diff --git a/mapping.csv b/mapping.csv index 23ec61bdd2d..fd67cc4831d 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248387,3 +248387,76 @@ vulnerability,CVE-2024-45178,vulnerability--6c39c783-8bb9-47f0-bd81-82fd64d1e4c2 vulnerability,CVE-2024-45157,vulnerability--4f08b094-acd3-4e3f-b3f3-9842c2a20a19 vulnerability,CVE-2024-45107,vulnerability--c8669e9b-5b84-4f52-9b0d-724f74ce09d1 vulnerability,CVE-2023-51712,vulnerability--89483cdd-6076-428e-9048-b4cc655fecde +vulnerability,CVE-2022-27592,vulnerability--b334c702-8e97-4a20-b505-92fdd4ef49d7 +vulnerability,CVE-2024-27122,vulnerability--e443ac5f-2ee1-4a0a-9f67-a87d5de481f1 +vulnerability,CVE-2024-27125,vulnerability--4432a988-9a10-426b-8c75-7c91e6eb9e0a +vulnerability,CVE-2024-27126,vulnerability--8f8d4cc3-2fc8-48f8-a2ce-38580b9b0ae6 +vulnerability,CVE-2024-32763,vulnerability--81337d51-3dba-4094-bf2c-c34ddea4ec87 +vulnerability,CVE-2024-32771,vulnerability--0d7b920f-d4ca-48aa-8c43-c93fa1d39e5a +vulnerability,CVE-2024-32762,vulnerability--a9a1d87d-82cf-451b-b90e-06cf57c39a0c +vulnerability,CVE-2024-44837,vulnerability--64285aea-92c2-4c73-9220-fbbdcfffad90 +vulnerability,CVE-2024-44401,vulnerability--ccdde081-9443-4cd3-ad86-72110690d273 +vulnerability,CVE-2024-44402,vulnerability--d5af859c-d090-4c60-8ccd-8c7e3aa59071 +vulnerability,CVE-2024-44739,vulnerability--e20b32d3-2e8a-4fbc-8e90-e7495cc45a8d +vulnerability,CVE-2024-44082,vulnerability--0c9a3910-4107-4db9-af0f-ec0411805ce3 +vulnerability,CVE-2024-44844,vulnerability--c9e6a823-b229-468e-a676-63b158af11c9 +vulnerability,CVE-2024-44838,vulnerability--ec3b0c93-a97f-4b4c-8077-14572145b279 +vulnerability,CVE-2024-44408,vulnerability--10225c4b-6237-4d6c-9795-5a26827b861d +vulnerability,CVE-2024-44845,vulnerability--93f29529-9458-46d6-b498-063ab417ee15 +vulnerability,CVE-2024-44839,vulnerability--db6e132e-4282-4c5c-ab73-5d075c1a06d6 +vulnerability,CVE-2024-25584,vulnerability--54171402-d272-4d58-b154-f8bac3556221 +vulnerability,CVE-2024-1744,vulnerability--6bc662f5-2bbf-4516-a31a-f205d5f82908 +vulnerability,CVE-2024-6792,vulnerability--b0fc01ee-65e5-4b75-b276-2098a2d53b95 +vulnerability,CVE-2024-6445,vulnerability--ae4926ee-2452-4335-8ac0-dba28243f725 +vulnerability,CVE-2024-38486,vulnerability--36640b97-96f0-411c-b6a2-4a676648f3ce +vulnerability,CVE-2024-38640,vulnerability--e21f6cab-637f-4c03-9134-85cdb3b31202 +vulnerability,CVE-2024-38642,vulnerability--4045f6e4-4a6e-43e3-b65e-6bb82548da7c +vulnerability,CVE-2024-38641,vulnerability--d7912829-d087-4107-94e5-3458a8e6e99a +vulnerability,CVE-2024-21904,vulnerability--5142e7dd-081d-4d92-85f5-ae3a2c588abf +vulnerability,CVE-2024-21897,vulnerability--2c501b96-ed57-47b0-9ab6-3aa1bc1ff1c9 +vulnerability,CVE-2024-21906,vulnerability--1eadf625-cbe4-4c0c-8f4c-ab1ff34c88dc +vulnerability,CVE-2024-21898,vulnerability--03d31d6b-e99c-4c2b-940b-6ab14188df82 +vulnerability,CVE-2024-21903,vulnerability--6aa669fd-f340-4927-af74-96ad40fe00c6 +vulnerability,CVE-2024-8292,vulnerability--2ce5012f-d47f-48f6-9362-15c0bbba7bb3 +vulnerability,CVE-2024-8480,vulnerability--586d390c-d002-42e8-ba38-7192504271a8 +vulnerability,CVE-2024-8509,vulnerability--c184eb09-6685-471b-842c-c11933cc3baa +vulnerability,CVE-2024-8394,vulnerability--28d90fd4-af63-423d-b886-395ee607a427 +vulnerability,CVE-2024-8317,vulnerability--865d47a3-5245-4403-bcf2-343bd04ad3b2 +vulnerability,CVE-2024-8247,vulnerability--f85d4221-2039-4b34-a3be-5cb00bb610fa +vulnerability,CVE-2024-8427,vulnerability--de14d29d-6027-450e-be39-15f468bc562c +vulnerability,CVE-2024-8517,vulnerability--24d7dee4-4722-4105-a4e0-e98954d862e6 +vulnerability,CVE-2024-8428,vulnerability--d67c4354-d8e6-45cf-9678-d8229ee4dc67 +vulnerability,CVE-2024-39585,vulnerability--189a500c-3613-481f-90e7-63c2fca70974 +vulnerability,CVE-2024-34158,vulnerability--2d1fd6aa-2d5a-46e6-8959-0733ba52b3d6 +vulnerability,CVE-2024-34156,vulnerability--73aaebc4-5faf-43ca-b540-c3f00cb4941d +vulnerability,CVE-2024-34155,vulnerability--510441ed-c99e-429a-8636-8acc8aaa5a17 +vulnerability,CVE-2024-7493,vulnerability--7594fa77-6913-4637-a3a7-6cef0baa11f8 +vulnerability,CVE-2024-7349,vulnerability--528f1583-9b2f-4a7e-8f97-e706f8dc78bb +vulnerability,CVE-2024-7622,vulnerability--11c0276e-e2ad-4236-8c3a-4b58829e70a9 +vulnerability,CVE-2024-7415,vulnerability--10f05508-e7ca-45d6-9533-bb3272076a04 +vulnerability,CVE-2024-7652,vulnerability--d712bab4-269c-4f8b-a96b-404c83a6af1c +vulnerability,CVE-2024-7599,vulnerability--c0333377-9653-4907-b8fe-a2b4755a1e90 +vulnerability,CVE-2024-7611,vulnerability--07e042b2-d82c-4e29-aecf-40ef2a90fe9e +vulnerability,CVE-2024-40865,vulnerability--f7e9b879-ad73-455d-9e28-e5a54be37ffc +vulnerability,CVE-2024-45294,vulnerability--9515e09a-aba9-4a44-b1cd-45c22f671bda +vulnerability,CVE-2024-45771,vulnerability--b64ca837-9994-4ddc-b1eb-495671ffdbba +vulnerability,CVE-2024-45300,vulnerability--6d0bda02-1a4d-4611-85b3-40e9a2eefa29 +vulnerability,CVE-2024-45040,vulnerability--ec26b571-f454-4343-808a-3b7a1e728de9 +vulnerability,CVE-2024-45758,vulnerability--2ba73f64-a726-4179-b6cd-7db4099c1656 +vulnerability,CVE-2024-45299,vulnerability--b7add3b5-1873-4d83-918f-dde696074b29 +vulnerability,CVE-2024-45405,vulnerability--ddb1f300-246b-4460-b7f1-9e41e6ded052 +vulnerability,CVE-2024-45751,vulnerability--9e146c1f-02c1-43ad-a105-11476017738f +vulnerability,CVE-2024-45039,vulnerability--c0b56c53-40e1-4686-a35c-03975f591d86 +vulnerability,CVE-2023-50360,vulnerability--761814fa-1a76-48a3-b0f4-9b8537c24e0c +vulnerability,CVE-2023-50366,vulnerability--479f59e5-bca2-4804-888a-b7c24221a566 +vulnerability,CVE-2023-39300,vulnerability--1ff61fc1-3940-4853-9b85-23c9b37a6ac4 +vulnerability,CVE-2023-39298,vulnerability--ee9cabf2-7452-4760-aa42-e007ee7973d1 +vulnerability,CVE-2023-51366,vulnerability--d7a603f8-2b7f-4378-a837-c8ffe9da77b4 +vulnerability,CVE-2023-51367,vulnerability--583ff26d-f1b3-43ba-8667-091a2bb8dbb6 +vulnerability,CVE-2023-51368,vulnerability--629777c6-b135-421b-8374-3e0622973412 +vulnerability,CVE-2023-34974,vulnerability--00d5ac02-1f05-406c-8570-e606d432a0b9 +vulnerability,CVE-2023-34979,vulnerability--8bc56b5a-e52d-4e36-9a20-4c106c02480a +vulnerability,CVE-2023-52915,vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461 +vulnerability,CVE-2023-52916,vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68 +vulnerability,CVE-2023-47563,vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd +vulnerability,CVE-2023-45038,vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2 diff --git a/objects/vulnerability/vulnerability--00d5ac02-1f05-406c-8570-e606d432a0b9.json b/objects/vulnerability/vulnerability--00d5ac02-1f05-406c-8570-e606d432a0b9.json new file mode 100644 index 00000000000..4c686d89e25 --- /dev/null +++ b/objects/vulnerability/vulnerability--00d5ac02-1f05-406c-8570-e606d432a0b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d62dbd9a-b44e-4d6b-b1a4-b1a474b838f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00d5ac02-1f05-406c-8570-e606d432a0b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.604521Z", + "modified": "2024-09-07T00:19:11.604521Z", + "name": "CVE-2023-34974", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\nQuTScloud, QVR, QES are not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2626 build 20231225 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34974" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03d31d6b-e99c-4c2b-940b-6ab14188df82.json