diff --git a/mapping.csv b/mapping.csv index 21fd99a9b1e..481561eaee4 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247358,3 +247358,81 @@ vulnerability,CVE-2024-35151,vulnerability--b6ff0c13-9ca1-4cef-9092-09ce3ef86968 vulnerability,CVE-2024-32939,vulnerability--0de901fb-95ee-4120-b962-48e5367e0dd8 vulnerability,CVE-2023-7260,vulnerability--97b3c281-bd85-48df-a89e-e2161e658950 vulnerability,CVE-2023-6452,vulnerability--2ed10d2c-9280-407b-a500-61950e497a3c +vulnerability,CVE-2024-41846,vulnerability--9a9e79f1-68f9-49ec-a0e1-a574d18a84cb +vulnerability,CVE-2024-41842,vulnerability--2895e8ff-ab56-402a-a306-532134435542 +vulnerability,CVE-2024-41150,vulnerability--5870d1f8-f7b6-47e7-ba9c-5d3c84a9f954 +vulnerability,CVE-2024-41875,vulnerability--c2592383-d02b-4ba9-89b9-4d599e669f6f +vulnerability,CVE-2024-41844,vulnerability--b505363f-953d-4e6f-8f02-f3a92eb16201 +vulnerability,CVE-2024-41845,vulnerability--72df4fc5-2012-4d80-9cd9-65626c5989a8 +vulnerability,CVE-2024-41876,vulnerability--f1e7b3f1-de84-429a-b4d5-c9d10f1cfd93 +vulnerability,CVE-2024-41841,vulnerability--a52ceba6-aee3-44e4-877a-88245c66149c +vulnerability,CVE-2024-41847,vulnerability--f7f955b5-ad65-4ab1-bc75-199372cb5c82 +vulnerability,CVE-2024-41878,vulnerability--e364cf63-35f6-4e9a-b708-4f6c4541a475 +vulnerability,CVE-2024-41849,vulnerability--d3643675-84db-4fa7-96d9-7308b27c0898 +vulnerability,CVE-2024-41848,vulnerability--97f3d887-3f6c-4c48-8a66-b8147d9a8323 +vulnerability,CVE-2024-41877,vulnerability--ac16e83d-3a9d-473b-b6aa-48aa097aa365 +vulnerability,CVE-2024-41843,vulnerability--c64d3207-3381-43cf-9e36-4bb0b0795082 +vulnerability,CVE-2024-44386,vulnerability--421b0b8e-cd94-4e4c-907b-03ef5dceb138 +vulnerability,CVE-2024-44387,vulnerability--58a1a231-b2ce-4320-a37e-a426eb8489b4 +vulnerability,CVE-2024-44381,vulnerability--af5a3e36-1d3a-4559-aac5-ce37a8590240 +vulnerability,CVE-2024-44390,vulnerability--a054c1e5-3cd5-4e7e-b329-b252211aaac3 +vulnerability,CVE-2024-44382,vulnerability--585c1f02-ce48-4c1e-84cc-15482a0230fb +vulnerability,CVE-2024-40111,vulnerability--05b9a8ba-d755-4f15-8fc8-0bd2be167a7b +vulnerability,CVE-2024-40766,vulnerability--04b00b96-ec79-4ded-b528-3139e030b1de +vulnerability,CVE-2024-42918,vulnerability--f790617e-39dc-4bf4-840b-19bbd85b11fb +vulnerability,CVE-2024-42766,vulnerability--1715353b-a1c4-47bd-a6fa-b3e5795f3398 +vulnerability,CVE-2024-42636,vulnerability--9c6de8f2-ae78-46bd-93ed-fdc3b44ad5dd +vulnerability,CVE-2024-42992,vulnerability--67e42ac2-fd3f-4ed7-bc03-c410aff7da6f +vulnerability,CVE-2024-42852,vulnerability--70feab55-b718-4dd5-bae4-5a594f11add5 +vulnerability,CVE-2024-42914,vulnerability--e6f8bfe2-7514-480e-96ee-63727c924374 +vulnerability,CVE-2024-42531,vulnerability--1eeb22b0-cd0c-4dc0-8af7-52fe598f1974 +vulnerability,CVE-2024-42523,vulnerability--bfbb399d-499b-453f-9663-9848e3f88dda +vulnerability,CVE-2024-42756,vulnerability--249d855c-db49-40e5-bbc0-ebfdf969007e +vulnerability,CVE-2024-42845,vulnerability--b51655cb-8af9-4f0a-8537-0eb981257317 +vulnerability,CVE-2024-42764,vulnerability--c698eddc-0a2e-456b-be6d-13c536267ced +vulnerability,CVE-2024-42915,vulnerability--d7e4a28d-ba77-4140-a622-85ef2e54fa45 +vulnerability,CVE-2024-42040,vulnerability--3e1accd7-f493-4478-b077-e721382f1317 +vulnerability,CVE-2024-42364,vulnerability--850ddc33-2b6e-4715-a899-aaffbaf5f835 +vulnerability,CVE-2024-42765,vulnerability--1c8cf0a2-55f9-4654-ae4d-54c3d8c21a53 +vulnerability,CVE-2024-38207,vulnerability--32ad169b-9062-497f-b322-d91e494339a1 +vulnerability,CVE-2024-38869,vulnerability--d7e12368-1abd-4079-a34e-c16514ec3568 +vulnerability,CVE-2024-38807,vulnerability--53daf9d7-2ae2-4fa4-a78b-76c712394fde +vulnerability,CVE-2024-33854,vulnerability--7b97b987-dff7-4dc7-9cdb-ac6fd1515e2e +vulnerability,CVE-2024-33853,vulnerability--2b100538-7421-4b69-a182-51365f18902f +vulnerability,CVE-2024-33852,vulnerability--3e51d03c-2e07-406e-9966-f6c10f7f5285 +vulnerability,CVE-2024-36515,vulnerability--4b352335-6ede-4a28-b6f9-baf41609e835 +vulnerability,CVE-2024-36516,vulnerability--01f20be7-3efe-4d5d-a2e1-e41f08f44486 +vulnerability,CVE-2024-36514,vulnerability--b5560cbd-ddea-4f63-8822-e3aae6e6293f +vulnerability,CVE-2024-36517,vulnerability--985eca35-9cec-45cf-adf2-aeaf15c681ac +vulnerability,CVE-2024-7258,vulnerability--50066927-a689-4334-99ce-7e056d959c17 +vulnerability,CVE-2024-7559,vulnerability--9ed98d92-9872-4442-a229-adaa2658e20e +vulnerability,CVE-2024-7986,vulnerability--735eea66-f674-4fac-9e87-eb94784e0204 +vulnerability,CVE-2024-7954,vulnerability--b13f6d86-3761-447e-af6b-c0ac047b578f +vulnerability,CVE-2024-7427,vulnerability--0be6d2a1-bae0-4a5b-be23-8fc31c8fb4b4 +vulnerability,CVE-2024-7428,vulnerability--1970d5f3-c9c8-464d-b47e-42bf4de26f03 +vulnerability,CVE-2024-39841,vulnerability--ece644c7-d8ab-45ca-9d42-8c76992473b1 +vulnerability,CVE-2024-43031,vulnerability--0d3e2a82-10ce-46ee-a014-f21ba24a9229 +vulnerability,CVE-2024-43477,vulnerability--34ee47a8-e9d7-43ce-92df-df44c12104e9 +vulnerability,CVE-2024-43883,vulnerability--b834be2e-675c-4676-85fb-3fab1590a17e +vulnerability,CVE-2024-43782,vulnerability--686b79a9-882d-4def-98c0-2257c8512314 +vulnerability,CVE-2024-43794,vulnerability--ed5f94c1-2ce5-46e3-950b-ba23ae41bb91 +vulnerability,CVE-2024-43032,vulnerability--3b17a144-a110-4d15-8925-398dfee6726c +vulnerability,CVE-2024-43105,vulnerability--a2f273b2-a555-49e1-8ca7-8200a243a819 +vulnerability,CVE-2024-43791,vulnerability--a0fde316-0e25-4955-bd72-b8501cdfbbb7 +vulnerability,CVE-2024-5586,vulnerability--18b4e642-9f8d-4098-ba52-4363f8602ecb +vulnerability,CVE-2024-5502,vulnerability--ecbfc939-67a8-4737-b797-5c179dcf3cb5 +vulnerability,CVE-2024-5556,vulnerability--e62dde08-55cc-4afa-947f-ad75847936c8 +vulnerability,CVE-2024-5466,vulnerability--9aa468d4-a149-4d39-85f2-593d87532f1b +vulnerability,CVE-2024-5467,vulnerability--868920ba-7ecf-4a66-af77-e08633a614d5 +vulnerability,CVE-2024-5490,vulnerability--a6f771f8-558f-4fc3-a009-6aa3aa4eb523 +vulnerability,CVE-2024-37392,vulnerability--933f91f0-888c-4131-a993-f9db8502b6f1 +vulnerability,CVE-2024-37311,vulnerability--16630d73-2726-4969-9a8a-1a490824ff3b +vulnerability,CVE-2024-8112,vulnerability--a4dcaf8b-eacb-44fe-ad72-7b26066f4dd5 +vulnerability,CVE-2024-8113,vulnerability--fe2177b6-ef6e-421d-bab0-c5347155c6e9 +vulnerability,CVE-2024-3282,vulnerability--7ca20077-7671-4ce4-a71f-6d0f20ca94bc +vulnerability,CVE-2024-45188,vulnerability--72def80a-c472-4fdd-bbe8-9b023761f4db +vulnerability,CVE-2024-45189,vulnerability--f0e7d473-9cbd-40cb-9a67-1067f056df26 +vulnerability,CVE-2024-45187,vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1 +vulnerability,CVE-2024-45190,vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81 +vulnerability,CVE-2024-6715,vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae +vulnerability,CVE-2024-32501,vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a diff --git a/objects/vulnerability/vulnerability--01f20be7-3efe-4d5d-a2e1-e41f08f44486.json b/objects/vulnerability/vulnerability--01f20be7-3efe-4d5d-a2e1-e41f08f44486.json new file mode 100644 index 00000000000..b2d83e437dd --- /dev/null +++ b/objects/vulnerability/vulnerability--01f20be7-3efe-4d5d-a2e1-e41f08f44486.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0d7bf97-1546-4382-aeda-64790879fcc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01f20be7-3efe-4d5d-a2e1-e41f08f44486", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.77758Z", + "modified": "2024-08-24T00:18:04.77758Z", + "name": "CVE-2024-36516", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.