From 51cba79e5582497c6084ef78c6b3bdd3875ae9c5 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 22 Aug 2024 00:18:55 +0000
Subject: [PATCH] generated content from 2024-08-22
---
mapping.csv | 162 ++++++++++++++++++
...-0052bd39-d8a7-4741-a3a9-65ed7b0321d5.json | 22 +++
...-012fead3-b0fe-4eda-a304-8e6bf8d8bacb.json | 22 +++
...-01542348-65dc-4f92-a8b5-715f5ee589ed.json | 22 +++
...-01667210-6b5c-43ee-aa75-2636b2bbfb12.json | 22 +++
...-02a6b6e1-8cda-4ca9-96d9-00c02354c520.json | 22 +++
...-03e018fa-0743-4ee3-95f8-9e440611127d.json | 22 +++
...-045702df-3d14-4677-82e9-c950cc2d93e6.json | 22 +++
...-065cd0ad-ff5d-4fe8-8047-83c60d303737.json | 22 +++
...-070118d3-c230-431f-bd62-611675fbbf9e.json | 22 +++
...-074b74b9-bd7e-4ed8-a5ce-6caa5b66f136.json | 22 +++
...-08e4713a-60a5-48cf-8342-fa1e351c1523.json | 22 +++
...-0ad1d648-cff5-4269-988f-95bfb6619bb7.json | 22 +++
...-0e0f91a0-f7d1-43f7-a9d7-e3386378d18a.json | 22 +++
...-0f720007-2583-4964-bff4-f4a24d00d07c.json | 22 +++
...-14e97c7f-2f74-4008-b171-d18673556c29.json | 22 +++
...-169e5844-4a65-4843-8d16-ce8322d8b38d.json | 22 +++
...-17e62792-6f81-4f69-a511-2e186fc6fe3d.json | 22 +++
...-1bd16af5-3c24-4e90-88cc-16e88c838ae7.json | 22 +++
...-1f8b278f-a151-4ba7-887b-d41b1be47247.json | 22 +++
...-20114bfc-a2a5-4e5a-8865-4abaa1cb783d.json | 22 +++
...-22ea6c46-4c31-4aaa-904f-b09953aef333.json | 22 +++
...-248c0ff0-f9dd-4129-bd9a-de91c46e8575.json | 22 +++
...-271303b0-0890-48e2-b12f-45295d638f92.json | 22 +++
...-27b08b9d-583e-4e02-b258-4155359eda49.json | 22 +++
...-2d68539e-41e4-4df6-a5df-4f2da0f4e7de.json | 22 +++
...-2ea12775-2566-489b-a22f-e4ab9a4fd99b.json | 22 +++
...-302553ed-d6d1-4632-8929-3f7ba5d2a921.json | 22 +++
...-31281aca-4ef2-4269-8144-e4575443674f.json | 22 +++
...-32e7ec52-6aac-428c-b76b-0a6b36092773.json | 22 +++
...-32f98996-5d8d-437b-859f-9ef3f0a7a265.json | 22 +++
...-33c8a848-f422-49f6-b4b6-0256f64ec023.json | 22 +++
...-345e0472-e5b1-4755-80a5-9c0bb119b2af.json | 22 +++
...-387cd38a-078c-48d8-b443-3dd2b630cbe7.json | 22 +++
...-38c363f6-6bcc-482b-8639-e313963f9151.json | 22 +++
...-395f05c1-f742-4baf-913b-9b688ded0296.json | 22 +++
...-3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b.json | 22 +++
...-3b245abc-c8a4-44a9-9101-091f41ce4366.json | 22 +++
...-3d62c87b-21bd-4779-9792-1e8446669783.json | 22 +++
...-3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74.json | 22 +++
...-3ff9ed36-704f-4350-997b-60983741b251.json | 22 +++
...-40183da1-2b90-44db-b1df-0e9e577b7d52.json | 22 +++
...-41720441-19b9-44d2-ad52-c2f0cf81ec5b.json | 22 +++
...-440b63fe-dcb1-4840-af9c-a3f0af5135b9.json | 22 +++
...-44dde42b-7db1-45f2-a1da-a31f6f135b10.json | 22 +++
...-4531e58c-5834-4676-b2b7-0b81c7b4aa37.json | 22 +++
...-46cb0a89-104a-4f4a-9633-2e302cd43a01.json | 22 +++
...-49e50737-b876-4f22-afcd-a4604782140e.json | 22 +++
...-4a221a53-f75e-415e-821c-274204c364fb.json | 22 +++
...-4b689657-e0fd-4b6f-8849-206e5ef689a3.json | 22 +++
...-4dea071c-9082-4c6c-b36f-a1a6ba2ec80b.json | 22 +++
...-4eda936a-9e86-4d97-8128-35752a3c468a.json | 22 +++
...-5267c4d5-36d7-4f16-b74e-0b73824b418f.json | 22 +++
...-5432d40c-7377-4eb8-a92d-94bb2bdec41a.json | 22 +++
...-5521fe30-4bed-493f-99fe-a38da8f35119.json | 22 +++
...-57d95d32-c652-4660-acd6-c02a2dbcedf9.json | 22 +++
...-58174ed1-f9b0-4305-9aeb-88cd113a8735.json | 22 +++
...-582aa970-590c-411f-8ada-4582a5259636.json | 22 +++
...-5bc25266-34f0-4296-8a5a-87920ea14b9b.json | 22 +++
...-5bd925eb-da8b-4d79-8006-a38f4573a551.json | 22 +++
...-5d0d217b-1da9-4e5a-ba4e-0a951fad2680.json | 22 +++
...-5d30c340-19c3-4da2-af7c-90835f889e56.json | 22 +++
...-5d5861bf-020c-4271-8012-c40a3da6293d.json | 22 +++
...-5da70743-bc4f-4b8a-b358-a0cb05bd33e4.json | 22 +++
...-64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c.json | 22 +++
...-6719ed73-8d3f-4437-87ac-233cc57f199a.json | 22 +++
...-678a393b-dfd0-4939-a4ab-9e00c2c93a3d.json | 22 +++
...-680fcf3e-769e-4a90-ae79-115f0af97802.json | 22 +++
...-695a7ca9-15eb-4f1d-a9c8-30858aaaa583.json | 22 +++
...-6a351ee7-443b-4217-af70-d3ac1f0589ca.json | 22 +++
...-6b4fd347-ccac-4833-9c9c-c9691082a480.json | 22 +++
...-6b55c081-d18f-4bf0-9d91-17e270bfbf79.json | 22 +++
...-6c7e0571-2add-4396-9287-283e3055c86c.json | 22 +++
...-6d91e300-23b2-42d5-8510-d77ae7013714.json | 22 +++
...-6e944515-d361-4643-981a-e5e62c01068b.json | 22 +++
...-6f2bf920-5389-48aa-9a7f-5d80b22e3fa2.json | 22 +++
...-6fe68d6b-3db5-4087-9a17-567a90d4c4f3.json | 22 +++
...-7052a979-dd90-4b9a-b013-c9efe544bf9d.json | 22 +++
...-710bdaef-c0ea-45b0-81ce-fc5139a3fbc9.json | 22 +++
...-743f2018-b17d-4f04-8d80-c70d0d742d78.json | 22 +++
...-767b94a0-6038-4ab8-929e-fe095f5d42b8.json | 22 +++
...-785acff9-7186-49ea-ba37-56471b7091b1.json | 22 +++
...-79685090-4612-4f68-b827-05a51b52f206.json | 22 +++
...-79e2111c-ac36-4a64-8735-03659f5c5734.json | 22 +++
...-7b21f9f5-82b1-44f0-8db0-556f24af96d0.json | 22 +++
...-7bc94e70-1924-400e-9149-f69e0ebd3740.json | 22 +++
...-7d4a68a2-fcbf-4511-a2ff-a1f72a271c43.json | 22 +++
...-7eab1813-5c10-47d5-8a30-924a44456922.json | 22 +++
...-8195fbd9-cfcd-4518-b86e-2213dedf5567.json | 22 +++
...-821f2165-6251-4566-91c6-39558e19a984.json | 22 +++
...-832130a5-760d-49f8-97c6-09d1671cc56d.json | 22 +++
...-8470d267-410c-472a-8bc1-2d33f3fdd0dd.json | 22 +++
...-85618269-2750-4f0c-bebc-20f1401d7529.json | 22 +++
...-86dbc803-7c95-4932-8b21-6f852946a48c.json | 22 +++
...-896864bd-dc3e-4034-b353-d3a713378e6a.json | 22 +++
...-89741f0d-d7ab-45a3-ba03-722f137a638c.json | 22 +++
...-89aa1775-83f7-4fc5-82c5-ebead7f64427.json | 22 +++
...-90de7d8d-9983-486f-9d26-d90e28a66b21.json | 22 +++
...-930ea3dd-5ebb-4575-9f0d-d8d376ef36fa.json | 22 +++
...-942b5342-15bd-4eb6-9563-476ee1e16fb7.json | 22 +++
...-964a276f-ab34-4362-b6b4-ee4899e1317e.json | 22 +++
...-964b1b75-c7e0-4e6d-9696-0e09ba0d4392.json | 22 +++
...-989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d.json | 22 +++
...-9914c9c2-698e-43eb-8459-ed08c330cd51.json | 22 +++
...-9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055.json | 22 +++
...-9b958137-bd69-4a65-ad43-8baa3f2a0203.json | 22 +++
...-9c83a34b-b385-4de2-9601-8118f7f741e3.json | 22 +++
...-9d337fc0-8e63-4f0d-b461-8a8c73e71ffe.json | 22 +++
...-9e14385a-a44b-432d-940a-a1da396d5ede.json | 22 +++
...-9e5edc45-0233-4685-b612-31c49d2a9ca8.json | 22 +++
...-9f2d0c6e-7e12-4065-a905-3bc79545bafc.json | 22 +++
...-a01982e2-6413-4db7-bd83-98a876f4538e.json | 22 +++
...-a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40.json | 22 +++
...-a68cfa6d-acaf-40f6-a23e-80e1b9bd92de.json | 22 +++
...-a78142e8-9ce6-4552-9c80-015ac3a8bbd4.json | 22 +++
...-a8938ec6-df50-4d06-92f6-05900869f83d.json | 22 +++
...-ad4432e0-c6ea-4862-8826-b049d43fa03b.json | 22 +++
...-add28160-4645-4cf5-81b8-417ae5fe7807.json | 22 +++
...-ae488561-b80c-453a-ae36-fdb823b65268.json | 22 +++
...-aef46275-fe78-40d7-a76d-4d1ddc9aca6b.json | 22 +++
...-af9b4412-1d31-4746-8d25-e8fd9f0683da.json | 22 +++
...-b396ffba-5752-4cc0-83c1-0432350a9a18.json | 22 +++
...-b398398a-942d-4ca7-8c24-f907270324ce.json | 22 +++
...-b90bfe7b-55ec-4a60-ad7a-bc57399443d1.json | 22 +++
...-b936386f-0fd9-44ca-b27f-a59b7233bc08.json | 22 +++
...-ba483b54-9327-4885-8965-e8f6d26ebada.json | 22 +++
...-bcc830d8-ed3c-4000-acd9-c308b6d1cb2f.json | 22 +++
...-bd88b499-18c7-4465-8c4c-94cf196cb6f8.json | 22 +++
...-be321c21-1dc3-4092-a69b-039fb8d750b2.json | 22 +++
...-c3f000fe-b0ca-4012-b8cc-c608e131f319.json | 22 +++
...-c5f1c390-2836-4980-badd-ed1ed2f775cb.json | 22 +++
...-c897a99c-5356-49fa-b884-efed867b3644.json | 22 +++
...-c8bb8832-0f66-45cc-845f-6474938123e2.json | 22 +++
...-ca198aa7-6c2f-425b-9df5-0d773e46b809.json | 22 +++
...-cb82c7c5-a230-478d-9709-fd87b5304f91.json | 22 +++
...-d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67.json | 22 +++
...-d41010e5-6d7c-468d-8960-0235319f2d9a.json | 22 +++
...-d4a3453c-ea2a-4207-b9d7-a9af27f61265.json | 22 +++
...-d624ecd4-57df-4dfc-b173-8a1df27bb1f5.json | 22 +++
...-d6f063d1-5481-4c0e-951d-396c6c032871.json | 22 +++
...-d89eca83-1ad4-4926-af93-d8c5a0b3178d.json | 22 +++
...-d99afffd-0274-4812-8d62-cdfbb047ccff.json | 22 +++
...-da0239e0-c382-4f5d-93d1-a089729fd38e.json | 22 +++
...-db778ee7-84a1-4f2f-a989-0a5ee2dc1b95.json | 22 +++
...-dfe44b48-a280-4532-a50f-95861260b181.json | 22 +++
...-e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d.json | 22 +++
...-e2011cf2-6a71-4665-af7a-caae843248fd.json | 22 +++
...-e487a274-4353-44c9-95f3-f7fd4aaef12f.json | 22 +++
...-e48cdfaa-a58f-450d-94d1-5bca07fbbac0.json | 22 +++
...-e65f9909-5eb2-4f17-a41b-c40b0914d72f.json | 22 +++
...-e6801d6e-4731-4453-a70d-1a65655510c0.json | 22 +++
...-e955271c-00aa-4870-a7bc-26d3971bb8f7.json | 22 +++
...-eab0b2c0-e0b2-4295-868a-3ba909d4ff85.json | 22 +++
...-ec46072c-eb8e-4758-82ae-ce202af68aca.json | 22 +++
...-f0f1b348-9bcb-4337-96bd-c2ceea20ab06.json | 22 +++
...-f154b968-0874-4b45-8114-7d04c43f8632.json | 22 +++
...-f606a4d0-a7fa-427a-81b1-a45ea1e8a018.json | 22 +++
...-f607625b-d490-4b9e-89d9-fe88f1fb3199.json | 22 +++
...-f6cbac38-9f76-4d1d-abec-ca79241e46a0.json | 22 +++
...-f70c8a4b-ca42-49a7-b15c-ec1cac31c625.json | 22 +++
...-f7b8d25c-66a2-4f21-bfc2-8320585249d2.json | 22 +++
...-fcec04b1-5286-462a-8873-e2090010a85c.json | 22 +++
...-fd4d870b-fa14-4722-8601-b9ffa5c7a8c2.json | 22 +++
163 files changed, 3726 insertions(+)
create mode 100644 objects/vulnerability/vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5.json
create mode 100644 objects/vulnerability/vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb.json
create mode 100644 objects/vulnerability/vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed.json
create mode 100644 objects/vulnerability/vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12.json
create mode 100644 objects/vulnerability/vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520.json
create mode 100644 objects/vulnerability/vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d.json
create mode 100644 objects/vulnerability/vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6.json
create mode 100644 objects/vulnerability/vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737.json
create mode 100644 objects/vulnerability/vulnerability--070118d3-c230-431f-bd62-611675fbbf9e.json
create mode 100644 objects/vulnerability/vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136.json
create mode 100644 objects/vulnerability/vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523.json
create mode 100644 objects/vulnerability/vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7.json
create mode 100644 objects/vulnerability/vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a.json
create mode 100644 objects/vulnerability/vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c.json
create mode 100644 objects/vulnerability/vulnerability--14e97c7f-2f74-4008-b171-d18673556c29.json
create mode 100644 objects/vulnerability/vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d.json
create mode 100644 objects/vulnerability/vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d.json
create mode 100644 objects/vulnerability/vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7.json
create mode 100644 objects/vulnerability/vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247.json
create mode 100644 objects/vulnerability/vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d.json
create mode 100644 objects/vulnerability/vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333.json
create mode 100644 objects/vulnerability/vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575.json
create mode 100644 objects/vulnerability/vulnerability--271303b0-0890-48e2-b12f-45295d638f92.json
create mode 100644 objects/vulnerability/vulnerability--27b08b9d-583e-4e02-b258-4155359eda49.json
create mode 100644 objects/vulnerability/vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de.json
create mode 100644 objects/vulnerability/vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b.json
create mode 100644 objects/vulnerability/vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921.json
create mode 100644 objects/vulnerability/vulnerability--31281aca-4ef2-4269-8144-e4575443674f.json
create mode 100644 objects/vulnerability/vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773.json
create mode 100644 objects/vulnerability/vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265.json
create mode 100644 objects/vulnerability/vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023.json
create mode 100644 objects/vulnerability/vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af.json
create mode 100644 objects/vulnerability/vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7.json
create mode 100644 objects/vulnerability/vulnerability--38c363f6-6bcc-482b-8639-e313963f9151.json
create mode 100644 objects/vulnerability/vulnerability--395f05c1-f742-4baf-913b-9b688ded0296.json
create mode 100644 objects/vulnerability/vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b.json
create mode 100644 objects/vulnerability/vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366.json
create mode 100644 objects/vulnerability/vulnerability--3d62c87b-21bd-4779-9792-1e8446669783.json
create mode 100644 objects/vulnerability/vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74.json
create mode 100644 objects/vulnerability/vulnerability--3ff9ed36-704f-4350-997b-60983741b251.json
create mode 100644 objects/vulnerability/vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52.json
create mode 100644 objects/vulnerability/vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b.json
create mode 100644 objects/vulnerability/vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9.json
create mode 100644 objects/vulnerability/vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10.json
create mode 100644 objects/vulnerability/vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37.json
create mode 100644 objects/vulnerability/vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01.json
create mode 100644 objects/vulnerability/vulnerability--49e50737-b876-4f22-afcd-a4604782140e.json
