644 index 00000000000..301bd65dfbe --- /dev/null +++ b/objects/vulnerability/vulnerability--578d7be7-4e43-4f79-8f63-42875e13d62f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72101dc5-6ca0-40be-b51e-9a28d0b60626", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--578d7be7-4e43-4f79-8f63-42875e13d62f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.516123Z", + "modified": "2024-09-11T00:19:23.516123Z", + "name": "CVE-2024-38216", + "description": "Azure Stack Hub Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--593d8ee8-4936-417d-8cda-689cf04226e5.json b/objects/vulnerability/vulnerability--593d8ee8-4936-417d-8cda-689cf04226e5.json new file mode 100644 index 00000000000..5e5a3108323 --- /dev/null +++ b/objects/vulnerability/vulnerability--593d8ee8-4936-417d-8cda-689cf04226e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--982381f4-12ba-4542-aee7-b4af7e9d678b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--593d8ee8-4936-417d-8cda-689cf04226e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.488506Z", + "modified": "2024-09-11T00:19:23.488506Z", + "name": "CVE-2024-38242", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38242" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ad6e3f2-7231-484a-9a23-f340645ba8b9.json b/objects/vulnerability/vulnerability--5ad6e3f2-7231-484a-9a23-f340645ba8b9.json new file mode 100644 index 00000000000..27477eab715 --- /dev/null +++ b/objects/vulnerability/vulnerability--5ad6e3f2-7231-484a-9a23-f340645ba8b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58421a78-b76c-47b8-8290-e743b937405a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ad6e3f2-7231-484a-9a23-f340645ba8b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.518416Z", + "modified": "2024-09-11T00:19:24.518416Z", + "name": "CVE-2024-43491", + "description": "Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.\nThis servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.\nNote: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bda800b-43d8-4cc4-b11d-c04fbb4080e8.json b/objects/vulnerability/vulnerability--5bda800b-43d8-4cc4-b11d-c04fbb4080e8.json new file mode 100644 index 00000000000..6020b1774c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--5bda800b-43d8-4cc4-b11d-c04fbb4080e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--730a7137-8c5c-4e99-916f-749331b4af81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bda800b-43d8-4cc4-b11d-c04fbb4080e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.154486Z", + "modified": "2024-09-11T00:19:24.154486Z", + "name": "CVE-2024-36511", + "description": "An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d9ea8f0-ef02-4abf-a694-78d8595322f8.json b/objects/vulnerability/vulnerability--5d9ea8f0-ef02-4abf-a694-78d8595322f8.json new file mode 100644 index 00000000000..1332bbcd8cd --- /dev/null +++ b/objects/vulnerability/vulnerability--5d9ea8f0-ef02-4abf-a694-78d8595322f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55f18c03-2210-4213-85d4-c249a5eaf9f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d9ea8f0-ef02-4abf-a694-78d8595322f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.539317Z", + "modified": "2024-09-11T00:19:23.539317Z", + "name": "CVE-2024-38245", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38245" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e371ee2-b7fd-42a7-bdaa-ab4fa842c93c.json b/objects/vulnerability/vulnerability--5e371ee2-b7fd-42a7-bdaa-ab4fa842c93c.json new file mode 100644 index 00000000000..721a2e05434 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e371ee2-b7fd-42a7-bdaa-ab4fa842c93c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2fd98da2-3e57-4908-b7e2-45c29fe9f172", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e371ee2-b7fd-42a7-bdaa-ab4fa842c93c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:31.499809Z", + "modified": "2024-09-11T00:19:31.499809Z", + "name": "CVE-2023-36103", + "description": "Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f929940-f53d-4e8c-a5be-584b31afbc92.json b/objects/vulnerability/vulnerability--5f929940-f53d-4e8c-a5be-584b31afbc92.json new file mode 100644 index 00000000000..1995e9730e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--5f929940-f53d-4e8c-a5be-584b31afbc92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--219b407f-1d00-4ceb-bf0d-0941fa78df30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f929940-f53d-4e8c-a5be-584b31afbc92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.53158Z", + "modified": "2024-09-11T00:19:24.53158Z", + "name": "CVE-2024-43390", + "description": "A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--606d0569-e7c6-457b-bb74-54493aec5f0a.json b/objects/vulnerability/vulnerability--606d0569-e7c6-457b-bb74-54493aec5f0a.json new file mode 100644 index 00000000000..e7bd4d4d24e --- /dev/null +++ b/objects/vulnerability/vulnerability--606d0569-e7c6-457b-bb74-54493aec5f0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0cfcf567-c190-4e67-8fc8-32fe74a61430", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--606d0569-e7c6-457b-bb74-54493aec5f0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.21912Z", + "modified": "2024-09-11T00:19:23.21912Z", + "name": "CVE-2024-6173", + "description": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6146a1cc-e857-4067-8db0-2f50d96f6620.json b/objects/vulnerability/vulnerability--6146a1cc-e857-4067-8db0-2f50d96f6620.json new file mode 100644 index 00000000000..5712ec9cff7 --- /dev/null +++ b/objects/vulnerability/vulnerability--6146a1cc-e857-4067-8db0-2f50d96f6620.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1bb96ca7-73aa-4e2a-981d-7ca61b175b9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6146a1cc-e857-4067-8db0-2f50d96f6620", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.924349Z", + "modified": "2024-09-11T00:19:22.924349Z", + "name": "CVE-2024-44667", + "description": "Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61561e72-0e55-418b-9467-8d57209aa243.json b/objects/vulnerability/vulnerability--61561e72-0e55-418b-9467-8d57209aa243.json new file mode 100644 index 00000000000..7d47de21c49 --- /dev/null +++ b/objects/vulnerability/vulnerability--61561e72-0e55-418b-9467-8d57209aa243.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11b082c9-d8f5-41e3-bd2f-0e809e153277", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61561e72-0e55-418b-9467-8d57209aa243", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.540412Z", + "modified": "2024-09-11T00:19:23.540412Z", + "name": "CVE-2024-38244", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38244" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64f92196-ab9c-4bb3-8e02-4568c1aa7599.json b/objects/vulnerability/vulnerability--64f92196-ab9c-4bb3-8e02-4568c1aa7599.json new file mode 100644 index 00000000000..49a0e0c05df --- /dev/null +++ b/objects/vulnerability/vulnerability--64f92196-ab9c-4bb3-8e02-4568c1aa7599.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7129cfa5-f3a4-4571-80a8-f1fcb7423ae6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64f92196-ab9c-4bb3-8e02-4568c1aa7599", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.884268Z", + "modified": "2024-09-11T00:19:23.884268Z", + "name": "CVE-2024-8190", + "description": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8190" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66d6cde5-3878-4a73-93b7-b02bead836ec.json b/objects/vulnerability/vulnerability--66d6cde5-3878-4a73-93b7-b02bead836ec.json new file mode 100644 index 00000000000..bf60c87baca --- /dev/null +++ b/objects/vulnerability/vulnerability--66d6cde5-3878-4a73-93b7-b02bead836ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4e5695e-d684-420e-9433-da8a51feec6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66d6cde5-3878-4a73-93b7-b02bead836ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.896902Z", + "modified": "2024-09-11T00:19:22.896902Z", + "name": "CVE-2024-44116", + "description": "The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6710a469-bc58-439f-9269-b94aef93ace0.json b/objects/vulnerability/vulnerability--6710a469-bc58-439f-9269-b94aef93ace0.json new file mode 100644 index 00000000000..839a88c4027 --- /dev/null +++ b/objects/vulnerability/vulnerability--6710a469-bc58-439f-9269-b94aef93ace0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b4f5c40-3e59-4bb5-b47a-09fbae18b571", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6710a469-bc58-439f-9269-b94aef93ace0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.602766Z", + "modified": "2024-09-11T00:19:23.602766Z", + "name": "CVE-2024-0067", + "description": "Marinus Pfund, member of the AXIS OS Bug Bounty Program, \nhas found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0067" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67122c6f-0188-4911-a248-89f54e59bd28.json b/objects/vulnerability/vulnerability--67122c6f-0188-4911-a248-89f54e59bd28.json new file mode 100644 index 00000000000..d5ee79f63e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--67122c6f-0188-4911-a248-89f54e59bd28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5764c969-6c12-450f-a3c2-a94a8b38edc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67122c6f-0188-4911-a248-89f54e59bd28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.571396Z", + "modified": "2024-09-11T00:19:23.571396Z", + "name": "CVE-2024-38247", + "description": "Windows Graphics Component Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38247" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--675a2c5c-32b2-4a66-b08b-5dec332878fc.json b/objects/vulnerability/vulnerability--675a2c5c-32b2-4a66-b08b-5dec332878fc.json new file mode 100644 index 00000000000..c4a79ea3c10 --- /dev/null +++ b/objects/vulnerability/vulnerability--675a2c5c-32b2-4a66-b08b-5dec332878fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45c6ec56-da8b-42c1-b3fb-450ea37d987d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--675a2c5c-32b2-4a66-b08b-5dec332878fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.564824Z", + "modified": "2024-09-11T00:19:24.564824Z", + "name": "CVE-2024-43465", + "description": "Microsoft Excel Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43465" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67710f55-6aa8-4941-b51d-a15db4022ba7.json b/objects/vulnerability/vulnerability--67710f55-6aa8-4941-b51d-a15db4022ba7.json new file mode 100644 index 00000000000..d7fec1baf64 --- /dev/null +++ b/objects/vulnerability/vulnerability--67710f55-6aa8-4941-b51d-a15db4022ba7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd89e36e-0007-4c3e-a359-d2faa50ad007", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67710f55-6aa8-4941-b51d-a15db4022ba7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.257817Z", + "modified": "2024-09-11T00:19:23.257817Z", + "name": "CVE-2024-42425", + "description": "Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42425" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67bdefae-4882-4a8f-bf6e-2937f792e2b7.json b/objects/vulnerability/vulnerability--67bdefae-4882-4a8f-bf6e-2937f792e2b7.json new file mode 100644 index 00000000000..cb4952ca2e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--67bdefae-4882-4a8f-bf6e-2937f792e2b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e59d200c-dd18-48bf-a50d-dd968c805b0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67bdefae-4882-4a8f-bf6e-2937f792e2b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.150402Z", + "modified": "2024-09-11T00:19:30.150402Z", + "name": "CVE-2023-37234", + "description": "Loftware Spectrum through 4.6 has unprotected JMX Registry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67df42bc-addf-47e4-96ea-15189d02daf4.json b/objects/vulnerability/vulnerability--67df42bc-addf-47e4-96ea-15189d02daf4.json new file mode 100644 index 00000000000..a38d41a1fb2 --- /dev/null +++ b/objects/vulnerability/vulnerability--67df42bc-addf-47e4-96ea-15189d02daf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77eed685-39a5-40f8-a20f-97042db674f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67df42bc-addf-47e4-96ea-15189d02daf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.247997Z", + "modified": "2024-09-11T00:19:23.247997Z", + "name": "CVE-2024-6979", + "description": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ade7fba-a89a-4443-a27f-50331f6cd584.json b/objects/vulnerability/vulnerability--6ade7fba-a89a-4443-a27f-50331f6cd584.json new file mode 100644 index 00000000000..21658b2441b --- /dev/null +++ b/objects/vulnerability/vulnerability--6ade7fba-a89a-4443-a27f-50331f6cd584.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf824234-2cfc-4182-bf32-b63322a59569", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ade7fba-a89a-4443-a27f-50331f6cd584", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.532785Z", + "modified": "2024-09-11T00:19:24.532785Z", + "name": "CVE-2024-43475", + "description": "Microsoft Windows Admin Center Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b5ab191-3c30-471b-bdfd-c6d595d72774.json b/objects/vulnerability/vulnerability--6b5ab191-3c30-471b-bdfd-c6d595d72774.json new file mode 100644 index 00000000000..42bf1216ee8 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b5ab191-3c30-471b-bdfd-c6d595d72774.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b680104-a8da-4c6d-b984-6cd155f5ea35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b5ab191-3c30-471b-bdfd-c6d595d72774", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.915652Z", + "modified": "2024-09-11T00:19:23.915652Z", + "name": "CVE-2024-8645", + "description": "SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c535414-8458-47c8-af76-8e727a556925.json b/objects/vulnerability/vulnerability--6c535414-8458-47c8-af76-8e727a556925.json new file mode 100644 index 00000000000..6092a6d43ba --- /dev/null +++ b/objects/vulnerability/vulnerability--6c535414-8458-47c8-af76-8e727a556925.