b/objects/vulnerability/vulnerability--03d31d6b-e99c-4c2b-940b-6ab14188df82.json new file mode 100644 index 00000000000..bb72226380c --- /dev/null +++ b/objects/vulnerability/vulnerability--03d31d6b-e99c-4c2b-940b-6ab14188df82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e65cb0c-4896-468e-ab2a-525cd0c9eaf5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03d31d6b-e99c-4c2b-940b-6ab14188df82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.442492Z", + "modified": "2024-09-07T00:19:03.442492Z", + "name": "CVE-2024-21898", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21898" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07e042b2-d82c-4e29-aecf-40ef2a90fe9e.json b/objects/vulnerability/vulnerability--07e042b2-d82c-4e29-aecf-40ef2a90fe9e.json new file mode 100644 index 00000000000..0c257eebb82 --- /dev/null +++ b/objects/vulnerability/vulnerability--07e042b2-d82c-4e29-aecf-40ef2a90fe9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb9eefc5-042e-4bf3-87df-1b7fa2aadc93", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07e042b2-d82c-4e29-aecf-40ef2a90fe9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.163567Z", + "modified": "2024-09-07T00:19:04.163567Z", + "name": "CVE-2024-7611", + "description": "The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c9a3910-4107-4db9-af0f-ec0411805ce3.json b/objects/vulnerability/vulnerability--0c9a3910-4107-4db9-af0f-ec0411805ce3.json new file mode 100644 index 00000000000..17266b34886 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c9a3910-4107-4db9-af0f-ec0411805ce3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18b5d64f-a5b1-4b81-8022-04cc085c3c09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c9a3910-4107-4db9-af0f-ec0411805ce3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.729558Z", + "modified": "2024-09-07T00:19:02.729558Z", + "name": "CVE-2024-44082", + "description": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d7b920f-d4ca-48aa-8c43-c93fa1d39e5a.json b/objects/vulnerability/vulnerability--0d7b920f-d4ca-48aa-8c43-c93fa1d39e5a.json new file mode 100644 index 00000000000..052cafeb1d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d7b920f-d4ca-48aa-8c43-c93fa1d39e5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e35e71dd-261f-46ec-b9ae-02494d747978", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d7b920f-d4ca-48aa-8c43-c93fa1d39e5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.678919Z", + "modified": "2024-09-07T00:19:02.678919Z", + "name": "CVE-2024-32771", + "description": "An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.\nQuTScloud is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2782 build 20240601 and later\nQuTS hero h5.2.0.2782 build 20240601 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10225c4b-6237-4d6c-9795-5a26827b861d.json b/objects/vulnerability/vulnerability--10225c4b-6237-4d6c-9795-5a26827b861d.json new file mode 100644 index 00000000000..a0bcbd74575 --- /dev/null +++ b/objects/vulnerability/vulnerability--10225c4b-6237-4d6c-9795-5a26827b861d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92f4ce48-a196-479e-8283-ef7a42d9cad8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10225c4b-6237-4d6c-9795-5a26827b861d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.743956Z", + "modified": "2024-09-07T00:19:02.743956Z", + "name": "CVE-2024-44408", + "description": "D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44408" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10f05508-e7ca-45d6-9533-bb3272076a04.json b/objects/vulnerability/vulnerability--10f05508-e7ca-45d6-9533-bb3272076a04.json new file mode 100644 index 00000000000..fbb064725a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--10f05508-e7ca-45d6-9533-bb3272076a04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aef2ce5a-deca-413e-b365-682ab6dcc403", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10f05508-e7ca-45d6-9533-bb3272076a04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.150269Z", + "modified": "2024-09-07T00:19:04.150269Z", + "name": "CVE-2024-7415", + "description": "The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7415" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11c0276e-e2ad-4236-8c3a-4b58829e70a9.json b/objects/vulnerability/vulnerability--11c0276e-e2ad-4236-8c3a-4b58829e70a9.json new file mode 100644 index 00000000000..cf4b1d5f52e --- /dev/null +++ b/objects/vulnerability/vulnerability--11c0276e-e2ad-4236-8c3a-4b58829e70a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e49f8f27-9c89-4422-a791-08cb554bfdcd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11c0276e-e2ad-4236-8c3a-4b58829e70a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.137557Z", + "modified": "2024-09-07T00:19:04.137557Z", + "name": "CVE-2024-7622", + "description": "The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails with arbitrary content to any individual through the vulnerable web server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--189a500c-3613-481f-90e7-63c2fca70974.json b/objects/vulnerability/vulnerability--189a500c-3613-481f-90e7-63c2fca70974.json new file mode 100644 index 00000000000..8e5b3b1c4c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--189a500c-3613-481f-90e7-63c2fca70974.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90fc0b61-5d34-4608-840a-255b71a472f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--189a500c-3613-481f-90e7-63c2fca70974", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.783883Z", + "modified": "2024-09-07T00:19:03.783883Z", + "name": "CVE-2024-39585", + "description": "Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1eadf625-cbe4-4c0c-8f4c-ab1ff34c88dc.json b/objects/vulnerability/vulnerability--1eadf625-cbe4-4c0c-8f4c-ab1ff34c88dc.json new file mode 100644 index 00000000000..be94a62f5ae --- /dev/null +++ b/objects/vulnerability/vulnerability--1eadf625-cbe4-4c0c-8f4c-ab1ff34c88dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--315594b6-2423-4453-a1e4-6bfdbd970294", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1eadf625-cbe4-4c0c-8f4c-ab1ff34c88dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.440136Z", + "modified": "2024-09-07T00:19:03.440136Z", + "name": "CVE-2024-21906", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21906" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ff61fc1-3940-4853-9b85-23c9b37a6ac4.json b/objects/vulnerability/vulnerability--1ff61fc1-3940-4853-9b85-23c9b37a6ac4.json new file mode 100644 index 00000000000..493c259a5a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ff61fc1-3940-4853-9b85-23c9b37a6ac4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95c6128a-32fb-4485-bf92-ee8ace7fd28f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ff61fc1-3940-4853-9b85-23c9b37a6ac4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.167768Z", + "modified": "2024-09-07T00:19:11.167768Z", + "name": "CVE-2023-39300", + "description": "An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.3.6.2805 build 20240619 and later\nQTS 4.3.4.2814 build 20240618 and later\nQTS 4.3.3.2784 build 20240619 and later\nQTS 4.2.6 build 20240618 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24d7dee4-4722-4105-a4e0-e98954d862e6.json b/objects/vulnerability/vulnerability--24d7dee4-4722-4105-a4e0-e98954d862e6.json new file mode 100644 index 00000000000..169cefb528c --- /dev/null +++ b/objects/vulnerability/vulnerability--24d7dee4-4722-4105-a4e0-e98954d862e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5920cc5-ee41-461f-901e-ce2dc6bf937b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24d7dee4-4722-4105-a4e0-e98954d862e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.663383Z", + "modified": "2024-09-07T00:19:03.663383Z", + "name": "CVE-2024-8517", + "description": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28d90fd4-af63-423d-b886-395ee607a427.json b/objects/vulnerability/vulnerability--28d90fd4-af63-423d-b886-395ee607a427.json new file mode 100644 index 00000000000..e8974f150ce --- /dev/null +++ b/objects/vulnerability/vulnerability--28d90fd4-af63-423d-b886-395ee607a427.