From 357f9d1263788941e45a739f7af65565d3c08e34 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 25 Aug 2024 00:21:07 +0000 Subject: [PATCH] generated content from 2024-08-25 --- mapping.csv | 29 +++++++++++++++++++ ...-02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9.json | 22 ++++++++++++++ ...-071a51b7-6966-45da-a24e-9c988c34a377.json | 22 ++++++++++++++ ...-075d83a5-fa9a-4cc5-8f14-f1fb5469ee20.json | 22 ++++++++++++++ ...-0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f.json | 22 ++++++++++++++ ...-16281911-107d-455c-af13-16afe23bced6.json | 22 ++++++++++++++ ...-21040cf4-da18-47c6-ac59-249115c38a94.json | 22 ++++++++++++++ ...-2d52c2f0-6cd7-4629-af48-cc0db6904ae7.json | 22 ++++++++++++++ ...-44612181-11d1-44fe-9331-1f8b531b2af2.json | 22 ++++++++++++++ ...-4e767584-bc3f-436f-935e-0bb4d537ed43.json | 22 ++++++++++++++ ...-4fe50500-c200-4e73-bd72-b959f46c9d62.json | 22 ++++++++++++++ ...-544bd829-700f-4f1b-8727-0a112bb4f390.json | 22 ++++++++++++++ ...-55a69c29-c609-40a6-91ec-dbad5dea7ced.json | 22 ++++++++++++++ ...-59f28ce9-a240-4854-8aa7-335814a883cb.json | 22 ++++++++++++++ ...-5c1f31f6-6037-48d1-b0ac-165f0d956a76.json | 22 ++++++++++++++ ...-662fe2fd-ddf2-435c-8f3f-f121c12480d7.json | 22 ++++++++++++++ ...-9c369cea-eddd-4092-af5b-9931b6afe9b8.json | 22 ++++++++++++++ ...-9e0c12ce-4645-446f-bd77-eed107214d4e.json | 22 ++++++++++++++ ...-b6f3e662-f461-4aa8-9e6b-181a09e68934.json | 22 ++++++++++++++ ...-c7ef88e8-a1c8-4af4-8101-1319b771993f.json | 22 ++++++++++++++ ...-cd295fa0-1a28-4412-b9f4-edbaf42dcd58.json | 22 ++++++++++++++ ...-cf10b0d2-27b0-44a7-99ce-c255c127013d.json | 22 ++++++++++++++ ...-d1352c57-267e-4bce-9cbf-a44a1b38af77.json | 22 ++++++++++++++ ...-d5851fda-5267-4d88-8bcf-6eb28f028d68.json | 22 ++++++++++++++ ...-d633dd9b-41bc-4e2e-972c-509d0b308a99.json | 22 ++++++++++++++ ...-d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e.json | 22 ++++++++++++++ ...-e77e48a3-b509-4cea-b1a6-8187c1653c40.json | 22 ++++++++++++++ ...-efd7e04c-029f-4794-aeb9-9f2774479ef6.json | 22 ++++++++++++++ ...-f5593cc3-966a-4b15-9f00-99b0e0a6890e.json | 22 ++++++++++++++ ...-f7b71aa6-46d5-408f-a6fd-46bddf3e2d36.json | 22 ++++++++++++++ 30 files changed, 667 insertions(+) create mode 100644 objects/vulnerability/vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9.json create mode 100644 objects/vulnerability/vulnerability--071a51b7-6966-45da-a24e-9c988c34a377.json create mode 100644 objects/vulnerability/vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20.json create mode 100644 objects/vulnerability/vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f.json create mode 100644 objects/vulnerability/vulnerability--16281911-107d-455c-af13-16afe23bced6.json create mode 100644 objects/vulnerability/vulnerability--21040cf4-da18-47c6-ac59-249115c38a94.json create mode 100644 objects/vulnerability/vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7.json create mode 100644 objects/vulnerability/vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2.json create mode 100644 objects/vulnerability/vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43.json create mode 100644 objects/vulnerability/vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62.json create mode 100644 objects/vulnerability/vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390.json create mode 100644 objects/vulnerability/vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced.json create mode 100644 objects/vulnerability/vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb.json create mode 100644 objects/vulnerability/vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76.json create mode 100644 objects/vulnerability/vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7.json create mode 100644 objects/vulnerability/vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8.json create mode 100644 objects/vulnerability/vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e.json create mode 100644 objects/vulnerability/vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934.json create mode 100644 objects/vulnerability/vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f.json create mode 100644 objects/vulnerability/vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58.json create mode 100644 objects/vulnerability/vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d.json create mode 100644 objects/vulnerability/vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77.json create mode 100644 objects/vulnerability/vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68.json create mode 100644 objects/vulnerability/vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99.json create mode 100644 objects/vulnerability/vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e.json create mode 100644 objects/vulnerability/vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40.json create mode 100644 objects/vulnerability/vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6.json create mode 100644 objects/vulnerability/vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e.json create mode 100644 