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07207448-dcfe-46d7-ad11-1841e8ff3c9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c535414-8458-47c8-af76-8e727a556925", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.559708Z", + "modified": "2024-09-11T00:19:23.559708Z", + "name": "CVE-2024-38238", + "description": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cf55219-ba1c-49b7-8648-244b6b9276f3.json b/objects/vulnerability/vulnerability--6cf55219-ba1c-49b7-8648-244b6b9276f3.json new file mode 100644 index 00000000000..1cacd9d2644 --- /dev/null +++ b/objects/vulnerability/vulnerability--6cf55219-ba1c-49b7-8648-244b6b9276f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e47bcdb6-dbf6-47f8-8ce0-40679c7f7f70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cf55219-ba1c-49b7-8648-244b6b9276f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.054954Z", + "modified": "2024-09-11T00:19:23.054954Z", + "name": "CVE-2024-44117", + "description": "The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e60ff85-2ccf-40b6-8a07-06f4aa9adaa6.json b/objects/vulnerability/vulnerability--6e60ff85-2ccf-40b6-8a07-06f4aa9adaa6.json new file mode 100644 index 00000000000..51b1e0d3883 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e60ff85-2ccf-40b6-8a07-06f4aa9adaa6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e360f894-2978-4326-816e-7529daee6171", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e60ff85-2ccf-40b6-8a07-06f4aa9adaa6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.567394Z", + "modified": "2024-09-11T00:19:23.567394Z", + "name": "CVE-2024-38270", + "description": "An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38270" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ea61736-dfbb-4ccd-95fc-965ca7009106.json b/objects/vulnerability/vulnerability--6ea61736-dfbb-4ccd-95fc-965ca7009106.json new file mode 100644 index 00000000000..49d1002777f --- /dev/null +++ b/objects/vulnerability/vulnerability--6ea61736-dfbb-4ccd-95fc-965ca7009106.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25d46c8b-e1cc-46a6-a5fb-4300db420112", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ea61736-dfbb-4ccd-95fc-965ca7009106", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.568133Z", + "modified": "2024-09-11T00:19:24.568133Z", + "name": "CVE-2024-43479", + "description": "Microsoft Power Automate Desktop Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--729eb8b7-91bf-4fa3-8fa4-5c6489f2c45f.json b/objects/vulnerability/vulnerability--729eb8b7-91bf-4fa3-8fa4-5c6489f2c45f.json new file mode 100644 index 00000000000..962c9fabb61 --- /dev/null +++ b/objects/vulnerability/vulnerability--729eb8b7-91bf-4fa3-8fa4-5c6489f2c45f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ad7571f-c9e1-4a17-8997-30ee188a07c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--729eb8b7-91bf-4fa3-8fa4-5c6489f2c45f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.182447Z", + "modified": "2024-09-11T00:19:30.182447Z", + "name": "CVE-2023-37231", + "description": "Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37231" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73638ccc-5d7d-444a-8abf-aba9c94f692f.json b/objects/vulnerability/vulnerability--73638ccc-5d7d-444a-8abf-aba9c94f692f.json new file mode 100644 index 00000000000..30d7e8fe5fb --- /dev/null +++ b/objects/vulnerability/vulnerability--73638ccc-5d7d-444a-8abf-aba9c94f692f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a18328d-b714-485f-8691-2774095851e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73638ccc-5d7d-444a-8abf-aba9c94f692f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.397392Z", + "modified": "2024-09-11T00:19:24.397392Z", + "name": "CVE-2024-7618", + "description": "The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73ef5cf4-72d7-4972-a506-e2dc192a66c2.json b/objects/vulnerability/vulnerability--73ef5cf4-72d7-4972-a506-e2dc192a66c2.json new file mode 100644 index 00000000000..ca7badec010 --- /dev/null +++ b/objects/vulnerability/vulnerability--73ef5cf4-72d7-4972-a506-e2dc192a66c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce0efecd-e37f-47a8-90cc-57956866a566", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73ef5cf4-72d7-4972-a506-e2dc192a66c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.512993Z", + "modified": "2024-09-11T00:19:23.512993Z", + "name": "CVE-2024-38226", + "description": "Microsoft Publisher Security Feature Bypass Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76bd9d71-bd8f-4744-a5a9-cae936443479.json b/objects/vulnerability/vulnerability--76bd9d71-bd8f-4744-a5a9-cae936443479.json new file mode 100644 index 00000000000..922bb3eb1ca --- /dev/null +++ b/objects/vulnerability/vulnerability--76bd9d71-bd8f-4744-a5a9-cae936443479.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c34a50b-0dfe-4943-a890-c9cda5fd479a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76bd9d71-bd8f-4744-a5a9-cae936443479", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.5449Z", + "modified": "2024-09-11T00:19:23.5449Z", + "name": "CVE-2024-38225", + "description": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76c2c132-bbf5-42ad-b9b8-39ad19d5e0d4.json b/objects/vulnerability/vulnerability--76c2c132-bbf5-42ad-b9b8-39ad19d5e0d4.json new file mode 100644 index 00000000000..27a14e02de6 --- /dev/null +++ b/objects/vulnerability/vulnerability--76c2c132-bbf5-42ad-b9b8-39ad19d5e0d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84199e39-a966-4b79-b8fe-a0e79fbe50b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76c2c132-bbf5-42ad-b9b8-39ad19d5e0d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.891327Z", + "modified": "2024-09-11T00:19:24.891327Z", + "name": "CVE-2024-45593", + "description": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76f49be5-78e5-42c1-9623-79b227c185c8.json b/objects/vulnerability/vulnerability--76f49be5-78e5-42c1-9623-79b227c185c8.json new file mode 100644 index 00000000000..e29ece71564 --- /dev/null +++ b/objects/vulnerability/vulnerability--76f49be5-78e5-42c1-9623-79b227c185c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b515b2dd-3d8e-473e-be8e-7090b5b6f8fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76f49be5-78e5-42c1-9623-79b227c185c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.034559Z", + "modified": "2024-09-11T00:19:24.034559Z", + "name": "CVE-2024-39574", + "description": "Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7815a52f-3290-4a40-916f-878deda4467b.json b/objects/vulnerability/vulnerability--7815a52f-3290-4a40-916f-878deda4467b.json new file mode 100644 index 00000000000..70055884b4b --- /dev/null +++ b/objects/vulnerability/vulnerability--7815a52f-3290-4a40-916f-878deda4467b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a7e1502-64c1-4b00-93db-37d2ac0064eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7815a52f-3290-4a40-916f-878deda4467b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.798883Z", + "modified": "2024-09-11T00:19:22.798883Z", + "name": "CVE-2024-37339", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--795b881c-3243-4085-a474-3c8e6ac920ae.json b/objects/vulnerability/vulnerability--795b881c-3243-4085-a474-3c8e6ac920ae.json new file mode 100644 index 00000000000..7295cc40ffd --- /dev/null +++ b/objects/vulnerability/vulnerability--795b881c-3243-4085-a474-3c8e6ac920ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--684dbc2c-95d3-42d4-94e8-87cfe4f9ac2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--795b881c-3243-4085-a474-3c8e6ac920ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.434995Z", + "modified": "2024-09-11T00:19:24.434995Z", + "name": "CVE-2024-7734", + "description": "An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7734" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b971b9c-f482-4439-9497-afd55077911b.json b/objects/vulnerability/vulnerability--7b971b9c-f482-4439-9497-afd55077911b.json new file mode 100644 index 00000000000..357eb6cd196 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b971b9c-f482-4439-9497-afd55077911b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2383e58-7ac2-4515-bf6c-be7807cd9058", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b971b9c-f482-4439-9497-afd55077911b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.780228Z", + "modified": "2024-09-11T00:19:22.780228Z", + "name": "CVE-2024-37342", + "description": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7db13356-2bd5-4075-8de7-791ea399c1df.json b/objects/vulnerability/vulnerability--7db13356-2bd5-4075-8de7-791ea399c1df.json new file mode 100644 index 00000000000..b0f843b8413 --- /dev/null +++ b/objects/vulnerability/vulnerability--7db13356-2bd5-4075-8de7-791ea399c1df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70aef64d-8c8a-493a-b7ff-b2afec779f0c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7db13356-2bd5-4075-8de7-791ea399c1df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.497128Z", + "modified": "2024-09-11T00:19:23.497128Z", + "name": "CVE-2024-38234", + "description": "Windows Networking Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f339925-7257-4a3f-a3ba-88c787652bab.json b/objects/vulnerability/vulnerability--7f339925-7257-4a3f-a3ba-88c787652bab.json new file mode 100644 index 00000000000..b6aeb462e2e --- /dev/null +++ b/objects/vulnerability/vulnerability--7f339925-7257-4a3f-a3ba-88c787652bab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9537835d-6d87-42db-89df-e490c2479dfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f339925-7257-4a3f-a3ba-88c787652bab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.862963Z", + "modified": "2024-09-11T00:19:24.862963Z", + "name": "CVE-2024-45280", + "description": "Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--803ae947-9632-4763-aa65-76fff986b89f.json b/objects/vulnerability/vulnerability--803ae947-9632-4763-aa65-76fff986b89f.json new file mode 100644 index 00000000000..eaaf0372460 --- /dev/null +++ b/objects/vulnerability/vulnerability--803ae947-9632-4763-aa65-76fff986b89f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--923013bc-08c8-4502-9f93-3e204e2ab3c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--803ae947-9632-4763-aa65-76fff986b89f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.552787Z", + "modified": "2024-09-11T00:19:23.552787Z", + "name": "CVE-2024-38260", + "description": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8070f3af-3f00-48c1-8190-0cd959c44549.json b/objects/vulnerability/vulnerability--8070f3af-3f00-48c1-8190-0cd959c44549.json new file mode 100644 index 00000000000..171ce1dd910 --- /dev/null +++ b/objects/vulnerability/vulnerability--8070f3af-3f00-48c1-8190-0cd959c44549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e6ffb50-1c3c-4f71-82a5-734234f7a7cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8070f3af-3f00-48c1-8190-0cd959c44549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.905021Z", + "modified": "2024-09-11T00:19:23.905021Z", + "name": "CVE-2024-8012", + "description": "An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--810af123-9c84-4754-b058-b44878a63fbc.json b/objects/vulnerability/vulnerability--810af123-9c84-4754-b058-b44878a63fbc.json new file mode 100644 index 00000000000..40c6e0dbfe0 --- /dev/null +++ b/objects/vulnerability/vulnerability--810af123-9c84-4754-b058-b44878a63fbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ab0e972-614e-41da-9c30-6ae964e37220", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--810af123-9c84-4754-b058-b44878a63fbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.858332Z", + "modified": "2024-09-11T00:19:24.858332Z", + "name": "CVE-2024-45409", + "description": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45409" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81259b14-77e3-496f-afaf-3f2043be591b.json b/objects/vulnerability/vulnerability--81259b14-77e3-496f-afaf-3f2043be591b.json new file mode 100644 index 00000000000..71c196b5353 --- /dev/null +++ b/objects/vulnerability/vulnerability--81259b14-77e3-496f-afaf-3f2043be591b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--baf5b73f-109e-44b9-a1bc-0d434c5437f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81259b14-77e3-496f-afaf-3f2043be591b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.517546Z", + "modified": "2024-09-11T00:19:23.517546Z", + "name": "CVE-2024-38046", + "description": "PowerShell Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38046" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84398808-ce1e-4cb1-85c6-a4bf0e498630.json b/objects/vulnerability/vulnerability--84398808-ce1e-4cb1-85c6-a4bf0e498630.json new file mode 100644 index 00000000000..545dbe92c4c --- /dev/null +++ b/objects/vulnerability/vulnerability--84398808-ce1e-4cb1-85c6-a4bf0e498630.