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b164ba02-0318-4aaa-b6bb-db541ecd4768", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28d90fd4-af63-423d-b886-395ee607a427", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.643219Z", + "modified": "2024-09-07T00:19:03.643219Z", + "name": "CVE-2024-8394", + "description": "When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ba73f64-a726-4179-b6cd-7db4099c1656.json b/objects/vulnerability/vulnerability--2ba73f64-a726-4179-b6cd-7db4099c1656.json new file mode 100644 index 00000000000..bdc31f04927 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ba73f64-a726-4179-b6cd-7db4099c1656.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7b54f85-3e0f-490e-b059-15a2fa0c4d4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ba73f64-a726-4179-b6cd-7db4099c1656", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.574223Z", + "modified": "2024-09-07T00:19:04.574223Z", + "name": "CVE-2024-45758", + "description": "H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45758" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c501b96-ed57-47b0-9ab6-3aa1bc1ff1c9.json b/objects/vulnerability/vulnerability--2c501b96-ed57-47b0-9ab6-3aa1bc1ff1c9.json new file mode 100644 index 00000000000..6ed0a432423 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c501b96-ed57-47b0-9ab6-3aa1bc1ff1c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfd75e45-e74e-469c-b32d-a5c461eeb316", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c501b96-ed57-47b0-9ab6-3aa1bc1ff1c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.417743Z", + "modified": "2024-09-07T00:19:03.417743Z", + "name": "CVE-2024-21897", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ce5012f-d47f-48f6-9362-15c0bbba7bb3.json b/objects/vulnerability/vulnerability--2ce5012f-d47f-48f6-9362-15c0bbba7bb3.json new file mode 100644 index 00000000000..4af251cdf71 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ce5012f-d47f-48f6-9362-15c0bbba7bb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb874a1e-a6eb-4d00-9217-839364b8ac1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ce5012f-d47f-48f6-9362-15c0bbba7bb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.636567Z", + "modified": "2024-09-07T00:19:03.636567Z", + "name": "CVE-2024-8292", + "description": "The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d1fd6aa-2d5a-46e6-8959-0733ba52b3d6.json b/objects/vulnerability/vulnerability--2d1fd6aa-2d5a-46e6-8959-0733ba52b3d6.json new file mode 100644 index 00000000000..3964bc752e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d1fd6aa-2d5a-46e6-8959-0733ba52b3d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--824a6582-32d5-4070-badb-3912e63634ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d1fd6aa-2d5a-46e6-8959-0733ba52b3d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.078492Z", + "modified": "2024-09-07T00:19:04.078492Z", + "name": "CVE-2024-34158", + "description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34158" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36640b97-96f0-411c-b6a2-4a676648f3ce.json b/objects/vulnerability/vulnerability--36640b97-96f0-411c-b6a2-4a676648f3ce.json new file mode 100644 index 00000000000..d0d7c5da6c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--36640b97-96f0-411c-b6a2-4a676648f3ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a0435f2-404f-48db-bdc3-78b896e71289", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36640b97-96f0-411c-b6a2-4a676648f3ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.283194Z", + "modified": "2024-09-07T00:19:03.283194Z", + "name": "CVE-2024-38486", + "description": "Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4045f6e4-4a6e-43e3-b65e-6bb82548da7c.json b/objects/vulnerability/vulnerability--4045f6e4-4a6e-43e3-b65e-6bb82548da7c.json new file mode 100644 index 00000000000..30dd7609499 --- /dev/null +++ b/objects/vulnerability/vulnerability--4045f6e4-4a6e-43e3-b65e-6bb82548da7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--233b5f4c-3dbc-4d7e-91cf-43a0a2651b1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4045f6e4-4a6e-43e3-b65e-6bb82548da7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.328441Z", + "modified": "2024-09-07T00:19:03.328441Z", + "name": "CVE-2024-38642", + "description": "An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.3.1 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461.json b/objects/vulnerability/vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461.json new file mode 100644 index 00000000000..539270fc2b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69aff06e-a2c7-4fcb-87ca-9e589f852e61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.699663Z", + "modified": "2024-09-07T00:19:11.699663Z", + "name": "CVE-2023-52915", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4432a988-9a10-426b-8c75-7c91e6eb9e0a.json b/objects/vulnerability/vulnerability--4432a988-9a10-426b-8c75-7c91e6eb9e0a.json new file mode 100644 index 00000000000..82e482c968e --- /dev/null +++ b/objects/vulnerability/vulnerability--4432a988-9a10-426b-8c75-7c91e6eb9e0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8398d70-68bf-4d06-93f0-8ae9eeddf3e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4432a988-9a10-426b-8c75-7c91e6eb9e0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.543892Z", + "modified": "2024-09-07T00:19:02.543892Z", + "name": "CVE-2024-27125", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nHelpdesk 3.3.1 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27125" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--479f59e5-bca2-4804-888a-b7c24221a566.json b/objects/vulnerability/vulnerability--479f59e5-bca2-4804-888a-b7c24221a566.json new file mode 100644 index 00000000000..fa884853224 --- /dev/null +++ b/objects/vulnerability/vulnerability--479f59e5-bca2-4804-888a-b7c24221a566.