diff --git a/mapping.csv b/mapping.csv index de1531ad89e..308bbb45824 100644 --- a/mapping.csv +++ b/mapping.csv @@ -258125,3 +258125,80 @@ vulnerability,CVE-2024-36466,vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b vulnerability,CVE-2024-46939,vulnerability--2b0cd801-4431-436a-bb40-747a8831134e vulnerability,CVE-2023-52922,vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b vulnerability,CVE-2018-9377,vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7 +vulnerability,CVE-2024-48651,vulnerability--6ff37ebe-1fc4-4f86-b687-fc83fbfda9a0 +vulnerability,CVE-2024-48406,vulnerability--e6d64a75-0acf-4f52-848e-fd6a1c00e2d8 +vulnerability,CVE-2024-52801,vulnerability--0ea6b8bb-4039-4349-9044-c87ac3c54140 +vulnerability,CVE-2024-52780,vulnerability--2e942281-e39d-41b0-ab17-67cd97265700 +vulnerability,CVE-2024-52782,vulnerability--904fa987-8208-42f4-8cc8-08730ada58a6 +vulnerability,CVE-2024-52003,vulnerability--26ed780d-a52d-4c1d-9236-f8bb337be36c +vulnerability,CVE-2024-52800,vulnerability--d9d0ebd4-279b-4f7d-a8e1-014c5a2fadf0 +vulnerability,CVE-2024-52809,vulnerability--0d124271-e6ea-4ac8-b5a2-ecbb44c43ab3 +vulnerability,CVE-2024-52810,vulnerability--8bd93e51-9d25-4ea6-8ad5-095f92987c10 +vulnerability,CVE-2024-52777,vulnerability--b168a5dc-288b-4273-86af-491248077d90 +vulnerability,CVE-2024-52779,vulnerability--2d27bc5c-7a68-409d-939e-da9b863cba3b +vulnerability,CVE-2024-52781,vulnerability--e663c362-ab53-4408-a2be-887458fde104 +vulnerability,CVE-2024-52778,vulnerability--b571ff46-e3a1-4b08-a19f-0c6a338c8c68 +vulnerability,CVE-2024-45495,vulnerability--b1e73d84-1029-46c1-98fa-1e38a6c9a609 +vulnerability,CVE-2024-10704,vulnerability--9cac511b-6803-4229-b88c-6999ff792681 +vulnerability,CVE-2024-10980,vulnerability--846827bb-a325-43c0-9172-a205bf150109 +vulnerability,CVE-2024-9044,vulnerability--d8576446-38e3-498d-b357-1dc165acbcc2 +vulnerability,CVE-2024-39162,vulnerability--0b5a8bc3-66cc-4396-bdc2-b7d4eb3d954a +vulnerability,CVE-2024-47193,vulnerability--4267c1b6-3940-4c07-951f-5ccad18c61d2 +vulnerability,CVE-2024-47094,vulnerability--50a2b9c7-2b13-4786-9ff3-9d29255bd987 +vulnerability,CVE-2024-50357,vulnerability--6d9d4659-325f-42d3-a2e6-00c349a32368 +vulnerability,CVE-2024-11983,vulnerability--fbaf7981-661f-4de7-9c22-c3225b333ec5 +vulnerability,CVE-2024-11481,vulnerability--50532054-9ecd-462a-ace4-40fc9e25698e +vulnerability,CVE-2024-11981,vulnerability--cfcbf606-fe80-494e-b4ff-86460bbe7db6 +vulnerability,CVE-2024-11978,vulnerability--c20a7be2-b607-4028-870e-72ef6c4b69bd +vulnerability,CVE-2024-11980,vulnerability--8ecee759-c537-4875-900f-04b230606198 +vulnerability,CVE-2024-11990,vulnerability--b70ca3f6-8f69-4150-af9f-a8e7bc6c6769 +vulnerability,CVE-2024-11992,vulnerability--fe5f3e76-e139-42c5-ab96-4f184446aaa8 +vulnerability,CVE-2024-11982,vulnerability--fd8c4326-6ed9-4164-8c9b-dc75066e5ba4 +vulnerability,CVE-2024-11482,vulnerability--a00ff43a-39cb-4ba3-b84a-52619d9380d4 +vulnerability,CVE-2024-11979,vulnerability--1069572b-0db0-46d6-89b5-406bd6f85998 +vulnerability,CVE-2024-11995,vulnerability--ea0dd874-4cb4-4295-8839-4f69720ed155 +vulnerability,CVE-2024-11014,vulnerability--3523137f-fa7b-48d8-9466-6c48b4d2d57d +vulnerability,CVE-2024-11013,vulnerability--8bf0d86e-edeb-45b1-bbe4-4f3afb6625f4 +vulnerability,CVE-2024-53980,vulnerability--98fa87fa-5169-496f-9d8a-467993bfb2e9 +vulnerability,CVE-2024-53504,vulnerability--d2549a12-4b8e-45cb-a257-786fbb1e167a +vulnerability,CVE-2024-53865,vulnerability--dadc11c7-ef73-4a1b-a696-9751f8f7e842 +vulnerability,CVE-2024-53979,vulnerability--23a2f2f2-06df-4b57-8c5e-0ffb215d454b +vulnerability,CVE-2024-53506,vulnerability--3e2490b8-f875-4203-aa7a-18843a036cb2 +vulnerability,CVE-2024-53623,vulnerability--c95a1ee9-fe46-4bf7-b431-5e2d485260b7 +vulnerability,CVE-2024-53701,vulnerability--4359e24c-df52-41ef-b8da-da8807f5454d +vulnerability,CVE-2024-53848,vulnerability--81104834-3cd7-408b-852e-869789b3032c +vulnerability,CVE-2024-53861,vulnerability--29cfc905-825f-4117-a1d4-7a1c80228dbc +vulnerability,CVE-2024-53507,vulnerability--2e863119-1201-4174-b310-c3428cd5b086 +vulnerability,CVE-2024-53983,vulnerability--37f38d12-f30f-4a22-8e29-8b26ba99a42d +vulnerability,CVE-2024-53864,vulnerability--13f278a1-9eef-4048-bb7b-60895071bd81 +vulnerability,CVE-2024-53505,vulnerability--2890215b-68f4-44da-98c4-b024449d0005 +vulnerability,CVE-2024-35368,vulnerability--edb2b1af-6189-44ec-a8bc-c62c68749c96 +vulnerability,CVE-2024-35369,vulnerability--a5a236d3-5535-4601-8560-5b33b19ae337 +vulnerability,CVE-2024-35366,vulnerability--bc83cb39-ea98-48d5-9997-4c72b27bf0f1 +vulnerability,CVE-2024-35451,vulnerability--f213dc37-e64b-48f2-952a-a39b23df3259 +vulnerability,CVE-2024-35371,vulnerability--1d248915-cbf7-4721-9ab6-cd64e685332d +vulnerability,CVE-2024-35367,vulnerability--2672b830-4465-4a9e-8bae-cde75d2a5c63 +vulnerability,CVE-2024-54123,vulnerability--2965517c-ca47-4a34-862a-01029d891a3e +vulnerability,CVE-2024-54159,vulnerability--ad63b7b9-7477-4f63-91d0-4f1bc523be15 +vulnerability,CVE-2024-54124,vulnerability--7b3dd4a5-2876-4312-bc68-8008b01d967a +vulnerability,CVE-2024-49806,vulnerability--eab56e0f-97bf-4311-aa38-3fc4f2b03221 +vulnerability,CVE-2024-49803,vulnerability--129056a3-1224-47b7-985f-dc2dfe942cea +vulnerability,CVE-2024-49360,vulnerability--7e15aee1-9889-4b3a-a826-27b209962697 +vulnerability,CVE-2024-49805,vulnerability--c8814e05-4a52-4ec8-b958-60cbe52e43f8 +vulnerability,CVE-2024-49804,vulnerability--b2d1c9a1-203f-40ca-9a23-bb5cf56c6de4 +vulnerability,CVE-2024-36610,vulnerability--29c554e3-4302-4b1d-9de3-915d8877000b +vulnerability,CVE-2024-36618,vulnerability--5d96a606-ef4a-4c57-ba4c-2a1022a76cca +vulnerability,CVE-2024-36622,vulnerability--50017c6a-58a3-433b-a29c-39e4bcc37b24 +vulnerability,CVE-2024-36619,vulnerability--6fdac3a9-f871-40f3-90ff-074ca06d3968 +vulnerability,CVE-2024-36617,vulnerability--83130805-43bb-43f6-9630-493b6996fd7d +vulnerability,CVE-2024-36621,vulnerability--ded830c8-c9fd-4e64-a387-46dc24799482 +vulnerability,CVE-2024-36620,vulnerability--28c55c43-d4ef-4b12-b696-766d842238bf +vulnerability,CVE-2024-36611,vulnerability--b85e7cef-c8c4-4a55-a80c-a195c529f050 +vulnerability,CVE-2024-36612,vulnerability--477039c3-2b46-45a4-908d-1cfb0d2da076 +vulnerability,CVE-2024-36624,vulnerability--401c92ef-455c-4db7-9745-2f3dd97d0bc4 +vulnerability,CVE-2024-36625,vulnerability--92ae733c-6344-42b5-af66-284c50dbe006 +vulnerability,CVE-2024-36671,vulnerability--33b93cab-7164-40b9-997f-25f1af98b63c +vulnerability,CVE-2024-36623,vulnerability--3249dc75-a290-4460-b87a-24c022d84a27 +vulnerability,CVE-2024-36615,vulnerability--da55e3a2-20e3-4198-9cf4-2195463974d3 +vulnerability,CVE-2024-36616,vulnerability--9bed2215-6ead-4dd4-958c-c5c34aabb9c5 +vulnerability,CVE-2024-36626,vulnerability--021ca777-9565-4b53-8564-fcd32328f5a7 diff --git a/objects/vulnerability/vulnerability--021ca777-9565-4b53-8564-fcd32328f5a7.json b/objects/vulnerability/vulnerability--021ca777-9565-4b53-8564-fcd32328f5a7.json new file mode 100644 index 00000000000..c5971408e98 --- /dev/null +++ b/objects/vulnerability/vulnerability--021ca777-9565-4b53-8564-fcd32328f5a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1d4fe25-c65d-4f24-8bdd-3d5c54d70e39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--021ca777-9565-4b53-8564-fcd32328f5a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.990138Z", + "modified": "2024-11-30T00:21:24.990138Z", + "name": "CVE-2024-36626", + "description": "In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b5a8bc3-66cc-4396-bdc2-b7d4eb3d954a.json b/objects/vulnerability/vulnerability--0b5a8bc3-66cc-4396-bdc2-b7d4eb3d954a.json new file mode 100644 index 00000000000..38158a5fcfa --- /dev/null +++ b/objects/vulnerability/vulnerability--0b5a8bc3-66cc-4396-bdc2-b7d4eb3d954a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4e524f1-82ad-407d-838e-39b2e4bb0439", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b5a8bc3-66cc-4396-bdc2-b7d4eb3d954a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.399204Z", + "modified": "2024-11-30T00:21:23.399204Z", + "name": "CVE-2024-39162", + "description": "** UNSUPPORTED WHEN ASSIGNED ** pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d124271-e6ea-4ac8-b5a2-ecbb44c43ab3.json b/objects/vulnerability/vulnerability--0d124271-e6ea-4ac8-b5a2-ecbb44c43ab3.json new file mode 100644 index 00000000000..905665f9365 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d124271-e6ea-4ac8-b5a2-ecbb44c43ab3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72be63f6-0472-4fff-9c0a-342ab3f24b32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d124271-e6ea-4ac8-b5a2-ecbb44c43ab3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.198381Z", + "modified": "2024-11-30T00:21:23.198381Z", + "name": "CVE-2024-52809", + "description": "vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52809" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ea6b8bb-4039-4349-9044-c87ac3c54140.json b/objects/vulnerability/vulnerability--0ea6b8bb-4039-4349-9044-c87ac3c54140.json new file mode 100644 index 00000000000..d0d65e258e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--0ea6b8bb-4039-4349-9044-c87ac3c54140.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c396e44-44b1-4322-923a-270b647f3f26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ea6b8bb-4039-4349-9044-c87ac3c54140", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.165859Z", + "modified": "2024-11-30T00:21:23.165859Z", + "name": "CVE-2024-52801", + "description": "sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1069572b-0db0-46d6-89b5-406bd6f85998.json b/objects/vulnerability/vulnerability--1069572b-0db0-46d6-89b5-406bd6f85998.json new file mode 100644 index 00000000000..3439b5c5cc2 --- /dev/null +++ b/objects/vulnerability/vulnerability--1069572b-0db0-46d6-89b5-406bd6f85998.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3bc314d7-97ee-4582-9555-3c0523982a44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1069572b-0db0-46d6-89b5-406bd6f85998", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.782549Z", + "modified": "2024-11-30T00:21:23.782549Z", + "name": "CVE-2024-11979", + "description": "DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--129056a3-1224-47b7-985f-dc2dfe942cea.json b/objects/vulnerability/vulnerability--129056a3-1224-47b7-985f-dc2dfe942cea.json new file mode 100644 index 00000000000..5cd8a7ba53f --- /dev/null +++ b/objects/vulnerability/vulnerability--129056a3-1224-47b7-985f-dc2dfe942cea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cb4f9cd-37e3-4ace-9ca3-75d4d770e71f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--129056a3-1224-47b7-985f-dc2dfe942cea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.699439Z", + "modified": "2024-11-30T00:21:24.699439Z", + "name": "CVE-2024-49803", + "description": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13f278a1-9eef-4048-bb7b-60895071bd81.json b/objects/vulnerability/vulnerability--13f278a1-9eef-4048-bb7b-60895071bd81.json new file mode 100644 index 00000000000..df7726c4e38 --- /dev/null +++ b/objects/vulnerability/vulnerability--13f278a1-9eef-4048-bb7b-60895071bd81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2edf286-246a-462d-9da2-3d0e51960d1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13f278a1-9eef-4048-bb7b-60895071bd81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.068637Z", + "modified": "2024-11-30T00:21:24.068637Z", + "name": "CVE-2024-53864", + "description": "Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53864" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d248915-cbf7-4721-9ab6-cd64e685332d.json b/objects/vulnerability/vulnerability--1d248915-cbf7-4721-9ab6-cd64e685332d.json new file mode 100644 index 00000000000..d327daaa6c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d248915-cbf7-4721-9ab6-cd64e685332d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81be6e1f-6299-4764-aa47-c51cdfcd8568", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d248915-cbf7-4721-9ab6-cd64e685332d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.632187Z", + "modified": "2024-11-30T00:21:24.632187Z", + "name": "CVE-2024-35371", + "description": "Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23a2f2f2-06df-4b57-8c5e-0ffb215d454b.json b/objects/vulnerability/vulnerability--23a2f2f2-06df-4b57-8c5e-0ffb215d454b.json new file mode 100644 index 00000000000..b7c3ca80540 --- /dev/null +++ b/objects/vulnerability/vulnerability--23a2f2f2-06df-4b57-8c5e-0ffb215d454b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--229a6629-95ad-4417-a297-eb21e7742cab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23a2f2f2-06df-4b57-8c5e-0ffb215d454b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.029415Z", + "modified": "2024-11-30T00:21:24.029415Z", + "name": "CVE-2024-53979", + "description": "ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection \"ibm.ibm_zhmc\" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the \"log_file\" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2672b830-4465-4a9e-8bae-cde75d2a5c63.json b/objects/vulnerability/vulnerability--2672b830-4465-4a9e-8bae-cde75d2a5c63.json new file mode 100644 index 00000000000..cb9059e059f --- /dev/null +++ b/objects/vulnerability/vulnerability--2672b830-4465-4a9e-8bae-cde75d2a5c63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cedf637e-2b15-43a0-a51e-f638591b9428", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2672b830-4465-4a9e-8bae-cde75d2a5c63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.634044Z", + "modified": "2024-11-30T00:21:24.634044Z", + "name": "CVE-2024-35367", + "description": "FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26ed780d-a52d-4c1d-9236-f8bb337be36c.json b/objects/vulnerability/vulnerability--26ed780d-a52d-4c1d-9236-f8bb337be36c.json new file mode 100644 index 00000000000..623d69025fe --- /dev/null +++ b/objects/vulnerability/vulnerability--26ed780d-a52d-4c1d-9236-f8bb337be36c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e929ac65-e5b7-46e4-a671-27ca1dfb3da5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26ed780d-a52d-4c1d-9236-f8bb337be36c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.184649Z", + "modified": "2024-11-30T00:21:23.184649Z", + "name": "CVE-2024-52003", + "description": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2890215b-68f4-44da-98c4-b024449d0005.json b/objects/vulnerability/vulnerability--2890215b-68f4-44da-98c4-b024449d0005.json new file mode 100644 index 00000000000..f145b6d580a --- /dev/null +++ b/objects/vulnerability/vulnerability--2890215b-68f4-44da-98c4-b024449d0005.