objects/vulnerability/vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36.json diff --git a/mapping.csv b/mapping.csv index 481561eaee4..3f670d07be2 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247436,3 +247436,32 @@ vulnerability,CVE-2024-45187,vulnerability--2bdbaf12-7c81-4706-98da-6763ea6030a1 vulnerability,CVE-2024-45190,vulnerability--bcf32aa0-4d5f-40a7-9422-779b19841b81 vulnerability,CVE-2024-6715,vulnerability--0e701bdb-1ccc-4385-9780-36aa203b54ae vulnerability,CVE-2024-32501,vulnerability--fd443a2c-6b80-4d2a-a6b6-351561ac563a +vulnerability,CVE-2022-43915,vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f +vulnerability,CVE-2024-2254,vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced +vulnerability,CVE-2024-7351,vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99 +vulnerability,CVE-2024-7568,vulnerability--16281911-107d-455c-af13-16afe23bced6 +vulnerability,CVE-2024-7656,vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb +vulnerability,CVE-2024-8135,vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9 +vulnerability,CVE-2024-8134,vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20 +vulnerability,CVE-2024-8128,vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7 +vulnerability,CVE-2024-8132,vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77 +vulnerability,CVE-2024-8127,vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2 +vulnerability,CVE-2024-8131,vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f +vulnerability,CVE-2024-8129,vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40 +vulnerability,CVE-2024-8130,vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e +vulnerability,CVE-2024-8137,vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e +vulnerability,CVE-2024-8138,vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e +vulnerability,CVE-2024-8136,vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7 +vulnerability,CVE-2024-8120,vulnerability--21040cf4-da18-47c6-ac59-249115c38a94 +vulnerability,CVE-2024-8133,vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58 +vulnerability,CVE-2024-45235,vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6 +vulnerability,CVE-2024-45234,vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36 +vulnerability,CVE-2024-45240,vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43 +vulnerability,CVE-2024-45237,vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76 +vulnerability,CVE-2024-45238,vulnerability--071a51b7-6966-45da-a24e-9c988c34a377 +vulnerability,CVE-2024-45239,vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68 +vulnerability,CVE-2024-45236,vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8 +vulnerability,CVE-2024-6499,vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d +vulnerability,CVE-2024-6631,vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934 +vulnerability,CVE-2023-0926,vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62 +vulnerability,CVE-2023-6987,vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390 diff --git a/objects/vulnerability/vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9.json b/objects/vulnerability/vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9.json new file mode 100644 index 00000000000..e0decfb6ec1 --- /dev/null +++ b/objects/vulnerability/vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2c9bb48-0e7e-40c7-acaf-92fecdd281a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02bd7e1f-96f9-437f-a9d5-1e0c8d02dde9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.802661Z", + "modified": "2024-08-25T00:20:48.802661Z", + "name": "CVE-2024-8135", + "description": "A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8135" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--071a51b7-6966-45da-a24e-9c988c34a377.json b/objects/vulnerability/vulnerability--071a51b7-6966-45da-a24e-9c988c34a377.json new file mode 100644 index 00000000000..8708ea3b78d --- /dev/null +++ b/objects/vulnerability/vulnerability--071a51b7-6966-45da-a24e-9c988c34a377.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c6cd07b-9ba7-435d-89cf-ab73e043fcb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--071a51b7-6966-45da-a24e-9c988c34a377", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.900887Z", + "modified": "2024-08-25T00:20:48.900887Z", + "name": "CVE-2024-45238", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20.json b/objects/vulnerability/vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20.json new file mode 100644 index 00000000000..bbee0f9d4e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a7e8f2b-2657-41bd-a165-81618306637f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--075d83a5-fa9a-4cc5-8f14-f1fb5469ee20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.804437Z", + "modified": "2024-08-25T00:20:48.804437Z", + "name": "CVE-2024-8134", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_Std2R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f.json b/objects/vulnerability/vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f.json new file mode 100644 index 00000000000..3727cab5209 