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e066894-e6b8-4203-a04d-eb6a536c0e88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--479f59e5-bca2-4804-888a-b7c24221a566", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:10.303765Z", + "modified": "2024-09-07T00:19:10.303765Z", + "name": "CVE-2023-50366", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--510441ed-c99e-429a-8636-8acc8aaa5a17.json b/objects/vulnerability/vulnerability--510441ed-c99e-429a-8636-8acc8aaa5a17.json new file mode 100644 index 00000000000..a2ae0bbd362 --- /dev/null +++ b/objects/vulnerability/vulnerability--510441ed-c99e-429a-8636-8acc8aaa5a17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4e2e5b4-700e-45e1-b55d-abdd842d558f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--510441ed-c99e-429a-8636-8acc8aaa5a17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.10575Z", + "modified": "2024-09-07T00:19:04.10575Z", + "name": "CVE-2024-34155", + "description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34155" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5142e7dd-081d-4d92-85f5-ae3a2c588abf.json b/objects/vulnerability/vulnerability--5142e7dd-081d-4d92-85f5-ae3a2c588abf.json new file mode 100644 index 00000000000..e06a2d70997 --- /dev/null +++ b/objects/vulnerability/vulnerability--5142e7dd-081d-4d92-85f5-ae3a2c588abf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a39b6e9-1dbd-45d7-810f-58802cd7f174", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5142e7dd-081d-4d92-85f5-ae3a2c588abf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.400867Z", + "modified": "2024-09-07T00:19:03.400867Z", + "name": "CVE-2024-21904", + "description": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21904" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--528f1583-9b2f-4a7e-8f97-e706f8dc78bb.json b/objects/vulnerability/vulnerability--528f1583-9b2f-4a7e-8f97-e706f8dc78bb.json new file mode 100644 index 00000000000..b7dd6840cb7 --- /dev/null +++ b/objects/vulnerability/vulnerability--528f1583-9b2f-4a7e-8f97-e706f8dc78bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e037c3a-a5c8-4c8d-b1e2-8b11affe2815", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--528f1583-9b2f-4a7e-8f97-e706f8dc78bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.126206Z", + "modified": "2024-09-07T00:19:04.126206Z", + "name": "CVE-2024-7349", + "description": "The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7349" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54171402-d272-4d58-b154-f8bac3556221.json b/objects/vulnerability/vulnerability--54171402-d272-4d58-b154-f8bac3556221.json new file mode 100644 index 00000000000..bbb0846f176 --- /dev/null +++ b/objects/vulnerability/vulnerability--54171402-d272-4d58-b154-f8bac3556221.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cb06d4c-c440-4f53-9f6a-fc13eae8055d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54171402-d272-4d58-b154-f8bac3556221", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.779544Z", + "modified": "2024-09-07T00:19:02.779544Z", + "name": "CVE-2024-25584", + "description": "Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--583ff26d-f1b3-43ba-8667-091a2bb8dbb6.json b/objects/vulnerability/vulnerability--583ff26d-f1b3-43ba-8667-091a2bb8dbb6.json new file mode 100644 index 00000000000..36ca99ac884 --- /dev/null +++ b/objects/vulnerability/vulnerability--583ff26d-f1b3-43ba-8667-091a2bb8dbb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b26cd279-f669-4b99-b403-864959f73ade", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--583ff26d-f1b3-43ba-8667-091a2bb8dbb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.241064Z", + "modified": "2024-09-07T00:19:11.241064Z", + "name": "CVE-2023-51367", + "description": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--586d390c-d002-42e8-ba38-7192504271a8.json b/objects/vulnerability/vulnerability--586d390c-d002-42e8-ba38-7192504271a8.json new file mode 100644 index 00000000000..87516e3e57c --- /dev/null +++ b/objects/vulnerability/vulnerability--586d390c-d002-42e8-ba38-7192504271a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6915023a-b282-44ac-8a24-661e26b4db68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--586d390c-d002-42e8-ba38-7192504271a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.638321Z", + "modified": "2024-09-07T00:19:03.638321Z", + "name": "CVE-2024-8480", + "description": "The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68.json b/objects/vulnerability/vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68.json new file mode 100644 index 00000000000..13e6d4b96af --- /dev/null +++ b/objects/vulnerability/vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0c5e261-b87f-43c4-9b3c-2c9e3c03b838", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.743273Z", + "modified": "2024-09-07T00:19:11.743273Z", + "name": "CVE-2023-52916", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through 'Virtual media' on OpenBMC's web\n3. Run script as below on host to do sha continuously\n #!/bin/bash\n while [ [1] ];\n do\n\tfind /media -type f -printf '\"%h/%f\"\\n' | xargs sha256sum\n done\n4. Open KVM on OpenBMC's web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52916" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--629777c6-b135-421b-8374-3e0622973412.json b/objects/vulnerability/vulnerability--629777c6-b135-421b-8374-3e0622973412.json new file mode 100644 index 00000000000..503db01b2a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--629777c6-b135-421b-8374-3e0622973412.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff17b841-f399-4555-8a6f-5bac8a2f2cad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--629777c6-b135-421b-8374-3e0622973412", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.255025Z", + "modified": "2024-09-07T00:19:11.255025Z", + "name": "CVE-2023-51368", + "description": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64285aea-92c2-4c73-9220-fbbdcfffad90.json b/objects/vulnerability/vulnerability--64285aea-92c2-4c73-9220-fbbdcfffad90.json new file mode 100644 index 00000000000..8868ea86a94 --- /dev/null +++ b/objects/vulnerability/vulnerability--64285aea-92c2-4c73-9220-fbbdcfffad90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b45afeaa-7c9a-4432-bf69-d995b332fa18", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64285aea-92c2-4c73-9220-fbbdcfffad90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.711689Z", + "modified": "2024-09-07T00:19:02.711689Z", + "name": "CVE-2024-44837", + "description": "A cross-site scripting (XSS) vulnerability in the component \\bean\\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44837" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd.json b/objects/vulnerability/vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd.json new file mode 100644 index 00000000000..5d7c9f87219 --- /dev/null +++ b/objects/vulnerability/vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbb325c4-75d9-4b46-b56f-a680c3ae0ba5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:12.134459Z", + "modified": "2024-09-07T00:19:12.134459Z", + "name": "CVE-2023-47563", + "description": "An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.2 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47563" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6aa669fd-f340-4927-af74-96ad40fe00c6.json b/objects/vulnerability/vulnerability--6aa669fd-f340-4927-af74-96ad40fe00c6.json new file mode 100644 index 00000000000..e0e84d0818d --- /dev/null +++ b/objects/vulnerability/vulnerability--6aa669fd-f340-4927-af74-96ad40fe00c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a43fd539-e565-48df-bd7c-80b2fea704f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6aa669fd-f340-4927-af74-96ad40fe00c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.454175Z", + "modified": "2024-09-07T00:19:03.454175Z", + "name": "CVE-2024-21903", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21903" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bc662f5-2bbf-4516-a31a-f205d5f82908.json b/objects/vulnerability/vulnerability--6bc662f5-2bbf-4516-a31a-f205d5f82908.json new file mode 100644 index 00000000000..94015363a10 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bc662f5-2bbf-4516-a31a-f205d5f82908.