create mode 100644 objects/vulnerability/vulnerability--4a221a53-f75e-415e-821c-274204c364fb.json
create mode 100644 objects/vulnerability/vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3.json
create mode 100644 objects/vulnerability/vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b.json
create mode 100644 objects/vulnerability/vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a.json
create mode 100644 objects/vulnerability/vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f.json
create mode 100644 objects/vulnerability/vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a.json
create mode 100644 objects/vulnerability/vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119.json
create mode 100644 objects/vulnerability/vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9.json
create mode 100644 objects/vulnerability/vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735.json
create mode 100644 objects/vulnerability/vulnerability--582aa970-590c-411f-8ada-4582a5259636.json
create mode 100644 objects/vulnerability/vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b.json
create mode 100644 objects/vulnerability/vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551.json
create mode 100644 objects/vulnerability/vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680.json
create mode 100644 objects/vulnerability/vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56.json
create mode 100644 objects/vulnerability/vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d.json
create mode 100644 objects/vulnerability/vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4.json
create mode 100644 objects/vulnerability/vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c.json
create mode 100644 objects/vulnerability/vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a.json
create mode 100644 objects/vulnerability/vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d.json
create mode 100644 objects/vulnerability/vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802.json
create mode 100644 objects/vulnerability/vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583.json
create mode 100644 objects/vulnerability/vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca.json
create mode 100644 objects/vulnerability/vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480.json
create mode 100644 objects/vulnerability/vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79.json
create mode 100644 objects/vulnerability/vulnerability--6c7e0571-2add-4396-9287-283e3055c86c.json
create mode 100644 objects/vulnerability/vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714.json
create mode 100644 objects/vulnerability/vulnerability--6e944515-d361-4643-981a-e5e62c01068b.json
create mode 100644 objects/vulnerability/vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2.json
create mode 100644 objects/vulnerability/vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3.json
create mode 100644 objects/vulnerability/vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d.json
create mode 100644 objects/vulnerability/vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9.json
create mode 100644 objects/vulnerability/vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78.json
create mode 100644 objects/vulnerability/vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8.json
create mode 100644 objects/vulnerability/vulnerability--785acff9-7186-49ea-ba37-56471b7091b1.json
create mode 100644 objects/vulnerability/vulnerability--79685090-4612-4f68-b827-05a51b52f206.json
create mode 100644 objects/vulnerability/vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734.json
create mode 100644 objects/vulnerability/vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0.json
create mode 100644 objects/vulnerability/vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740.json
create mode 100644 objects/vulnerability/vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43.json
create mode 100644 objects/vulnerability/vulnerability--7eab1813-5c10-47d5-8a30-924a44456922.json
create mode 100644 objects/vulnerability/vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567.json
create mode 100644 objects/vulnerability/vulnerability--821f2165-6251-4566-91c6-39558e19a984.json
create mode 100644 objects/vulnerability/vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d.json
create mode 100644 objects/vulnerability/vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd.json
create mode 100644 objects/vulnerability/vulnerability--85618269-2750-4f0c-bebc-20f1401d7529.json
create mode 100644 objects/vulnerability/vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c.json
create mode 100644 objects/vulnerability/vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a.json
create mode 100644 objects/vulnerability/vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c.json
create mode 100644 objects/vulnerability/vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427.json
create mode 100644 objects/vulnerability/vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21.json
create mode 100644 objects/vulnerability/vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa.json
create mode 100644 objects/vulnerability/vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7.json
create mode 100644 objects/vulnerability/vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e.json
create mode 100644 objects/vulnerability/vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392.json
create mode 100644 objects/vulnerability/vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d.json
create mode 100644 objects/vulnerability/vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51.json
create mode 100644 objects/vulnerability/vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055.json
create mode 100644 objects/vulnerability/vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203.json
create mode 100644 objects/vulnerability/vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3.json
create mode 100644 objects/vulnerability/vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe.json
create mode 100644 objects/vulnerability/vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede.json
create mode 100644 objects/vulnerability/vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8.json
create mode 100644 objects/vulnerability/vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc.json
create mode 100644 objects/vulnerability/vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e.json
create mode 100644 objects/vulnerability/vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40.json
create mode 100644 objects/vulnerability/vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de.json
create mode 100644 objects/vulnerability/vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4.json
create mode 100644 objects/vulnerability/vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d.json
create mode 100644 objects/vulnerability/vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b.json
create mode 100644 objects/vulnerability/vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807.json
create mode 100644 objects/vulnerability/vulnerability--ae488561-b80c-453a-ae36-fdb823b65268.json
create mode 100644 objects/vulnerability/vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b.json
create mode 100644 objects/vulnerability/vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da.json
create mode 100644 objects/vulnerability/vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18.json
create mode 100644 objects/vulnerability/vulnerability--b398398a-942d-4ca7-8c24-f907270324ce.json
create mode 100644 objects/vulnerability/vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1.json
create mode 100644 objects/vulnerability/vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08.json
create mode 100644 objects/vulnerability/vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada.json
create mode 100644 objects/vulnerability/vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f.json
create mode 100644 objects/vulnerability/vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8.json
create mode 100644 objects/vulnerability/vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2.json
create mode 100644 objects/vulnerability/vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319.json
create mode 100644 objects/vulnerability/vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb.json
create mode 100644 objects/vulnerability/vulnerability--c897a99c-5356-49fa-b884-efed867b3644.json
create mode 100644 objects/vulnerability/vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2.json
create mode 100644 objects/vulnerability/vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809.json
create mode 100644 objects/vulnerability/vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91.json
create mode 100644 objects/vulnerability/vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67.json
create mode 100644 objects/vulnerability/vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a.json
create mode 100644 objects/vulnerability/vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265.json
create mode 100644 objects/vulnerability/vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5.json
create mode 100644 objects/vulnerability/vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871.json
create mode 100644 objects/vulnerability/vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d.json
create mode 100644 objects/vulnerability/vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff.json
create mode 100644 objects/vulnerability/vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e.json
create mode 100644 objects/vulnerability/vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95.json
create mode 100644 objects/vulnerability/vulnerability--dfe44b48-a280-4532-a50f-95861260b181.json
create mode 100644 objects/vulnerability/vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d.json
create mode 100644 objects/vulnerability/vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd.json
create mode 100644 objects/vulnerability/vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f.json
create mode 100644 objects/vulnerability/vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0.json
create mode 100644 objects/vulnerability/vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f.json
create mode 100644 objects/vulnerability/vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0.json
create mode 100644 objects/vulnerability/vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7.json
create mode 100644 objects/vulnerability/vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85.json
create mode 100644 objects/vulnerability/vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca.json
create mode 100644 objects/vulnerability/vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06.json
create mode 100644 objects/vulnerability/vulnerability--f154b968-0874-4b45-8114-7d04c43f8632.json
create mode 100644 objects/vulnerability/vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018.json
create mode 100644 objects/vulnerability/vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199.json
create mode 100644 objects/vulnerability/vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0.json
create mode 100644 objects/vulnerability/vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625.json
create mode 100644 objects/vulnerability/vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2.json
create mode 100644 objects/vulnerability/vulnerability--fcec04b1-5286-462a-8873-e2090010a85c.json
create mode 100644 objects/vulnerability/vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2.json
diff --git a/mapping.csv b/mapping.csv
index 452f599bf9d..ad2987d48c1 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -247065,3 +247065,165 @@ vulnerability,CVE-2024-6800,vulnerability--63a9b7aa-5d6b-4bbc-873c-c34d2acb733c
vulnerability,CVE-2024-6337,vulnerability--966d13bb-25d8-4872-8966-2e2f434615a5
vulnerability,CVE-2024-35540,vulnerability--f4f5c988-fe41-4729-9bdd-a65d5e8bb14f
vulnerability,CVE-2024-35214,vulnerability--84de9917-ac87-4176-99d0-131f7f892629
+vulnerability,CVE-2022-48880,vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed
+vulnerability,CVE-2022-48872,vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520
+vulnerability,CVE-2022-48867,vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d
+vulnerability,CVE-2022-48874,vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79
+vulnerability,CVE-2022-48877,vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada
+vulnerability,CVE-2022-48873,vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18
+vulnerability,CVE-2022-48884,vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c
+vulnerability,CVE-2022-48875,vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7
+vulnerability,CVE-2022-48878,vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12
+vulnerability,CVE-2022-48868,vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119
+vulnerability,CVE-2022-48869,vulnerability--49e50737-b876-4f22-afcd-a4604782140e
+vulnerability,CVE-2022-48879,vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567
+vulnerability,CVE-2022-48881,vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb
+vulnerability,CVE-2022-48870,vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d
+vulnerability,CVE-2022-48883,vulnerability--dfe44b48-a280-4532-a50f-95861260b181
+vulnerability,CVE-2022-48882,vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8
+vulnerability,CVE-2022-48871,vulnerability--821f2165-6251-4566-91c6-39558e19a984
+vulnerability,CVE-2022-48876,vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807
+vulnerability,CVE-2022-48885,vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85
+vulnerability,CVE-2022-26328,vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51
+vulnerability,CVE-2022-26327,vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625
+vulnerability,CVE-2020-11847,vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809