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ba969a1-7b58-4ad2-b223-912cd8d636ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2890215b-68f4-44da-98c4-b024449d0005", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.07025Z", + "modified": "2024-11-30T00:21:24.07025Z", + "name": "CVE-2024-53505", + "description": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53505" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28c55c43-d4ef-4b12-b696-766d842238bf.json b/objects/vulnerability/vulnerability--28c55c43-d4ef-4b12-b696-766d842238bf.json new file mode 100644 index 00000000000..2760a1a5556 --- /dev/null +++ b/objects/vulnerability/vulnerability--28c55c43-d4ef-4b12-b696-766d842238bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fc00e56-b080-4022-808d-3f530def70e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28c55c43-d4ef-4b12-b696-766d842238bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.947819Z", + "modified": "2024-11-30T00:21:24.947819Z", + "name": "CVE-2024-36620", + "description": "moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2965517c-ca47-4a34-862a-01029d891a3e.json b/objects/vulnerability/vulnerability--2965517c-ca47-4a34-862a-01029d891a3e.json new file mode 100644 index 00000000000..aa08b38d789 --- /dev/null +++ b/objects/vulnerability/vulnerability--2965517c-ca47-4a34-862a-01029d891a3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9b600c6-553a-4f06-9375-ec53e459972b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2965517c-ca47-4a34-862a-01029d891a3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.657812Z", + "modified": "2024-11-30T00:21:24.657812Z", + "name": "CVE-2024-54123", + "description": "Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54123" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29c554e3-4302-4b1d-9de3-915d8877000b.json b/objects/vulnerability/vulnerability--29c554e3-4302-4b1d-9de3-915d8877000b.json new file mode 100644 index 00000000000..5cdd2fd56e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--29c554e3-4302-4b1d-9de3-915d8877000b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5b523c9-91ae-4c3f-b719-fb0c5d911d0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29c554e3-4302-4b1d-9de3-915d8877000b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.918058Z", + "modified": "2024-11-30T00:21:24.918058Z", + "name": "CVE-2024-36610", + "description": "A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29cfc905-825f-4117-a1d4-7a1c80228dbc.json b/objects/vulnerability/vulnerability--29cfc905-825f-4117-a1d4-7a1c80228dbc.json new file mode 100644 index 00000000000..985b25a7d8c --- /dev/null +++ b/objects/vulnerability/vulnerability--29cfc905-825f-4117-a1d4-7a1c80228dbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--702abba2-082e-4090-a9a0-aad570c99bd2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29cfc905-825f-4117-a1d4-7a1c80228dbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.060418Z", + "modified": "2024-11-30T00:21:24.060418Z", + "name": "CVE-2024-53861", + "description": "pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `\"acb\"` being accepted for `\"_abc_\"`. This is a bug introduced in version 2.10.0: checking the \"iss\" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if \"abc\" not in \"__abcd__\":` being checked instead of `if \"abc\" != \"__abc__\":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53861" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d27bc5c-7a68-409d-939e-da9b863cba3b.json b/objects/vulnerability/vulnerability--2d27bc5c-7a68-409d-939e-da9b863cba3b.json new file mode 100644 index 00000000000..dadc884e656 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d27bc5c-7a68-409d-939e-da9b863cba3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66a43af3-99e2-4673-a4c4-406f3973f838", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d27bc5c-7a68-409d-939e-da9b863cba3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.209077Z", + "modified": "2024-11-30T00:21:23.209077Z", + "name": "CVE-2024-52779", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52779" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e863119-1201-4174-b310-c3428cd5b086.json b/objects/vulnerability/vulnerability--2e863119-1201-4174-b310-c3428cd5b086.json new file mode 100644 index 00000000000..2dabc3cebb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e863119-1201-4174-b310-c3428cd5b086.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1dcdff7-a589-4681-afee-501bb73820e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e863119-1201-4174-b310-c3428cd5b086", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.062976Z", + "modified": "2024-11-30T00:21:24.062976Z", + "name": "CVE-2024-53507", + "description": "A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e942281-e39d-41b0-ab17-67cd97265700.json b/objects/vulnerability/vulnerability--2e942281-e39d-41b0-ab17-67cd97265700.json new file mode 100644 index 00000000000..aad12ab1c43 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e942281-e39d-41b0-ab17-67cd97265700.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--463e46e5-08e6-4232-8581-8f855ef56a09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e942281-e39d-41b0-ab17-67cd97265700", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.170347Z", + "modified": "2024-11-30T00:21:23.170347Z", + "name": "CVE-2024-52780", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52780" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3249dc75-a290-4460-b87a-24c022d84a27.json b/objects/vulnerability/vulnerability--3249dc75-a290-4460-b87a-24c022d84a27.json new file mode 100644 index 00000000000..6ddadd29c5a --- /dev/null +++ b/objects/vulnerability/vulnerability--3249dc75-a290-4460-b87a-24c022d84a27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0e5627a-853b-4c16-9952-020728d8b47d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3249dc75-a290-4460-b87a-24c022d84a27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.980817Z", + "modified": "2024-11-30T00:21:24.980817Z", + "name": "CVE-2024-36623", + "description": "moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33b93cab-7164-40b9-997f-25f1af98b63c.json b/objects/vulnerability/vulnerability--33b93cab-7164-40b9-997f-25f1af98b63c.json new file mode 100644 index 00000000000..2abfaa03117 --- /dev/null +++ b/objects/vulnerability/vulnerability--33b93cab-7164-40b9-997f-25f1af98b63c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5b13d8e-6241-4a2a-9d4f-f4a8c29ad859", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33b93cab-7164-40b9-997f-25f1af98b63c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.970618Z", + "modified": "2024-11-30T00:21:24.970618Z", + "name": "CVE-2024-36671", + "description": "nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3523137f-fa7b-48d8-9466-6c48b4d2d57d.json b/objects/vulnerability/vulnerability--3523137f-fa7b-48d8-9466-6c48b4d2d57d.json new file mode 100644 index 00000000000..749f2371df3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3523137f-fa7b-48d8-9466-6c48b4d2d57d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f685abdd-a054-4d7b-aafd-bfbe02984f89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3523137f-fa7b-48d8-9466-6c48b4d2d57d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.790348Z", + "modified": "2024-11-30T00:21:23.790348Z", + "name": "CVE-2024-11014", + "description": "Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37f38d12-f30f-4a22-8e29-8b26ba99a42d.json b/objects/vulnerability/vulnerability--37f38d12-f30f-4a22-8e29-8b26ba99a42d.json new file mode 100644 index 00000000000..95fe14f833b --- /dev/null +++ b/objects/vulnerability/vulnerability--37f38d12-f30f-4a22-8e29-8b26ba99a42d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c5d8405-0dda-4c9f-ad4b-eb049f8ebcbb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37f38d12-f30f-4a22-8e29-8b26ba99a42d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.06727Z", + "modified": "2024-11-30T00:21:24.06727Z", + "name": "CVE-2024-53983", + "description": "The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these tokens, unauthorized access to sensitive resources in git can be achieved. The impact is considered medium severity as the Backstage Threat Model recommends restricting access to adding and editing templates in the Backstage Catalog plugin. The issue has been resolved in versions `v0.4.12`, `v0.5.1` and `v0.6.1` of the `@backstage/plugin-scaffolder-node` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. Users are advised to upgrade. Users unable to upgrade may ensure that templates do not change git config.