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a07b030-cbdb-414f-bc61-6bb670cb1f1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bc662f5-2bbf-4516-a31a-f205d5f82908", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.953949Z", + "modified": "2024-09-07T00:19:02.953949Z", + "name": "CVE-2024-1744", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1744" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d0bda02-1a4d-4611-85b3-40e9a2eefa29.json b/objects/vulnerability/vulnerability--6d0bda02-1a4d-4611-85b3-40e9a2eefa29.json new file mode 100644 index 00000000000..cf7d6d28b55 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d0bda02-1a4d-4611-85b3-40e9a2eefa29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1aa4baf9-05a3-4dba-a2a9-fd098542a92c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d0bda02-1a4d-4611-85b3-40e9a2eefa29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.566904Z", + "modified": "2024-09-07T00:19:04.566904Z", + "name": "CVE-2024-45300", + "description": "alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In \"alf.io\", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73aaebc4-5faf-43ca-b540-c3f00cb4941d.json b/objects/vulnerability/vulnerability--73aaebc4-5faf-43ca-b540-c3f00cb4941d.json new file mode 100644 index 00000000000..a4520cea682 --- /dev/null +++ b/objects/vulnerability/vulnerability--73aaebc4-5faf-43ca-b540-c3f00cb4941d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fee4d11f-21ea-4f09-91c1-05af68a67ca4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73aaebc4-5faf-43ca-b540-c3f00cb4941d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.089711Z", + "modified": "2024-09-07T00:19:04.089711Z", + "name": "CVE-2024-34156", + "description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34156" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7594fa77-6913-4637-a3a7-6cef0baa11f8.json b/objects/vulnerability/vulnerability--7594fa77-6913-4637-a3a7-6cef0baa11f8.json new file mode 100644 index 00000000000..381afd517a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--7594fa77-6913-4637-a3a7-6cef0baa11f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9aee5976-5ff9-4630-a65f-9ba55207acfb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7594fa77-6913-4637-a3a7-6cef0baa11f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.121575Z", + "modified": "2024-09-07T00:19:04.121575Z", + "name": "CVE-2024-7493", + "description": "The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--761814fa-1a76-48a3-b0f4-9b8537c24e0c.json b/objects/vulnerability/vulnerability--761814fa-1a76-48a3-b0f4-9b8537c24e0c.json new file mode 100644 index 00000000000..1f27946cf1f --- /dev/null +++ b/objects/vulnerability/vulnerability--761814fa-1a76-48a3-b0f4-9b8537c24e0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2404036f-2f03-4941-8737-e5b332a49f78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--761814fa-1a76-48a3-b0f4-9b8537c24e0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:10.297576Z", + "modified": "2024-09-07T00:19:10.297576Z", + "name": "CVE-2023-50360", + "description": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50360" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81337d51-3dba-4094-bf2c-c34ddea4ec87.json b/objects/vulnerability/vulnerability--81337d51-3dba-4094-bf2c-c34ddea4ec87.json new file mode 100644 index 00000000000..b6324c750bb --- /dev/null +++ b/objects/vulnerability/vulnerability--81337d51-3dba-4094-bf2c-c34ddea4ec87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2062fc24-3cf0-45e0-9beb-1f076670ce86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81337d51-3dba-4094-bf2c-c34ddea4ec87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.651643Z", + "modified": "2024-09-07T00:19:02.651643Z", + "name": "CVE-2024-32763", + "description": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32763" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--865d47a3-5245-4403-bcf2-343bd04ad3b2.json b/objects/vulnerability/vulnerability--865d47a3-5245-4403-bcf2-343bd04ad3b2.json new file mode 100644 index 00000000000..c16dca4ef86 --- /dev/null +++ b/objects/vulnerability/vulnerability--865d47a3-5245-4403-bcf2-343bd04ad3b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae824634-8535-477b-8224-fd0feb5ef31f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--865d47a3-5245-4403-bcf2-343bd04ad3b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.646111Z", + "modified": "2024-09-07T00:19:03.646111Z", + "name": "CVE-2024-8317", + "description": "The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8317" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bc56b5a-e52d-4e36-9a20-4c106c02480a.json b/objects/vulnerability/vulnerability--8bc56b5a-e52d-4e36-9a20-4c106c02480a.json new file mode 100644 index 00000000000..0fa301fc890 --- /dev/null +++ b/objects/vulnerability/vulnerability--8bc56b5a-e52d-4e36-9a20-4c106c02480a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b527586-4729-45b2-94f3-5a8ff5e72f76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bc56b5a-e52d-4e36-9a20-4c106c02480a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.619201Z", + "modified": "2024-09-07T00:19:11.619201Z", + "name": "CVE-2023-34979", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.5.4.2790 build 20240605 and later\nQuTS hero h4.5.4.2790 build 20240606 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f8d4cc3-2fc8-48f8-a2ce-38580b9b0ae6.json b/objects/vulnerability/vulnerability--8f8d4cc3-2fc8-48f8-a2ce-38580b9b0ae6.json new file mode 100644 index 00000000000..0e4a1f38089 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f8d4cc3-2fc8-48f8-a2ce-38580b9b0ae6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b73e57d-2a62-4da4-83c1-805a65041311", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f8d4cc3-2fc8-48f8-a2ce-38580b9b0ae6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.572908Z", + "modified": "2024-09-07T00:19:02.572908Z", + "name": "CVE-2024-27126", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nNotes Station 3 3.9.6 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27126" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93f29529-9458-46d6-b498-063ab417ee15.json b/objects/vulnerability/vulnerability--93f29529-9458-46d6-b498-063ab417ee15.json new file mode 100644 index 00000000000..825fc54897d --- /dev/null +++ b/objects/vulnerability/vulnerability--93f29529-9458-46d6-b498-063ab417ee15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9370aa0-0740-4e6d-9180-e2a0617b3a04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93f29529-9458-46d6-b498-063ab417ee15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.746635Z", + "modified": "2024-09-07T00:19:02.746635Z", + "name": "CVE-2024-44845", + "description": "DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9515e09a-aba9-4a44-b1cd-45c22f671bda.json b/objects/vulnerability/vulnerability--9515e09a-aba9-4a44-b1cd-45c22f671bda.json new file mode 100644 index 00000000000..9f7b4e9320e --- /dev/null +++ b/objects/vulnerability/vulnerability--9515e09a-aba9-4a44-b1cd-45c22f671bda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cf1a19d-7654-430a-bf3b-df75aec4e5f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9515e09a-aba9-4a44-b1cd-45c22f671bda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.551924Z", + "modified": "2024-09-07T00:19:04.551924Z", + "name": "CVE-2024-45294", + "description": "The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e146c1f-02c1-43ad-a105-11476017738f.json