+vulnerability,CVE-2020-11850,vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802
+vulnerability,CVE-2020-11846,vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392
+vulnerability,CVE-2024-41674,vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56
+vulnerability,CVE-2024-41937,vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523
+vulnerability,CVE-2024-41572,vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc
+vulnerability,CVE-2024-41675,vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca
+vulnerability,CVE-2024-40453,vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21
+vulnerability,CVE-2024-42782,vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0
+vulnerability,CVE-2024-42939,vulnerability--c897a99c-5356-49fa-b884-efed867b3644
+vulnerability,CVE-2024-42783,vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d
+vulnerability,CVE-2024-42780,vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735
+vulnerability,CVE-2024-42550,vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714
+vulnerability,CVE-2024-42784,vulnerability--fcec04b1-5286-462a-8873-e2090010a85c
+vulnerability,CVE-2024-42781,vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551
+vulnerability,CVE-2024-42779,vulnerability--395f05c1-f742-4baf-913b-9b688ded0296
+vulnerability,CVE-2024-42786,vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b
+vulnerability,CVE-2024-42785,vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1
+vulnerability,CVE-2024-42777,vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08
+vulnerability,CVE-2024-42778,vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb
+vulnerability,CVE-2024-38305,vulnerability--3ff9ed36-704f-4350-997b-60983741b251
+vulnerability,CVE-2024-33656,vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3
+vulnerability,CVE-2024-33657,vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2
+vulnerability,CVE-2024-28987,vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd
+vulnerability,CVE-2024-28000,vulnerability--7eab1813-5c10-47d5-8a30-924a44456922
+vulnerability,CVE-2024-7980,vulnerability--4a221a53-f75e-415e-821c-274204c364fb
+vulnerability,CVE-2024-7448,vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e
+vulnerability,CVE-2024-7967,vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265
+vulnerability,CVE-2024-7090,vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b
+vulnerability,CVE-2024-7724,vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333
+vulnerability,CVE-2024-7885,vulnerability--070118d3-c230-431f-bd62-611675fbbf9e
+vulnerability,CVE-2024-7600,vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff
+vulnerability,CVE-2024-7601,vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95
+vulnerability,CVE-2024-7979,vulnerability--27b08b9d-583e-4e02-b258-4155359eda49
+vulnerability,CVE-2024-7975,vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f
+vulnerability,CVE-2024-7604,vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da
+vulnerability,CVE-2024-7854,vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b
+vulnerability,CVE-2024-7030,vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b
+vulnerability,CVE-2024-7603,vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a
+vulnerability,CVE-2024-7964,vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d
+vulnerability,CVE-2024-7977,vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5
+vulnerability,CVE-2024-7969,vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319
+vulnerability,CVE-2024-7973,vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a
+vulnerability,CVE-2024-7390,vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8
+vulnerability,CVE-2024-7647,vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de
+vulnerability,CVE-2024-7976,vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680
+vulnerability,CVE-2024-7032,vulnerability--3d62c87b-21bd-4779-9792-1e8446669783
+vulnerability,CVE-2024-7978,vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b
+vulnerability,CVE-2024-7134,vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d
+vulnerability,CVE-2024-7725,vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0
+vulnerability,CVE-2024-7968,vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca
+vulnerability,CVE-2024-7971,vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3
+vulnerability,CVE-2024-7723,vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd
+vulnerability,CVE-2024-7998,vulnerability--85618269-2750-4f0c-bebc-20f1401d7529
+vulnerability,CVE-2024-7981,vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203
+vulnerability,CVE-2024-7965,vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe
+vulnerability,CVE-2024-7974,vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7
+vulnerability,CVE-2024-7722,vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d
+vulnerability,CVE-2024-7972,vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2
+vulnerability,CVE-2024-7651,vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a
+vulnerability,CVE-2024-7602,vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91
+vulnerability,CVE-2024-7629,vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2
+vulnerability,CVE-2024-7013,vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af
+vulnerability,CVE-2024-7795,vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583
+vulnerability,CVE-2024-7966,vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737
+vulnerability,CVE-2024-39344,vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5
+vulnerability,CVE-2024-20466,vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734
+vulnerability,CVE-2024-20486,vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6
+vulnerability,CVE-2024-20488,vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede
+vulnerability,CVE-2024-20375,vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52
+vulnerability,CVE-2024-20417,vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0
+vulnerability,CVE-2024-43872,vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c
+vulnerability,CVE-2024-43878,vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9
+vulnerability,CVE-2024-43879,vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7
+vulnerability,CVE-2024-43410,vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d
+vulnerability,CVE-2024-43411,vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018
+vulnerability,CVE-2024-43880,vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055
+vulnerability,CVE-2024-43877,vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de
+vulnerability,CVE-2024-43882,vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9
+vulnerability,CVE-2024-43371,vulnerability--38c363f6-6bcc-482b-8639-e313963f9151
+vulnerability,CVE-2024-43871,vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366
+vulnerability,CVE-2024-43876,vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871
+vulnerability,CVE-2024-43869,vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2
+vulnerability,CVE-2024-43870,vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f
+vulnerability,CVE-2024-43881,vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3
+vulnerability,CVE-2024-43873,vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480
+vulnerability,CVE-2024-43407,vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78
+vulnerability,CVE-2024-43027,vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9
+vulnerability,CVE-2024-43874,vulnerability--31281aca-4ef2-4269-8144-e4575443674f
+vulnerability,CVE-2024-43875,vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f
+vulnerability,CVE-2024-43022,vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06
+vulnerability,CVE-2024-5762,vulnerability--b398398a-942d-4ca7-8c24-f907270324ce
+vulnerability,CVE-2024-5930,vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7
+vulnerability,CVE-2024-5929,vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a
+vulnerability,CVE-2024-5723,vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a
+vulnerability,CVE-2024-5725,vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d
+vulnerability,CVE-2024-5880,vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2
+vulnerability,CVE-2024-5928,vulnerability--f154b968-0874-4b45-8114-7d04c43f8632
+vulnerability,CVE-2024-5335,vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4
+vulnerability,CVE-2024-21690,vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136
+vulnerability,CVE-2024-37008,vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f
+vulnerability,CVE-2024-8034,vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199
+vulnerability,CVE-2024-8033,vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40
+vulnerability,CVE-2024-8007,vulnerability--14e97c7f-2f74-4008-b171-d18673556c29
+vulnerability,CVE-2024-8035,vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0
+vulnerability,CVE-2024-6339,vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773
+vulnerability,CVE-2024-6568,vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247
+vulnerability,CVE-2024-6814,vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d
+vulnerability,CVE-2024-6811,vulnerability--6e944515-d361-4643-981a-e5e62c01068b
+vulnerability,CVE-2024-6508,vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c
+vulnerability,CVE-2024-6883,vulnerability--582aa970-590c-411f-8ada-4582a5259636
+vulnerability,CVE-2024-6813,vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e
+vulnerability,CVE-2024-6767,vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a
+vulnerability,CVE-2024-6812,vulnerability--79685090-4612-4f68-b827-05a51b52f206
+vulnerability,CVE-2024-6386,vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74
+vulnerability,CVE-2024-6141,vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740
+vulnerability,CVE-2023-29929,vulnerability--6c7e0571-2add-4396-9287-283e3055c86c
+vulnerability,CVE-2023-52900,vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01
+vulnerability,CVE-2023-52903,vulnerability--785acff9-7186-49ea-ba37-56471b7091b1
+vulnerability,CVE-2023-52905,vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575
+vulnerability,CVE-2023-52908,vulnerability--ae488561-b80c-453a-ae36-fdb823b65268
+vulnerability,CVE-2023-52912,vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e
+vulnerability,CVE-2023-52911,vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67
+vulnerability,CVE-2023-52899,vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37
+vulnerability,CVE-2023-52914,vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8
+vulnerability,CVE-2023-52898,vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d
+vulnerability,CVE-2023-52906,vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d
+vulnerability,CVE-2023-52896,vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa
+vulnerability,CVE-2023-52910,vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b
+vulnerability,CVE-2023-52902,vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023
+vulnerability,CVE-2023-52893,vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d
+vulnerability,CVE-2023-52897,vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7
+vulnerability,CVE-2023-52901,vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265
+vulnerability,CVE-2023-52904,vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4
+vulnerability,CVE-2023-52907,vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921
+vulnerability,CVE-2023-52895,vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10
+vulnerability,CVE-2023-52909,vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427
+vulnerability,CVE-2023-52913,vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c
+vulnerability,CVE-2023-52894,vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b
+vulnerability,CVE-2023-22576,vulnerability--271303b0-0890-48e2-b12f-45295d638f92
+vulnerability,CVE-2023-49198,vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43
diff --git a/objects/vulnerability/vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5.json b/objects/vulnerability/vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5.json
new file mode 100644
index 00000000000..b30db636f95
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bbbc88d9-24c5-4c4b-a7bf-6060cc2e108e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0052bd39-d8a7-4741-a3a9-65ed7b0321d5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.362843Z",
+ "modified": "2024-08-22T00:18:37.362843Z",
+ "name": "CVE-2024-7977",
+ "description": "Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7977"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb.json b/objects/vulnerability/vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb.json
new file mode 100644
index 00000000000..f17c09c7fe6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ac0a8960-4d49-4ede-bc67-a9655e8dda4e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--012fead3-b0fe-4eda-a304-8e6bf8d8bacb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.427467Z",
+ "modified": "2024-08-22T00:18:24.427467Z",
+ "name": "CVE-2022-48881",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix refcount leak in amd_pmc_probe\n\npci_get_domain_bus_and_slot() takes reference, the caller should release\nthe reference by calling pci_dev_put() after use. Call pci_dev_put() in\nthe error path to fix this.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48881"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed.json b/objects/vulnerability/vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed.json
new file mode 100644
index 00000000000..1f13122d244
--- /dev/null
+++ b/objects/vulnerability/vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d40c2ce1-48a3-4e59-9fdc-0823f86ba5d6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--01542348-65dc-4f92-a8b5-715f5ee589ed",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.374519Z",
+ "modified": "2024-08-22T00:18:24.374519Z",