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31be0e62-76f4-4f17-b51b-9298db339b8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84398808-ce1e-4cb1-85c6-a4bf0e498630", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.508899Z", + "modified": "2024-09-11T00:19:24.508899Z", + "name": "CVE-2024-43487", + "description": "Windows Mark of the Web Security Feature Bypass Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85b5339b-db8d-47c7-8718-aa0b6b98a8fa.json b/objects/vulnerability/vulnerability--85b5339b-db8d-47c7-8718-aa0b6b98a8fa.json new file mode 100644 index 00000000000..181f48cfa76 --- /dev/null +++ b/objects/vulnerability/vulnerability--85b5339b-db8d-47c7-8718-aa0b6b98a8fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a28288c4-36dc-4a4f-ba8b-934e65acdd6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85b5339b-db8d-47c7-8718-aa0b6b98a8fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.903388Z", + "modified": "2024-09-11T00:19:23.903388Z", + "name": "CVE-2024-8322", + "description": "Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8322" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85ba9a16-1af1-40ea-99d8-de681571fa25.json b/objects/vulnerability/vulnerability--85ba9a16-1af1-40ea-99d8-de681571fa25.json new file mode 100644 index 00000000000..d7558aa071d --- /dev/null +++ b/objects/vulnerability/vulnerability--85ba9a16-1af1-40ea-99d8-de681571fa25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8327e5bb-1983-42e5-957b-b10e5416af72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85ba9a16-1af1-40ea-99d8-de681571fa25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.217346Z", + "modified": "2024-09-11T00:19:23.217346Z", + "name": "CVE-2024-6876", + "description": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6876" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86685adf-606e-409f-b411-dd7aa2fc88a2.json b/objects/vulnerability/vulnerability--86685adf-606e-409f-b411-dd7aa2fc88a2.json new file mode 100644 index 00000000000..49d1ad5ac6a --- /dev/null +++ b/objects/vulnerability/vulnerability--86685adf-606e-409f-b411-dd7aa2fc88a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65fcad49-e856-49f2-81f9-98aa53bfe9b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86685adf-606e-409f-b411-dd7aa2fc88a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.137239Z", + "modified": "2024-09-11T00:19:30.137239Z", + "name": "CVE-2023-37232", + "description": "Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87697e02-4e57-4974-ac97-8cd84849d65b.json b/objects/vulnerability/vulnerability--87697e02-4e57-4974-ac97-8cd84849d65b.json new file mode 100644 index 00000000000..4c78cf42edf --- /dev/null +++ b/objects/vulnerability/vulnerability--87697e02-4e57-4974-ac97-8cd84849d65b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--202e802e-86de-4e3e-8139-cb4161353114", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87697e02-4e57-4974-ac97-8cd84849d65b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.55758Z", + "modified": "2024-09-11T00:19:24.55758Z", + "name": "CVE-2024-43482", + "description": "Microsoft Outlook for iOS Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--890579e7-0c85-496a-b7e9-1e74ac69df6c.json b/objects/vulnerability/vulnerability--890579e7-0c85-496a-b7e9-1e74ac69df6c.json new file mode 100644 index 00000000000..db8dac55c7f --- /dev/null +++ b/objects/vulnerability/vulnerability--890579e7-0c85-496a-b7e9-1e74ac69df6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d424549b-c8c1-4297-8e76-e27fc9ff654c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--890579e7-0c85-496a-b7e9-1e74ac69df6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.193883Z", + "modified": "2024-09-11T00:19:30.193883Z", + "name": "CVE-2023-37233", + "description": "Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ad15d36-6ea5-4148-8c2a-f2ced1ca7f29.json b/objects/vulnerability/vulnerability--8ad15d36-6ea5-4148-8c2a-f2ced1ca7f29.json new file mode 100644 index 00000000000..f338f71034e --- /dev/null +++ b/objects/vulnerability/vulnerability--8ad15d36-6ea5-4148-8c2a-f2ced1ca7f29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcac98f4-a009-47f7-bea4-e7b5e3a17068", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ad15d36-6ea5-4148-8c2a-f2ced1ca7f29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.882177Z", + "modified": "2024-09-11T00:19:24.882177Z", + "name": "CVE-2024-45412", + "description": "Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. This can get worse with the use of special Unicode characters like U+2100 (℀), or U+2105 (℅) which could lead the payload size to be tripled. Versions prior to 2.1.11 are affected by this vulnerability. The patch is included in 2.1.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b501d14-1baf-41ab-a881-42e8c5a7e0ff.json b/objects/vulnerability/vulnerability--8b501d14-1baf-41ab-a881-42e8c5a7e0ff.json new file mode 100644 index 00000000000..6f795c69b23 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b501d14-1baf-41ab-a881-42e8c5a7e0ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d577a1a6-9475-41ae-8b71-cf34d62b5d86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b501d14-1baf-41ab-a881-42e8c5a7e0ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.395669Z", + "modified": "2024-09-11T00:19:24.395669Z", + "name": "CVE-2024-7699", + "description": "An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c483aaf-8b75-41b8-8474-c1042852c625.json b/objects/vulnerability/vulnerability--8c483aaf-8b75-41b8-8474-c1042852c625.json new file mode 100644 index 00000000000..96b6856369b --- /dev/null +++ b/objects/vulnerability/vulnerability--8c483aaf-8b75-41b8-8474-c1042852c625.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bcb32ce-f97f-4969-9f06-809a7c4c9c46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c483aaf-8b75-41b8-8474-c1042852c625", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.323207Z", + "modified": "2024-09-11T00:19:23.323207Z", + "name": "CVE-2024-30073", + "description": "Windows Security Zone Mapping Security Feature Bypass Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-30073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d20d76a-191b-4ee8-92f9-6d82a2aad5a3.json b/objects/vulnerability/vulnerability--8d20d76a-191b-4ee8-92f9-6d82a2aad5a3.json new file mode 100644 index 00000000000..3ba3bd313a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d20d76a-191b-4ee8-92f9-6d82a2aad5a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--031f3be6-c424-47ec-b3ff-34de2cc5e17b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d20d76a-191b-4ee8-92f9-6d82a2aad5a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.537566Z", + "modified": "2024-09-11T00:19:23.537566Z", + "name": "CVE-2024-38258", + "description": "Windows Remote Desktop Licensing Service Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fcff19e-5f5b-441e-a5e8-76f387c0b853.json b/objects/vulnerability/vulnerability--8fcff19e-5f5b-441e-a5e8-76f387c0b853.json new file mode 100644 index 00000000000..5adb25c652d --- /dev/null +++ b/objects/vulnerability/vulnerability--8fcff19e-5f5b-441e-a5e8-76f387c0b853.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d14f3446-d99d-4082-8573-4d8d80ece9e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fcff19e-5f5b-441e-a5e8-76f387c0b853", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.871651Z", + "modified": "2024-09-11T00:19:23.871651Z", + "name": "CVE-2024-8503", + "description": "An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9044e89c-6f8f-43da-972a-c789a00b7ee3.json b/objects/vulnerability/vulnerability--9044e89c-6f8f-43da-972a-c789a00b7ee3.json new file mode 100644 index 00000000000..b925bfee576 --- /dev/null +++ b/objects/vulnerability/vulnerability--9044e89c-6f8f-43da-972a-c789a00b7ee3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d607f75-9dd9-4fb5-b90f-55ce839d74f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9044e89c-6f8f-43da-972a-c789a00b7ee3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.553841Z", + "modified": "2024-09-11T00:19:24.553841Z", + "name": "CVE-2024-43492", + "description": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91c1b435-359f-420c-b11a-a0d1efbf1af4.json b/objects/vulnerability/vulnerability--91c1b435-359f-420c-b11a-a0d1efbf1af4.json new file mode 100644 index 00000000000..857d944768a --- /dev/null +++ b/objects/vulnerability/vulnerability--91c1b435-359f-420c-b11a-a0d1efbf1af4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a762ce38-8510-4cbe-8c1f-6e97f1dd91bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91c1b435-359f-420c-b11a-a0d1efbf1af4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.38729Z", + "modified": "2024-09-11T00:19:24.38729Z", + "name": "CVE-2024-7955", + "description": "The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--922eef45-eb90-445a-829e-98ca6596bf7a.json b/objects/vulnerability/vulnerability--922eef45-eb90-445a-829e-98ca6596bf7a.json new file mode 100644 index 00000000000..6325ff89f12 --- /dev/null +++ b/objects/vulnerability/vulnerability--922eef45-eb90-445a-829e-98ca6596bf7a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ceebb3f5-486a-41d9-975f-357c55a04fd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--922eef45-eb90-445a-829e-98ca6596bf7a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.854207Z", + "modified": "2024-09-11T00:19:24.854207Z", + "name": "CVE-2024-45504", + "description": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--945fe602-ae61-464a-806a-73987927eb76.json b/objects/vulnerability/vulnerability--945fe602-ae61-464a-806a-73987927eb76.json new file mode 100644 index 00000000000..3a32d596efe --- /dev/null +++ b/objects/vulnerability/vulnerability--945fe602-ae61-464a-806a-73987927eb76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7654037b-b798-425f-a056-008286b223e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--945fe602-ae61-464a-806a-73987927eb76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.276382Z", + "modified": "2024-09-11T00:19:24.276382Z", + "name": "CVE-2024-33508", + "description": "An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9652c0ee-b91f-4883-aec2-d9003e4897e7.json b/objects/vulnerability/vulnerability--9652c0ee-b91f-4883-aec2-d9003e4897e7.json new file mode 100644 index 00000000000..bd504a78827 --- /dev/null +++ b/objects/vulnerability/vulnerability--9652c0ee-b91f-4883-aec2-d9003e4897e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75c0478d-5ff8-4196-a535-90d290c3c394", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9652c0ee-b91f-4883-aec2-d9003e4897e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.292871Z", + "modified": "2024-09-11T00:19:23.292871Z", + "name": "CVE-2024-42344", + "description": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42344" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9789acc2-149a-4b9a-b3bf-5f8843890eac.json b/objects/vulnerability/vulnerability--9789acc2-149a-4b9a-b3bf-5f8843890eac.json new file mode 100644 index 00000000000..bb42f3ae547 --- /dev/null +++ b/objects/vulnerability/vulnerability--9789acc2-149a-4b9a-b3bf-5f8843890eac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42e0776f-5c21-41c3-a59a-1dab2adf484d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9789acc2-149a-4b9a-b3bf-5f8843890eac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.733222Z", + "modified": "2024-09-11T00:19:24.733222Z", + "name": "CVE-2024-31960", + "description": "An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97a0b22b-0ef8-4f78-bcaf-471e7932636a.json b/objects/vulnerability/vulnerability--97a0b22b-0ef8-4f78-bcaf-471e7932636a.json new file mode 100644 index 00000000000..5fb3c6ccbf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--97a0b22b-0ef8-4f78-bcaf-471e7932636a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8579c785-6333-467d-9fc7-304cbcb82abf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97a0b22b-0ef8-4f78-bcaf-471e7932636a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.913467Z", + "modified": "2024-09-11T00:19:23.913467Z", + "name": "CVE-2024-8232", + "description": "SpiderControl SCADA Web Server has a vulnerability that could allow an \nattacker to upload specially crafted malicious files without \nauthentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--980e7b10-6b71-400c-b7f8-d653ef735d5f.json b/objects/vulnerability/vulnerability--980e7b10-6b71-400c-b7f8-d653ef735d5f.json new file mode 100644 index 00000000000..2305eafdf5e --- /dev/null +++ b/objects/vulnerability/vulnerability--980e7b10-6b71-400c-b7f8-d653ef735d5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--adc9fd8a-7083-4790-8a81-f5333c378954", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--980e7b10-6b71-400c-b7f8-d653ef735d5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.91681Z", + "modified": "2024-09-11T00:19:23.91681Z", + "name": "CVE-2024-8654", + "description": "MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9979fc5e-806f-4ec3-9f69-f114107498bd.json b/objects/vulnerability/vulnerability--9979fc5e-806f-4ec3-9f69-f114107498bd.json new file mode 100644 index 00000000000..699aae4ccac --- /dev/null +++ b/objects/vulnerability/vulnerability--9979fc5e-806f-4ec3-9f69-f114107498bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52a2c71f-8c8c-44ad-9125-b5d7d82f97b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9979fc5e-806f-4ec3-9f69-f114107498bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.288889Z", + "modified": "2024-09-11T00:19:23.288889Z", + "name": "CVE-2024-42380", + "description": "The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42380" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--998eeae6-afb2-4914-a5c7-c4329341cca0.json b/objects/vulnerability/vulnerability--998eeae6-afb2-4914-a5c7-c4329341cca0.json new file mode 100644 index 00000000000..19c3dec5646 --- /dev/null +++ b/objects/vulnerability/vulnerability--998eeae6-afb2-4914-a5c7-c4329341cca0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a23cd112-fcf3-49b1-87a4-8b5e8f48b6a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--998eeae6-afb2-4914-a5c7-c4329341cca0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.562949Z", + "modified": "2024-09-11T00:19:24.562949Z", + "name": "CVE-2024-43387", + "description": "A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c7a30b4-5272-4e8c-9f48-df9ececde828.json b/objects/vulnerability/vulnerability--9c7a30b4-5272-4e8c-9f48-df9ececde828.json new file mode 100644 index 00000000000..87ec929683d --- /dev/null +++ b/objects/vulnerability/vulnerability--9c7a30b4-5272-4e8c-9f48-df9ececde828.