\nNote: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04b00b96-ec79-4ded-b528-3139e030b1de.json b/objects/vulnerability/vulnerability--04b00b96-ec79-4ded-b528-3139e030b1de.json new file mode 100644 index 00000000000..0086362a6b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--04b00b96-ec79-4ded-b528-3139e030b1de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4471b57f-bfef-4909-83d7-541d019f6666", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04b00b96-ec79-4ded-b528-3139e030b1de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.308698Z", + "modified": "2024-08-24T00:18:04.308698Z", + "name": "CVE-2024-40766", + "description": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05b9a8ba-d755-4f15-8fc8-0bd2be167a7b.json b/objects/vulnerability/vulnerability--05b9a8ba-d755-4f15-8fc8-0bd2be167a7b.json new file mode 100644 index 00000000000..b2977db5315 --- /dev/null +++ b/objects/vulnerability/vulnerability--05b9a8ba-d755-4f15-8fc8-0bd2be167a7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e18f5105-0020-4ecc-99f1-36af3e096981", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05b9a8ba-d755-4f15-8fc8-0bd2be167a7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.292114Z", + "modified": "2024-08-24T00:18:04.292114Z", + "name": "CVE-2024-40111", + "description": "A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0be6d2a1-bae0-4a5b-be23-8fc31c8fb4b4.json b/objects/vulnerability/vulnerability--0be6d2a1-bae0-4a5b-be23-8fc31c8fb4b4.json new file mode 100644 index 00000000000..73426577872 --- /dev/null +++ b/objects/vulnerability/vulnerability--0be6d2a1-bae0-4a5b-be23-8fc31c8fb4b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfbef268-47fa-4dd0-ae04-10060e6c8241", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0be6d2a1-bae0-4a5b-be23-8fc31c8fb4b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.988088Z", + "modified": "2024-08-24T00:18:04.988088Z", + "name": "CVE-2024-7427", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d3e2a82-10ce-46ee-a014-f21ba24a9229.json b/objects/vulnerability/vulnerability--0d3e2a82-10ce-46ee-a014-f21ba24a9229.json new file mode 100644 index 00000000000..28a3266d63d --- /dev/null +++ b/objects/vulnerability/vulnerability--0d3e2a82-10ce-46ee-a014-f21ba24a9229.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9412365-2d22-4ac8-a02a-ab5c822b7e97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d3e2a82-10ce-46ee-a014-f21ba24a9229", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.225426Z", + "modified": "2024-08-24T00:18:05.225426Z", + "name": "CVE-2024-43031", + "description": "autMan v2.9.6 was discovered to contain an access control issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43031" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae.json b/objects/vulnerability/vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae.json new file mode 100644 index 00000000000..79b8de098e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c28fe35-7e65-4cab-85f1-5b97bcfd1a14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.776656Z", + "modified": "2024-08-24T00:18:05.776656Z", + "name": "CVE-2024-6715", + "description": "The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16630d73-2726-4969-9a8a-1a490824ff3b.json b/objects/vulnerability/vulnerability--16630d73-2726-4969-9a8a-1a490824ff3b.json new file mode 100644 index 00000000000..82b2e1f907b --- /dev/null +++ b/objects/vulnerability/vulnerability--16630d73-2726-4969-9a8a-1a490824ff3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--686d24c2-f870-40e4-90a0-9a9b03417714", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16630d73-2726-4969-9a8a-1a490824ff3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.551264Z", + "modified": "2024-08-24T00:18:05.551264Z", + "name": "CVE-2024-37311", + "description": "Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37311" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1715353b-a1c4-47bd-a6fa-b3e5795f3398.json b/objects/vulnerability/vulnerability--1715353b-a1c4-47bd-a6fa-b3e5795f3398.json new file mode 100644 index 00000000000..279d4a24beb --- /dev/null +++ b/objects/vulnerability/vulnerability--1715353b-a1c4-47bd-a6fa-b3e5795f3398.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd1fa240-38d9-4749-8102-8a5e5117a349", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1715353b-a1c4-47bd-a6fa-b3e5795f3398", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.34369Z", + "modified": "2024-08-24T00:18:04.34369Z", + "name": "CVE-2024-42766", + "description": "Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18b4e642-9f8d-4098-ba52-4363f8602ecb.json b/objects/vulnerability/vulnerability--18b4e642-9f8d-4098-ba52-4363f8602ecb.json new file mode 100644 index 00000000000..706c73fe566 --- /dev/null +++ b/objects/vulnerability/vulnerability--18b4e642-9f8d-4098-ba52-4363f8602ecb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12198ee6-2f9c-484a-85c8-ae15773e0a25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18b4e642-9f8d-4098-ba52-4363f8602ecb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.387185Z", + "modified": "2024-08-24T00:18:05.387185Z", + "name": "CVE-2024-5586", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5586" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1970d5f3-c9c8-464d-b47e-42bf4de26f03.json b/objects/vulnerability/vulnerability--1970d5f3-c9c8-464d-b47e-42bf4de26f03.json new file mode 100644 index 00000000000..0cfc9524150 --- /dev/null +++ b/objects/vulnerability/vulnerability--1970d5f3-c9c8-464d-b47e-42bf4de26f03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7360e9f0-bfb6-4812-8fc6-710210484eb0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1970d5f3-c9c8-464d-b47e-42bf4de26f03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.993388Z", + "modified": "2024-08-24T00:18:04.993388Z", + "name": "CVE-2024-7428", + "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c8cf0a2-55f9-4654-ae4d-54c3d8c21a53.json b/objects/vulnerability/vulnerability--1c8cf0a2-55f9-4654-ae4d-54c3d8c21a53.json new file mode 100644 index 00000000000..99a590f3a6c --- /dev/null +++ b/objects/vulnerability/vulnerability--1c8cf0a2-55f9-4654-ae4d-54c3d8c21a53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ac4655b-b407-473b-bd12-9bd750f12e6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c8cf0a2-55f9-4654-ae4d-54c3d8c21a53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.57716Z", + "modified": "2024-08-24T00:18:04.57716Z", + "name": "CVE-2024-42765", + "description": "A SQL injection vulnerability in \"/login.php\" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the \"email\" or \"password\" Login page parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1eeb22b0-cd0c-4dc0-8af7-52fe598f1974.json b/objects/vulnerability/vulnerability--1eeb22b0-cd0c-4dc0-8af7-52fe598f1974.json new file mode 100644 index 00000000000..ed40b1c6aa9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1eeb22b0-cd0c-4dc0-8af7-52fe598f1974.