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5162ee3e-e851-4ea5-82d6-43f339a80a1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b0df6a8-746f-4b9c-8b16-35ebb76c2f0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.810794Z", + "modified": "2024-08-25T00:20:48.810794Z", + "name": "CVE-2024-8131", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function module_enable_disable of the file /cgi-bin/apkg_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_module_name leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16281911-107d-455c-af13-16afe23bced6.json b/objects/vulnerability/vulnerability--16281911-107d-455c-af13-16afe23bced6.json new file mode 100644 index 00000000000..0099d3ec312 --- /dev/null +++ b/objects/vulnerability/vulnerability--16281911-107d-455c-af13-16afe23bced6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4172487-1e85-4a15-a36a-a064f3099a1f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16281911-107d-455c-af13-16afe23bced6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:47.913874Z", + "modified": "2024-08-25T00:20:47.913874Z", + "name": "CVE-2024-7568", + "description": "The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21040cf4-da18-47c6-ac59-249115c38a94.json b/objects/vulnerability/vulnerability--21040cf4-da18-47c6-ac59-249115c38a94.json new file mode 100644 index 00000000000..33c88736327 --- /dev/null +++ b/objects/vulnerability/vulnerability--21040cf4-da18-47c6-ac59-249115c38a94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8310d4f-471f-42f5-a295-974e6bd1c058", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21040cf4-da18-47c6-ac59-249115c38a94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.820224Z", + "modified": "2024-08-25T00:20:48.820224Z", + "name": "CVE-2024-8120", + "description": "The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8120" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7.json b/objects/vulnerability/vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7.json new file mode 100644 index 00000000000..6f90975110b --- /dev/null +++ b/objects/vulnerability/vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c55e598d-049e-4bd4-9572-b0f59f4afa71", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d52c2f0-6cd7-4629-af48-cc0db6904ae7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.805993Z", + "modified": "2024-08-25T00:20:48.805993Z", + "name": "CVE-2024-8128", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8128" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2.json b/objects/vulnerability/vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2.json new file mode 100644 index 00000000000..e3db8c37360 --- /dev/null +++ b/objects/vulnerability/vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0aa88790-9ab9-4e34-9920-21f43a3df60f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44612181-11d1-44fe-9331-1f8b531b2af2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.808724Z", + "modified": "2024-08-25T00:20:48.808724Z", + "name": "CVE-2024-8127", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8127" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43.json b/objects/vulnerability/vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43.json new file mode 100644 index 00000000000..b267ef839c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e78fd0a3-31af-4b4f-ac6d-a92fc8e393f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e767584-bc3f-436f-935e-0bb4d537ed43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.896035Z", + "modified": "2024-08-25T00:20:48.896035Z", + "name": "CVE-2024-45240", + "description": "The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62.json b/objects/vulnerability/vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62.json new file mode 100644 index 00000000000..2c081bf10e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--225fb8a0-6f51-4475-8458-0bcaa94a475a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fe50500-c200-4e73-bd72-b959f46c9d62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:50.877333Z", + "modified": "2024-08-25T00:20:50.877333Z", + "name": "CVE-2023-0926", + "description": "The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, even when 'unfiltered_html' has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-0926" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390.json b/objects/vulnerability/vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390.json new file mode 100644 index 00000000000..bebc99430cd --- /dev/null +++ b/objects/vulnerability/vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b048ce8-0b9f-4295-8219-3e3845580e93", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--544bd829-700f-4f1b-8727-0a112bb4f390", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:51.598431Z", + "modified": "2024-08-25T00:20:51.598431Z", + "name": "CVE-2023-6987", + "description": "The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This required WP_DEBUG to be enabled in order to be exploited.