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b53bf6e-b2f1-4145-8e8b-aa5dc96cdd22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c7a30b4-5272-4e8c-9f48-df9ececde828", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.156784Z", + "modified": "2024-09-11T00:19:30.156784Z", + "name": "CVE-2023-37227", + "description": "Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d848f45-6502-4815-aaf6-b6b13684b6c4.json b/objects/vulnerability/vulnerability--9d848f45-6502-4815-aaf6-b6b13684b6c4.json new file mode 100644 index 00000000000..9e493df040e --- /dev/null +++ b/objects/vulnerability/vulnerability--9d848f45-6502-4815-aaf6-b6b13684b6c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--472afc7c-e647-4e44-934a-5f9fc726dabd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d848f45-6502-4815-aaf6-b6b13684b6c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.499146Z", + "modified": "2024-09-11T00:19:23.499146Z", + "name": "CVE-2024-38188", + "description": "Azure Network Watcher VM Agent Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e263c7b-e551-4afd-a2ab-bda43b004495.json b/objects/vulnerability/vulnerability--9e263c7b-e551-4afd-a2ab-bda43b004495.json new file mode 100644 index 00000000000..8825dd1c77a --- /dev/null +++ b/objects/vulnerability/vulnerability--9e263c7b-e551-4afd-a2ab-bda43b004495.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6135003-8f0a-4066-84a5-1c3c8be33cde", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e263c7b-e551-4afd-a2ab-bda43b004495", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.19627Z", + "modified": "2024-09-11T00:19:30.19627Z", + "name": "CVE-2023-37226", + "description": "Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e791b65-5278-4367-8611-8dea5a7b5550.json b/objects/vulnerability/vulnerability--9e791b65-5278-4367-8611-8dea5a7b5550.json new file mode 100644 index 00000000000..3ce222a98e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e791b65-5278-4367-8611-8dea5a7b5550.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--715ac454-1588-4f13-8430-1f9688c04052", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e791b65-5278-4367-8611-8dea5a7b5550", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.876513Z", + "modified": "2024-09-11T00:19:23.876513Z", + "name": "CVE-2024-8320", + "description": "Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ed51325-00f0-45a8-a3e6-3bbaccdaa5d7.json b/objects/vulnerability/vulnerability--9ed51325-00f0-45a8-a3e6-3bbaccdaa5d7.json new file mode 100644 index 00000000000..5652684b045 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ed51325-00f0-45a8-a3e6-3bbaccdaa5d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1ded3df-9597-4de1-9b0f-c53d2f849c2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ed51325-00f0-45a8-a3e6-3bbaccdaa5d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.900779Z", + "modified": "2024-09-11T00:19:23.900779Z", + "name": "CVE-2024-8369", + "description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a027d6bd-7717-444c-b2fe-81f412942167.json b/objects/vulnerability/vulnerability--a027d6bd-7717-444c-b2fe-81f412942167.json new file mode 100644 index 00000000000..192d701a28a --- /dev/null +++ b/objects/vulnerability/vulnerability--a027d6bd-7717-444c-b2fe-81f412942167.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6cef6d3-3122-41b7-8b0e-bd58ff1081b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a027d6bd-7717-444c-b2fe-81f412942167", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.922513Z", + "modified": "2024-09-11T00:19:22.922513Z", + "name": "CVE-2024-44872", + "description": "A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a084825d-ffb8-481a-ad8a-76d0052893c3.json b/objects/vulnerability/vulnerability--a084825d-ffb8-481a-ad8a-76d0052893c3.json new file mode 100644 index 00000000000..947c895d98f --- /dev/null +++ b/objects/vulnerability/vulnerability--a084825d-ffb8-481a-ad8a-76d0052893c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c43828b3-d499-402e-9b4b-f26840562495", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a084825d-ffb8-481a-ad8a-76d0052893c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.057788Z", + "modified": "2024-09-11T00:19:24.057788Z", + "name": "CVE-2024-39582", + "description": "Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1a73bbd-1280-4e9e-8b05-3fd33036c71c.json b/objects/vulnerability/vulnerability--a1a73bbd-1280-4e9e-8b05-3fd33036c71c.json new file mode 100644 index 00000000000..f9ddb3f8e3f --- /dev/null +++ b/objects/vulnerability/vulnerability--a1a73bbd-1280-4e9e-8b05-3fd33036c71c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1d59d4b-e9dc-42a9-ac06-c721b41dbda2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1a73bbd-1280-4e9e-8b05-3fd33036c71c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:32.098693Z", + "modified": "2024-09-11T00:19:32.098693Z", + "name": "CVE-2023-2919", + "description": "The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2919" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1eaa651-1159-44f9-b103-35ac5d0dce37.json b/objects/vulnerability/vulnerability--a1eaa651-1159-44f9-b103-35ac5d0dce37.json new file mode 100644 index 00000000000..42ecc5a6d5f --- /dev/null +++ b/objects/vulnerability/vulnerability--a1eaa651-1159-44f9-b103-35ac5d0dce37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8a97684-b282-4663-9927-38bdc778cc6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1eaa651-1159-44f9-b103-35ac5d0dce37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.281906Z", + "modified": "2024-09-11T00:19:24.281906Z", + "name": "CVE-2024-33698", + "description": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2464909-ddd4-4ddb-a4ca-1206f8f9c9fd.json b/objects/vulnerability/vulnerability--a2464909-ddd4-4ddb-a4ca-1206f8f9c9fd.json new file mode 100644 index 00000000000..cfdd65b3c92 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2464909-ddd4-4ddb-a4ca-1206f8f9c9fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97b6fb46-132e-4d58-b69b-1b342c9258d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2464909-ddd4-4ddb-a4ca-1206f8f9c9fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.291655Z", + "modified": "2024-09-11T00:19:23.291655Z", + "name": "CVE-2024-42427", + "description": "Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3738ff6-376a-400f-a1ad-e09b3181826b.json b/objects/vulnerability/vulnerability--a3738ff6-376a-400f-a1ad-e09b3181826b.json new file mode 100644 index 00000000000..0e4b5e819f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3738ff6-376a-400f-a1ad-e09b3181826b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--843a4621-6246-4bda-812e-4ebe1eb7b0c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3738ff6-376a-400f-a1ad-e09b3181826b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.871697Z", + "modified": "2024-09-11T00:19:24.871697Z", + "name": "CVE-2024-45591", + "description": "XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6b259d5-592f-42ca-9ef7-31c7a4e97582.json b/objects/vulnerability/vulnerability--a6b259d5-592f-42ca-9ef7-31c7a4e97582.json new file mode 100644 index 00000000000..33d46554037 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6b259d5-592f-42ca-9ef7-31c7a4e97582.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--674f1282-3c68-402b-b2c0-8f9b9f14d202", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6b259d5-592f-42ca-9ef7-31c7a4e97582", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.575453Z", + "modified": "2024-09-11T00:19:23.575453Z", + "name": "CVE-2024-38018", + "description": "Microsoft SharePoint Server Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7048dc6-09e6-45f4-9095-0ee2f5b365b1.json b/objects/vulnerability/vulnerability--a7048dc6-09e6-45f4-9095-0ee2f5b365b1.json new file mode 100644 index 00000000000..e291a2b8f5e --- /dev/null +++ b/objects/vulnerability/vulnerability--a7048dc6-09e6-45f4-9095-0ee2f5b365b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c46eac77-63d5-4d6c-a420-1564c9fad441", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7048dc6-09e6-45f4-9095-0ee2f5b365b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.8875Z", + "modified": "2024-09-11T00:19:23.8875Z", + "name": "CVE-2024-8478", + "description": "The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a782c51d-4914-47aa-b1aa-0bd8576dbed0.json b/objects/vulnerability/vulnerability--a782c51d-4914-47aa-b1aa-0bd8576dbed0.json new file mode 100644 index 00000000000..e8e0f416aa7 --- /dev/null +++ b/objects/vulnerability/vulnerability--a782c51d-4914-47aa-b1aa-0bd8576dbed0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9594d748-8584-4f1d-8efc-44d78536bc98", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a782c51d-4914-47aa-b1aa-0bd8576dbed0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.360343Z", + "modified": "2024-09-11T00:19:24.360343Z", + "name": "CVE-2024-34831", + "description": "cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--abec1876-1470-496f-919b-a7b40224cc06.json b/objects/vulnerability/vulnerability--abec1876-1470-496f-919b-a7b40224cc06.json new file mode 100644 index 00000000000..5b9f8ccbf85 --- /dev/null +++ b/objects/vulnerability/vulnerability--abec1876-1470-496f-919b-a7b40224cc06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18438863-ed0f-4295-b0ce-62a832ed49d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--abec1876-1470-496f-919b-a7b40224cc06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.807136Z", + "modified": "2024-09-11T00:19:22.807136Z", + "name": "CVE-2024-37338", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37338" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad223aca-c2bf-4267-a211-10d1db9039cb.json b/objects/vulnerability/vulnerability--ad223aca-c2bf-4267-a211-10d1db9039cb.json new file mode 100644 index 00000000000..2d7f1eba544 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad223aca-c2bf-4267-a211-10d1db9039cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6515a93b-e27e-4221-a703-6e3ee3881e97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad223aca-c2bf-4267-a211-10d1db9039cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.037786Z", + "modified": "2024-09-11T00:19:23.037786Z", + "name": "CVE-2024-44867", + "description": "phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44867" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae989624-0fea-4904-94d6-09a572f319a1.json b/objects/vulnerability/vulnerability--ae989624-0fea-4904-94d6-09a572f319a1.json new file mode 100644 index 00000000000..a64e2dd30c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae989624-0fea-4904-94d6-09a572f319a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3bf36e2-c700-4c0d-9b21-16d8ddac8887", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae989624-0fea-4904-94d6-09a572f319a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.524938Z", + "modified": "2024-09-11T00:19:24.524938Z", + "name": "CVE-2024-43386", + "description": "A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0a3000a-fecc-42fb-951f-cf6c28c3ee33.json b/objects/vulnerability/vulnerability--b0a3000a-fecc-42fb-951f-cf6c28c3ee33.json new file mode 100644 index 00000000000..e9657d5dcbd --- /dev/null +++ b/objects/vulnerability/vulnerability--b0a3000a-fecc-42fb-951f-cf6c28c3ee33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--491f953f-9036-41c6-bf39-977ccde812f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0a3000a-fecc-42fb-951f-cf6c28c3ee33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.902213Z", + "modified": "2024-09-11T00:19:22.902213Z", + "name": "CVE-2024-44106", + "description": "Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b16cc53a-fd6e-4160-b3fb-d949cacf09ef.json b/objects/vulnerability/vulnerability--b16cc53a-fd6e-4160-b3fb-d949cacf09ef.json new file mode 100644 index 00000000000..621e49a0381 --- /dev/null +++ b/objects/vulnerability/vulnerability--b16cc53a-fd6e-4160-b3fb-d949cacf09ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3da18ce4-59a7-4610-82f9-7f4b9157f295", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b16cc53a-fd6e-4160-b3fb-d949cacf09ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.108397Z", + "modified": "2024-09-11T00:19:23.108397Z", + "name": "CVE-2024-25074", + "description": "An issue was discovered in Samsung Semiconductor Mobile Processor, Automotive Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the SM (Session Management module), which can lead to Denial of Service (Untrusted Pointer Dereference).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25074" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1c4696d-72a5-4be5-b818-1a03c754d089.json b/objects/vulnerability/vulnerability--b1c4696d-72a5-4be5-b818-1a03c754d089.json new file mode 100644 index 00000000000..222705bca70 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1c4696d-72a5-4be5-b818-1a03c754d089.