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba60f829-8e18-4d5e-b3f1-bdc9c2f439e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1eeb22b0-cd0c-4dc0-8af7-52fe598f1974", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.362751Z", + "modified": "2024-08-24T00:18:04.362751Z", + "name": "CVE-2024-42531", + "description": "Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--249d855c-db49-40e5-bbc0-ebfdf969007e.json b/objects/vulnerability/vulnerability--249d855c-db49-40e5-bbc0-ebfdf969007e.json new file mode 100644 index 00000000000..aedebe2b4c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--249d855c-db49-40e5-bbc0-ebfdf969007e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60bce86e-ebf4-4570-a838-b129b9308cce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--249d855c-db49-40e5-bbc0-ebfdf969007e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.376678Z", + "modified": "2024-08-24T00:18:04.376678Z", + "name": "CVE-2024-42756", + "description": "An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2895e8ff-ab56-402a-a306-532134435542.json b/objects/vulnerability/vulnerability--2895e8ff-ab56-402a-a306-532134435542.json new file mode 100644 index 00000000000..aee46d4fc73 --- /dev/null +++ b/objects/vulnerability/vulnerability--2895e8ff-ab56-402a-a306-532134435542.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08af9ad6-9999-4aa5-a918-626d8f761f5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2895e8ff-ab56-402a-a306-532134435542", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.872253Z", + "modified": "2024-08-24T00:18:03.872253Z", + "name": "CVE-2024-41842", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b100538-7421-4b69-a182-51365f18902f.json b/objects/vulnerability/vulnerability--2b100538-7421-4b69-a182-51365f18902f.json new file mode 100644 index 00000000000..989a9445fa5 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b100538-7421-4b69-a182-51365f18902f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99e8519c-2a8f-40bb-8d5d-641ea625517a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b100538-7421-4b69-a182-51365f18902f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.735638Z", + "modified": "2024-08-24T00:18:04.735638Z", + "name": "CVE-2024-33853", + "description": "A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33853" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1.json b/objects/vulnerability/vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1.json new file mode 100644 index 00000000000..6c4261141a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c05a4054-5b64-4139-9f34-f15a50001d12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.738493Z", + "modified": "2024-08-24T00:18:05.738493Z", + "name": "CVE-2024-45187", + "description": "Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32ad169b-9062-497f-b322-d91e494339a1.json b/objects/vulnerability/vulnerability--32ad169b-9062-497f-b322-d91e494339a1.json new file mode 100644 index 00000000000..25d939e6693 --- /dev/null +++ b/objects/vulnerability/vulnerability--32ad169b-9062-497f-b322-d91e494339a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96d4141c-c0ec-49f5-af40-427145ebac6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32ad169b-9062-497f-b322-d91e494339a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.665185Z", + "modified": "2024-08-24T00:18:04.665185Z", + "name": "CVE-2024-38207", + "description": "Microsoft Edge (HTML-based) Memory Corruption Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34ee47a8-e9d7-43ce-92df-df44c12104e9.json b/objects/vulnerability/vulnerability--34ee47a8-e9d7-43ce-92df-df44c12104e9.json new file mode 100644 index 00000000000..3cae7e50b05 --- /dev/null +++ b/objects/vulnerability/vulnerability--34ee47a8-e9d7-43ce-92df-df44c12104e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ef0d611-86ef-4bd7-a506-61d753752a85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34ee47a8-e9d7-43ce-92df-df44c12104e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.22825Z", + "modified": "2024-08-24T00:18:05.22825Z", + "name": "CVE-2024-43477", + "description": "Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b17a144-a110-4d15-8925-398dfee6726c.json b/objects/vulnerability/vulnerability--3b17a144-a110-4d15-8925-398dfee6726c.json new file mode 100644 index 00000000000..312136e3fe3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b17a144-a110-4d15-8925-398dfee6726c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19ff4f4d-ccd0-496b-9584-cff8799b8810", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b17a144-a110-4d15-8925-398dfee6726c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.254322Z", + "modified": "2024-08-24T00:18:05.254322Z", + "name": "CVE-2024-43032", + "description": "autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43032" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e1accd7-f493-4478-b077-e721382f1317.json b/objects/vulnerability/vulnerability--3e1accd7-f493-4478-b077-e721382f1317.json new file mode 100644 index 00000000000..73399985478 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e1accd7-f493-4478-b077-e721382f1317.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff9a6348-eb82-4276-a583-f46982e28ed0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e1accd7-f493-4478-b077-e721382f1317", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.568314Z", + "modified": "2024-08-24T00:18:04.568314Z", + "name": "CVE-2024-42040", + "description": "Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e51d03c-2e07-406e-9966-f6c10f7f5285.json b/objects/vulnerability/vulnerability--3e51d03c-2e07-406e-9966-f6c10f7f5285.json new file mode 100644 index 00000000000..8e23cf6b928 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e51d03c-2e07-406e-9966-f6c10f7f5285.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6dce6683-9783-49dd-a85e-06f49c43a45b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e51d03c-2e07-406e-9966-f6c10f7f5285", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.7525Z", + "modified": "2024-08-24T00:18:04.7525Z", + "name": "CVE-2024-33852", + "description": "A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--421b0b8e-cd94-4e4c-907b-03ef5dceb138.json b/objects/vulnerability/vulnerability--421b0b8e-cd94-4e4c-907b-03ef5dceb138.json new file mode 100644 index 00000000000..9e660b39bca --- /dev/null +++ b/objects/vulnerability/vulnerability--421b0b8e-cd94-4e4c-907b-03ef5dceb138.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3994523-5694-4df1-b40b-cc638cfdf7b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--421b0b8e-cd94-4e4c-907b-03ef5dceb138", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.077528Z", + "modified": "2024-08-24T00:18:04.077528Z", + "name": "CVE-2024-44386", + "description": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b352335-6ede-4a28-b6f9-baf41609e835.json b/objects/vulnerability/vulnerability--4b352335-6ede-4a28-b6f9-baf41609e835.json new file mode 100644 index 00000000000..d60938c25d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b352335-6ede-4a28-b6f9-baf41609e835.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45df7820-7fb7-4262-b568-fdf00d8c7249", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b352335-6ede-4a28-b6f9-baf41609e835", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.760962Z", + "modified": "2024-08-24T00:18:04.760962Z", + "name": "CVE-2024-36515", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.