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e2490b8-f875-4203-aa7a-18843a036cb2.json b/objects/vulnerability/vulnerability--3e2490b8-f875-4203-aa7a-18843a036cb2.json new file mode 100644 index 00000000000..ccd023900a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e2490b8-f875-4203-aa7a-18843a036cb2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d162607f-b800-4fc2-9417-8c08ff9f570f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e2490b8-f875-4203-aa7a-18843a036cb2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.031299Z", + "modified": "2024-11-30T00:21:24.031299Z", + "name": "CVE-2024-53506", + "description": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--401c92ef-455c-4db7-9745-2f3dd97d0bc4.json b/objects/vulnerability/vulnerability--401c92ef-455c-4db7-9745-2f3dd97d0bc4.json new file mode 100644 index 00000000000..b23dda6deca --- /dev/null +++ b/objects/vulnerability/vulnerability--401c92ef-455c-4db7-9745-2f3dd97d0bc4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a88582b9-9c19-43de-ba0a-aedbcddf4a10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--401c92ef-455c-4db7-9745-2f3dd97d0bc4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.959268Z", + "modified": "2024-11-30T00:21:24.959268Z", + "name": "CVE-2024-36624", + "description": "Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4267c1b6-3940-4c07-951f-5ccad18c61d2.json b/objects/vulnerability/vulnerability--4267c1b6-3940-4c07-951f-5ccad18c61d2.json new file mode 100644 index 00000000000..3feb2623c35 --- /dev/null +++ b/objects/vulnerability/vulnerability--4267c1b6-3940-4c07-951f-5ccad18c61d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4eec1db-5389-4335-a470-184d3f974cf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4267c1b6-3940-4c07-951f-5ccad18c61d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.459247Z", + "modified": "2024-11-30T00:21:23.459247Z", + "name": "CVE-2024-47193", + "description": "WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47193" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4359e24c-df52-41ef-b8da-da8807f5454d.json b/objects/vulnerability/vulnerability--4359e24c-df52-41ef-b8da-da8807f5454d.json new file mode 100644 index 00000000000..f4541008244 --- /dev/null +++ b/objects/vulnerability/vulnerability--4359e24c-df52-41ef-b8da-da8807f5454d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db6b98b9-c920-4bc1-b6ee-0079a361f98c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4359e24c-df52-41ef-b8da-da8807f5454d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.035943Z", + "modified": "2024-11-30T00:21:24.035943Z", + "name": "CVE-2024-53701", + "description": "Multiple FCNT Android devices provide the original security features such as \"privacy mode\" where arbitrary applications can be set not to be displayed, etc.\r\nUnder certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--477039c3-2b46-45a4-908d-1cfb0d2da076.json b/objects/vulnerability/vulnerability--477039c3-2b46-45a4-908d-1cfb0d2da076.json new file mode 100644 index 00000000000..6f4a45d20ab --- /dev/null +++ b/objects/vulnerability/vulnerability--477039c3-2b46-45a4-908d-1cfb0d2da076.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa4f1748-96cc-4913-b0c6-608661abcf2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--477039c3-2b46-45a4-908d-1cfb0d2da076", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.953519Z", + "modified": "2024-11-30T00:21:24.953519Z", + "name": "CVE-2024-36612", + "description": "Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50017c6a-58a3-433b-a29c-39e4bcc37b24.json b/objects/vulnerability/vulnerability--50017c6a-58a3-433b-a29c-39e4bcc37b24.json new file mode 100644 index 00000000000..b978a868ac9 --- /dev/null +++ b/objects/vulnerability/vulnerability--50017c6a-58a3-433b-a29c-39e4bcc37b24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f6509fd-7b7b-4e27-a670-b3804173a5a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50017c6a-58a3-433b-a29c-39e4bcc37b24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.923372Z", + "modified": "2024-11-30T00:21:24.923372Z", + "name": "CVE-2024-36622", + "description": "In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50532054-9ecd-462a-ace4-40fc9e25698e.json b/objects/vulnerability/vulnerability--50532054-9ecd-462a-ace4-40fc9e25698e.json new file mode 100644 index 00000000000..04deff7b4b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--50532054-9ecd-462a-ace4-40fc9e25698e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4bbfc55b-3ce1-4d8e-af33-089259bb75fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50532054-9ecd-462a-ace4-40fc9e25698e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.744439Z", + "modified": "2024-11-30T00:21:23.744439Z", + "name": "CVE-2024-11481", + "description": "A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50a2b9c7-2b13-4786-9ff3-9d29255bd987.json b/objects/vulnerability/vulnerability--50a2b9c7-2b13-4786-9ff3-9d29255bd987.json new file mode 100644 index 00000000000..60ca369f7b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--50a2b9c7-2b13-4786-9ff3-9d29255bd987.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51013e7a-e4f0-4faf-9d48-3f9ac149967c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50a2b9c7-2b13-4786-9ff3-9d29255bd987", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.494935Z", + "modified": "2024-11-30T00:21:23.494935Z", + "name": "CVE-2024-47094", + "description": "Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d96a606-ef4a-4c57-ba4c-2a1022a76cca.json b/objects/vulnerability/vulnerability--5d96a606-ef4a-4c57-ba4c-2a1022a76cca.json new file mode 100644 index 00000000000..e21baa9f00b --- /dev/null +++ b/objects/vulnerability/vulnerability--5d96a606-ef4a-4c57-ba4c-2a1022a76cca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--783ad532-9723-4a84-be56-c73c56501e16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d96a606-ef4a-4c57-ba4c-2a1022a76cca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.921929Z", + "modified": "2024-11-30T00:21:24.921929Z", + "name": "CVE-2024-36618", + "description": "FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d9d4659-325f-42d3-a2e6-00c349a32368.json b/objects/vulnerability/vulnerability--6d9d4659-325f-42d3-a2e6-00c349a32368.json new file mode 100644 index 00000000000..9b03bf3803f --- /dev/null +++ b/objects/vulnerability/vulnerability--6d9d4659-325f-42d3-a2e6-00c349a32368.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--495baef2-811a-4438-bf1a-ff8fd6b5aa9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d9d4659-325f-42d3-a2e6-00c349a32368", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.561265Z", + "modified": "2024-11-30T00:21:23.561265Z", + "name": "CVE-2024-50357", + "description": "FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50357" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fdac3a9-f871-40f3-90ff-074ca06d3968.json b/objects/vulnerability/vulnerability--6fdac3a9-f871-40f3-90ff-074ca06d3968.json new file mode 100644 index 00000000000..c0a49cc6fa8 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fdac3a9-f871-40f3-90ff-074ca06d3968.