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6987" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced.json b/objects/vulnerability/vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced.json new file mode 100644 index 00000000000..d303e9559f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9582ec3-1768-4c23-a35d-36edadfc7a1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55a69c29-c609-40a6-91ec-dbad5dea7ced", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:47.33364Z", + "modified": "2024-08-25T00:20:47.33364Z", + "name": "CVE-2024-2254", + "description": "The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb.json b/objects/vulnerability/vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb.json new file mode 100644 index 00000000000..5716a4a0202 --- /dev/null +++ b/objects/vulnerability/vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12ef285a-6681-4ca8-b149-6e668e720382", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59f28ce9-a240-4854-8aa7-335814a883cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:47.936035Z", + "modified": "2024-08-25T00:20:47.936035Z", + "name": "CVE-2024-7656", + "description": "The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76.json b/objects/vulnerability/vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76.json new file mode 100644 index 00000000000..a9ed970ace1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a574c884-8ef3-44ac-8001-dedc836ae5f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c1f31f6-6037-48d1-b0ac-165f0d956a76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.899557Z", + "modified": "2024-08-25T00:20:48.899557Z", + "name": "CVE-2024-45237", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7.json b/objects/vulnerability/vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7.json new file mode 100644 index 00000000000..b6c1fdb3246 --- /dev/null +++ b/objects/vulnerability/vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--474a9f70-487b-4cce-bf1a-12b2d01a70e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--662fe2fd-ddf2-435c-8f3f-f121c12480d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.819188Z", + "modified": "2024-08-25T00:20:48.819188Z", + "name": "CVE-2024-8136", + "description": "A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort1_user.php. The manipulation of the argument position leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8.json b/objects/vulnerability/vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8.json new file mode 100644 index 00000000000..00dbf632eb0 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10327830-f951-4b8a-9de2-63cd08245ee2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c369cea-eddd-4092-af5b-9931b6afe9b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.906616Z", + "modified": "2024-08-25T00:20:48.906616Z", + "name": "CVE-2024-45236", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e.json b/objects/vulnerability/vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e.json new file mode 100644 index 00000000000..b1a388f1132 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2fb4e16-6e78-4d67-8ac1-4766385cb877", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e0c12ce-4645-446f-bd77-eed107214d4e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.814902Z", + "modified": "2024-08-25T00:20:48.814902Z", + "name": "CVE-2024-8130", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8130" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934.json b/objects/vulnerability/vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934.json new file mode 100644 index 00000000000..0e4b51bf034 --- /dev/null +++ b/objects/vulnerability/vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2addb96f-5676-4766-a35a-82ad495ea3b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b6f3e662-f461-4aa8-9e6b-181a09e68934", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.942883Z", + "modified": "2024-08-25T00:20:48.942883Z", + "name": "CVE-2024-6631", + "description": "The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f.json b/objects/vulnerability/vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f.json new file mode 100644 index 00000000000..95a47852de8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b89676b9-d90f-44cd-b101-962504fd0aeb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7ef88e8-a1c8-4af4-8101-1319b771993f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:34.487649Z", + "modified": "2024-08-25T00:20:34.487649Z", + "name": "CVE-2022-43915", + "description": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-43915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58.json b/objects/vulnerability/vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58.json new file mode 100644 index 00000000000..a57e789465e --- /dev/null +++ b/objects/vulnerability/vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75566ee2-a99b-4cd9-841c-0aee545cf9e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd295fa0-1a28-4412-b9f4-edbaf42dcd58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.821761Z", + "modified": "2024-08-25T00:20:48.821761Z", + "name": "CVE-2024-8133", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_R5_SpareDsk_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d.json b/objects/vulnerability/vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d.json