\nNote: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50066927-a689-4334-99ce-7e056d959c17.json b/objects/vulnerability/vulnerability--50066927-a689-4334-99ce-7e056d959c17.json new file mode 100644 index 00000000000..81f9e670468 --- /dev/null +++ b/objects/vulnerability/vulnerability--50066927-a689-4334-99ce-7e056d959c17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94bba4f0-8f44-454b-aded-b04c69891eb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50066927-a689-4334-99ce-7e056d959c17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.927271Z", + "modified": "2024-08-24T00:18:04.927271Z", + "name": "CVE-2024-7258", + "description": "The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53daf9d7-2ae2-4fa4-a78b-76c712394fde.json b/objects/vulnerability/vulnerability--53daf9d7-2ae2-4fa4-a78b-76c712394fde.json new file mode 100644 index 00000000000..a11a298349e --- /dev/null +++ b/objects/vulnerability/vulnerability--53daf9d7-2ae2-4fa4-a78b-76c712394fde.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f7380ae-8287-447d-8753-b5b992cb7222", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53daf9d7-2ae2-4fa4-a78b-76c712394fde", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.680672Z", + "modified": "2024-08-24T00:18:04.680672Z", + "name": "CVE-2024-38807", + "description": "Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38807" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--585c1f02-ce48-4c1e-84cc-15482a0230fb.json b/objects/vulnerability/vulnerability--585c1f02-ce48-4c1e-84cc-15482a0230fb.json new file mode 100644 index 00000000000..15c1c14ff80 --- /dev/null +++ b/objects/vulnerability/vulnerability--585c1f02-ce48-4c1e-84cc-15482a0230fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d701d270-01c6-492f-a09b-c92296536c42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--585c1f02-ce48-4c1e-84cc-15482a0230fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.118853Z", + "modified": "2024-08-24T00:18:04.118853Z", + "name": "CVE-2024-44382", + "description": "D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44382" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5870d1f8-f7b6-47e7-ba9c-5d3c84a9f954.json b/objects/vulnerability/vulnerability--5870d1f8-f7b6-47e7-ba9c-5d3c84a9f954.json new file mode 100644 index 00000000000..431b5e0e720 --- /dev/null +++ b/objects/vulnerability/vulnerability--5870d1f8-f7b6-47e7-ba9c-5d3c84a9f954.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--819d3ce1-4643-4fad-b85b-790212af8394", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5870d1f8-f7b6-47e7-ba9c-5d3c84a9f954", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.875059Z", + "modified": "2024-08-24T00:18:03.875059Z", + "name": "CVE-2024-41150", + "description": "An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41150" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58a1a231-b2ce-4320-a37e-a426eb8489b4.json b/objects/vulnerability/vulnerability--58a1a231-b2ce-4320-a37e-a426eb8489b4.json new file mode 100644 index 00000000000..e5188bb860d --- /dev/null +++ b/objects/vulnerability/vulnerability--58a1a231-b2ce-4320-a37e-a426eb8489b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35aaf409-0276-4bac-9646-6d27d81018e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58a1a231-b2ce-4320-a37e-a426eb8489b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.093712Z", + "modified": "2024-08-24T00:18:04.093712Z", + "name": "CVE-2024-44387", + "description": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67e42ac2-fd3f-4ed7-bc03-c410aff7da6f.json b/objects/vulnerability/vulnerability--67e42ac2-fd3f-4ed7-bc03-c410aff7da6f.json new file mode 100644 index 00000000000..3b86a6bf004 --- /dev/null +++ b/objects/vulnerability/vulnerability--67e42ac2-fd3f-4ed7-bc03-c410aff7da6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd45e227-697b-435d-8197-ce3517d9e546", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67e42ac2-fd3f-4ed7-bc03-c410aff7da6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.34923Z", + "modified": "2024-08-24T00:18:04.34923Z", + "name": "CVE-2024-42992", + "description": "Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42992" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--686b79a9-882d-4def-98c0-2257c8512314.json b/objects/vulnerability/vulnerability--686b79a9-882d-4def-98c0-2257c8512314.json new file mode 100644 index 00000000000..d3794f28333 --- /dev/null +++ b/objects/vulnerability/vulnerability--686b79a9-882d-4def-98c0-2257c8512314.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--294ca1e7-88ba-4cfd-94e6-c81df495e3ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--686b79a9-882d-4def-98c0-2257c8512314", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.245118Z", + "modified": "2024-08-24T00:18:05.245118Z", + "name": "CVE-2024-43782", + "description": "This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70feab55-b718-4dd5-bae4-5a594f11add5.json b/objects/vulnerability/vulnerability--70feab55-b718-4dd5-bae4-5a594f11add5.json new file mode 100644 index 00000000000..d0ecaa0eece --- /dev/null +++ b/objects/vulnerability/vulnerability--70feab55-b718-4dd5-bae4-5a594f11add5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcb3ed78-3fd5-4585-b2dd-e75c7fdf193f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70feab55-b718-4dd5-bae4-5a594f11add5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.354528Z", + "modified": "2024-08-24T00:18:04.354528Z", + "name": "CVE-2024-42852", + "description": "Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72def80a-c472-4fdd-bbe8-9b023761f4db.json b/objects/vulnerability/vulnerability--72def80a-c472-4fdd-bbe8-9b023761f4db.json new file mode 100644 index 00000000000..c06c07aaee2 --- /dev/null +++ b/objects/vulnerability/vulnerability--72def80a-c472-4fdd-bbe8-9b023761f4db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccf75a91-5c73-4ef1-9b9b-84c233f6144d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72def80a-c472-4fdd-bbe8-9b023761f4db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.73405Z", + "modified": "2024-08-24T00:18:05.73405Z", + "name": "CVE-2024-45188", + "description": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"File Content\" request", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72df4fc5-2012-4d80-9cd9-65626c5989a8.json b/objects/vulnerability/vulnerability--72df4fc5-2012-4d80-9cd9-65626c5989a8.json new file mode 100644 index 00000000000..978f05bc260 --- /dev/null +++ b/objects/vulnerability/vulnerability--72df4fc5-2012-4d80-9cd9-65626c5989a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a4db72a-f37b-45f6-acfc-8a0ea78b17b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72df4fc5-2012-4d80-9cd9-65626c5989a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.88916Z", + "modified": "2024-08-24T00:18:03.88916Z", + "name": "CVE-2024-41845", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--735eea66-f674-4fac-9e87-eb94784e0204.json b/objects/vulnerability/vulnerability--735eea66-f674-4fac-9e87-eb94784e0204.json new file mode 100644 index 00000000000..1f593d75c5d --- /dev/null +++ b/objects/vulnerability/vulnerability--735eea66-f674-4fac-9e87-eb94784e0204.