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac50b2bf-c028-497e-ad89-ad4ace7846c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fdac3a9-f871-40f3-90ff-074ca06d3968", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.924476Z", + "modified": "2024-11-30T00:21:24.924476Z", + "name": "CVE-2024-36619", + "description": "FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ff37ebe-1fc4-4f86-b687-fc83fbfda9a0.json b/objects/vulnerability/vulnerability--6ff37ebe-1fc4-4f86-b687-fc83fbfda9a0.json new file mode 100644 index 00000000000..14537653841 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ff37ebe-1fc4-4f86-b687-fc83fbfda9a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a21122ad-ce1d-4427-8a39-fc5008f85e67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ff37ebe-1fc4-4f86-b687-fc83fbfda9a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.045877Z", + "modified": "2024-11-30T00:21:23.045877Z", + "name": "CVE-2024-48651", + "description": "In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b3dd4a5-2876-4312-bc68-8008b01d967a.json b/objects/vulnerability/vulnerability--7b3dd4a5-2876-4312-bc68-8008b01d967a.json new file mode 100644 index 00000000000..dd95e6d4b6c --- /dev/null +++ b/objects/vulnerability/vulnerability--7b3dd4a5-2876-4312-bc68-8008b01d967a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--570c8a2a-1002-443e-9958-8864633880ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b3dd4a5-2876-4312-bc68-8008b01d967a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.661733Z", + "modified": "2024-11-30T00:21:24.661733Z", + "name": "CVE-2024-54124", + "description": "In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54124" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e15aee1-9889-4b3a-a826-27b209962697.json b/objects/vulnerability/vulnerability--7e15aee1-9889-4b3a-a826-27b209962697.json new file mode 100644 index 00000000000..09d46f3b0f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e15aee1-9889-4b3a-a826-27b209962697.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee0afdf7-71f7-4083-be41-55eaa8937b91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e15aee1-9889-4b3a-a826-27b209962697", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.711955Z", + "modified": "2024-11-30T00:21:24.711955Z", + "name": "CVE-2024-49360", + "description": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\\Sandbox\\UserB\\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\\Sandbox\\xxx`. By default in Windows 7+, the `C:\\Users\\UserA` folder is not readable by **UserB**.\nAll files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\\Sandox\\UserA`. In addition, if **UserB** create a folder `C:\\Sandbox\\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn't reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49360" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81104834-3cd7-408b-852e-869789b3032c.json b/objects/vulnerability/vulnerability--81104834-3cd7-408b-852e-869789b3032c.json new file mode 100644 index 00000000000..21d80b333ad --- /dev/null +++ b/objects/vulnerability/vulnerability--81104834-3cd7-408b-852e-869789b3032c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55bf0151-363b-41ff-bca6-b8870a599a2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81104834-3cd7-408b-852e-869789b3032c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.047609Z", + "modified": "2024-11-30T00:21:24.047609Z", + "name": "CVE-2024-53848", + "description": "check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://example.org/schema.json` will be stored as `schema.json`. This naming allows for conflicts. If an attacker can get a user to run `check-jsonschema` against a malicious schema URL, e.g., `https://example.evil.org/schema.json`, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected. This issue has been patched in version 0.30.0. All users are advised to upgrade. A few workarounds exist: 1. Users can use `--no-cache` to disable caching. 2. Users can use `--cache-filename` to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. (Note: this flag is being deprecated as part of the remediation effort.) 3. Users can explicitly download the schema before use as a local file, as in `curl -LOs https://example.org/schema.json; check-jsonschema --schemafile ./schema.json`", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83130805-43bb-43f6-9630-493b6996fd7d.json b/objects/vulnerability/vulnerability--83130805-43bb-43f6-9630-493b6996fd7d.json new file mode 100644 index 00000000000..9d3097ea8ca --- /dev/null +++ b/objects/vulnerability/vulnerability--83130805-43bb-43f6-9630-493b6996fd7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e50c4474-99e4-4ceb-be99-c50ba45e343a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83130805-43bb-43f6-9630-493b6996fd7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.929081Z", + "modified": "2024-11-30T00:21:24.929081Z", + "name": "CVE-2024-36617", + "description": "FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--846827bb-a325-43c0-9172-a205bf150109.json b/objects/vulnerability/vulnerability--846827bb-a325-43c0-9172-a205bf150109.json new file mode 100644 index 00000000000..82ce14e2fe6 --- /dev/null +++ b/objects/vulnerability/vulnerability--846827bb-a325-43c0-9172-a205bf150109.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4caf74e-66a2-42b8-83c4-e8b0885840ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--846827bb-a325-43c0-9172-a205bf150109", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.33283Z", + "modified": "2024-11-30T00:21:23.33283Z", + "name": "CVE-2024-10980", + "description": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bd93e51-9d25-4ea6-8ad5-095f92987c10.json b/objects/vulnerability/vulnerability--8bd93e51-9d25-4ea6-8ad5-095f92987c10.json new file mode 100644 index 00000000000..36c9b4cdc6d --- /dev/null +++ b/objects/vulnerability/vulnerability--8bd93e51-9d25-4ea6-8ad5-095f92987c10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2f678fb-9de1-422d-98b7-1cedff4f77b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bd93e51-9d25-4ea6-8ad5-095f92987c10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.202039Z", + "modified": "2024-11-30T00:21:23.202039Z", + "name": "CVE-2024-52810", + "description": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52810" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bf0d86e-edeb-45b1-bbe4-4f3afb6625f4.json b/objects/vulnerability/vulnerability--8bf0d86e-edeb-45b1-bbe4-4f3afb6625f4.json new file mode 100644 index 00000000000..d9e19438a8d --- /dev/null +++ b/objects/vulnerability/vulnerability--8bf0d86e-edeb-45b1-bbe4-4f3afb6625f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--037e56bf-d703-4d1d-b283-ba4f23f28405", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bf0d86e-edeb-45b1-bbe4-4f3afb6625f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.793793Z", + "modified": "2024-11-30T00:21:23.793793Z", + "name": "CVE-2024-11013", + "description": "Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11013" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ecee759-c537-4875-900f-04b230606198.json b/objects/vulnerability/vulnerability--8ecee759-c537-4875-900f-04b230606198.json new file mode 100644 index 00000000000..0b421764a83 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ecee759-c537-4875-900f-04b230606198.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae799f54-be39-4ae2-9aed-775394e2fb5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ecee759-c537-4875-900f-04b230606198", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.760677Z", + "modified": "2024-11-30T00:21:23.760677Z", + "name": "CVE-2024-11980", + "description": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--904fa987-8208-42f4-8cc8-08730ada58a6.json b/objects/vulnerability/vulnerability--904fa987-8208-42f4-8cc8-08730ada58a6.json new file mode 100644 index 00000000000..cb3fcdba01a --- /dev/null +++ b/objects/vulnerability/vulnerability--904fa987-8208-42f4-8cc8-08730ada58a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3d0f2d6-7588-41c9-bb9f-023e5f9816da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--904fa987-8208-42f4-8cc8-08730ada58a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.183398Z", + "modified": "2024-11-30T00:21:23.183398Z", + "name": "CVE-2024-52782", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92ae733c-6344-42b5-af66-284c50dbe006.json b/objects/vulnerability/vulnerability--92ae733c-6344-42b5-af66-284c50dbe006.json new file mode 100644 index 00000000000..dabfe86eb35 --- /dev/null +++ b/objects/vulnerability/vulnerability--92ae733c-6344-42b5-af66-284c50dbe006.