+ "name": "CVE-2022-48880",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/surface: aggregator: Add missing call to ssam_request_sync_free()\n\nAlthough rare, ssam_request_sync_init() can fail. In that case, the\nrequest should be freed via ssam_request_sync_free(). Currently it is\nleaked instead. Fix this.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48880"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12.json b/objects/vulnerability/vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12.json
new file mode 100644
index 00000000000..72eaaabdbc9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3553c735-1f89-47f3-89ad-4d6710404c1a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--01667210-6b5c-43ee-aa75-2636b2bbfb12",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.412333Z",
+ "modified": "2024-08-22T00:18:24.412333Z",
+ "name": "CVE-2022-48878",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Fix driver shutdown on closed serdev\n\nThe driver shutdown callback (which sends EDL_SOC_RESET to the device\nover serdev) should not be invoked when HCI device is not open (e.g. if\nhci_dev_open_sync() failed), because the serdev and its TTY are not open\neither. Also skip this step if device is powered off\n(qca_power_shutdown()).\n\nThe shutdown callback causes use-after-free during system reboot with\nQualcomm Atheros Bluetooth:\n\n Unable to handle kernel paging request at virtual address\n 0072662f67726fd7\n ...\n CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W\n 6.1.0-rt5-00325-g8a5f56bcfcca #8\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n tty_driver_flush_buffer+0x4/0x30\n serdev_device_write_flush+0x24/0x34\n qca_serdev_shutdown+0x80/0x130 [hci_uart]\n device_shutdown+0x15c/0x260\n kernel_restart+0x48/0xac\n\nKASAN report:\n\n BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50\n Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1\n\n CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted\n 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xdc/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x68/0x84\n print_report+0x188/0x488\n kasan_report+0xa4/0xf0\n __asan_load8+0x80/0xac\n tty_driver_flush_buffer+0x1c/0x50\n ttyport_write_flush+0x34/0x44\n serdev_device_write_flush+0x48/0x60\n qca_serdev_shutdown+0x124/0x274\n device_shutdown+0x1e8/0x350\n kernel_restart+0x48/0xb0\n __do_sys_reboot+0x244/0x2d0\n __arm64_sys_reboot+0x54/0x70\n invoke_syscall+0x60/0x190\n el0_svc_common.constprop.0+0x7c/0x160\n do_el0_svc+0x44/0xf0\n el0_svc+0x2c/0x6c\n el0t_64_sync_handler+0xbc/0x140\n el0t_64_sync+0x190/0x194",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48878"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520.json b/objects/vulnerability/vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520.json
new file mode 100644
index 00000000000..3eac72c2493
--- /dev/null
+++ b/objects/vulnerability/vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--79d3e44a-4810-4c77-984f-1aca196de263",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--02a6b6e1-8cda-4ca9-96d9-00c02354c520",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.388898Z",
+ "modified": "2024-08-22T00:18:24.388898Z",
+ "name": "CVE-2022-48872",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap->fl->lock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it's non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48872"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d.json b/objects/vulnerability/vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d.json
new file mode 100644
index 00000000000..492a55bfa13
--- /dev/null
+++ b/objects/vulnerability/vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a5d38279-89ed-485b-a2bb-c8ec53785dcd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--03e018fa-0743-4ee3-95f8-9e440611127d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.669345Z",
+ "modified": "2024-08-22T00:18:37.669345Z",
+ "name": "CVE-2024-43410",
+ "description": "Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.\nAfter parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43410"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6.json b/objects/vulnerability/vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6.json
new file mode 100644
index 00000000000..b577c37df93
--- /dev/null
+++ b/objects/vulnerability/vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6f062f5d-62a5-41da-91c2-fec2e407afd9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--045702df-3d14-4677-82e9-c950cc2d93e6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.594565Z",
+ "modified": "2024-08-22T00:18:37.594565Z",
+ "name": "CVE-2024-20486",
+ "description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20486"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737.json b/objects/vulnerability/vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737.json
new file mode 100644
index 00000000000..65027879e90
--- /dev/null
+++ b/objects/vulnerability/vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1fb17ee7-a3d0-4721-8ad9-336dee986b43",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--065cd0ad-ff5d-4fe8-8047-83c60d303737",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.413957Z",
+ "modified": "2024-08-22T00:18:37.413957Z",
+ "name": "CVE-2024-7966",
+ "description": "Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7966"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--070118d3-c230-431f-bd62-611675fbbf9e.json b/objects/vulnerability/vulnerability--070118d3-c230-431f-bd62-611675fbbf9e.json
new file mode 100644
index 00000000000..f1a7f7ac2f6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--070118d3-c230-431f-bd62-611675fbbf9e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a169d2c0-7b32-4379-afaa-67a74b214792",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--070118d3-c230-431f-bd62-611675fbbf9e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.334235Z",
+ "modified": "2024-08-22T00:18:37.334235Z",
+ "name": "CVE-2024-7885",
+ "description": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7885"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136.json b/objects/vulnerability/vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136.json
new file mode 100644
index 00000000000..4843630a3de
--- /dev/null
+++ b/objects/vulnerability/vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5c57e04d-5b50-48e8-9b0e-7876a93cc589",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--074b74b9-bd7e-4ed8-a5ce-6caa5b66f136",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.923333Z",
+ "modified": "2024-08-22T00:18:37.923333Z",
+ "name": "CVE-2024-21690",
+ "description": "This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. \n\t\n\tThis Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability, with a CVSS Score of 7.1, allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser and force a end user to execute unwanted actions on a web application in which they're currently authenticated which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires user interaction. \n\t\n\tAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\t\t\n\t\t* Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.26\n\t\t\n\t\t* Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.14\n\t\t\n\t\t* Confluence Data Center and Server 9.0: Upgrade to a release greater than or equal to 9.0.1\n\t\t\n\t\t\n\t\n\tSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). \n\t\n\tThis vulnerability was reported via our Bug Bounty program.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-21690"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523.json b/objects/vulnerability/vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523.json
new file mode 100644
index 00000000000..409559c3a39
--- /dev/null
+++ b/objects/vulnerability/vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4926fc6a-15ff-4103-8c7e-2f0510c2538a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--08e4713a-60a5-48cf-8342-fa1e351c1523",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.272846Z",
+ "modified": "2024-08-22T00:18:36.272846Z",
+ "name": "CVE-2024-41937",
+ "description": "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41937"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7.json b/objects/vulnerability/vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7.json
new file mode 100644
index 00000000000..b18ac982bee
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bc2382bc-7912-40c5-943e-fc1c655bc006",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0ad1d648-cff5-4269-988f-95bfb6619bb7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.666892Z",
+ "modified": "2024-08-22T00:18:37.666892Z",
+ "name": "CVE-2024-43879",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43879"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a.json b/objects/vulnerability/vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a.json
new file mode 100644
index 00000000000..a67d68f6181
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--edc308f9-4f38-4fae-837b-8c5625bf47da",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0e0f91a0-f7d1-43f7-a9d7-e3386378d18a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.247748Z",
+ "modified": "2024-08-22T00:18:38.247748Z",
+ "name": "CVE-2024-6767",
+ "description": "The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6767"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c.json b/objects/vulnerability/vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c.json
new file mode 100644
index 00000000000..0d190ad7ddb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9d5d0072-d880-4bf6-96fa-0e16cb0b911c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0f720007-2583-4964-bff4-f4a24d00d07c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.408738Z",
+ "modified": "2024-08-22T00:18:24.408738Z",
+ "name": "CVE-2022-48884",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command stats access after free\n\nCommand may fail while driver is reloading and can't accept FW commands\ntill command interface is reinitialized. Such command failure is being\nlogged to command stats. This results in NULL pointer access as command\nstats structure is being freed and reallocated during mlx5 devlink\nreload (see kernel log below).\n\nFix it by making command stats statically allocated on driver probe.\n\nKernel log:\n[ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0\n[ 2394.810610] PGD 0 P4D 0\n[ 2394.811811] Oops: 0002 [#1] SMP NOPTI\n...\n[ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0\n...\n[ 2394.829505] Call Trace:\n[ 2394.830667] _raw_spin_lock_irq+0x23/0x26\n[ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]\n[ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]\n[ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]\n[ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]\n[ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0\n[ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100\n[ 2394.838663] ? __rtnl_unlock+0x25/0x50\n[ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150\n[ 2394.840862] duplex_show+0x6e/0xc0\n[ 2394.841963] dev_attr_show+0x1c/0x40\n[ 2394.843048] sysfs_kf_seq_show+0x9b/0x100\n[ 2394.844123] seq_read+0x153/0x410\n[ 2394.845187] vfs_read+0x91/0x140\n[ 2394.846226] ksys_read+0x4f/0xb0\n[ 2394.847234] do_syscall_64+0x5b/0x1a0\n[ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48884"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--14e97c7f-2f74-4008-b171-d18673556c29.json b/objects/vulnerability/vulnerability--14e97c7f-2f74-4008-b171-d18673556c29.json
new file mode 100644
index 00000000000..1ab859a63ed
--- /dev/null
+++ b/objects/vulnerability/vulnerability--14e97c7f-2f74-4008-b171-d18673556c29.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9fab3727-86b7-4145-8b17-4225232385e7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--14e97c7f-2f74-4008-b171-d18673556c29",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.127268Z",
+ "modified": "2024-08-22T00:18:38.127268Z",
+ "name": "CVE-2024-8007",
+ "description": "A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8007"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d.json b/objects/vulnerability/vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d.json
new file mode 100644
index 00000000000..135b04f39a3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a3cb70d4-1af7-4908-b8e5-f6f1d0caf886",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--169e5844-4a65-4843-8d16-ce8322d8b38d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.880813Z",
+ "modified": "2024-08-22T00:18:37.880813Z",
+ "name": "CVE-2024-5725",
+ "description": "Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5725"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d.json b/objects/vulnerability/vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d.json
new file mode 100644
index 00000000000..78370e7a2ce
--- /dev/null
+++ b/objects/vulnerability/vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--22d57f38-f9a4-4f15-a175-1b9d87acd216",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--17e62792-6f81-4f69-a511-2e186fc6fe3d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.211094Z",
+ "modified": "2024-08-22T00:18:38.211094Z",
+ "name": "CVE-2024-6814",
+ "description": "NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the getFilterString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23399.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6814"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7.json b/objects/vulnerability/vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7.json
new file mode 100644
index 00000000000..ae9f115697a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ffda4e13-13a9-49f3-a251-bbd324465dc8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1bd16af5-3c24-4e90-88cc-16e88c838ae7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.394916Z",
+ "modified": "2024-08-22T00:18:37.394916Z",
+ "name": "CVE-2024-7974",
+ "description": "Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7974"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247.json b/objects/vulnerability/vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247.json