b/objects/vulnerability/vulnerability--9e146c1f-02c1-43ad-a105-11476017738f.json new file mode 100644 index 00000000000..b67ea520ea6 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e146c1f-02c1-43ad-a105-11476017738f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d65b0dfd-5238-4f36-b726-98522966344a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e146c1f-02c1-43ad-a105-11476017738f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.583053Z", + "modified": "2024-09-07T00:19:04.583053Z", + "name": "CVE-2024-45751", + "description": "tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9a1d87d-82cf-451b-b90e-06cf57c39a0c.json b/objects/vulnerability/vulnerability--a9a1d87d-82cf-451b-b90e-06cf57c39a0c.json new file mode 100644 index 00000000000..450f045fbcb --- /dev/null +++ b/objects/vulnerability/vulnerability--a9a1d87d-82cf-451b-b90e-06cf57c39a0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ed22da4-1b26-4777-bd41-3afd300f2ef3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9a1d87d-82cf-451b-b90e-06cf57c39a0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.704987Z", + "modified": "2024-09-07T00:19:02.704987Z", + "name": "CVE-2024-32762", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32762" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae4926ee-2452-4335-8ac0-dba28243f725.json b/objects/vulnerability/vulnerability--ae4926ee-2452-4335-8ac0-dba28243f725.json new file mode 100644 index 00000000000..cad068f1bba --- /dev/null +++ b/objects/vulnerability/vulnerability--ae4926ee-2452-4335-8ac0-dba28243f725.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32c0b721-b3f8-401e-9f92-afea8708213d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae4926ee-2452-4335-8ac0-dba28243f725", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.006859Z", + "modified": "2024-09-07T00:19:03.006859Z", + "name": "CVE-2024-6445", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: before v3.5.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0fc01ee-65e5-4b75-b276-2098a2d53b95.json b/objects/vulnerability/vulnerability--b0fc01ee-65e5-4b75-b276-2098a2d53b95.json new file mode 100644 index 00000000000..4ebe060c682 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0fc01ee-65e5-4b75-b276-2098a2d53b95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--562c25c2-4ceb-4998-8e99-b7a50743e914", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0fc01ee-65e5-4b75-b276-2098a2d53b95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.000301Z", + "modified": "2024-09-07T00:19:03.000301Z", + "name": "CVE-2024-6792", + "description": "The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b334c702-8e97-4a20-b505-92fdd4ef49d7.json b/objects/vulnerability/vulnerability--b334c702-8e97-4a20-b505-92fdd4ef49d7.json new file mode 100644 index 00000000000..fd138f3ba65 --- /dev/null +++ b/objects/vulnerability/vulnerability--b334c702-8e97-4a20-b505-92fdd4ef49d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a92e18d5-7e80-4da8-8a51-0e53f4fcb184", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b334c702-8e97-4a20-b505-92fdd4ef49d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:18:59.04199Z", + "modified": "2024-09-07T00:18:59.04199Z", + "name": "CVE-2022-27592", + "description": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-27592" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b64ca837-9994-4ddc-b1eb-495671ffdbba.json b/objects/vulnerability/vulnerability--b64ca837-9994-4ddc-b1eb-495671ffdbba.json new file mode 100644 index 00000000000..0834b1862d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b64ca837-9994-4ddc-b1eb-495671ffdbba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5df68e71-8f26-4bfb-8390-9f802c762c59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b64ca837-9994-4ddc-b1eb-495671ffdbba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.559533Z", + "modified": "2024-09-07T00:19:04.559533Z", + "name": "CVE-2024-45771", + "description": "RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7add3b5-1873-4d83-918f-dde696074b29.json b/objects/vulnerability/vulnerability--b7add3b5-1873-4d83-918f-dde696074b29.json new file mode 100644 index 00000000000..0d7c5ef4e84 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7add3b5-1873-4d83-918f-dde696074b29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdfc2343-284c-4f30-b059-af3b6013227d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7add3b5-1873-4d83-918f-dde696074b29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.577058Z", + "modified": "2024-09-07T00:19:04.577058Z", + "name": "CVE-2024-45299", + "description": "alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The Content-Security-Policy directive blocks any potential script execution. The administrator or event administrator can override the texts for customization purpose. The texts are not properly escaped. Version 2.0-M5 fixes this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0333377-9653-4907-b8fe-a2b4755a1e90.json b/objects/vulnerability/vulnerability--c0333377-9653-4907-b8fe-a2b4755a1e90.json new file mode 100644 index 00000000000..7bed6c9d338 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0333377-9653-4907-b8fe-a2b4755a1e90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12e25314-1dee-49e1-9b64-fbf1f390be9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0333377-9653-4907-b8fe-a2b4755a1e90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.15796Z", + "modified": "2024-09-07T00:19:04.15796Z", + "name": "CVE-2024-7599", + "description": "The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0b56c53-40e1-4686-a35c-03975f591d86.json b/objects/vulnerability/vulnerability--c0b56c53-40e1-4686-a35c-03975f591d86.json new file mode 100644 index 00000000000..fa83ddf5d2f --- /dev/null +++ b/objects/vulnerability/vulnerability--c0b56c53-40e1-4686-a35c-03975f591d86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8bca4247-e9db-4cea-b58c-51696b163790", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0b56c53-40e1-4686-a35c-03975f591d86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.587463Z", + "modified": "2024-09-07T00:19:04.587463Z", + "name": "CVE-2024-45039", + "description": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45039" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c184eb09-6685-471b-842c-c11933cc3baa.json b/objects/vulnerability/vulnerability--c184eb09-6685-471b-842c-c11933cc3baa.json new file mode 100644 index 00000000000..7e889200d47 --- /dev/null +++ b/objects/vulnerability/vulnerability--c184eb09-6685-471b-842c-c11933cc3baa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6c9e68c-fbd9-43dd-983a-73e119697b34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c184eb09-6685-471b-842c-c11933cc3baa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.639576Z", + "modified": "2024-09-07T00:19:03.639576Z", + "name": "CVE-2024-8509", + "description": "A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9e6a823-b229-468e-a676-63b158af11c9.json b/objects/vulnerability/vulnerability--c9e6a823-b229-468e-a676-63b158af11c9.json new file mode 100644 index 00000000000..4f36203d48a --- /dev/null +++ b/objects/vulnerability/vulnerability--c9e6a823-b229-468e-a676-63b158af11c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36501b0a-9943-4500-b4b3-2db93e76e8f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9e6a823-b229-468e-a676-63b158af11c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.732611Z", + "modified": "2024-09-07T00:19:02.732611Z", + "name": "CVE-2024-44844", + "description": "DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44844" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ccdde081-9443-4cd3-ad86-72110690d273.json b/objects/vulnerability/vulnerability--ccdde081-9443-4cd3-ad86-72110690d273.json new file mode 100644 index 00000000000..5355237845a --- /dev/null +++ b/objects/vulnerability/vulnerability--ccdde081-9443-4cd3-ad86-72110690d273.