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72f7c561-500b-4e29-86a3-c1dd45846901", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1c4696d-72a5-4be5-b818-1a03c754d089", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.824443Z", + "modified": "2024-09-11T00:19:22.824443Z", + "name": "CVE-2024-37335", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b25ca906-3a50-4aca-9373-e022c16e140c.json b/objects/vulnerability/vulnerability--b25ca906-3a50-4aca-9373-e022c16e140c.json new file mode 100644 index 00000000000..aef25abe1b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b25ca906-3a50-4aca-9373-e022c16e140c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b54d21c-8325-426e-aa2f-db45f689abdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b25ca906-3a50-4aca-9373-e022c16e140c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.672342Z", + "modified": "2024-09-11T00:19:30.672342Z", + "name": "CVE-2023-30755", + "description": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30755" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b29229fb-ec14-4aa2-b5fa-269186b3c7c2.json b/objects/vulnerability/vulnerability--b29229fb-ec14-4aa2-b5fa-269186b3c7c2.json new file mode 100644 index 00000000000..aeba4166b03 --- /dev/null +++ b/objects/vulnerability/vulnerability--b29229fb-ec14-4aa2-b5fa-269186b3c7c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2d03d31-d1bb-4c60-9488-39ee9c28c207", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b29229fb-ec14-4aa2-b5fa-269186b3c7c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.212811Z", + "modified": "2024-09-11T00:19:23.212811Z", + "name": "CVE-2024-6282", + "description": "The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b306a970-4d33-4ace-be26-107874b68834.json b/objects/vulnerability/vulnerability--b306a970-4d33-4ace-be26-107874b68834.json new file mode 100644 index 00000000000..9394e5ab445 --- /dev/null +++ b/objects/vulnerability/vulnerability--b306a970-4d33-4ace-be26-107874b68834.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--175df351-3bdd-436a-aaa4-3db6cfd41e80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b306a970-4d33-4ace-be26-107874b68834", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.306261Z", + "modified": "2024-09-11T00:19:23.306261Z", + "name": "CVE-2024-42345", + "description": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4e023cc-6119-49fd-8f8e-2858cfb1deb0.json b/objects/vulnerability/vulnerability--b4e023cc-6119-49fd-8f8e-2858cfb1deb0.json new file mode 100644 index 00000000000..c8499f9dcef --- /dev/null +++ b/objects/vulnerability/vulnerability--b4e023cc-6119-49fd-8f8e-2858cfb1deb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b5dc996-9973-4f47-8726-66c16068a91d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4e023cc-6119-49fd-8f8e-2858cfb1deb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.652151Z", + "modified": "2024-09-11T00:19:24.652151Z", + "name": "CVE-2024-23184", + "description": "Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23184" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5a189f3-4cde-49fc-b585-039bb7c491c1.json b/objects/vulnerability/vulnerability--b5a189f3-4cde-49fc-b585-039bb7c491c1.json new file mode 100644 index 00000000000..986b36f93a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b5a189f3-4cde-49fc-b585-039bb7c491c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0550996-c060-4ebd-8071-a2713419957f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5a189f3-4cde-49fc-b585-039bb7c491c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.6751Z", + "modified": "2024-09-11T00:19:23.6751Z", + "name": "CVE-2024-21753", + "description": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21753" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b627674b-b886-4903-8186-698edf8ea543.json b/objects/vulnerability/vulnerability--b627674b-b886-4903-8186-698edf8ea543.json new file mode 100644 index 00000000000..46d63908f42 --- /dev/null +++ b/objects/vulnerability/vulnerability--b627674b-b886-4903-8186-698edf8ea543.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70816a90-83b7-4ae4-9753-65884bd67e59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b627674b-b886-4903-8186-698edf8ea543", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.897342Z", + "modified": "2024-09-11T00:19:24.897342Z", + "name": "CVE-2024-45596", + "description": "Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b68e81a6-b68d-4526-8f9d-4d4c6713a5e9.json b/objects/vulnerability/vulnerability--b68e81a6-b68d-4526-8f9d-4d4c6713a5e9.json new file mode 100644 index 00000000000..0402ac793f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b68e81a6-b68d-4526-8f9d-4d4c6713a5e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5236a0af-da7c-4411-9fe5-37e79605cb04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b68e81a6-b68d-4526-8f9d-4d4c6713a5e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.52773Z", + "modified": "2024-09-11T00:19:24.52773Z", + "name": "CVE-2024-43464", + "description": "Microsoft SharePoint Server Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7743236-0d3d-4d2d-b910-9d1f84630e1d.json b/objects/vulnerability/vulnerability--b7743236-0d3d-4d2d-b910-9d1f84630e1d.json new file mode 100644 index 00000000000..a556b9a7e1e --- /dev/null +++ b/objects/vulnerability/vulnerability--b7743236-0d3d-4d2d-b910-9d1f84630e1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39d39b13-ee23-48bb-9f11-f05290388ea6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7743236-0d3d-4d2d-b910-9d1f84630e1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.50433Z", + "modified": "2024-09-11T00:19:23.50433Z", + "name": "CVE-2024-38248", + "description": "Windows Storage Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7927678-c5cd-4c8f-a5a9-72af39e9d91e.json b/objects/vulnerability/vulnerability--b7927678-c5cd-4c8f-a5a9-72af39e9d91e.json new file mode 100644 index 00000000000..ea3813dbf19 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7927678-c5cd-4c8f-a5a9-72af39e9d91e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f395620d-4246-4313-aadb-01acfabccca0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7927678-c5cd-4c8f-a5a9-72af39e9d91e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.076851Z", + "modified": "2024-09-11T00:19:23.076851Z", + "name": "CVE-2024-25073", + "description": "An issue was discovered in Samsung Semiconductor Mobile Processor, Automotive Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7b723fa-c918-494f-9734-0178b4c533bb.json b/objects/vulnerability/vulnerability--b7b723fa-c918-494f-9734-0178b4c533bb.json new file mode 100644 index 00000000000..468d793f2a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7b723fa-c918-494f-9734-0178b4c533bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90639477-0e54-425b-b14d-19f4e851f180", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7b723fa-c918-494f-9734-0178b4c533bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.830134Z", + "modified": "2024-09-11T00:19:22.830134Z", + "name": "CVE-2024-37992", + "description": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37992" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8aa8437-5dba-4351-b653-74db26af7144.json b/objects/vulnerability/vulnerability--b8aa8437-5dba-4351-b653-74db26af7144.json new file mode 100644 index 00000000000..405b731e0ea --- /dev/null +++ b/objects/vulnerability/vulnerability--b8aa8437-5dba-4351-b653-74db26af7144.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4939f8e9-e1de-4a4e-92ff-2786966ec799", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8aa8437-5dba-4351-b653-74db26af7144", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.914173Z", + "modified": "2024-09-11T00:19:22.914173Z", + "name": "CVE-2024-44121", + "description": "Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44121" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b960ef96-68ff-4b1f-bf47-f96e36707490.json b/objects/vulnerability/vulnerability--b960ef96-68ff-4b1f-bf47-f96e36707490.json new file mode 100644 index 00000000000..2434ae90e06 --- /dev/null +++ b/objects/vulnerability/vulnerability--b960ef96-68ff-4b1f-bf47-f96e36707490.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef736b0a-8c3d-4585-b969-f67573131fea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b960ef96-68ff-4b1f-bf47-f96e36707490", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.541503Z", + "modified": "2024-09-11T00:19:24.541503Z", + "name": "CVE-2024-43476", + "description": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9f0af4f-beec-498c-b892-83b31ce8d608.json b/objects/vulnerability/vulnerability--b9f0af4f-beec-498c-b892-83b31ce8d608.json new file mode 100644 index 00000000000..c0502cb8846 --- /dev/null +++ b/objects/vulnerability/vulnerability--b9f0af4f-beec-498c-b892-83b31ce8d608.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8741e04a-29fa-4b3f-8d6c-70a3d7d7ae27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9f0af4f-beec-498c-b892-83b31ce8d608", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.539278Z", + "modified": "2024-09-11T00:19:24.539278Z", + "name": "CVE-2024-43781", + "description": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbf8b2ba-4211-42e5-bff8-c33bbd6a5cf6.json b/objects/vulnerability/vulnerability--bbf8b2ba-4211-42e5-bff8-c33bbd6a5cf6.json new file mode 100644 index 00000000000..eeeda47a071 --- /dev/null +++ b/objects/vulnerability/vulnerability--bbf8b2ba-4211-42e5-bff8-c33bbd6a5cf6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74ad7eab-462f-453d-9acb-54e60b0d9783", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbf8b2ba-4211-42e5-bff8-c33bbd6a5cf6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.570858Z", + "modified": "2024-09-11T00:19:24.570858Z", + "name": "CVE-2024-43454", + "description": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc7b98bf-46fe-4688-9dfe-03551eff8f48.json b/objects/vulnerability/vulnerability--bc7b98bf-46fe-4688-9dfe-03551eff8f48.json new file mode 100644 index 00000000000..654287c1314 --- /dev/null +++ b/objects/vulnerability/vulnerability--bc7b98bf-46fe-4688-9dfe-03551eff8f48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2115ec1c-1b6f-477c-b868-becf99dd53e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc7b98bf-46fe-4688-9dfe-03551eff8f48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.900641Z", + "modified": "2024-09-11T00:19:24.900641Z", + "name": "CVE-2024-45393", + "description": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an \"update:task\" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd7a763b-58ef-4821-abe3-24fdc4ac8c7d.json b/objects/vulnerability/vulnerability--bd7a763b-58ef-4821-abe3-24fdc4ac8c7d.json new file mode 100644 index 00000000000..d2b6deee35b --- /dev/null +++ b/objects/vulnerability/vulnerability--bd7a763b-58ef-4821-abe3-24fdc4ac8c7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62502c0b-2f78-4cd0-b46f-7c1c60f12aaf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd7a763b-58ef-4821-abe3-24fdc4ac8c7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.90876Z", + "modified": "2024-09-11T00:19:22.90876Z", + "name": "CVE-2024-44103", + "description": "DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bdc01dfc-0960-466a-a432-5e45f5b8522b.json b/objects/vulnerability/vulnerability--bdc01dfc-0960-466a-a432-5e45f5b8522b.json new file mode 100644 index 00000000000..b2baf855ef5 --- /dev/null +++ b/objects/vulnerability/vulnerability--bdc01dfc-0960-466a-a432-5e45f5b8522b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6173df34-0e22-458b-a671-2eeedff95248", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bdc01dfc-0960-466a-a432-5e45f5b8522b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.562705Z", + "modified": "2024-09-11T00:19:23.562705Z", + "name": "CVE-2024-38236", + "description": "DHCP Server Service Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c03aecca-c96e-48ee-87a4-d867e4266e87.json b/objects/vulnerability/vulnerability--c03aecca-c96e-48ee-87a4-d867e4266e87.json new file mode 100644 index 00000000000..de06b1f1291 --- /dev/null +++ b/objects/vulnerability/vulnerability--c03aecca-c96e-48ee-87a4-d867e4266e87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0bc9069-303a-453e-aa24-feee1c598af0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c03aecca-c96e-48ee-87a4-d867e4266e87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.920034Z", + "modified": "2024-09-11T00:19:23.920034Z", + "name": "CVE-2024-8504", + "description": "An attacker with authenticated access to VICIdial as an \"agent\" can execute arbitrary shell commands as the \"root\" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0505726-b3f1-45e9-a622-06c242c555f1.json b/objects/vulnerability/vulnerability--c0505726-b3f1-45e9-a622-06c242c555f1.json new file mode 100644 index 00000000000..3016d7a2fa2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0505726-b3f1-45e9-a622-06c242c555f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--897c31a7-ffd4-4dfb-9dfa-12810a771172", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0505726-b3f1-45e9-a622-06c242c555f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.669768Z", + "modified": "2024-09-11T00:19:30.669768Z", + "name": "CVE-2023-30756", + "description": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c155a6da-7832-46ce-b4c5-3c332e47f900.json b/objects/vulnerability/vulnerability--c155a6da-7832-46ce-b4c5-3c332e47f900.json new file mode 100644 index 00000000000..9ed7ef22812 --- /dev/null +++ b/objects/vulnerability/vulnerability--c155a6da-7832-46ce-b4c5-3c332e47f900.