new file mode 100644
index 00000000000..e0d9578c0a7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--50137dd0-cd8a-4c0d-82fa-cbb17981445f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1f8b278f-a151-4ba7-887b-d41b1be47247",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.208398Z",
+ "modified": "2024-08-22T00:18:38.208398Z",
+ "name": "CVE-2024-6568",
+ "description": "The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6568"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d.json b/objects/vulnerability/vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d.json
new file mode 100644
index 00000000000..70b4a7c4137
--- /dev/null
+++ b/objects/vulnerability/vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bb868514-6b1b-4f11-a6d5-7f683259fed0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--20114bfc-a2a5-4e5a-8865-4abaa1cb783d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.928136Z",
+ "modified": "2024-08-22T00:18:36.928136Z",
+ "name": "CVE-2024-42783",
+ "description": "Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the \"pid\" parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42783"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333.json b/objects/vulnerability/vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333.json
new file mode 100644
index 00000000000..db589a93f6f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9d249de4-6eb2-4376-8d35-0f99172a9b32",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--22ea6c46-4c31-4aaa-904f-b09953aef333",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.332624Z",
+ "modified": "2024-08-22T00:18:37.332624Z",
+ "name": "CVE-2024-7724",
+ "description": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23900.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7724"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575.json b/objects/vulnerability/vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575.json
new file mode 100644
index 00000000000..fc46fd79c6d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cf65244c-7a18-48c0-b181-641d48adb0d3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--248c0ff0-f9dd-4129-bd9a-de91c46e8575",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:39.994446Z",
+ "modified": "2024-08-22T00:18:39.994446Z",
+ "name": "CVE-2023-52905",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52905"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--271303b0-0890-48e2-b12f-45295d638f92.json b/objects/vulnerability/vulnerability--271303b0-0890-48e2-b12f-45295d638f92.json
new file mode 100644
index 00000000000..ecbc04c184a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--271303b0-0890-48e2-b12f-45295d638f92.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0796a7e0-b721-4b6f-8374-e737fde06721",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--271303b0-0890-48e2-b12f-45295d638f92",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.07489Z",
+ "modified": "2024-08-22T00:18:40.07489Z",
+ "name": "CVE-2023-22576",
+ "description": "Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-22576"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--27b08b9d-583e-4e02-b258-4155359eda49.json b/objects/vulnerability/vulnerability--27b08b9d-583e-4e02-b258-4155359eda49.json
new file mode 100644
index 00000000000..4312a4d5a26
--- /dev/null
+++ b/objects/vulnerability/vulnerability--27b08b9d-583e-4e02-b258-4155359eda49.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2671db21-ffd8-4c43-850a-1402afd40fa5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--27b08b9d-583e-4e02-b258-4155359eda49",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.339416Z",
+ "modified": "2024-08-22T00:18:37.339416Z",
+ "name": "CVE-2024-7979",
+ "description": "Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7979"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de.json b/objects/vulnerability/vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de.json
new file mode 100644
index 00000000000..be795b23ec8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--021b69c1-2c82-4687-9101-16b26db662dc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2d68539e-41e4-4df6-a5df-4f2da0f4e7de",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.676529Z",
+ "modified": "2024-08-22T00:18:37.676529Z",
+ "name": "CVE-2024-43877",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43877"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b.json b/objects/vulnerability/vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b.json
new file mode 100644
index 00000000000..db5035984c4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e17a22b6-6a1f-4adf-bfca-c94324c68853",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2ea12775-2566-489b-a22f-e4ab9a4fd99b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.376957Z",
+ "modified": "2024-08-22T00:18:37.376957Z",
+ "name": "CVE-2024-7978",
+ "description": "Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7978"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921.json b/objects/vulnerability/vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921.json
new file mode 100644
index 00000000000..8b98de580a8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8a87595d-505d-42ad-a704-b65850e25f04",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--302553ed-d6d1-4632-8929-3f7ba5d2a921",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.053435Z",
+ "modified": "2024-08-22T00:18:40.053435Z",
+ "name": "CVE-2023-52907",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()\n\nFix a use-after-free that occurs in hcd when in_urb sent from\npn533_usb_send_frame() is completed earlier than out_urb. Its callback\nfrees the skb data in pn533_send_async_complete() that is used as a\ntransfer buffer of out_urb. Wait before sending in_urb until the\ncallback of out_urb is called. To modify the callback of out_urb alone,\nseparate the complete function of out_urb and ack_urb.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: use-after-free in dummy_timer\nCall Trace:\n memcpy (mm/kasan/shadow.c:65)\n dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)\n transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)\n dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)\n arch_static_branch (arch/x86/include/asm/jump_label.h:27)\n static_key_false (include/linux/jump_label.h:207)\n timer_expire_exit (include/trace/events/timer.h:127)\n call_timer_fn (kernel/time/timer.c:1475)\n expire_timers (kernel/time/timer.c:1519)\n __run_timers (kernel/time/timer.c:1790)\n run_timer_softirq (kernel/time/timer.c:1803)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52907"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--31281aca-4ef2-4269-8144-e4575443674f.json b/objects/vulnerability/vulnerability--31281aca-4ef2-4269-8144-e4575443674f.json
new file mode 100644
index 00000000000..b8021e7866b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--31281aca-4ef2-4269-8144-e4575443674f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21a8c945-3f2b-49ff-878f-6679ff2fd2cd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--31281aca-4ef2-4269-8144-e4575443674f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.718941Z",
+ "modified": "2024-08-22T00:18:37.718941Z",
+ "name": "CVE-2024-43874",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked\n\nFix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.\nReturn from __sev_snp_shutdown_locked() if the psp_device or the\nsev_device structs are not initialized. Without the fix, the driver will\nproduce the following splat:\n\n ccp 0000:55:00.5: enabling device (0000 -> 0002)\n ccp 0000:55:00.5: sev enabled\n ccp 0000:55:00.5: psp enabled\n BUG: kernel NULL pointer dereference, address: 00000000000000f0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808\n RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0\n R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8\n R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0\n PKRU: 55555554\n Call Trace:\n \n ? __die_body+0x6f/0xb0\n ? __die+0xcc/0xf0\n ? page_fault_oops+0x330/0x3a0\n ? save_trace+0x2a5/0x360\n ? do_user_addr_fault+0x583/0x630\n ? exc_page_fault+0x81/0x120\n ? asm_exc_page_fault+0x2b/0x30\n ? __sev_snp_shutdown_locked+0x2e/0x150\n __sev_firmware_shutdown+0x349/0x5b0\n ? pm_runtime_barrier+0x66/0xe0\n sev_dev_destroy+0x34/0xb0\n psp_dev_destroy+0x27/0x60\n sp_destroy+0x39/0x90\n sp_pci_remove+0x22/0x60\n pci_device_remove+0x4e/0x110\n really_probe+0x271/0x4e0\n __driver_probe_device+0x8f/0x160\n driver_probe_device+0x24/0x120\n __driver_attach+0xc7/0x280\n ? driver_attach+0x30/0x30\n bus_for_each_dev+0x10d/0x130\n driver_attach+0x22/0x30\n bus_add_driver+0x171/0x2b0\n ? unaccepted_memory_init_kdump+0x20/0x20\n driver_register+0x67/0x100\n __pci_register_driver+0x83/0x90\n sp_pci_init+0x22/0x30\n sp_mod_init+0x13/0x30\n do_one_initcall+0xb8/0x290\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? stack_depot_save_flags+0x21e/0x6a0\n ? local_clock+0x1c/0x60\n ? stack_depot_save_flags+0x21e/0x6a0\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __lock_acquire+0xd90/0xe30\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __create_object+0x66/0x100\n ? local_clock+0x1c/0x60\n ? __create_object+0x66/0x100\n ? parameq+0x1b/0x90\n ? parse_one+0x6d/0x1d0\n ? parse_args+0xd7/0x1f0\n ? do_initcall_level+0x180/0x180\n do_initcall_level+0xb0/0x180\n do_initcalls+0x60/0xa0\n ? kernel_init+0x1f/0x1d0\n do_basic_setup+0x41/0x50\n kernel_init_freeable+0x1ac/0x230\n ? rest_init+0x1f0/0x1f0\n kernel_init+0x1f/0x1d0\n ? rest_init+0x1f0/0x1f0\n ret_from_fork+0x3d/0x50\n ? rest_init+0x1f0/0x1f0\n ret_from_fork_asm+0x11/0x20\n \n Modules linked in:\n CR2: 00000000000000f0\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43874"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773.json b/objects/vulnerability/vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773.json
new file mode 100644
index 00000000000..b35466c1985
--- /dev/null
+++ b/objects/vulnerability/vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b31f1df3-2b87-46fa-9c12-2224a1dae5d2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--32e7ec52-6aac-428c-b76b-0a6b36092773",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.199499Z",
+ "modified": "2024-08-22T00:18:38.199499Z",
+ "name": "CVE-2024-6339",
+ "description": "The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6339"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265.json b/objects/vulnerability/vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265.json
new file mode 100644
index 00000000000..bc95d0769aa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63e0da81-a102-46b7-9c4c-afdd6bbdb893",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--32f98996-5d8d-437b-859f-9ef3f0a7a265",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.325823Z",
+ "modified": "2024-08-22T00:18:37.325823Z",
+ "name": "CVE-2024-7967",
+ "description": "Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7967"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023.json b/objects/vulnerability/vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023.json
new file mode 100644
index 00000000000..6e01f7d4b1b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--00f4dfdf-fe08-4b61-8714-75b509769f48",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--33c8a848-f422-49f6-b4b6-0256f64ec023",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.035899Z",
+ "modified": "2024-08-22T00:18:40.035899Z",
+ "name": "CVE-2023-52902",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnommu: fix memory leak in do_mmap() error path\n\nThe preallocation of the maple tree nodes may leak if the error path to\n\"error_just_free\" is taken. Fix this by moving the freeing of the maple\ntree nodes to a shared location for all error paths.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52902"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af.json b/objects/vulnerability/vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af.json
new file mode 100644
index 00000000000..202d98edd1b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8bd9612f-ca7f-4b6d-bb77-4dd0c101bb38",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--345e0472-e5b1-4755-80a5-9c0bb119b2af",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.409061Z",
+ "modified": "2024-08-22T00:18:37.409061Z",
+ "name": "CVE-2024-7013",
+ "description": "Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7013"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7.json b/objects/vulnerability/vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7.json
new file mode 100644
index 00000000000..7bdb817c67e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4921b015-4fb1-4376-bf97-a775b6944a2f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--387cd38a-078c-48d8-b443-3dd2b630cbe7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.851823Z",
+ "modified": "2024-08-22T00:18:37.851823Z",
+ "name": "CVE-2024-5930",
+ "description": "VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Anti Malware Service. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22345.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5930"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--38c363f6-6bcc-482b-8639-e313963f9151.json b/objects/vulnerability/vulnerability--38c363f6-6bcc-482b-8639-e313963f9151.json
new file mode 100644
index 00000000000..1027aa5f4ed
--- /dev/null
+++ b/objects/vulnerability/vulnerability--38c363f6-6bcc-482b-8639-e313963f9151.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bacdb6ec-9e06-49c4-929e-1aaae57b1a1d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--38c363f6-6bcc-482b-8639-e313963f9151",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.679467Z",
+ "modified": "2024-08-22T00:18:37.679467Z",
+ "name": "CVE-2024-43371",