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--909a7dd4-55f6-44ea-b368-69c6e73305f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--735eea66-f674-4fac-9e87-eb94784e0204", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.967204Z", + "modified": "2024-08-24T00:18:04.967204Z", + "name": "CVE-2024-7986", + "description": "A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7986" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b97b987-dff7-4dc7-9cdb-ac6fd1515e2e.json b/objects/vulnerability/vulnerability--7b97b987-dff7-4dc7-9cdb-ac6fd1515e2e.json new file mode 100644 index 00000000000..9e526807e91 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b97b987-dff7-4dc7-9cdb-ac6fd1515e2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd1f2081-1982-49e5-9fb4-b8260a1d0719", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b97b987-dff7-4dc7-9cdb-ac6fd1515e2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.707646Z", + "modified": "2024-08-24T00:18:04.707646Z", + "name": "CVE-2024-33854", + "description": "A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33854" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ca20077-7671-4ce4-a71f-6d0f20ca94bc.json b/objects/vulnerability/vulnerability--7ca20077-7671-4ce4-a71f-6d0f20ca94bc.json new file mode 100644 index 00000000000..869f5caa6a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ca20077-7671-4ce4-a71f-6d0f20ca94bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37927d53-4d4e-4f53-81bc-9657bff68365", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ca20077-7671-4ce4-a71f-6d0f20ca94bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.726018Z", + "modified": "2024-08-24T00:18:05.726018Z", + "name": "CVE-2024-3282", + "description": "The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--850ddc33-2b6e-4715-a899-aaffbaf5f835.json b/objects/vulnerability/vulnerability--850ddc33-2b6e-4715-a899-aaffbaf5f835.json new file mode 100644 index 00000000000..37cdb510c08 --- /dev/null +++ b/objects/vulnerability/vulnerability--850ddc33-2b6e-4715-a899-aaffbaf5f835.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ab27724-1009-47ef-845c-ca198805ca44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--850ddc33-2b6e-4715-a899-aaffbaf5f835", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.571777Z", + "modified": "2024-08-24T00:18:04.571777Z", + "name": "CVE-2024-42364", + "description": "Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit his/her website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the homepage instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the webserver after the IP address has changed. When the attacker domain is fetched, the response will be from the homepage instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, a user’s private information such as API keys (fixed after first report) and other private information can then be extracted by the attacker website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--868920ba-7ecf-4a66-af77-e08633a614d5.json b/objects/vulnerability/vulnerability--868920ba-7ecf-4a66-af77-e08633a614d5.json new file mode 100644 index 00000000000..01876085fe8 --- /dev/null +++ b/objects/vulnerability/vulnerability--868920ba-7ecf-4a66-af77-e08633a614d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48948c5b-982d-4862-af1f-e7923df29ef7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--868920ba-7ecf-4a66-af77-e08633a614d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.424504Z", + "modified": "2024-08-24T00:18:05.424504Z", + "name": "CVE-2024-5467", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--933f91f0-888c-4131-a993-f9db8502b6f1.json b/objects/vulnerability/vulnerability--933f91f0-888c-4131-a993-f9db8502b6f1.json new file mode 100644 index 00000000000..2833d01477b --- /dev/null +++ b/objects/vulnerability/vulnerability--933f91f0-888c-4131-a993-f9db8502b6f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34ccee0a-e52b-421e-b4ba-20d1940686de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--933f91f0-888c-4131-a993-f9db8502b6f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.531526Z", + "modified": "2024-08-24T00:18:05.531526Z", + "name": "CVE-2024-37392", + "description": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37392" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97f3d887-3f6c-4c48-8a66-b8147d9a8323.json b/objects/vulnerability/vulnerability--97f3d887-3f6c-4c48-8a66-b8147d9a8323.json new file mode 100644 index 00000000000..12f1bb33fe9 --- /dev/null +++ b/objects/vulnerability/vulnerability--97f3d887-3f6c-4c48-8a66-b8147d9a8323.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2bc17eed-db83-4e88-ba31-d899afc8eb84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97f3d887-3f6c-4c48-8a66-b8147d9a8323", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.903909Z", + "modified": "2024-08-24T00:18:03.903909Z", + "name": "CVE-2024-41848", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--985eca35-9cec-45cf-adf2-aeaf15c681ac.json b/objects/vulnerability/vulnerability--985eca35-9cec-45cf-adf2-aeaf15c681ac.json new file mode 100644 index 00000000000..842c7d9a268 --- /dev/null +++ b/objects/vulnerability/vulnerability--985eca35-9cec-45cf-adf2-aeaf15c681ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--929f07ce-4006-4de6-bc39-e1bfbc51b8a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--985eca35-9cec-45cf-adf2-aeaf15c681ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.797446Z", + "modified": "2024-08-24T00:18:04.797446Z", + "name": "CVE-2024-36517", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a9e79f1-68f9-49ec-a0e1-a574d18a84cb.json b/objects/vulnerability/vulnerability--9a9e79f1-68f9-49ec-a0e1-a574d18a84cb.json new file mode 100644 index 00000000000..6e594537874 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a9e79f1-68f9-49ec-a0e1-a574d18a84cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63a88c19-3166-42e3-ab9a-5bcf6f731d63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a9e79f1-68f9-49ec-a0e1-a574d18a84cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.845719Z", + "modified": "2024-08-24T00:18:03.845719Z", + "name": "CVE-2024-41846", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9aa468d4-a149-4d39-85f2-593d87532f1b.json b/objects/vulnerability/vulnerability--9aa468d4-a149-4d39-85f2-593d87532f1b.json new file mode 100644 index 00000000000..b0780efd5a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--9aa468d4-a149-4d39-85f2-593d87532f1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc5d9370-4684-4fe2-a2b6-c47e5454081e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9aa468d4-a149-4d39-85f2-593d87532f1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.411924Z", + "modified": "2024-08-24T00:18:05.411924Z", + "name": "CVE-2024-5466", + "description": "Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c6de8f2-ae78-46bd-93ed-fdc3b44ad5dd.json b/objects/vulnerability/vulnerability--9c6de8f2-ae78-46bd-93ed-fdc3b44ad5dd.json new file mode 100644 index 00000000000..aa00c1173c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c6de8f2-ae78-46bd-93ed-fdc3b44ad5dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d626f142-dece-4dbe-898b-79e52505f335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c6de8f2-ae78-46bd-93ed-fdc3b44ad5dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.346928Z", + "modified": "2024-08-24T00:18:04.346928Z", + "name": "CVE-2024-42636", + "description": "DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ed98d92-9872-4442-a229-adaa2658e20e.json b/objects/vulnerability/vulnerability--9ed98d92-9872-4442-a229-adaa2658e20e.json new file mode 100644 index 00000000000..48942fead12 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ed98d92-9872-4442-a229-adaa2658e20e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d56252f4-fc50-4a7a-9083-0e34047cd336", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ed98d92-9872-4442-a229-adaa2658e20e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.931157Z", + "modified": "2024-08-24T00:18:04.931157Z", + "name": "CVE-2024-7559", + "description": "The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a054c1e5-3cd5-4e7e-b329-b252211aaac3.json