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--964d096b-6fc4-417b-a218-68fe2a2946fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92ae733c-6344-42b5-af66-284c50dbe006", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.969579Z", + "modified": "2024-11-30T00:21:24.969579Z", + "name": "CVE-2024-36625", + "description": "Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98fa87fa-5169-496f-9d8a-467993bfb2e9.json b/objects/vulnerability/vulnerability--98fa87fa-5169-496f-9d8a-467993bfb2e9.json new file mode 100644 index 00000000000..f5de3b10785 --- /dev/null +++ b/objects/vulnerability/vulnerability--98fa87fa-5169-496f-9d8a-467993bfb2e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76c6452b-750a-4c0e-ad3a-bbd8c3b8539d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98fa87fa-5169-496f-9d8a-467993bfb2e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.019291Z", + "modified": "2024-11-30T00:21:24.019291Z", + "name": "CVE-2024-53980", + "description": "RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bed2215-6ead-4dd4-958c-c5c34aabb9c5.json b/objects/vulnerability/vulnerability--9bed2215-6ead-4dd4-958c-c5c34aabb9c5.json new file mode 100644 index 00000000000..038b78178d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--9bed2215-6ead-4dd4-958c-c5c34aabb9c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f022a280-9bd4-412b-9d66-a4d42e4f97b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bed2215-6ead-4dd4-958c-c5c34aabb9c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.985786Z", + "modified": "2024-11-30T00:21:24.985786Z", + "name": "CVE-2024-36616", + "description": "An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9cac511b-6803-4229-b88c-6999ff792681.json b/objects/vulnerability/vulnerability--9cac511b-6803-4229-b88c-6999ff792681.json new file mode 100644 index 00000000000..28fc35f0c17 --- /dev/null +++ b/objects/vulnerability/vulnerability--9cac511b-6803-4229-b88c-6999ff792681.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--678e7d0e-946e-440e-9f9c-02185ad9b56d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9cac511b-6803-4229-b88c-6999ff792681", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.297832Z", + "modified": "2024-11-30T00:21:23.297832Z", + "name": "CVE-2024-10704", + "description": "The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10704" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a00ff43a-39cb-4ba3-b84a-52619d9380d4.json b/objects/vulnerability/vulnerability--a00ff43a-39cb-4ba3-b84a-52619d9380d4.json new file mode 100644 index 00000000000..02c4b9ce787 --- /dev/null +++ b/objects/vulnerability/vulnerability--a00ff43a-39cb-4ba3-b84a-52619d9380d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90980441-5af1-418e-92f9-244b08501f63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a00ff43a-39cb-4ba3-b84a-52619d9380d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.775943Z", + "modified": "2024-11-30T00:21:23.775943Z", + "name": "CVE-2024-11482", + "description": "A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5a236d3-5535-4601-8560-5b33b19ae337.json b/objects/vulnerability/vulnerability--a5a236d3-5535-4601-8560-5b33b19ae337.json new file mode 100644 index 00000000000..b9cb07302d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5a236d3-5535-4601-8560-5b33b19ae337.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f478455a-3fb9-4dd1-b331-ad6e60f6c7d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5a236d3-5535-4601-8560-5b33b19ae337", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.614194Z", + "modified": "2024-11-30T00:21:24.614194Z", + "name": "CVE-2024-35369", + "description": "In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad63b7b9-7477-4f63-91d0-4f1bc523be15.json b/objects/vulnerability/vulnerability--ad63b7b9-7477-4f63-91d0-4f1bc523be15.json new file mode 100644 index 00000000000..ae0eb63c91c --- /dev/null +++ b/objects/vulnerability/vulnerability--ad63b7b9-7477-4f63-91d0-4f1bc523be15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66aae35b-0844-47a2-9aa3-b762ec03ec42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad63b7b9-7477-4f63-91d0-4f1bc523be15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.660525Z", + "modified": "2024-11-30T00:21:24.660525Z", + "name": "CVE-2024-54159", + "description": "stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54159" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b168a5dc-288b-4273-86af-491248077d90.json b/objects/vulnerability/vulnerability--b168a5dc-288b-4273-86af-491248077d90.json new file mode 100644 index 00000000000..b7d2739267c --- /dev/null +++ b/objects/vulnerability/vulnerability--b168a5dc-288b-4273-86af-491248077d90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5abcdda-91d2-4f73-b4f8-d9ac6bce9820", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b168a5dc-288b-4273-86af-491248077d90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.206013Z", + "modified": "2024-11-30T00:21:23.206013Z", + "name": "CVE-2024-52777", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52777" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1e73d84-1029-46c1-98fa-1e38a6c9a609.json b/objects/vulnerability/vulnerability--b1e73d84-1029-46c1-98fa-1e38a6c9a609.json new file mode 100644 index 00000000000..d5bbed82664 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1e73d84-1029-46c1-98fa-1e38a6c9a609.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--652e11b5-193e-47c9-8a6f-4f5d787c861c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1e73d84-1029-46c1-98fa-1e38a6c9a609", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.257074Z", + "modified": "2024-11-30T00:21:23.257074Z", + "name": "CVE-2024-45495", + "description": "MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2d1c9a1-203f-40ca-9a23-bb5cf56c6de4.json b/objects/vulnerability/vulnerability--b2d1c9a1-203f-40ca-9a23-bb5cf56c6de4.json new file mode 100644 index 00000000000..427a0363f4c --- /dev/null +++ b/objects/vulnerability/vulnerability--b2d1c9a1-203f-40ca-9a23-bb5cf56c6de4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b97f728c-24dc-4b77-a481-cf8819afca1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2d1c9a1-203f-40ca-9a23-bb5cf56c6de4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.720346Z", + "modified": "2024-11-30T00:21:24.720346Z", + "name": "CVE-2024-49804", + "description": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b571ff46-e3a1-4b08-a19f-0c6a338c8c68.json b/objects/vulnerability/vulnerability--b571ff46-e3a1-4b08-a19f-0c6a338c8c68.json new file mode 100644 index 00000000000..c81bae3b0ec --- /dev/null +++ b/objects/vulnerability/vulnerability--b571ff46-e3a1-4b08-a19f-0c6a338c8c68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66f54a50-7669-49c0-bea1-96968652ee1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b571ff46-e3a1-4b08-a19f-0c6a338c8c68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.220199Z", + "modified": "2024-11-30T00:21:23.220199Z", + "name": "CVE-2024-52778", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52778" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b70ca3f6-8f69-4150-af9f-a8e7bc6c6769.json b/objects/vulnerability/vulnerability--b70ca3f6-8f69-4150-af9f-a8e7bc6c6769.json new file mode 100644 index 00000000000..5fca6ae412c --- /dev/null +++ b/objects/vulnerability/vulnerability--b70ca3f6-8f69-4150-af9f-a8e7bc6c6769.