+ "description": "CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents (e.g. pushing to the DataStore, streaming contents or saving a local copy). All of them use the resource URL, and there are currently no checks to limit what URLs can be requested. This means that a malicious (or unaware) user can create a resource with a URL pointing to a place where they should not have access in order for one of the previous tools to retrieve it (known as a Server Side Request Forgery). Users wanting to protect against these kinds of attacks can use one or a combination of the following approaches: (1) Use a separate HTTP proxy like Squid that can be used to allow / disallow IPs, domains etc as needed, and make CKAN extensions aware of this setting via the ckan.download_proxy config option. (2) Implement custom firewall rules to prevent access to restricted resources. (3) Use custom validators on the resource url field to block/allow certain domains or IPs. All latest versions of the plugins listed above support the ckan.download_proxy settings. Support for this setting in the Resource Proxy plugin was included in CKAN 2.10.5 and 2.11.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43371"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--395f05c1-f742-4baf-913b-9b688ded0296.json b/objects/vulnerability/vulnerability--395f05c1-f742-4baf-913b-9b688ded0296.json
new file mode 100644
index 00000000000..73a8b3bbdea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--395f05c1-f742-4baf-913b-9b688ded0296.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--20cb7f4d-66e5-46f7-88c1-50665b4a7bee",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--395f05c1-f742-4baf-913b-9b688ded0296",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.948753Z",
+ "modified": "2024-08-22T00:18:36.948753Z",
+ "name": "CVE-2024-42779",
+ "description": "An Unrestricted file upload vulnerability was found in \"/music/ajax.php?action=save_music\" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42779"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b.json b/objects/vulnerability/vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b.json
new file mode 100644
index 00000000000..c5d7855f1da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--74d1f3eb-e481-43c3-a0a7-75342065ab94",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3ae5ddbd-4fc2-4443-ab02-80dc4ee3643b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.96749Z",
+ "modified": "2024-08-22T00:18:36.96749Z",
+ "name": "CVE-2024-42786",
+ "description": "A SQL injection vulnerability in \"/music/view_user.php\" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"id\" parameter of View User Profile Page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42786"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366.json b/objects/vulnerability/vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366.json
new file mode 100644
index 00000000000..fda393b75a1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2a44fe97-e682-4c54-a8e2-550858e79c35",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3b245abc-c8a4-44a9-9101-091f41ce4366",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.685275Z",
+ "modified": "2024-08-22T00:18:37.685275Z",
+ "name": "CVE-2024-43871",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43871"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3d62c87b-21bd-4779-9792-1e8446669783.json b/objects/vulnerability/vulnerability--3d62c87b-21bd-4779-9792-1e8446669783.json
new file mode 100644
index 00000000000..eae28b6188f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3d62c87b-21bd-4779-9792-1e8446669783.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1c6bffa9-c999-470d-ad9a-8e9914ed874a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3d62c87b-21bd-4779-9792-1e8446669783",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.374442Z",
+ "modified": "2024-08-22T00:18:37.374442Z",
+ "name": "CVE-2024-7032",
+ "description": "The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7032"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74.json b/objects/vulnerability/vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74.json
new file mode 100644
index 00000000000..fd60f8df6f3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--521bd6fb-61d6-48ca-9344-6776cecd0574",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3f1a4ff2-cd0c-4e13-a2ec-893e820e9f74",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.257283Z",
+ "modified": "2024-08-22T00:18:38.257283Z",
+ "name": "CVE-2024-6386",
+ "description": "The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6386"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3ff9ed36-704f-4350-997b-60983741b251.json b/objects/vulnerability/vulnerability--3ff9ed36-704f-4350-997b-60983741b251.json
new file mode 100644
index 00000000000..91db180832b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3ff9ed36-704f-4350-997b-60983741b251.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8094787a-0da1-49f1-8123-f11997ff99fe",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3ff9ed36-704f-4350-997b-60983741b251",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.095802Z",
+ "modified": "2024-08-22T00:18:37.095802Z",
+ "name": "CVE-2024-38305",
+ "description": "Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-38305"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52.json b/objects/vulnerability/vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52.json
new file mode 100644
index 00000000000..a78c2c1fe01
--- /dev/null
+++ b/objects/vulnerability/vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--088409b7-4863-49e9-ba5c-b9e46506decb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--40183da1-2b90-44db-b1df-0e9e577b7d52",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.625969Z",
+ "modified": "2024-08-22T00:18:37.625969Z",
+ "name": "CVE-2024-20375",
+ "description": "A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20375"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b.json b/objects/vulnerability/vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b.json
new file mode 100644
index 00000000000..fc97043073a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--38772963-b65e-46ad-9886-242c992d3014",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--41720441-19b9-44d2-ad52-c2f0cf81ec5b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.062055Z",
+ "modified": "2024-08-22T00:18:40.062055Z",
+ "name": "CVE-2023-52894",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()\n\nIn Google internal bug 265639009 we've received an (as yet) unreproducible\ncrash report from an aarch64 GKI 5.10.149-android13 running device.\n\nAFAICT the source code is at:\n https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10\n\nThe call stack is:\n ncm_close() -> ncm_notify() -> ncm_do_notify()\nwith the crash at:\n ncm_do_notify+0x98/0x270\nCode: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)\n\nWhich I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...):\n\n // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification)\n 0B 0D 00 79 strh w11, [x8, #6]\n\n // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request)\n 6C 0A 00 B9 str w12, [x19, #8]\n\n // x10 (NULL) was read here from offset 0 of valid pointer x9\n // IMHO we're reading 'cdev->gadget' and getting NULL\n // gadget is indeed at offset 0 of struct usb_composite_dev\n 2A 01 40 F9 ldr x10, [x9]\n\n // loading req->buf pointer, which is at offset 0 of struct usb_request\n 69 02 40 F9 ldr x9, [x19]\n\n // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed\n 4B 5D 40 B9 ldr w11, [x10, #0x5c]\n\nwhich seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:\n\n event->wLength = cpu_to_le16(8);\n req->length = NCM_STATUS_BYTECOUNT;\n\n /* SPEED_CHANGE data is up/down speeds in bits/sec */\n data = req->buf + sizeof *event;\n data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));\n\nMy analysis of registers and NULL ptr deref crash offset\n (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)\nheavily suggests that the crash is due to 'cdev->gadget' being NULL when executing:\n data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));\nwhich calls:\n ncm_bitrate(NULL)\nwhich then calls:\n gadget_is_superspeed(NULL)\nwhich reads\n ((struct usb_gadget *)NULL)->max_speed\nand hits a panic.\n\nAFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C.\n(remember there's a GKI KABI reservation of 16 bytes in struct work_struct)\n\nIt's not at all clear to me how this is all supposed to work...\nbut returning 0 seems much better than panic-ing...",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52894"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9.json b/objects/vulnerability/vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9.json
new file mode 100644
index 00000000000..2c50794a258
--- /dev/null
+++ b/objects/vulnerability/vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0340db07-b64d-4a70-aed0-f5a1bcdb0767",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--440b63fe-dcb1-4840-af9c-a3f0af5135b9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.716384Z",
+ "modified": "2024-08-22T00:18:37.716384Z",
+ "name": "CVE-2024-43027",
+ "description": "DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43027"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10.json b/objects/vulnerability/vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10.json
new file mode 100644
index 00000000000..80ea644c1e0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b22659be-fabc-41ba-a5bd-e08bbaf1cd52",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--44dde42b-7db1-45f2-a1da-a31f6f135b10",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.05737Z",
+ "modified": "2024-08-22T00:18:40.05737Z",
+ "name": "CVE-2023-52895",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: don't reissue in case of poll race on multishot request\n\nA previous commit fixed a poll race that can occur, but it's only\napplicable for multishot requests. For a multishot request, we can safely\nignore a spurious wakeup, as we never leave the waitqueue to begin with.\n\nA blunt reissue of a multishot armed request can cause us to leak a\nbuffer, if they are ring provided. While this seems like a bug in itself,\nit's not really defined behavior to reissue a multishot request directly.\nIt's less efficient to do so as well, and not required to rearm anything\nlike it is for singleshot poll requests.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52895"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37.json b/objects/vulnerability/vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37.json
new file mode 100644
index 00000000000..0d2fc06637e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b7d32fbf-a793-4520-bf8c-9a94a3914989",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4531e58c-5834-4676-b2b7-0b81c7b4aa37",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.011073Z",
+ "modified": "2024-08-22T00:18:40.011073Z",
+ "name": "CVE-2023-52899",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nAdd exception protection processing for vd in axi_chan_handle_err function\n\nSince there is no protection for vd, a kernel panic will be\ntriggered here in exceptional cases.\n\nYou can refer to the processing of axi_chan_block_xfer_complete function\n\nThe triggered kernel panic is as follows:\n\n[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 67.848447] Mem abort info:\n[ 67.848449] ESR = 0x96000004\n[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 67.848454] SET = 0, FnV = 0\n[ 67.848456] EA = 0, S1PTW = 0\n[ 67.848458] Data abort info:\n[ 67.848460] ISV = 0, ISS = 0x00000004\n[ 67.848462] CM = 0, WnR = 0\n[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000\n[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000\n[ 67.848472] Internal error: Oops: 96000004 [#1] SMP\n[ 67.848475] Modules linked in: dmatest\n[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11\n[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)\n[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230\n[ 67.848491] lr : axi_chan_handle_err+0x30/0x230\n[ 67.848493] sp : ffff0803fe55ae50\n[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200\n[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080\n[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850\n[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000\n[ 67.848512] x21: 0000000000000080 x20: 0000000000002000\n[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000\n[ 67.848521] x17: 0000000000000000 x16: 0000000000000000\n[ 67.848525] x15: 0000000000000000 x14: 0000000000000000\n[ 67.848529] x13: 0000000000000000 x12: 0000000000000040\n[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a\n[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270\n[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0\n[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480\n[ 67.848550] x3 : dead000000000100 x2 : dead000000000122\n[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168\n[ 67.848559] Call trace:\n[ 67.848562] axi_chan_handle_err+0xc4/0x230\n[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590\n[ 67.848569] __handle_irq_event_percpu+0x60/0x220\n[ 67.848573] handle_irq_event+0x64/0x120\n[ 67.848576] handle_fasteoi_irq+0xc4/0x220\n[ 67.848580] __handle_domain_irq+0x80/0xe0\n[ 67.848583] gic_handle_irq+0xc0/0x138\n[ 67.848585] el1_irq+0xc8/0x180\n[ 67.848588] arch_cpu_idle+0x14/0x2c\n[ 67.848591] default_idle_call+0x40/0x16c\n[ 67.848594] do_idle+0x1f0/0x250\n[ 67.848597] cpu_startup_entry+0x2c/0x60\n[ 67.848600] rest_init+0xc0/0xcc\n[ 67.848603] arch_call_rest_init+0x14/0x1c\n[ 67.848606] start_kernel+0x4cc/0x500\n[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)\n[ 67.848613] ---[ end trace 585a97036f88203a ]---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52899"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01.json b/objects/vulnerability/vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01.json
new file mode 100644
index 00000000000..f79e39aec63
--- /dev/null