b/objects/vulnerability/vulnerability--a054c1e5-3cd5-4e7e-b329-b252211aaac3.json new file mode 100644 index 00000000000..4b5719f1dba --- /dev/null +++ b/objects/vulnerability/vulnerability--a054c1e5-3cd5-4e7e-b329-b252211aaac3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e51bd3a6-f20a-4f30-9a85-00ab9c7a9ea0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a054c1e5-3cd5-4e7e-b329-b252211aaac3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.112389Z", + "modified": "2024-08-24T00:18:04.112389Z", + "name": "CVE-2024-44390", + "description": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0fde316-0e25-4955-bd72-b8501cdfbbb7.json b/objects/vulnerability/vulnerability--a0fde316-0e25-4955-bd72-b8501cdfbbb7.json new file mode 100644 index 00000000000..cd03433de2a --- /dev/null +++ b/objects/vulnerability/vulnerability--a0fde316-0e25-4955-bd72-b8501cdfbbb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1cb98fc-ba26-4ec8-96db-74a948e6ae97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0fde316-0e25-4955-bd72-b8501cdfbbb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.262707Z", + "modified": "2024-08-24T00:18:05.262707Z", + "name": "CVE-2024-43791", + "description": "RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2f273b2-a555-49e1-8ca7-8200a243a819.json b/objects/vulnerability/vulnerability--a2f273b2-a555-49e1-8ca7-8200a243a819.json new file mode 100644 index 00000000000..40916ae24f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2f273b2-a555-49e1-8ca7-8200a243a819.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f3da36d-9784-4865-bd5b-8ae21511219b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2f273b2-a555-49e1-8ca7-8200a243a819", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.256603Z", + "modified": "2024-08-24T00:18:05.256603Z", + "name": "CVE-2024-43105", + "description": "Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43105" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4dcaf8b-eacb-44fe-ad72-7b26066f4dd5.json b/objects/vulnerability/vulnerability--a4dcaf8b-eacb-44fe-ad72-7b26066f4dd5.json new file mode 100644 index 00000000000..3edcd2ee5f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a4dcaf8b-eacb-44fe-ad72-7b26066f4dd5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--123fa8d3-4b69-47f3-bd75-67f32229fcd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4dcaf8b-eacb-44fe-ad72-7b26066f4dd5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.668915Z", + "modified": "2024-08-24T00:18:05.668915Z", + "name": "CVE-2024-8112", + "description": "A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a52ceba6-aee3-44e4-877a-88245c66149c.json b/objects/vulnerability/vulnerability--a52ceba6-aee3-44e4-877a-88245c66149c.json new file mode 100644 index 00000000000..19c32a929b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--a52ceba6-aee3-44e4-877a-88245c66149c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--132abb16-599c-40aa-87dd-6f42865a740f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a52ceba6-aee3-44e4-877a-88245c66149c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.894267Z", + "modified": "2024-08-24T00:18:03.894267Z", + "name": "CVE-2024-41841", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6f771f8-558f-4fc3-a009-6aa3aa4eb523.json b/objects/vulnerability/vulnerability--a6f771f8-558f-4fc3-a009-6aa3aa4eb523.json new file mode 100644 index 00000000000..4856564bece --- /dev/null +++ b/objects/vulnerability/vulnerability--a6f771f8-558f-4fc3-a009-6aa3aa4eb523.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe8ea2a2-0d10-4cd9-b26b-38dadeeb22b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6f771f8-558f-4fc3-a009-6aa3aa4eb523", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.427991Z", + "modified": "2024-08-24T00:18:05.427991Z", + "name": "CVE-2024-5490", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac16e83d-3a9d-473b-b6aa-48aa097aa365.json b/objects/vulnerability/vulnerability--ac16e83d-3a9d-473b-b6aa-48aa097aa365.json new file mode 100644 index 00000000000..654f4bbd08b --- /dev/null +++ b/objects/vulnerability/vulnerability--ac16e83d-3a9d-473b-b6aa-48aa097aa365.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e8dc5bc-440b-4050-8b97-26c8a8c36d04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac16e83d-3a9d-473b-b6aa-48aa097aa365", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.905618Z", + "modified": "2024-08-24T00:18:03.905618Z", + "name": "CVE-2024-41877", + "description": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41877" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af5a3e36-1d3a-4559-aac5-ce37a8590240.json b/objects/vulnerability/vulnerability--af5a3e36-1d3a-4559-aac5-ce37a8590240.json new file mode 100644 index 00000000000..e7069d656fe --- /dev/null +++ b/objects/vulnerability/vulnerability--af5a3e36-1d3a-4559-aac5-ce37a8590240.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13d2f022-8406-4b4c-80ea-aeca7f2b9ab1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af5a3e36-1d3a-4559-aac5-ce37a8590240", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.094926Z", + "modified": "2024-08-24T00:18:04.094926Z", + "name": "CVE-2024-44381", + "description": "D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44381" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b13f6d86-3761-447e-af6b-c0ac047b578f.json b/objects/vulnerability/vulnerability--b13f6d86-3761-447e-af6b-c0ac047b578f.json new file mode 100644 index 00000000000..59902f56db8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b13f6d86-3761-447e-af6b-c0ac047b578f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04f4d420-78af-4ea9-8b7d-6ba810c47f94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b13f6d86-3761-447e-af6b-c0ac047b578f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.968501Z", + "modified": "2024-08-24T00:18:04.968501Z", + "name": "CVE-2024-7954", + "description": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7954" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b505363f-953d-4e6f-8f02-f3a92eb16201.json b/objects/vulnerability/vulnerability--b505363f-953d-4e6f-8f02-f3a92eb16201.json new file mode 100644 index 00000000000..e565779db1e --- /dev/null +++ b/objects/vulnerability/vulnerability--b505363f-953d-4e6f-8f02-f3a92eb16201.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82f1b98a-eaa5-4bc2-bfd6-0b4da430f222", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b505363f-953d-4e6f-8f02-f3a92eb16201", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.886672Z", + "modified": "2024-08-24T00:18:03.886672Z", + "name": "CVE-2024-41844", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41844" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b51655cb-8af9-4f0a-8537-0eb981257317.json b/objects/vulnerability/vulnerability--b51655cb-8af9-4f0a-8537-0eb981257317.json new file mode 100644 index 00000000000..7da2ddcfcca --- /dev/null +++ b/objects/vulnerability/vulnerability--b51655cb-8af9-4f0a-8537-0eb981257317.