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16d52974-0c80-4940-b5fd-09bffbdc4936", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b70ca3f6-8f69-4150-af9f-a8e7bc6c6769", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.765789Z", + "modified": "2024-11-30T00:21:23.765789Z", + "name": "CVE-2024-11990", + "description": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11990" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b85e7cef-c8c4-4a55-a80c-a195c529f050.json b/objects/vulnerability/vulnerability--b85e7cef-c8c4-4a55-a80c-a195c529f050.json new file mode 100644 index 00000000000..052b9e585ad --- /dev/null +++ b/objects/vulnerability/vulnerability--b85e7cef-c8c4-4a55-a80c-a195c529f050.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e2245f9-76ed-43eb-8155-0231e96ee0db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b85e7cef-c8c4-4a55-a80c-a195c529f050", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.950475Z", + "modified": "2024-11-30T00:21:24.950475Z", + "name": "CVE-2024-36611", + "description": "In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc83cb39-ea98-48d5-9997-4c72b27bf0f1.json b/objects/vulnerability/vulnerability--bc83cb39-ea98-48d5-9997-4c72b27bf0f1.json new file mode 100644 index 00000000000..653fe29ccdd --- /dev/null +++ b/objects/vulnerability/vulnerability--bc83cb39-ea98-48d5-9997-4c72b27bf0f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2edda49-d4dd-4962-a6a1-8c626ebc57c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc83cb39-ea98-48d5-9997-4c72b27bf0f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.618211Z", + "modified": "2024-11-30T00:21:24.618211Z", + "name": "CVE-2024-35366", + "description": "FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c20a7be2-b607-4028-870e-72ef6c4b69bd.json b/objects/vulnerability/vulnerability--c20a7be2-b607-4028-870e-72ef6c4b69bd.json new file mode 100644 index 00000000000..52f62905bb3 --- /dev/null +++ b/objects/vulnerability/vulnerability--c20a7be2-b607-4028-870e-72ef6c4b69bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed3cd46f-a075-4f98-92a5-296346f8d2b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c20a7be2-b607-4028-870e-72ef6c4b69bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.750699Z", + "modified": "2024-11-30T00:21:23.750699Z", + "name": "CVE-2024-11978", + "description": "DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8814e05-4a52-4ec8-b958-60cbe52e43f8.json b/objects/vulnerability/vulnerability--c8814e05-4a52-4ec8-b958-60cbe52e43f8.json new file mode 100644 index 00000000000..811ed9c51d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8814e05-4a52-4ec8-b958-60cbe52e43f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39e45130-6869-4e1b-b3e4-9b63b0d878d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8814e05-4a52-4ec8-b958-60cbe52e43f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.716453Z", + "modified": "2024-11-30T00:21:24.716453Z", + "name": "CVE-2024-49805", + "description": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49805" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c95a1ee9-fe46-4bf7-b431-5e2d485260b7.json b/objects/vulnerability/vulnerability--c95a1ee9-fe46-4bf7-b431-5e2d485260b7.json new file mode 100644 index 00000000000..b9c68ce227a --- /dev/null +++ b/objects/vulnerability/vulnerability--c95a1ee9-fe46-4bf7-b431-5e2d485260b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1540befb-7b28-45c3-995c-b2eeb7c3b695", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c95a1ee9-fe46-4bf7-b431-5e2d485260b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.033171Z", + "modified": "2024-11-30T00:21:24.033171Z", + "name": "CVE-2024-53623", + "description": "Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfcbf606-fe80-494e-b4ff-86460bbe7db6.json b/objects/vulnerability/vulnerability--cfcbf606-fe80-494e-b4ff-86460bbe7db6.json new file mode 100644 index 00000000000..10cbcf45231 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfcbf606-fe80-494e-b4ff-86460bbe7db6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d276b653-12f9-46f2-a8d1-20af0e4e108e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfcbf606-fe80-494e-b4ff-86460bbe7db6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.748583Z", + "modified": "2024-11-30T00:21:23.748583Z", + "name": "CVE-2024-11981", + "description": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11981" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2549a12-4b8e-45cb-a257-786fbb1e167a.json b/objects/vulnerability/vulnerability--d2549a12-4b8e-45cb-a257-786fbb1e167a.json new file mode 100644 index 00000000000..0456e0e7868 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2549a12-4b8e-45cb-a257-786fbb1e167a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--860a03bc-6e8c-40e4-aeba-a65f5fd42358", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2549a12-4b8e-45cb-a257-786fbb1e167a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.02335Z", + "modified": "2024-11-30T00:21:24.02335Z", + "name": "CVE-2024-53504", + "description": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8576446-38e3-498d-b357-1dc165acbcc2.json b/objects/vulnerability/vulnerability--d8576446-38e3-498d-b357-1dc165acbcc2.json new file mode 100644 index 00000000000..04f660dda81 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8576446-38e3-498d-b357-1dc165acbcc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2d5f0c3-f97f-4160-aa03-44d74514e46e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8576446-38e3-498d-b357-1dc165acbcc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.373885Z", + "modified": "2024-11-30T00:21:23.373885Z", + "name": "CVE-2024-9044", + "description": "A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9044" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9d0ebd4-279b-4f7d-a8e1-014c5a2fadf0.json b/objects/vulnerability/vulnerability--d9d0ebd4-279b-4f7d-a8e1-014c5a2fadf0.json new file mode 100644 index 00000000000..c27c0c7f9d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d9d0ebd4-279b-4f7d-a8e1-014c5a2fadf0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c21b3c2e-69bc-460d-b638-fc5c5d80d90d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9d0ebd4-279b-4f7d-a8e1-014c5a2fadf0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.196857Z", + "modified": "2024-11-30T00:21:23.196857Z", + "name": "CVE-2024-52800", + "description": "veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da55e3a2-20e3-4198-9cf4-2195463974d3.json b/objects/vulnerability/vulnerability--da55e3a2-20e3-4198-9cf4-2195463974d3.json new file mode 100644 index 00000000000..9a7d217d147 --- /dev/null +++ b/objects/vulnerability/vulnerability--da55e3a2-20e3-4198-9cf4-2195463974d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75d768d5-6f13-4567-9875-583b4a8898d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da55e3a2-20e3-4198-9cf4-2195463974d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.981835Z", + "modified": "2024-11-30T00:21:24.981835Z", + "name": "CVE-2024-36615", + "description": "FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dadc11c7-ef73-4a1b-a696-9751f8f7e842.json b/objects/vulnerability/vulnerability--dadc11c7-ef73-4a1b-a696-9751f8f7e842.json new file mode 100644 index 00000000000..577327f08d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--dadc11c7-ef73-4a1b-a696-9751f8f7e842.