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4afeb376-f2f5-4d6b-bb9e-63c4f3929bd0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ccdde081-9443-4cd3-ad86-72110690d273", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.717277Z", + "modified": "2024-09-07T00:19:02.717277Z", + "name": "CVE-2024-44401", + "description": "D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5af859c-d090-4c60-8ccd-8c7e3aa59071.json b/objects/vulnerability/vulnerability--d5af859c-d090-4c60-8ccd-8c7e3aa59071.json new file mode 100644 index 00000000000..f28a36dc8bb --- /dev/null +++ b/objects/vulnerability/vulnerability--d5af859c-d090-4c60-8ccd-8c7e3aa59071.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93850094-d0ea-46cd-a460-676ccdbc53d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5af859c-d090-4c60-8ccd-8c7e3aa59071", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.719846Z", + "modified": "2024-09-07T00:19:02.719846Z", + "name": "CVE-2024-44402", + "description": "D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44402" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d67c4354-d8e6-45cf-9678-d8229ee4dc67.json b/objects/vulnerability/vulnerability--d67c4354-d8e6-45cf-9678-d8229ee4dc67.json new file mode 100644 index 00000000000..75cc17ccebc --- /dev/null +++ b/objects/vulnerability/vulnerability--d67c4354-d8e6-45cf-9678-d8229ee4dc67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca0ae17f-1a11-443e-ac5e-ad5c21323090", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d67c4354-d8e6-45cf-9678-d8229ee4dc67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.668245Z", + "modified": "2024-09-07T00:19:03.668245Z", + "name": "CVE-2024-8428", + "description": "The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d712bab4-269c-4f8b-a96b-404c83a6af1c.json b/objects/vulnerability/vulnerability--d712bab4-269c-4f8b-a96b-404c83a6af1c.json new file mode 100644 index 00000000000..5727839adeb --- /dev/null +++ b/objects/vulnerability/vulnerability--d712bab4-269c-4f8b-a96b-404c83a6af1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fb77130-fb43-4af9-84fe-9e9d505aff11", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d712bab4-269c-4f8b-a96b-404c83a6af1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.156506Z", + "modified": "2024-09-07T00:19:04.156506Z", + "name": "CVE-2024-7652", + "description": "An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7912829-d087-4107-94e5-3458a8e6e99a.json b/objects/vulnerability/vulnerability--d7912829-d087-4107-94e5-3458a8e6e99a.json new file mode 100644 index 00000000000..c516155ef14 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7912829-d087-4107-94e5-3458a8e6e99a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f74adb3-4fca-465c-a0c9-1a697925bc42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7912829-d087-4107-94e5-3458a8e6e99a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.331676Z", + "modified": "2024-09-07T00:19:03.331676Z", + "name": "CVE-2024-38641", + "description": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7a603f8-2b7f-4378-a837-c8ffe9da77b4.json b/objects/vulnerability/vulnerability--d7a603f8-2b7f-4378-a837-c8ffe9da77b4.json new file mode 100644 index 00000000000..db1688e293d --- /dev/null +++ b/objects/vulnerability/vulnerability--d7a603f8-2b7f-4378-a837-c8ffe9da77b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb16ade9-0c15-497c-9c7b-dcd162446011", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7a603f8-2b7f-4378-a837-c8ffe9da77b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.226802Z", + "modified": "2024-09-07T00:19:11.226802Z", + "name": "CVE-2023-51366", + "description": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.6.2722 build 20240402 and later\nQuTS hero h5.1.6.2734 build 20240414 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db6e132e-4282-4c5c-ab73-5d075c1a06d6.json b/objects/vulnerability/vulnerability--db6e132e-4282-4c5c-ab73-5d075c1a06d6.json new file mode 100644 index 00000000000..e075ddea913 --- /dev/null +++ b/objects/vulnerability/vulnerability--db6e132e-4282-4c5c-ab73-5d075c1a06d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed9fe222-8b0f-41ba-90ab-de4b44c263fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db6e132e-4282-4c5c-ab73-5d075c1a06d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.754528Z", + "modified": "2024-09-07T00:19:02.754528Z", + "name": "CVE-2024-44839", + "description": "RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44839" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ddb1f300-246b-4460-b7f1-9e41e6ded052.json b/objects/vulnerability/vulnerability--ddb1f300-246b-4460-b7f1-9e41e6ded052.json new file mode 100644 index 00000000000..6d369773ab1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ddb1f300-246b-4460-b7f1-9e41e6ded052.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2aeb0e24-14fc-42c1-9115-f424eec53b45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ddb1f300-246b-4460-b7f1-9e41e6ded052", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.580457Z", + "modified": "2024-09-07T00:19:04.580457Z", + "name": "CVE-2024-45405", + "description": "`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Version 0.10.11 contains a patch for the issue.\n\nIn `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` to find the path of a file to treat as belonging to the `git` installation. Affected versions of `gix-path` do not pass `-z`/`--null` to cause `git` to report literal paths. Instead, to cover the occasional case that `git` outputs a quoted path, they attempt to parse the path by stripping the quotation marks. The problem is that, when a path is quoted, it may change in substantial ways beyond the concatenation of quotation marks. If not reversed, these changes can result in another valid path that is not equivalent to the original.