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a4ffb17-2103-437e-a0cf-112d0f9bc4f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b51655cb-8af9-4f0a-8537-0eb981257317", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.548373Z", + "modified": "2024-08-24T00:18:04.548373Z", + "name": "CVE-2024-42845", + "description": "An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5560cbd-ddea-4f63-8822-e3aae6e6293f.json b/objects/vulnerability/vulnerability--b5560cbd-ddea-4f63-8822-e3aae6e6293f.json new file mode 100644 index 00000000000..debffd692bf --- /dev/null +++ b/objects/vulnerability/vulnerability--b5560cbd-ddea-4f63-8822-e3aae6e6293f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8feff431-8c3a-4f9d-8eb3-796cfe2dfa57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5560cbd-ddea-4f63-8822-e3aae6e6293f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.791335Z", + "modified": "2024-08-24T00:18:04.791335Z", + "name": "CVE-2024-36514", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b834be2e-675c-4676-85fb-3fab1590a17e.json b/objects/vulnerability/vulnerability--b834be2e-675c-4676-85fb-3fab1590a17e.json new file mode 100644 index 00000000000..71fb14aef3d --- /dev/null +++ b/objects/vulnerability/vulnerability--b834be2e-675c-4676-85fb-3fab1590a17e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83e02ca9-cbd9-4a9a-a186-f5bc9eb4f18d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b834be2e-675c-4676-85fb-3fab1590a17e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.231267Z", + "modified": "2024-08-24T00:18:05.231267Z", + "name": "CVE-2024-43883", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43883" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81.json b/objects/vulnerability/vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81.json new file mode 100644 index 00000000000..fcaead0a244 --- /dev/null +++ b/objects/vulnerability/vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff0c00cb-ea0a-473c-95bd-9047fb833a69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.740088Z", + "modified": "2024-08-24T00:18:05.740088Z", + "name": "CVE-2024-45190", + "description": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Pipeline Interaction\" request", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45190" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfbb399d-499b-453f-9663-9848e3f88dda.json b/objects/vulnerability/vulnerability--bfbb399d-499b-453f-9663-9848e3f88dda.json new file mode 100644 index 00000000000..54401e79438 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfbb399d-499b-453f-9663-9848e3f88dda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2c74832-2794-4b04-ba0a-d9634db544d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfbb399d-499b-453f-9663-9848e3f88dda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.367773Z", + "modified": "2024-08-24T00:18:04.367773Z", + "name": "CVE-2024-42523", + "description": "publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2592383-d02b-4ba9-89b9-4d599e669f6f.json b/objects/vulnerability/vulnerability--c2592383-d02b-4ba9-89b9-4d599e669f6f.json new file mode 100644 index 00000000000..4b378e8c273 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2592383-d02b-4ba9-89b9-4d599e669f6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fbee8313-5dfe-42b0-ae6c-cf737de4dc44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2592383-d02b-4ba9-89b9-4d599e669f6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.881734Z", + "modified": "2024-08-24T00:18:03.881734Z", + "name": "CVE-2024-41875", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c64d3207-3381-43cf-9e36-4bb0b0795082.json b/objects/vulnerability/vulnerability--c64d3207-3381-43cf-9e36-4bb0b0795082.json new file mode 100644 index 00000000000..0d78c931685 --- /dev/null +++ b/objects/vulnerability/vulnerability--c64d3207-3381-43cf-9e36-4bb0b0795082.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07e577e0-4acb-4eb4-a8bf-ceb49b466d6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c64d3207-3381-43cf-9e36-4bb0b0795082", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.907683Z", + "modified": "2024-08-24T00:18:03.907683Z", + "name": "CVE-2024-41843", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41843" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c698eddc-0a2e-456b-be6d-13c536267ced.json b/objects/vulnerability/vulnerability--c698eddc-0a2e-456b-be6d-13c536267ced.json new file mode 100644 index 00000000000..40bcd0394e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c698eddc-0a2e-456b-be6d-13c536267ced.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49d68ea6-2bd4-41ee-a339-31976c7303f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c698eddc-0a2e-456b-be6d-13c536267ced", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.550692Z", + "modified": "2024-08-24T00:18:04.550692Z", + "name": "CVE-2024-42764", + "description": "Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42764" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3643675-84db-4fa7-96d9-7308b27c0898.json b/objects/vulnerability/vulnerability--d3643675-84db-4fa7-96d9-7308b27c0898.json new file mode 100644 index 00000000000..797fd2c697b --- /dev/null +++ b/objects/vulnerability/vulnerability--d3643675-84db-4fa7-96d9-7308b27c0898.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84fbdf5f-c9ed-460e-82ee-2be72a8f85f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3643675-84db-4fa7-96d9-7308b27c0898", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.902651Z", + "modified": "2024-08-24T00:18:03.902651Z", + "name": "CVE-2024-41849", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7e12368-1abd-4079-a34e-c16514ec3568.json b/objects/vulnerability/vulnerability--d7e12368-1abd-4079-a34e-c16514ec3568.json new file mode 100644 index 00000000000..faf2a402c12 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7e12368-1abd-4079-a34e-c16514ec3568.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9825c453-ab7f-4492-8e38-a27c72f9da80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7e12368-1abd-4079-a34e-c16514ec3568", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.666887Z", + "modified": "2024-08-24T00:18:04.666887Z", + "name": "CVE-2024-38869", + "description": "An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38869" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7e4a28d-ba77-4140-a622-85ef2e54fa45.json b/objects/vulnerability/vulnerability--d7e4a28d-ba77-4140-a622-85ef2e54fa45.json new file mode 100644 index 00000000000..c9e62a4ca99 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7e4a28d-ba77-4140-a622-85ef2e54fa45.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c4214ee-8eba-4d2e-b124-25fa776acf29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7e4a28d-ba77-4140-a622-85ef2e54fa45", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.557802Z", + "modified": "2024-08-24T00:18:04.557802Z", + "name": "CVE-2024-42915", + "description": "A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e364cf63-35f6-4e9a-b708-4f6c4541a475.json b/objects/vulnerability/vulnerability--e364cf63-35f6-4e9a-b708-4f6c4541a475.json new file mode 100644 index 00000000000..924f02635e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e364cf63-35f6-4e9a-b708-4f6c4541a475.