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2db2a05d-4834-4b1c-85b8-83c11c241e7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c155a6da-7832-46ce-b4c5-3c332e47f900", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.105189Z", + "modified": "2024-09-11T00:19:24.105189Z", + "name": "CVE-2024-26191", + "description": "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c17b0318-12d4-4cd7-a4c0-9bbb78a03d8d.json b/objects/vulnerability/vulnerability--c17b0318-12d4-4cd7-a4c0-9bbb78a03d8d.json new file mode 100644 index 00000000000..062e4cd5a95 --- /dev/null +++ b/objects/vulnerability/vulnerability--c17b0318-12d4-4cd7-a4c0-9bbb78a03d8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35224fae-4205-4094-a308-8df0bc22d1b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c17b0318-12d4-4cd7-a4c0-9bbb78a03d8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.529477Z", + "modified": "2024-09-11T00:19:24.529477Z", + "name": "CVE-2024-43463", + "description": "Microsoft Office Visio Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c32de76a-eaf1-4b6c-b6a1-ab575217a097.json b/objects/vulnerability/vulnerability--c32de76a-eaf1-4b6c-b6a1-ab575217a097.json new file mode 100644 index 00000000000..98ebc158b73 --- /dev/null +++ b/objects/vulnerability/vulnerability--c32de76a-eaf1-4b6c-b6a1-ab575217a097.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87afafdd-1f26-4810-bfd0-3ee63c8bd372", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c32de76a-eaf1-4b6c-b6a1-ab575217a097", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.51229Z", + "modified": "2024-09-11T00:19:24.51229Z", + "name": "CVE-2024-43467", + "description": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3b7f5ee-ebfd-4bf9-a812-373b2e2408be.json b/objects/vulnerability/vulnerability--c3b7f5ee-ebfd-4bf9-a812-373b2e2408be.json new file mode 100644 index 00000000000..109567b9847 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3b7f5ee-ebfd-4bf9-a812-373b2e2408be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47bec141-9a6c-4b06-80fd-64ea9aa34f9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3b7f5ee-ebfd-4bf9-a812-373b2e2408be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.510848Z", + "modified": "2024-09-11T00:19:24.510848Z", + "name": "CVE-2024-43461", + "description": "Windows MSHTML Platform Spoofing Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c46a8570-902f-424d-a213-7a2c30e42bab.json b/objects/vulnerability/vulnerability--c46a8570-902f-424d-a213-7a2c30e42bab.json new file mode 100644 index 00000000000..aa3a37a0fcc --- /dev/null +++ b/objects/vulnerability/vulnerability--c46a8570-902f-424d-a213-7a2c30e42bab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be915b01-9aa8-4cd5-b6c9-3d2a12f75252", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c46a8570-902f-424d-a213-7a2c30e42bab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.873068Z", + "modified": "2024-09-11T00:19:23.873068Z", + "name": "CVE-2024-8543", + "description": "The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c509ea80-0060-4a10-b14d-7f5753bd8bc6.json b/objects/vulnerability/vulnerability--c509ea80-0060-4a10-b14d-7f5753bd8bc6.json new file mode 100644 index 00000000000..fec5ddd163b --- /dev/null +++ b/objects/vulnerability/vulnerability--c509ea80-0060-4a10-b14d-7f5753bd8bc6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6b41ed6-53b5-4e0b-8ace-d9a95b79c8c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c509ea80-0060-4a10-b14d-7f5753bd8bc6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.525612Z", + "modified": "2024-09-11T00:19:23.525612Z", + "name": "CVE-2024-38232", + "description": "Windows Networking Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c50e1828-26d4-4184-b340-bcf15875a506.json b/objects/vulnerability/vulnerability--c50e1828-26d4-4184-b340-bcf15875a506.json new file mode 100644 index 00000000000..a45b352f376 --- /dev/null +++ b/objects/vulnerability/vulnerability--c50e1828-26d4-4184-b340-bcf15875a506.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a4fa6ba-8e17-4701-983e-91aa6b309976", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c50e1828-26d4-4184-b340-bcf15875a506", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.463317Z", + "modified": "2024-09-11T00:19:24.463317Z", + "name": "CVE-2024-41170", + "description": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5528f20-d5c5-4009-b915-41541e2f79ed.json b/objects/vulnerability/vulnerability--c5528f20-d5c5-4009-b915-41541e2f79ed.json new file mode 100644 index 00000000000..da0462fcf17 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5528f20-d5c5-4009-b915-41541e2f79ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e9050ac-9bbf-48ef-980e-4434e4548636", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5528f20-d5c5-4009-b915-41541e2f79ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.070877Z", + "modified": "2024-09-11T00:19:24.070877Z", + "name": "CVE-2024-39583", + "description": "Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6c18999-a701-4755-a1ee-f94f2b117dde.json b/objects/vulnerability/vulnerability--c6c18999-a701-4755-a1ee-f94f2b117dde.json new file mode 100644 index 00000000000..af54de4e040 --- /dev/null +++ b/objects/vulnerability/vulnerability--c6c18999-a701-4755-a1ee-f94f2b117dde.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba142970-4887-4f98-8bd1-37d8ea2a65ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6c18999-a701-4755-a1ee-f94f2b117dde", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.479222Z", + "modified": "2024-09-11T00:19:23.479222Z", + "name": "CVE-2024-38246", + "description": "Win32k Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38246" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8133b3f-86a7-4c63-96d9-452b3e864ea1.json b/objects/vulnerability/vulnerability--c8133b3f-86a7-4c63-96d9-452b3e864ea1.json new file mode 100644 index 00000000000..9477f88f628 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8133b3f-86a7-4c63-96d9-452b3e864ea1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee97b3e6-dd9d-4ff0-b7a0-26cc15b6f117", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8133b3f-86a7-4c63-96d9-452b3e864ea1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.516941Z", + "modified": "2024-09-11T00:19:24.516941Z", + "name": "CVE-2024-43385", + "description": "A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43385" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8517032-4299-4939-acdc-abb8e2d381d7.json b/objects/vulnerability/vulnerability--c8517032-4299-4939-acdc-abb8e2d381d7.json new file mode 100644 index 00000000000..dd6e09f6a67 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8517032-4299-4939-acdc-abb8e2d381d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1c493cd-789e-4009-ac48-ee4a802239b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8517032-4299-4939-acdc-abb8e2d381d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.914482Z", + "modified": "2024-09-11T00:19:23.914482Z", + "name": "CVE-2024-8268", + "description": "The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8268" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c85be5e4-c907-46c9-a2e4-7901a1132aa4.json b/objects/vulnerability/vulnerability--c85be5e4-c907-46c9-a2e4-7901a1132aa4.json new file mode 100644 index 00000000000..64488df42d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c85be5e4-c907-46c9-a2e4-7901a1132aa4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bc055a0-403d-4083-a746-db84c0d5d490", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c85be5e4-c907-46c9-a2e4-7901a1132aa4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.808372Z", + "modified": "2024-09-11T00:19:22.808372Z", + "name": "CVE-2024-37341", + "description": "Microsoft SQL Server Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c98e22f1-ff74-4397-8177-d9d28ac3429a.json b/objects/vulnerability/vulnerability--c98e22f1-ff74-4397-8177-d9d28ac3429a.json new file mode 100644 index 00000000000..cbe9500c160 --- /dev/null +++ b/objects/vulnerability/vulnerability--c98e22f1-ff74-4397-8177-d9d28ac3429a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ad5d7be-2b1c-490a-9b99-c4b1ffdba9b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c98e22f1-ff74-4397-8177-d9d28ac3429a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.559781Z", + "modified": "2024-09-11T00:19:24.559781Z", + "name": "CVE-2024-43040", + "description": "Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cad8fdb5-43f3-4cfa-9c66-65f3e9bffd73.json b/objects/vulnerability/vulnerability--cad8fdb5-43f3-4cfa-9c66-65f3e9bffd73.json new file mode 100644 index 00000000000..c856bfce9ad --- /dev/null +++ b/objects/vulnerability/vulnerability--cad8fdb5-43f3-4cfa-9c66-65f3e9bffd73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--984a86fb-b22e-4740-852c-fbcb02c3413c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cad8fdb5-43f3-4cfa-9c66-65f3e9bffd73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.040994Z", + "modified": "2024-09-11T00:19:23.040994Z", + "name": "CVE-2024-44677", + "description": "eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cdc42488-b533-45b2-ad3a-a845d36d3213.json b/objects/vulnerability/vulnerability--cdc42488-b533-45b2-ad3a-a845d36d3213.json new file mode 100644 index 00000000000..f3af37bf2f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--cdc42488-b533-45b2-ad3a-a845d36d3213.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--783f68d7-dcd8-4abb-b668-b8a29be3ceec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cdc42488-b533-45b2-ad3a-a845d36d3213", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.0502Z", + "modified": "2024-09-11T00:19:24.0502Z", + "name": "CVE-2024-39581", + "description": "Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce65a80e-c0d1-49bd-844d-7bb355bd3dac.json b/objects/vulnerability/vulnerability--ce65a80e-c0d1-49bd-844d-7bb355bd3dac.json new file mode 100644 index 00000000000..2d7d5b7980b --- /dev/null +++ b/objects/vulnerability/vulnerability--ce65a80e-c0d1-49bd-844d-7bb355bd3dac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46237efd-5fbe-4381-a0e6-e5577d3a5ba9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce65a80e-c0d1-49bd-844d-7bb355bd3dac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.87603Z", + "modified": "2024-09-11T00:19:24.87603Z", + "name": "CVE-2024-45845", + "description": "nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d018124b-6f0a-4f74-bd81-179a1b035af5.json b/objects/vulnerability/vulnerability--d018124b-6f0a-4f74-bd81-179a1b035af5.json new file mode 100644 index 00000000000..4aa5a13c0c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--d018124b-6f0a-4f74-bd81-179a1b035af5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ea5b98c-4e8c-4529-af22-73d200000de8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d018124b-6f0a-4f74-bd81-179a1b035af5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.904638Z", + "modified": "2024-09-11T00:19:22.904638Z", + "name": "CVE-2024-44815", + "description": "Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44815" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0ba6c31-0c75-4a99-a738-a473eac50d63.json b/objects/vulnerability/vulnerability--d0ba6c31-0c75-4a99-a738-a473eac50d63.json new file mode 100644 index 00000000000..9ef1e749562 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0ba6c31-0c75-4a99-a738-a473eac50d63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6064c973-0de9-473d-bb24-9b2c0e65f0e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0ba6c31-0c75-4a99-a738-a473eac50d63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.825742Z", + "modified": "2024-09-11T00:19:22.825742Z", + "name": "CVE-2024-37965", + "description": "Microsoft SQL Server Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0d86f3f-ac10-4cf6-94bf-33c03acfbff2.json b/objects/vulnerability/vulnerability--d0d86f3f-ac10-4cf6-94bf-33c03acfbff2.json new file mode 100644 index 00000000000..beffc826ad8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0d86f3f-ac10-4cf6-94bf-33c03acfbff2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15509890-4847-4a9c-998f-f742e81b2e33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0d86f3f-ac10-4cf6-94bf-33c03acfbff2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:21.085821Z", + "modified": "2024-09-11T00:19:21.085821Z", + "name": "CVE-2022-45856", + "description": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d167bfc5-276c-49eb-a28c-49edac4dd797.json b/objects/vulnerability/vulnerability--d167bfc5-276c-49eb-a28c-49edac4dd797.json new file mode 100644 index 00000000000..e197f4a3721 --- /dev/null +++ b/objects/vulnerability/vulnerability--d167bfc5-276c-49eb-a28c-49edac4dd797.