+++ b/objects/vulnerability/vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7b615588-8b6a-4f4a-bba5-302570cfdaf0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--46cb0a89-104a-4f4a-9633-2e302cd43a01",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:39.991146Z",
+ "modified": "2024-08-22T00:18:39.991146Z",
+ "name": "CVE-2023-52900",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails. However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious 'not found' code from\nnilfs_btree_do_lookup(), it misunderstands that the 'not found' check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n \n nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n __block_write_begin fs/buffer.c:2041 [inline]\n block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n call_write_iter include/linux/fs.h:2186 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n \n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52900"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--49e50737-b876-4f22-afcd-a4604782140e.json b/objects/vulnerability/vulnerability--49e50737-b876-4f22-afcd-a4604782140e.json
new file mode 100644
index 00000000000..425ba8c4b5d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--49e50737-b876-4f22-afcd-a4604782140e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fcedf988-a1df-4a61-9efe-68846ce86bb1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--49e50737-b876-4f22-afcd-a4604782140e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.420984Z",
+ "modified": "2024-08-22T00:18:24.420984Z",
+ "name": "CVE-2022-48869",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadgetfs: Fix race between mounting and unmounting\n\nThe syzbot fuzzer and Gerald Lee have identified a use-after-free bug\nin the gadgetfs driver, involving processes concurrently mounting and\nunmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super()\ncan race with gadgetfs_kill_sb(), causing the latter to deallocate\nthe_device while the former is using it. The output from KASAN says,\nin part:\n\nBUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]\nBUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\nBUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]\nBUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]\nBUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]\nBUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\nBUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\nWrite of size 4 at addr ffff8880276d7840 by task syz-executor126/18689\n\nCPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \n...\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\n __refcount_sub_and_test include/linux/refcount.h:272 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\n gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n vfs_get_super fs/super.c:1190 [inline]\n get_tree_single+0xd0/0x160 fs/super.c:1207\n vfs_get_tree+0x88/0x270 fs/super.c:1531\n vfs_fsconfig_locked fs/fsopen.c:232 [inline]\n\nThe simplest solution is to ensure that gadgetfs_fill_super() and\ngadgetfs_kill_sb() are serialized by making them both acquire a new\nmutex.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48869"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4a221a53-f75e-415e-821c-274204c364fb.json b/objects/vulnerability/vulnerability--4a221a53-f75e-415e-821c-274204c364fb.json
new file mode 100644
index 00000000000..852278e09db
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4a221a53-f75e-415e-821c-274204c364fb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1cddb268-74a7-4144-9fcc-37372bde89b3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4a221a53-f75e-415e-821c-274204c364fb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.322283Z",
+ "modified": "2024-08-22T00:18:37.322283Z",
+ "name": "CVE-2024-7980",
+ "description": "Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7980"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3.json b/objects/vulnerability/vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3.json
new file mode 100644
index 00000000000..93a4ee9088d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c16accbe-a6df-4f87-aeb9-6a7b1fd36b5f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4b689657-e0fd-4b6f-8849-206e5ef689a3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.127047Z",
+ "modified": "2024-08-22T00:18:37.127047Z",
+ "name": "CVE-2024-33656",
+ "description": "The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-33656"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b.json b/objects/vulnerability/vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b.json
new file mode 100644
index 00000000000..f0eae6c1c7d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--76a8509d-6639-4a7e-a79a-667b8f83f073",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4dea071c-9082-4c6c-b36f-a1a6ba2ec80b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.330285Z",
+ "modified": "2024-08-22T00:18:37.330285Z",
+ "name": "CVE-2024-7090",
+ "description": "The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7090"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a.json b/objects/vulnerability/vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a.json
new file mode 100644
index 00000000000..4f849d4279e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--52993f48-9978-4448-ac76-0c955d7ba6f8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4eda936a-9e86-4d97-8128-35752a3c468a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.366223Z",
+ "modified": "2024-08-22T00:18:37.366223Z",
+ "name": "CVE-2024-7973",
+ "description": "Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7973"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f.json b/objects/vulnerability/vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f.json
new file mode 100644
index 00000000000..72370bbfc40
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c3021a93-ec90-48d8-8014-598af4d25b1c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5267c4d5-36d7-4f16-b74e-0b73824b418f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.012102Z",
+ "modified": "2024-08-22T00:18:38.012102Z",
+ "name": "CVE-2024-37008",
+ "description": "A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-37008"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a.json b/objects/vulnerability/vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a.json
new file mode 100644
index 00000000000..a1c44c3d5fc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2e5008d4-819b-4e90-b426-216bdb4b16cf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5432d40c-7377-4eb8-a92d-94bb2bdec41a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.870154Z",
+ "modified": "2024-08-22T00:18:37.870154Z",
+ "name": "CVE-2024-5929",
+ "description": "VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Patch Management Agent. The issue results from loading a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22316.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5929"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119.json b/objects/vulnerability/vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119.json
new file mode 100644
index 00000000000..9d7fc81de3e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f19710bc-0efe-4baa-9eb3-4cec9e7deddc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5521fe30-4bed-493f-99fe-a38da8f35119",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.417894Z",
+ "modified": "2024-08-22T00:18:24.417894Z",
+ "name": "CVE-2022-48868",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48868"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9.json b/objects/vulnerability/vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9.json
new file mode 100644
index 00000000000..0eba027438e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f8c27e3e-63ea-4e58-a9fe-6e6c2274b511",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--57d95d32-c652-4660-acd6-c02a2dbcedf9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.67843Z",
+ "modified": "2024-08-22T00:18:37.67843Z",
+ "name": "CVE-2024-43882",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file's metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug 7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug 7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43882"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735.json b/objects/vulnerability/vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735.json
new file mode 100644
index 00000000000..2a71032e7a0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a7548e8b-3148-49ac-8b8d-c112749110f5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--58174ed1-f9b0-4305-9aeb-88cd113a8735",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.9314Z",
+ "modified": "2024-08-22T00:18:36.9314Z",
+ "name": "CVE-2024-42780",
+ "description": "An Unrestricted file upload vulnerability was found in \"/music/ajax.php?action=save_genre\" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42780"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--582aa970-590c-411f-8ada-4582a5259636.json b/objects/vulnerability/vulnerability--582aa970-590c-411f-8ada-4582a5259636.json
new file mode 100644
index 00000000000..94e9cc8efb9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--582aa970-590c-411f-8ada-4582a5259636.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e162b57a-3176-4a7a-a9ba-1100abc6d7e4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--582aa970-590c-411f-8ada-4582a5259636",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.229348Z",
+ "modified": "2024-08-22T00:18:38.229348Z",
+ "name": "CVE-2024-6883",
+ "description": "The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6883"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b.json b/objects/vulnerability/vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b.json
new file mode 100644
index 00000000000..7b0ddc78255
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b30575fc-a1c1-4776-8ede-92cc92dd45de",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5bc25266-34f0-4296-8a5a-87920ea14b9b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.033244Z",
+ "modified": "2024-08-22T00:18:40.033244Z",
+ "name": "CVE-2023-52910",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/iova: Fix alloc iova overflows issue\n\nIn __alloc_and_insert_iova_range, there is an issue that retry_pfn\noverflows. The value of iovad->anchor.pfn_hi is ~0UL, then when\niovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will\noverflow. As a result, if the retry logic is executed, low_pfn is\nupdated to 0, and then new_pfn < low_pfn returns false to make the\nallocation successful.\n\nThis issue occurs in the following two situations:\n1. The first iova size exceeds the domain size. When initializing\niova domain, iovad->cached_node is assigned as iovad->anchor. For\nexample, the iova domain size is 10M, start_pfn is 0x1_F000_0000,\nand the iova size allocated for the first time is 11M. The\nfollowing is the log information, new->pfn_lo is smaller than\niovad->cached_node.\n\nExample log as follows:\n[ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range\nstart_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00\n[ 223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range\nsuccess start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff\n\n2. The node with the largest iova->pfn_lo value in the iova domain\nis deleted, iovad->cached_node will be updated to iovad->anchor,\nand then the alloc iova size exceeds the maximum iova size that can\nbe allocated in the domain.\n\nAfter judging that retry_pfn is less than limit_pfn, call retry_pfn+1\nto fix the overflow issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52910"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551.json b/objects/vulnerability/vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551.json
new file mode 100644
index 00000000000..70648678ac2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--75691947-0c20-4d8e-a1e1-93d0c5f8cfa4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5bd925eb-da8b-4d79-8006-a38f4573a551",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.938825Z",
+ "modified": "2024-08-22T00:18:36.938825Z",
+ "name": "CVE-2024-42781",
+ "description": "A SQL injection vulnerability in \"/music/ajax.php?action=login\" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42781"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680.json b/objects/vulnerability/vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680.json
new file mode 100644
index 00000000000..34102ad137a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f9844b3f-419a-485b-b1df-b88a96369a57",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5d0d217b-1da9-4e5a-ba4e-0a951fad2680",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.370372Z",
+ "modified": "2024-08-22T00:18:37.370372Z",
+ "name": "CVE-2024-7976",
+ "description": "Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7976"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56.json b/objects/vulnerability/vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56.json
new file mode 100644
index 00000000000..f60e54bffe7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e6cfa1d1-3389-4e5d-961a-fd9ec682dd7b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5d30c340-19c3-4da2-af7c-90835f889e56",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.266215Z",
+ "modified": "2024-08-22T00:18:36.266215Z",
+ "name": "CVE-2024-41674",
+ "description": "CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41674"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d.json b/objects/vulnerability/vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d.json
new file mode 100644
index 00000000000..44800329b17
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f4015c70-7ccd-4cd8-a810-b0904a81d808",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5d5861bf-020c-4271-8012-c40a3da6293d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.399266Z",
+ "modified": "2024-08-22T00:18:37.399266Z",
+ "name": "CVE-2024-7722",