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1f44303-1eb8-4e64-961c-01443c7acc9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e364cf63-35f6-4e9a-b708-4f6c4541a475", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.901115Z", + "modified": "2024-08-24T00:18:03.901115Z", + "name": "CVE-2024-41878", + "description": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e62dde08-55cc-4afa-947f-ad75847936c8.json b/objects/vulnerability/vulnerability--e62dde08-55cc-4afa-947f-ad75847936c8.json new file mode 100644 index 00000000000..bd03716f3b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e62dde08-55cc-4afa-947f-ad75847936c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2171c3fa-a394-4dad-8136-475e05a33d30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e62dde08-55cc-4afa-947f-ad75847936c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.408541Z", + "modified": "2024-08-24T00:18:05.408541Z", + "name": "CVE-2024-5556", + "description": "Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5556" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6f8bfe2-7514-480e-96ee-63727c924374.json b/objects/vulnerability/vulnerability--e6f8bfe2-7514-480e-96ee-63727c924374.json new file mode 100644 index 00000000000..63c571e04a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6f8bfe2-7514-480e-96ee-63727c924374.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83327868-1c49-4fe1-bbec-a1d99260ad6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6f8bfe2-7514-480e-96ee-63727c924374", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.355961Z", + "modified": "2024-08-24T00:18:04.355961Z", + "name": "CVE-2024-42914", + "description": "A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42914" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ecbfc939-67a8-4737-b797-5c179dcf3cb5.json b/objects/vulnerability/vulnerability--ecbfc939-67a8-4737-b797-5c179dcf3cb5.json new file mode 100644 index 00000000000..d602313b0a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--ecbfc939-67a8-4737-b797-5c179dcf3cb5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d747262-14f3-4ae5-aebc-473d946d518d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ecbfc939-67a8-4737-b797-5c179dcf3cb5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.398591Z", + "modified": "2024-08-24T00:18:05.398591Z", + "name": "CVE-2024-5502", + "description": "The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ece644c7-d8ab-45ca-9d42-8c76992473b1.json b/objects/vulnerability/vulnerability--ece644c7-d8ab-45ca-9d42-8c76992473b1.json new file mode 100644 index 00000000000..4617c7b14a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--ece644c7-d8ab-45ca-9d42-8c76992473b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1337d97c-14cf-4b1c-8194-cdacf7f9275f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ece644c7-d8ab-45ca-9d42-8c76992473b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.104509Z", + "modified": "2024-08-24T00:18:05.104509Z", + "name": "CVE-2024-39841", + "description": "A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed5f94c1-2ce5-46e3-950b-ba23ae41bb91.json b/objects/vulnerability/vulnerability--ed5f94c1-2ce5-46e3-950b-ba23ae41bb91.json new file mode 100644 index 00000000000..3d756527962 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed5f94c1-2ce5-46e3-950b-ba23ae41bb91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00ea13f5-d1e5-4dd2-a1e2-2c5230588c9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed5f94c1-2ce5-46e3-950b-ba23ae41bb91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.248701Z", + "modified": "2024-08-24T00:18:05.248701Z", + "name": "CVE-2024-43794", + "description": "OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0e7d473-9cbd-40cb-9a67-1067f056df26.json b/objects/vulnerability/vulnerability--f0e7d473-9cbd-40cb-9a67-1067f056df26.json new file mode 100644 index 00000000000..3f52c5bc079 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0e7d473-9cbd-40cb-9a67-1067f056df26.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dee6590c-3ec6-4174-a15c-5eaf7dd2086b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0e7d473-9cbd-40cb-9a67-1067f056df26", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.736151Z", + "modified": "2024-08-24T00:18:05.736151Z", + "name": "CVE-2024-45189", + "description": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Git Content\" request", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45189" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1e7b3f1-de84-429a-b4d5-c9d10f1cfd93.json b/objects/vulnerability/vulnerability--f1e7b3f1-de84-429a-b4d5-c9d10f1cfd93.json new file mode 100644 index 00000000000..0ce4334298f --- /dev/null +++ b/objects/vulnerability/vulnerability--f1e7b3f1-de84-429a-b4d5-c9d10f1cfd93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0868e53e-f447-47da-865d-2903cbd7860b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1e7b3f1-de84-429a-b4d5-c9d10f1cfd93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.890621Z", + "modified": "2024-08-24T00:18:03.890621Z", + "name": "CVE-2024-41876", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41876" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f790617e-39dc-4bf4-840b-19bbd85b11fb.json b/objects/vulnerability/vulnerability--f790617e-39dc-4bf4-840b-19bbd85b11fb.json new file mode 100644 index 00000000000..4e9d0426e56 --- /dev/null +++ b/objects/vulnerability/vulnerability--f790617e-39dc-4bf4-840b-19bbd85b11fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--092de9a3-322d-4440-95bb-659cbbef60dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f790617e-39dc-4bf4-840b-19bbd85b11fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:04.340069Z", + "modified": "2024-08-24T00:18:04.340069Z", + "name": "CVE-2024-42918", + "description": "itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7f955b5-ad65-4ab1-bc75-199372cb5c82.json b/objects/vulnerability/vulnerability--f7f955b5-ad65-4ab1-bc75-199372cb5c82.json new file mode 100644 index 00000000000..beed3dbb07e --- /dev/null +++ b/objects/vulnerability/vulnerability--f7f955b5-ad65-4ab1-bc75-199372cb5c82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77192470-c8c8-416f-8a30-cd7e8cde880c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7f955b5-ad65-4ab1-bc75-199372cb5c82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:03.899101Z", + "modified": "2024-08-24T00:18:03.899101Z", + "name": "CVE-2024-41847", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41847" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a.json b/objects/vulnerability/vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a.json new file mode 100644 index 00000000000..59c572be24c --- /dev/null +++ b/objects/vulnerability/vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--861e88b1-65df-483b-aee9-d344c613a697", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.900824Z", + "modified": "2024-08-24T00:18:05.900824Z", + "name": "CVE-2024-32501", + "description": "A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe2177b6-ef6e-421d-bab0-c5347155c6e9.json b/objects/vulnerability/vulnerability--fe2177b6-ef6e-421d-bab0-c5347155c6e9.json new file mode 100644 index 00000000000..9c9e7b6abcc --- /dev/null +++ b/objects/vulnerability/vulnerability--fe2177b6-ef6e-421d-bab0-c5347155c6e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--089db6a4-d668-4321-a4ff-2b1b748e0c8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe2177b6-ef6e-421d-bab0-c5347155c6e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-24T00:18:05.671465Z", + "modified": "2024-08-24T00:18:05.671465Z", + "name": "CVE-2024-8113", + "description": "Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8113" + } + ] + } + ] +} \ No newline at end of file