new file mode 100644 index 00000000000..df96e197e8c --- /dev/null +++ b/objects/vulnerability/vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3ad9a24-56be-4c9e-a837-fb9857077c77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf10b0d2-27b0-44a7-99ce-c255c127013d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.918418Z", + "modified": "2024-08-25T00:20:48.918418Z", + "name": "CVE-2024-6499", + "description": "The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77.json b/objects/vulnerability/vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77.json new file mode 100644 index 00000000000..b18967d5a34 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e21ecdc3-749b-4310-9031-0ac2c500157b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1352c57-267e-4bce-9cbf-a44a1b38af77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.80729Z", + "modified": "2024-08-25T00:20:48.80729Z", + "name": "CVE-2024-8132", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function webdav_mgr of the file /cgi-bin/webdav_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68.json b/objects/vulnerability/vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68.json new file mode 100644 index 00000000000..0e4d515aa97 --- /dev/null +++ b/objects/vulnerability/vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa3faaaa-f686-49e0-a345-ef85d48a2eb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5851fda-5267-4d88-8bcf-6eb28f028d68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.904213Z", + "modified": "2024-08-25T00:20:48.904213Z", + "name": "CVE-2024-45239", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99.json b/objects/vulnerability/vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99.json new file mode 100644 index 00000000000..db608ef77af --- /dev/null +++ b/objects/vulnerability/vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6981ae1a-7116-41c2-883d-33739f2f2263", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d633dd9b-41bc-4e2e-972c-509d0b308a99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:47.894753Z", + "modified": "2024-08-25T00:20:47.894753Z", + "name": "CVE-2024-7351", + "description": "The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e.json b/objects/vulnerability/vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e.json new file mode 100644 index 00000000000..4d71fc8f818 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e9b46cd-a052-4e5c-b8d0-e9d85c349900", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8cd6ddb-cc3d-41a9-880a-ae4ab53b291e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.816986Z", + "modified": "2024-08-25T00:20:48.816986Z", + "name": "CVE-2024-8137", + "description": "A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_user.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40.json b/objects/vulnerability/vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40.json new file mode 100644 index 00000000000..a38f4a871e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d8119ac-29f8-496e-ac16-2a7b62f99f14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e77e48a3-b509-4cea-b1a6-8187c1653c40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.811839Z", + "modified": "2024-08-25T00:20:48.811839Z", + "name": "CVE-2024-8129", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8129" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6.json b/objects/vulnerability/vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6.json new file mode 100644 index 00000000000..d1bc0d1830e --- /dev/null +++ b/objects/vulnerability/vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0535b2a3-0ca8-4562-a3c5-e530fdb95169", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efd7e04c-029f-4794-aeb9-9f2774479ef6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.89059Z", + "modified": "2024-08-25T00:20:48.89059Z", + "name": "CVE-2024-45235", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e.json b/objects/vulnerability/vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e.json new file mode 100644 index 00000000000..8d0ba20fecb --- /dev/null +++ b/objects/vulnerability/vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--321ff35a-a940-48b6-9916-a76c82d4e593", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5593cc3-966a-4b15-9f00-99b0e0a6890e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.817998Z", + "modified": "2024-08-25T00:20:48.817998Z", + "name": "CVE-2024-8138", + "description": "A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36.json b/objects/vulnerability/vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36.json new file mode 100644 index 00000000000..bd4f0bf74f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8580951b-fe7d-498a-9f9c-432daf91ad58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7b71aa6-46d5-408f-a6fd-46bddf3e2d36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-25T00:20:48.89422Z", + "modified": "2024-08-25T00:20:48.89422Z", + "name": "CVE-2024-45234", + "description": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45234" + } + ] + } + ] +} \ No newline at end of file