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c357d950-75b4-4be5-a4cf-13370f13225a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d167bfc5-276c-49eb-a28c-49edac4dd797", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.039798Z", + "modified": "2024-09-11T00:19:23.039798Z", + "name": "CVE-2024-44112", + "description": "Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1a521e9-0cc2-4607-a8d1-962bbcf4c7e8.json b/objects/vulnerability/vulnerability--d1a521e9-0cc2-4607-a8d1-962bbcf4c7e8.json new file mode 100644 index 00000000000..322793a1497 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1a521e9-0cc2-4607-a8d1-962bbcf4c7e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c96b78b1-df3e-4f6a-8f09-d12ee68d4265", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1a521e9-0cc2-4607-a8d1-962bbcf4c7e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.558677Z", + "modified": "2024-09-11T00:19:23.558677Z", + "name": "CVE-2024-38228", + "description": "Microsoft SharePoint Server Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1bf6669-e50d-41dd-9993-7db49c15b1b1.json b/objects/vulnerability/vulnerability--d1bf6669-e50d-41dd-9993-7db49c15b1b1.json new file mode 100644 index 00000000000..7cf165eefe9 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1bf6669-e50d-41dd-9993-7db49c15b1b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90f242a2-7e50-4362-a3e9-8f1e572e70bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1bf6669-e50d-41dd-9993-7db49c15b1b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.062981Z", + "modified": "2024-09-11T00:19:23.062981Z", + "name": "CVE-2024-44893", + "description": "An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44893" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d23f1902-5440-42fb-af41-78194bd1ee1b.json b/objects/vulnerability/vulnerability--d23f1902-5440-42fb-af41-78194bd1ee1b.json new file mode 100644 index 00000000000..206b84132b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--d23f1902-5440-42fb-af41-78194bd1ee1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--269dd6cd-1b6b-4c8f-8ccd-5cd39d51e808", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d23f1902-5440-42fb-af41-78194bd1ee1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.93182Z", + "modified": "2024-09-11T00:19:22.93182Z", + "name": "CVE-2024-44871", + "description": "An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44871" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2e47b35-aeb1-4279-8154-60c244d9d95c.json b/objects/vulnerability/vulnerability--d2e47b35-aeb1-4279-8154-60c244d9d95c.json new file mode 100644 index 00000000000..37fe3d06fd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2e47b35-aeb1-4279-8154-60c244d9d95c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dcbff3f-8756-4eca-ab37-9091e23e2505", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2e47b35-aeb1-4279-8154-60c244d9d95c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.429874Z", + "modified": "2024-09-11T00:19:24.429874Z", + "name": "CVE-2024-7770", + "description": "The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d377e21c-fe4a-49fa-b659-13989e7891a6.json b/objects/vulnerability/vulnerability--d377e21c-fe4a-49fa-b659-13989e7891a6.json new file mode 100644 index 00000000000..e2db581e903 --- /dev/null +++ b/objects/vulnerability/vulnerability--d377e21c-fe4a-49fa-b659-13989e7891a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfe39fa0-60ea-4c5b-b3ea-8b53594dcd57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d377e21c-fe4a-49fa-b659-13989e7891a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.297593Z", + "modified": "2024-09-11T00:19:23.297593Z", + "name": "CVE-2024-42378", + "description": "Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42378" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3eac526-2bca-43a9-b52e-f31cb0308a1f.json b/objects/vulnerability/vulnerability--d3eac526-2bca-43a9-b52e-f31cb0308a1f.json new file mode 100644 index 00000000000..c35558b0fce --- /dev/null +++ b/objects/vulnerability/vulnerability--d3eac526-2bca-43a9-b52e-f31cb0308a1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56155a32-d4be-4498-8f16-4a73c1fb1c77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3eac526-2bca-43a9-b52e-f31cb0308a1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.514805Z", + "modified": "2024-09-11T00:19:23.514805Z", + "name": "CVE-2024-38230", + "description": "Windows Standards-Based Storage Management Service Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4173610-91df-4d88-8c99-6145a1b52611.json b/objects/vulnerability/vulnerability--d4173610-91df-4d88-8c99-6145a1b52611.json new file mode 100644 index 00000000000..a296fd69920 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4173610-91df-4d88-8c99-6145a1b52611.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--432c60ae-82bc-4f00-bb7d-cd7ef4d7b481", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4173610-91df-4d88-8c99-6145a1b52611", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.409056Z", + "modified": "2024-09-11T00:19:24.409056Z", + "name": "CVE-2024-7655", + "description": "The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4afa1ef-7b48-4fd8-a171-0062e4ba82ad.json b/objects/vulnerability/vulnerability--d4afa1ef-7b48-4fd8-a171-0062e4ba82ad.json new file mode 100644 index 00000000000..4bc51445961 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4afa1ef-7b48-4fd8-a171-0062e4ba82ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46e72f7c-7497-471b-bf53-0bd7e68e02bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4afa1ef-7b48-4fd8-a171-0062e4ba82ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.576811Z", + "modified": "2024-09-11T00:19:24.576811Z", + "name": "CVE-2024-43466", + "description": "Microsoft SharePoint Server Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d55635db-0036-4c64-a3b4-d192c0efdf71.json b/objects/vulnerability/vulnerability--d55635db-0036-4c64-a3b4-d192c0efdf71.json new file mode 100644 index 00000000000..3e346afede6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d55635db-0036-4c64-a3b4-d192c0efdf71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--005cc7a6-e9bd-465e-b53c-c545383de1a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d55635db-0036-4c64-a3b4-d192c0efdf71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.412472Z", + "modified": "2024-09-11T00:19:24.412472Z", + "name": "CVE-2024-7891", + "description": "The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7891" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d69e01ca-0e09-4570-94d4-c811073fa6d6.json b/objects/vulnerability/vulnerability--d69e01ca-0e09-4570-94d4-c811073fa6d6.json new file mode 100644 index 00000000000..97cbc726216 --- /dev/null +++ b/objects/vulnerability/vulnerability--d69e01ca-0e09-4570-94d4-c811073fa6d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--562fe97a-a5dc-4479-aafb-377d28576e75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d69e01ca-0e09-4570-94d4-c811073fa6d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.556491Z", + "modified": "2024-09-11T00:19:24.556491Z", + "name": "CVE-2024-43800", + "description": "serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d90c1d5f-ea7f-4880-9a82-448cf9431936.json b/objects/vulnerability/vulnerability--d90c1d5f-ea7f-4880-9a82-448cf9431936.json new file mode 100644 index 00000000000..8cfe06ec85b --- /dev/null +++ b/objects/vulnerability/vulnerability--d90c1d5f-ea7f-4880-9a82-448cf9431936.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e60e5524-d7b8-4a1c-9d10-87b8449e9db2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d90c1d5f-ea7f-4880-9a82-448cf9431936", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.821193Z", + "modified": "2024-09-11T00:19:22.821193Z", + "name": "CVE-2024-37337", + "description": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da25f514-7d1f-4504-a215-a21c5ecd41a2.json b/objects/vulnerability/vulnerability--da25f514-7d1f-4504-a215-a21c5ecd41a2.json new file mode 100644 index 00000000000..37c571c71ee --- /dev/null +++ b/objects/vulnerability/vulnerability--da25f514-7d1f-4504-a215-a21c5ecd41a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3789226d-bc83-47e4-ab0b-c3c9d4f5915c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da25f514-7d1f-4504-a215-a21c5ecd41a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.293665Z", + "modified": "2024-09-11T00:19:30.293665Z", + "name": "CVE-2023-44254", + "description": "An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc512e89-dab8-47a2-813f-469c19996b6a.json b/objects/vulnerability/vulnerability--dc512e89-dab8-47a2-813f-469c19996b6a.json new file mode 100644 index 00000000000..df482851bb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc512e89-dab8-47a2-813f-469c19996b6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b935771-0c13-4178-a363-434f782f86f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc512e89-dab8-47a2-813f-469c19996b6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.912688Z", + "modified": "2024-09-11T00:19:22.912688Z", + "name": "CVE-2024-44072", + "description": "OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44072" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dcd55d67-ea52-43dc-9c07-1146401e18dc.json b/objects/vulnerability/vulnerability--dcd55d67-ea52-43dc-9c07-1146401e18dc.json new file mode 100644 index 00000000000..adac1dfe099 --- /dev/null +++ b/objects/vulnerability/vulnerability--dcd55d67-ea52-43dc-9c07-1146401e18dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e68f8622-a13d-4fde-b8eb-9a842053cad5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dcd55d67-ea52-43dc-9c07-1146401e18dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.874118Z", + "modified": "2024-09-11T00:19:23.874118Z", + "name": "CVE-2024-8241", + "description": "The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8241" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd0e8e77-bed6-4e52-8fff-89f4ce2c1e48.json b/objects/vulnerability/vulnerability--dd0e8e77-bed6-4e52-8fff-89f4ce2c1e48.json new file mode 100644 index 00000000000..fc9ae456066 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd0e8e77-bed6-4e52-8fff-89f4ce2c1e48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abda088f-e53f-47d0-b4d3-c71614c8c153", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd0e8e77-bed6-4e52-8fff-89f4ce2c1e48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.548358Z", + "modified": "2024-09-11T00:19:23.548358Z", + "name": "CVE-2024-38045", + "description": "Windows TCP/IP Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dda031cc-12c6-4200-95ee-c312c90c2bab.json b/objects/vulnerability/vulnerability--dda031cc-12c6-4200-95ee-c312c90c2bab.json new file mode 100644 index 00000000000..d507b252511 --- /dev/null +++ b/objects/vulnerability/vulnerability--dda031cc-12c6-4200-95ee-c312c90c2bab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63512953-f412-4271-916e-8a1b00a23978", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dda031cc-12c6-4200-95ee-c312c90c2bab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:22.770873Z", + "modified": "2024-09-11T00:19:22.770873Z", + "name": "CVE-2024-37728", + "description": "Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the \"Pic/Indexes\" interface", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de36ab2f-53fe-4f33-828a-93e562b3fa64.json b/objects/vulnerability/vulnerability--de36ab2f-53fe-4f33-828a-93e562b3fa64.json new file mode 100644 index 00000000000..efb487aee49 --- /dev/null +++ b/objects/vulnerability/vulnerability--de36ab2f-53fe-4f33-828a-93e562b3fa64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73a45b41-295c-4484-8727-31f808f043cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de36ab2f-53fe-4f33-828a-93e562b3fa64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.496558Z", + "modified": "2024-09-11T00:19:24.496558Z", + "name": "CVE-2024-43647", + "description": "A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e06fba3a-85ca-4576-9f80-ad4d68ab6e9c.json b/objects/vulnerability/vulnerability--e06fba3a-85ca-4576-9f80-ad4d68ab6e9c.json new file mode 100644 index 00000000000..8193948aa32 --- /dev/null +++ b/objects/vulnerability/vulnerability--e06fba3a-85ca-4576-9f80-ad4d68ab6e9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--388bbf4e-fe07-444c-a89f-bd5cd7294fd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e06fba3a-85ca-4576-9f80-ad4d68ab6e9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.572988Z", + "modified": "2024-09-11T00:19:23.572988Z", + "name": "CVE-2024-38249", + "description": "Windows Graphics Component Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2595d94-be42-42d2-a185-fc525d342e64.json b/objects/vulnerability/vulnerability--e2595d94-be42-42d2-a185-fc525d342e64.json new file mode 100644 index 00000000000..debba359625 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2595d94-be42-42d2-a185-fc525d342e64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--145ab232-f03e-49c9-a25a-162d2dbfad6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2595d94-be42-42d2-a185-fc525d342e64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.874744Z", + "modified": "2024-09-11T00:19:24.874744Z", + "name": "CVE-2024-45279", + "description": "Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2ebac5b-03c6-4cc8-a13d-22ca8d659b97.json b/objects/vulnerability/vulnerability--e2ebac5b-03c6-4cc8-a13d-22ca8d659b97.json new file mode 100644 index 00000000000..a889d62ef77 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2ebac5b-03c6-4cc8-a13d-22ca8d659b97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3833329-4b40-4960-9c54-b2f2cbdc10f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2ebac5b-03c6-4cc8-a13d-22ca8d659b97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:32.27442Z", + "modified": "2024-09-11T00:19:32.27442Z", + "name": "CVE-2023-49069", + "description": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49069" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3639752-45ea-4ae0-8e38-cc3f1c4ed2e7.json b/objects/vulnerability/vulnerability--e3639752-45ea-4ae0-8e38-cc3f1c4ed2e7.json new file mode 100644 index 00000000000..81f58aeab24 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3639752-45ea-4ae0-8e38-cc3f1c4ed2e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3af141bc-3260-40db-82c9-ae45a063fd10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3639752-45ea-4ae0-8e38-cc3f1c4ed2e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.885475Z", + "modified": "2024-09-11T00:19:24.885475Z", + "name": "CVE-2024-45590", + "description": "body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4a383f5-1d8f-4a2e-9491-d4fdc7e8e32e.json b/objects/vulnerability/vulnerability--e4a383f5-1d8f-4a2e-9491-d4fdc7e8e32e.json new file mode 100644 index 