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d10b75b-ce31-418a-a852-117105585a38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dadc11c7-ef73-4a1b-a696-9751f8f7e842", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.024441Z", + "modified": "2024-11-30T00:21:24.024441Z", + "name": "CVE-2024-53865", + "description": "zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package \"zhmcclient\" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The 'ssc-master-pw' and 'zaware-master-pw' properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The 'ssc-master-pw' and 'zaware-master-pw' properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The 'password' property when creating or updating an HMC user, in the zhmcclient API log. 5. The 'bind-password' property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named \"zhmcclient.api\" (for the API log) or \"zhmcclient.hmc\" (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ded830c8-c9fd-4e64-a387-46dc24799482.json b/objects/vulnerability/vulnerability--ded830c8-c9fd-4e64-a387-46dc24799482.json new file mode 100644 index 00000000000..b9e05da5d10 --- /dev/null +++ b/objects/vulnerability/vulnerability--ded830c8-c9fd-4e64-a387-46dc24799482.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab03139c-c8d4-4532-867d-8db0f244b8a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ded830c8-c9fd-4e64-a387-46dc24799482", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.942365Z", + "modified": "2024-11-30T00:21:24.942365Z", + "name": "CVE-2024-36621", + "description": "moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36621" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e663c362-ab53-4408-a2be-887458fde104.json b/objects/vulnerability/vulnerability--e663c362-ab53-4408-a2be-887458fde104.json new file mode 100644 index 00000000000..aa86e83b316 --- /dev/null +++ b/objects/vulnerability/vulnerability--e663c362-ab53-4408-a2be-887458fde104.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ae47f0b-20af-4875-9aeb-0e5e03b38fe7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e663c362-ab53-4408-a2be-887458fde104", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.210174Z", + "modified": "2024-11-30T00:21:23.210174Z", + "name": "CVE-2024-52781", + "description": "DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6d64a75-0acf-4f52-848e-fd6a1c00e2d8.json b/objects/vulnerability/vulnerability--e6d64a75-0acf-4f52-848e-fd6a1c00e2d8.json new file mode 100644 index 00000000000..9dac01c276b --- /dev/null +++ b/objects/vulnerability/vulnerability--e6d64a75-0acf-4f52-848e-fd6a1c00e2d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a543a24b-6851-4e4f-93c1-2a8b322233dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6d64a75-0acf-4f52-848e-fd6a1c00e2d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.090473Z", + "modified": "2024-11-30T00:21:23.090473Z", + "name": "CVE-2024-48406", + "description": "Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea0dd874-4cb4-4295-8839-4f69720ed155.json b/objects/vulnerability/vulnerability--ea0dd874-4cb4-4295-8839-4f69720ed155.json new file mode 100644 index 00000000000..83c7cdd32f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea0dd874-4cb4-4295-8839-4f69720ed155.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d57cae10-28da-45d8-845b-3346e06b7d8d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea0dd874-4cb4-4295-8839-4f69720ed155", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.784395Z", + "modified": "2024-11-30T00:21:23.784395Z", + "name": "CVE-2024-11995", + "description": "A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11995" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eab56e0f-97bf-4311-aa38-3fc4f2b03221.json b/objects/vulnerability/vulnerability--eab56e0f-97bf-4311-aa38-3fc4f2b03221.json new file mode 100644 index 00000000000..8801023923e --- /dev/null +++ b/objects/vulnerability/vulnerability--eab56e0f-97bf-4311-aa38-3fc4f2b03221.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c30b77f-7578-44f2-b48f-761cec295aa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eab56e0f-97bf-4311-aa38-3fc4f2b03221", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.689041Z", + "modified": "2024-11-30T00:21:24.689041Z", + "name": "CVE-2024-49806", + "description": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49806" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edb2b1af-6189-44ec-a8bc-c62c68749c96.json b/objects/vulnerability/vulnerability--edb2b1af-6189-44ec-a8bc-c62c68749c96.json new file mode 100644 index 00000000000..0d41efba68f --- /dev/null +++ b/objects/vulnerability/vulnerability--edb2b1af-6189-44ec-a8bc-c62c68749c96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d00d2fc-74a2-480f-bd8a-d086e52cbf1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edb2b1af-6189-44ec-a8bc-c62c68749c96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.604512Z", + "modified": "2024-11-30T00:21:24.604512Z", + "name": "CVE-2024-35368", + "description": "FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f213dc37-e64b-48f2-952a-a39b23df3259.json b/objects/vulnerability/vulnerability--f213dc37-e64b-48f2-952a-a39b23df3259.json new file mode 100644 index 00000000000..0051d89fd89 --- /dev/null +++ b/objects/vulnerability/vulnerability--f213dc37-e64b-48f2-952a-a39b23df3259.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--698cfc52-8efe-499b-804e-27a055406680", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f213dc37-e64b-48f2-952a-a39b23df3259", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:24.623207Z", + "modified": "2024-11-30T00:21:24.623207Z", + "name": "CVE-2024-35451", + "description": "LinkStack 2.7.9 through 4.7.7 allows resources\\views\\components\\favicon.blade.php link SSRF.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbaf7981-661f-4de7-9c22-c3225b333ec5.json b/objects/vulnerability/vulnerability--fbaf7981-661f-4de7-9c22-c3225b333ec5.json new file mode 100644 index 00000000000..b8987efa5c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--fbaf7981-661f-4de7-9c22-c3225b333ec5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--106bfc54-737f-4e47-9014-55b80f16fd38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbaf7981-661f-4de7-9c22-c3225b333ec5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.741784Z", + "modified": "2024-11-30T00:21:23.741784Z", + "name": "CVE-2024-11983", + "description": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd8c4326-6ed9-4164-8c9b-dc75066e5ba4.json b/objects/vulnerability/vulnerability--fd8c4326-6ed9-4164-8c9b-dc75066e5ba4.json new file mode 100644 index 00000000000..86cf48cb4fd --- /dev/null +++ b/objects/vulnerability/vulnerability--fd8c4326-6ed9-4164-8c9b-dc75066e5ba4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15034fc3-32ca-499c-b9c8-6982cb6f5dd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd8c4326-6ed9-4164-8c9b-dc75066e5ba4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.773731Z", + "modified": "2024-11-30T00:21:23.773731Z", + "name": "CVE-2024-11982", + "description": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe5f3e76-e139-42c5-ab96-4f184446aaa8.json b/objects/vulnerability/vulnerability--fe5f3e76-e139-42c5-ab96-4f184446aaa8.json new file mode 100644 index 00000000000..4d88b1ee7b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe5f3e76-e139-42c5-ab96-4f184446aaa8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d343fac-1e60-4cb2-a62b-549b49a4e061", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe5f3e76-e139-42c5-ab96-4f184446aaa8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-30T00:21:23.771211Z", + "modified": "2024-11-30T00:21:23.771211Z", + "name": "CVE-2024-11992", + "description": "Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11992" + } + ] + } + ] +} \ No newline at end of file