\n\nOn a single-user system, it is not possible to exploit this, unless `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` have been set to unusual values or Git has been installed in an unusual way. Such a scenario is not expected. Exploitation is unlikely even on a multi-user system, though it is plausible in some uncommon configurations or use cases. In general, exploitation is more likely to succeed if users are expected to install `git` themselves, and are likely to do so in predictable locations; locations where `git` is installed, whether due to usernames in their paths or otherwise, contain characters that `git` quotes by default in paths, such as non-English letters and accented letters; a custom `system`-scope configuration file is specified with the `GIT_CONFIG_SYSTEM` environment variable, and its path is in an unusual location or has strangely named components; or a `system`-scope configuration file is absent, empty, or suppressed by means other than `GIT_CONFIG_NOSYSTEM`. Currently, `gix-path` can treat a `global`-scope configuration file as belonging to the installation if no higher scope configuration file is available. This increases the likelihood of exploitation even on a system where `git` is installed system-wide in an ordinary way. However, exploitation is expected to be very difficult even under any combination of those factors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45405" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de14d29d-6027-450e-be39-15f468bc562c.json b/objects/vulnerability/vulnerability--de14d29d-6027-450e-be39-15f468bc562c.json new file mode 100644 index 00000000000..6ce91832dee --- /dev/null +++ b/objects/vulnerability/vulnerability--de14d29d-6027-450e-be39-15f468bc562c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72a1521a-c446-48b7-ad7f-4dcd57934f31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de14d29d-6027-450e-be39-15f468bc562c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.655855Z", + "modified": "2024-09-07T00:19:03.655855Z", + "name": "CVE-2024-8427", + "description": "The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e20b32d3-2e8a-4fbc-8e90-e7495cc45a8d.json b/objects/vulnerability/vulnerability--e20b32d3-2e8a-4fbc-8e90-e7495cc45a8d.json new file mode 100644 index 00000000000..a0ea8585fb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e20b32d3-2e8a-4fbc-8e90-e7495cc45a8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--008a3fde-be42-4098-b3d2-0f369335f383", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e20b32d3-2e8a-4fbc-8e90-e7495cc45a8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.723693Z", + "modified": "2024-09-07T00:19:02.723693Z", + "name": "CVE-2024-44739", + "description": "Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44739" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e21f6cab-637f-4c03-9134-85cdb3b31202.json b/objects/vulnerability/vulnerability--e21f6cab-637f-4c03-9134-85cdb3b31202.json new file mode 100644 index 00000000000..51762702f0a --- /dev/null +++ b/objects/vulnerability/vulnerability--e21f6cab-637f-4c03-9134-85cdb3b31202.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b97dad9f-5e4e-445e-a07a-d82d19bfe2ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e21f6cab-637f-4c03-9134-85cdb3b31202", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.321706Z", + "modified": "2024-09-07T00:19:03.321706Z", + "name": "CVE-2024-38640", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nDownload Station 5.8.6.283 ( 2024/06/21 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e443ac5f-2ee1-4a0a-9f67-a87d5de481f1.json b/objects/vulnerability/vulnerability--e443ac5f-2ee1-4a0a-9f67-a87d5de481f1.json new file mode 100644 index 00000000000..edfa9c22893 --- /dev/null +++ b/objects/vulnerability/vulnerability--e443ac5f-2ee1-4a0a-9f67-a87d5de481f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29a843a9-399e-4d71-9060-31dbc9a0d3e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e443ac5f-2ee1-4a0a-9f67-a87d5de481f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.530741Z", + "modified": "2024-09-07T00:19:02.530741Z", + "name": "CVE-2024-27122", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nNotes Station 3 3.9.6 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27122" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec26b571-f454-4343-808a-3b7a1e728de9.json b/objects/vulnerability/vulnerability--ec26b571-f454-4343-808a-3b7a1e728de9.json new file mode 100644 index 00000000000..660bd1a643e --- /dev/null +++ b/objects/vulnerability/vulnerability--ec26b571-f454-4343-808a-3b7a1e728de9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f90592ff-1bdd-47dc-8b5a-3a408e079398", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec26b571-f454-4343-808a-3b7a1e728de9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.573029Z", + "modified": "2024-09-07T00:19:04.573029Z", + "name": "CVE-2024-45040", + "description": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec3b0c93-a97f-4b4c-8077-14572145b279.json b/objects/vulnerability/vulnerability--ec3b0c93-a97f-4b4c-8077-14572145b279.json new file mode 100644 index 00000000000..debd5b2e092 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec3b0c93-a97f-4b4c-8077-14572145b279.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37711a48-7177-4bf9-90fc-80001ad44151", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec3b0c93-a97f-4b4c-8077-14572145b279", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:02.740491Z", + "modified": "2024-09-07T00:19:02.740491Z", + "name": "CVE-2024-44838", + "description": "RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44838" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee9cabf2-7452-4760-aa42-e007ee7973d1.json b/objects/vulnerability/vulnerability--ee9cabf2-7452-4760-aa42-e007ee7973d1.json new file mode 100644 index 00000000000..791c836c8b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee9cabf2-7452-4760-aa42-e007ee7973d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2bda3ce6-43f0-44f5-8cb9-64a30b0d3d33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee9cabf2-7452-4760-aa42-e007ee7973d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:11.174609Z", + "modified": "2024-09-07T00:19:11.174609Z", + "name": "CVE-2023-39298", + "description": "A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.\nQuTScloud, is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2737 build 20240417 and later\nQuTS hero h5.2.0.2782 build 20240601 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39298" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2.json b/objects/vulnerability/vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2.json new file mode 100644 index 00000000000..03af4cb5c74 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9b790eb-fb52-4a66-ba2d-69c20e5e11e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:12.181943Z", + "modified": "2024-09-07T00:19:12.181943Z", + "name": "CVE-2023-45038", + "description": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7e9b879-ad73-455d-9e28-e5a54be37ffc.json b/objects/vulnerability/vulnerability--f7e9b879-ad73-455d-9e28-e5a54be37ffc.json new file mode 100644 index 00000000000..78a98cf3f68 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7e9b879-ad73-455d-9e28-e5a54be37ffc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d40cfcec-d1dc-4092-b2dc-e1f823070585", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7e9b879-ad73-455d-9e28-e5a54be37ffc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:04.290277Z", + "modified": "2024-09-07T00:19:04.290277Z", + "name": "CVE-2024-40865", + "description": "The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f85d4221-2039-4b34-a3be-5cb00bb610fa.json b/objects/vulnerability/vulnerability--f85d4221-2039-4b34-a3be-5cb00bb610fa.json new file mode 100644 index 00000000000..6f433140375 --- /dev/null +++ b/objects/vulnerability/vulnerability--f85d4221-2039-4b34-a3be-5cb00bb610fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95ae36f9-61fd-410d-8486-fa74dd139238", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f85d4221-2039-4b34-a3be-5cb00bb610fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-07T00:19:03.653758Z", + "modified": "2024-09-07T00:19:03.653758Z", + "name": "CVE-2024-8247", + "description": "The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8247" + } + ] + } + ] +} \ No newline at end of file