00000000000..afe6e07d3a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4a383f5-1d8f-4a2e-9491-d4fdc7e8e32e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7179e0c9-fd12-485c-8014-0e697448e5d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4a383f5-1d8f-4a2e-9491-d4fdc7e8e32e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:31.127969Z", + "modified": "2024-09-11T00:19:31.127969Z", + "name": "CVE-2023-28827", + "description": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28827" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4e3a0bf-ed0a-410e-81f1-f618fb9621c2.json b/objects/vulnerability/vulnerability--e4e3a0bf-ed0a-410e-81f1-f618fb9621c2.json new file mode 100644 index 00000000000..356067a6222 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4e3a0bf-ed0a-410e-81f1-f618fb9621c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f010684-d1fa-4ea5-959a-065423453108", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4e3a0bf-ed0a-410e-81f1-f618fb9621c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.546176Z", + "modified": "2024-09-11T00:19:23.546176Z", + "name": "CVE-2024-38252", + "description": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38252" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e73c6397-9569-4bb6-9977-c16ba3f770ad.json b/objects/vulnerability/vulnerability--e73c6397-9569-4bb6-9977-c16ba3f770ad.json new file mode 100644 index 00000000000..b87fd5a6f7d --- /dev/null +++ b/objects/vulnerability/vulnerability--e73c6397-9569-4bb6-9977-c16ba3f770ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2344b7f-8353-4ce2-bfa1-8f4c1dcbf152", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e73c6397-9569-4bb6-9977-c16ba3f770ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.508521Z", + "modified": "2024-09-11T00:19:23.508521Z", + "name": "CVE-2024-38227", + "description": "Microsoft SharePoint Server Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e95c1972-2324-4062-a032-ff850cc76723.json b/objects/vulnerability/vulnerability--e95c1972-2324-4062-a032-ff850cc76723.json new file mode 100644 index 00000000000..326dea43faa --- /dev/null +++ b/objects/vulnerability/vulnerability--e95c1972-2324-4062-a032-ff850cc76723.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07159a9e-09d8-49c0-bcef-a6b4a5db9c93", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e95c1972-2324-4062-a032-ff850cc76723", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.526581Z", + "modified": "2024-09-11T00:19:24.526581Z", + "name": "CVE-2024-43391", + "description": "A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43391" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e99beadd-9ef1-48d7-b922-12dc11fbce5b.json b/objects/vulnerability/vulnerability--e99beadd-9ef1-48d7-b922-12dc11fbce5b.json new file mode 100644 index 00000000000..f40053bf128 --- /dev/null +++ b/objects/vulnerability/vulnerability--e99beadd-9ef1-48d7-b922-12dc11fbce5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62aa979c-0e76-4fce-a561-2461930e19bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e99beadd-9ef1-48d7-b922-12dc11fbce5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.576646Z", + "modified": "2024-09-11T00:19:23.576646Z", + "name": "CVE-2024-38235", + "description": "Windows Hyper-V Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9be99af-85fe-4cc9-b6d4-97fa456cbb1e.json b/objects/vulnerability/vulnerability--e9be99af-85fe-4cc9-b6d4-97fa456cbb1e.json new file mode 100644 index 00000000000..78a1d02c4da --- /dev/null +++ b/objects/vulnerability/vulnerability--e9be99af-85fe-4cc9-b6d4-97fa456cbb1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9f970c7-8052-4d8d-a8e5-86ada96d983e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9be99af-85fe-4cc9-b6d4-97fa456cbb1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.543525Z", + "modified": "2024-09-11T00:19:23.543525Z", + "name": "CVE-2024-38233", + "description": "Windows Networking Denial of Service Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9d1e84a-fd28-49cd-9156-77117081bef9.json b/objects/vulnerability/vulnerability--e9d1e84a-fd28-49cd-9156-77117081bef9.json new file mode 100644 index 00000000000..28cfa6aabe6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9d1e84a-fd28-49cd-9156-77117081bef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--305ee88e-ce6b-4afc-b6cd-c03abb8c0489", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9d1e84a-fd28-49cd-9156-77117081bef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.523238Z", + "modified": "2024-09-11T00:19:23.523238Z", + "name": "CVE-2024-38253", + "description": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38253" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed18231f-0a61-4568-b9b1-469448bf2cec.json b/objects/vulnerability/vulnerability--ed18231f-0a61-4568-b9b1-469448bf2cec.json new file mode 100644 index 00000000000..bb198dbc09e --- /dev/null +++ b/objects/vulnerability/vulnerability--ed18231f-0a61-4568-b9b1-469448bf2cec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0738462a-376a-4a0a-b66e-af4fa727f860", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed18231f-0a61-4568-b9b1-469448bf2cec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.566291Z", + "modified": "2024-09-11T00:19:23.566291Z", + "name": "CVE-2024-38194", + "description": "An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eeca8413-698b-4994-894a-ef2c1336cec8.json b/objects/vulnerability/vulnerability--eeca8413-698b-4994-894a-ef2c1336cec8.json new file mode 100644 index 00000000000..5ea85a051e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--eeca8413-698b-4994-894a-ef2c1336cec8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2812dd2f-2c97-4b01-8f59-a865c2573286", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eeca8413-698b-4994-894a-ef2c1336cec8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.506767Z", + "modified": "2024-09-11T00:19:24.506767Z", + "name": "CVE-2024-43495", + "description": "Windows libarchive Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0662bdc-5ad8-4fb8-b5d6-dc632844ee9c.json b/objects/vulnerability/vulnerability--f0662bdc-5ad8-4fb8-b5d6-dc632844ee9c.json new file mode 100644 index 00000000000..3109fd0ff15 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0662bdc-5ad8-4fb8-b5d6-dc632844ee9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--111b5107-71fd-4956-8627-079acc079b49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0662bdc-5ad8-4fb8-b5d6-dc632844ee9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.533023Z", + "modified": "2024-09-11T00:19:23.533023Z", + "name": "CVE-2024-38250", + "description": "Windows Graphics Component Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f07484c7-31db-47f3-98e6-7eb62e318ca3.json b/objects/vulnerability/vulnerability--f07484c7-31db-47f3-98e6-7eb62e318ca3.json new file mode 100644 index 00000000000..1694a1db502 --- /dev/null +++ b/objects/vulnerability/vulnerability--f07484c7-31db-47f3-98e6-7eb62e318ca3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d64395db-9343-49fd-8899-027a884e8202", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f07484c7-31db-47f3-98e6-7eb62e318ca3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.537012Z", + "modified": "2024-09-11T00:19:24.537012Z", + "name": "CVE-2024-43389", + "description": "A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0d4a32a-9b74-453c-b909-72feed65554a.json b/objects/vulnerability/vulnerability--f0d4a32a-9b74-453c-b909-72feed65554a.json new file mode 100644 index 00000000000..7109f9f464f --- /dev/null +++ b/objects/vulnerability/vulnerability--f0d4a32a-9b74-453c-b909-72feed65554a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9a2b76a-2401-459d-a014-59fc455ff0a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0d4a32a-9b74-453c-b909-72feed65554a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.686654Z", + "modified": "2024-09-11T00:19:23.686654Z", + "name": "CVE-2024-21416", + "description": "Windows TCP/IP Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21416" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1a407fe-1596-45ad-9df4-d4194c1e49f3.json b/objects/vulnerability/vulnerability--f1a407fe-1596-45ad-9df4-d4194c1e49f3.json new file mode 100644 index 00000000000..baa5b662650 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1a407fe-1596-45ad-9df4-d4194c1e49f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e13f16b0-a3ac-4feb-9d6d-71b8eec57247", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1a407fe-1596-45ad-9df4-d4194c1e49f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.497836Z", + "modified": "2024-09-11T00:19:24.497836Z", + "name": "CVE-2024-43470", + "description": "Azure Network Watcher VM Agent Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1bbb71f-546a-4605-aebb-0dfad77ad1c8.json b/objects/vulnerability/vulnerability--f1bbb71f-546a-4605-aebb-0dfad77ad1c8.json new file mode 100644 index 00000000000..736f9f11838 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1bbb71f-546a-4605-aebb-0dfad77ad1c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a09162cb-61ea-4e9f-85cd-fb7dec4a17c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1bbb71f-546a-4605-aebb-0dfad77ad1c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.067833Z", + "modified": "2024-09-11T00:19:23.067833Z", + "name": "CVE-2024-44087", + "description": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44087" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f61f2f96-5258-4881-a360-0c51c837aa1d.json b/objects/vulnerability/vulnerability--f61f2f96-5258-4881-a360-0c51c837aa1d.json new file mode 100644 index 00000000000..43eaa30187f --- /dev/null +++ b/objects/vulnerability/vulnerability--f61f2f96-5258-4881-a360-0c51c837aa1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ce0b52a-8865-4826-b0d1-94ef38b60a51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f61f2f96-5258-4881-a360-0c51c837aa1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:30.542241Z", + "modified": "2024-09-11T00:19:30.542241Z", + "name": "CVE-2023-6841", + "description": "A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f767f9ba-780c-45f0-aea5-2557df369278.json b/objects/vulnerability/vulnerability--f767f9ba-780c-45f0-aea5-2557df369278.json new file mode 100644 index 00000000000..40525461657 --- /dev/null +++ b/objects/vulnerability/vulnerability--f767f9ba-780c-45f0-aea5-2557df369278.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ec6935b-d2f8-4ccf-a3c1-84620fc52292", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f767f9ba-780c-45f0-aea5-2557df369278", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.902306Z", + "modified": "2024-09-11T00:19:24.902306Z", + "name": "CVE-2024-45595", + "description": "D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the \"Custom Filter\" input is turned off by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9ea07e3-1bb2-4932-9d57-7e14903c3c08.json b/objects/vulnerability/vulnerability--f9ea07e3-1bb2-4932-9d57-7e14903c3c08.json new file mode 100644 index 00000000000..7f01feacad7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9ea07e3-1bb2-4932-9d57-7e14903c3c08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0abd8dee-9432-45f0-b498-83b6ec7c4dcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9ea07e3-1bb2-4932-9d57-7e14903c3c08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:23.554103Z", + "modified": "2024-09-11T00:19:23.554103Z", + "name": "CVE-2024-38220", + "description": "Azure Stack Hub Elevation of Privilege Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fab71b4e-da7c-493d-aa23-f9178024a348.json b/objects/vulnerability/vulnerability--fab71b4e-da7c-493d-aa23-f9178024a348.json new file mode 100644 index 00000000000..08cb30ed414 --- /dev/null +++ b/objects/vulnerability/vulnerability--fab71b4e-da7c-493d-aa23-f9178024a348.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9434ac1-9769-4317-9d21-8808b18bc164", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fab71b4e-da7c-493d-aa23-f9178024a348", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.573636Z", + "modified": "2024-09-11T00:19:24.573636Z", + "name": "CVE-2024-43455", + "description": "Windows Remote Desktop Licensing Service Spoofing Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43455" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fca57d05-da7b-4fbb-b1d6-f541640408c6.json b/objects/vulnerability/vulnerability--fca57d05-da7b-4fbb-b1d6-f541640408c6.json new file mode 100644 index 00000000000..c695cb50771 --- /dev/null +++ b/objects/vulnerability/vulnerability--fca57d05-da7b-4fbb-b1d6-f541640408c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8669f617-a721-407c-9e07-38532a7c2bac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fca57d05-da7b-4fbb-b1d6-f541640408c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.549292Z", + "modified": "2024-09-11T00:19:24.549292Z", + "name": "CVE-2024-43469", + "description": "Azure CycleCloud Remote Code Execution Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43469" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe1f44b1-f5df-4552-90c5-257117f371cd.json b/objects/vulnerability/vulnerability--fe1f44b1-f5df-4552-90c5-257117f371cd.json new file mode 100644 index 00000000000..5938c4d8d43 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe1f44b1-f5df-4552-90c5-257117f371cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5e7b2f9-a446-4398-ab82-fb39ce6680b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe1f44b1-f5df-4552-90c5-257117f371cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-11T00:19:24.544733Z", + "modified": "2024-09-11T00:19:24.544733Z", + "name": "CVE-2024-43392", + "description": "A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43392" + } + ] + } + ] +} \ No newline at end of file