+ "description": "Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7722"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4.json b/objects/vulnerability/vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4.json
new file mode 100644
index 00000000000..a04fc038086
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8206a672-44ff-45c5-a90a-83c24fbebc2b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5da70743-bc4f-4b8a-b358-a0cb05bd33e4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.897589Z",
+ "modified": "2024-08-22T00:18:37.897589Z",
+ "name": "CVE-2024-5335",
+ "description": "The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. This makes it possible for an unauthenticated attacker to inject a PHP Object.\r\n\r\nNo POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker or above to delete arbitrary files, retrieve sensitive data, or execute code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5335"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c.json b/objects/vulnerability/vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c.json
new file mode 100644
index 00000000000..410c29fb388
--- /dev/null
+++ b/objects/vulnerability/vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--64168ba9-28bd-45a6-9e60-5eef498b6d34",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--64de3480-23e1-4c9c-ac33-6f3dd4f3ed7c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.660321Z",
+ "modified": "2024-08-22T00:18:37.660321Z",
+ "name": "CVE-2024-43872",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43872"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a.json b/objects/vulnerability/vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a.json
new file mode 100644
index 00000000000..a84e4ff5c2f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b3a2d18a-5658-4b28-b1b8-6145a99e0a2f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6719ed73-8d3f-4437-87ac-233cc57f199a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.403523Z",
+ "modified": "2024-08-22T00:18:37.403523Z",
+ "name": "CVE-2024-7651",
+ "description": "The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7651"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d.json b/objects/vulnerability/vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d.json
new file mode 100644
index 00000000000..688ac846b75
--- /dev/null
+++ b/objects/vulnerability/vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b68ad21e-5175-466a-ba20-e8457987c2d5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--678a393b-dfd0-4939-a4ab-9e00c2c93a3d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.025471Z",
+ "modified": "2024-08-22T00:18:40.025471Z",
+ "name": "CVE-2023-52898",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference when host dies\n\nMake sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race\nand cause null pointer dereference when host suddenly dies.\n\nUsb core may call xhci_free_dev() which frees the xhci->devs[slot_id]\nvirt device at the same time that xhci_kill_endpoint_urbs() tries to\nloop through all the device's endpoints, checking if there are any\ncancelled urbs left to give back.\n\nhold the xhci spinlock while freeing the virt device",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52898"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802.json b/objects/vulnerability/vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802.json
new file mode 100644
index 00000000000..8ea7a73ff43
--- /dev/null
+++ b/objects/vulnerability/vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--646e8337-05ff-4448-baea-a16780d88f5f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--680fcf3e-769e-4a90-ae79-115f0af97802",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:30.445949Z",
+ "modified": "2024-08-22T00:18:30.445949Z",
+ "name": "CVE-2020-11850",
+ "description": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2020-11850"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583.json b/objects/vulnerability/vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583.json
new file mode 100644
index 00000000000..8e252f32934
--- /dev/null
+++ b/objects/vulnerability/vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a5b1903b-48ac-43e3-9a8f-8135350abec6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--695a7ca9-15eb-4f1d-a9c8-30858aaaa583",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.411592Z",
+ "modified": "2024-08-22T00:18:37.411592Z",
+ "name": "CVE-2024-7795",
+ "description": "Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7795"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca.json b/objects/vulnerability/vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca.json
new file mode 100644
index 00000000000..468ac8cadbc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c52fd564-0b20-41c8-b6c2-1fb05ee5c31b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6a351ee7-443b-4217-af70-d3ac1f0589ca",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.383867Z",
+ "modified": "2024-08-22T00:18:37.383867Z",
+ "name": "CVE-2024-7968",
+ "description": "Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7968"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480.json b/objects/vulnerability/vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480.json
new file mode 100644
index 00000000000..0bfa0ce812b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ad74c364-091e-4d7d-a17a-f8c1be529255",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6b4fd347-ccac-4833-9c9c-c9691082a480",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.709889Z",
+ "modified": "2024-08-22T00:18:37.709889Z",
+ "name": "CVE-2024-43873",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don't usually do this but\n it's legal and there's no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43873"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79.json b/objects/vulnerability/vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79.json
new file mode 100644
index 00000000000..ed58cbbcc6c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c9ea8c64-9ac7-41a5-9963-54b1bd375827",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6b55c081-d18f-4bf0-9d91-17e270bfbf79",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.394888Z",
+ "modified": "2024-08-22T00:18:24.394888Z",
+ "name": "CVE-2022-48874",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free and race in fastrpc_map_find\n\nCurrently, there is a race window between the point when the mutex is\nunlocked in fastrpc_map_lookup and the reference count increasing\n(fastrpc_map_get) in fastrpc_map_find, which can also lead to\nuse-after-free.\n\nSo lets merge fastrpc_map_find into fastrpc_map_lookup which allows us\nto both protect the maps list by also taking the &fl->lock spinlock and\nthe reference count, since the spinlock will be released only after.\nAdd take_ref argument to make this suitable for all callers.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48874"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6c7e0571-2add-4396-9287-283e3055c86c.json b/objects/vulnerability/vulnerability--6c7e0571-2add-4396-9287-283e3055c86c.json
new file mode 100644
index 00000000000..87fa377d6a1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6c7e0571-2add-4396-9287-283e3055c86c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9f397912-bd4a-42ca-9b5a-6eed150f0295",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6c7e0571-2add-4396-9287-283e3055c86c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.46477Z",
+ "modified": "2024-08-22T00:18:38.46477Z",
+ "name": "CVE-2023-29929",
+ "description": "Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-29929"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714.json b/objects/vulnerability/vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714.json
new file mode 100644
index 00000000000..88797d24089
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e6f25e04-b89e-489c-a2e5-525f7cb999e6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6d91e300-23b2-42d5-8510-d77ae7013714",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.936148Z",
+ "modified": "2024-08-22T00:18:36.936148Z",
+ "name": "CVE-2024-42550",
+ "description": "A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42550"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6e944515-d361-4643-981a-e5e62c01068b.json b/objects/vulnerability/vulnerability--6e944515-d361-4643-981a-e5e62c01068b.json
new file mode 100644
index 00000000000..c032715f735
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6e944515-d361-4643-981a-e5e62c01068b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fe003a25-d85f-4fbe-b9da-a8ced2c56620",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6e944515-d361-4643-981a-e5e62c01068b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.215163Z",
+ "modified": "2024-08-22T00:18:38.215163Z",
+ "name": "CVE-2024-6811",
+ "description": "IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WSQ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24192.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6811"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2.json b/objects/vulnerability/vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2.json
new file mode 100644
index 00000000000..9607752122e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3bf5c803-33f6-4cee-9dc7-dfcdb68c45b9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6f2bf920-5389-48aa-9a7f-5d80b22e3fa2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.891482Z",
+ "modified": "2024-08-22T00:18:37.891482Z",
+ "name": "CVE-2024-5880",
+ "description": "The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized access to the site.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5880"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3.json b/objects/vulnerability/vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3.json
new file mode 100644
index 00000000000..2247adb55fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--08c4c8d4-c214-4bf1-a802-565737368ae8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6fe68d6b-3db5-4087-9a17-567a90d4c4f3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.386303Z",
+ "modified": "2024-08-22T00:18:37.386303Z",
+ "name": "CVE-2024-7971",
+ "description": "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7971"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d.json b/objects/vulnerability/vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d.json
new file mode 100644
index 00000000000..6138df4616f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ebe4ca18-a904-491c-98c6-36144bfdc204",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7052a979-dd90-4b9a-b013-c9efe544bf9d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.029608Z",
+ "modified": "2024-08-22T00:18:40.029608Z",
+ "name": "CVE-2023-52906",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mpls: Fix warning during failed attribute validation\n\nThe 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a\nvalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid\ncombination according to the comment above 'struct nla_policy':\n\n\"\nMeaning of `validate' field, use via NLA_POLICY_VALIDATE_FN:\n NLA_BINARY Validation function called for the attribute.\n All other Unused - but note that it's a union\n\"\n\nThis can trigger the warning [1] in nla_get_range_unsigned() when\nvalidation of the attribute fails. Despite being of 'NLA_U32' type, the\nassociated 'min'/'max' fields in the policy are negative as they are\naliased by the 'validate' field.\n\nFix by changing the attribute type to 'NLA_BINARY' which is consistent\nwith the above comment and all other users of NLA_POLICY_VALIDATE_FN().\nAs a result, move the length validation to the validation function.\n\nNo regressions in MPLS tests:\n\n # ./tdc.py -f tc-tests/actions/mpls.json\n [...]\n # echo $?\n 0\n\n[1]\nWARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118\nnla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\nModules linked in:\nCPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\n[...]\nCall Trace:\n \n __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310\n netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411\n netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]\n netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506\n netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546\n rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2482\n ___sys_sendmsg net/socket.c:2536 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2565\n __do_sys_sendmsg net/socket.c:2574 [inline]\n __se_sys_sendmsg net/socket.c:2572 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52906"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9.json b/objects/vulnerability/vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9.json
new file mode 100644
index 00000000000..06083a2613d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--78d8a82d-ab78-4633-91a5-2156d9e859a6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--710bdaef-c0ea-45b0-81ce-fc5139a3fbc9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.664509Z",
+ "modified": "2024-08-22T00:18:37.664509Z",
+ "name": "CVE-2024-43878",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix input error path memory access\n\nWhen there is a misconfiguration of input state slow path\nKASAN report error. Fix this error.\nwest login:\n[ 52.987278] eth1: renamed from veth11\n[ 53.078814] eth1: renamed from veth21\n[ 53.181355] eth1: renamed from veth31\n[ 54.921702] ==================================================================\n[ 54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\n[ 54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\n[ 54.924169]\n[ 54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\n[ 54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 54.926401] Call Trace:\n[ 54.926731] \n[ 54.927009] dump_stack_lvl+0x2a/0x3b\n[ 54.927478] kasan_report+0x84/0xa6\n[ 54.927930] ? xfrmi_rcv_cb+0x2d/0x295\n[ 54.928410] xfrmi_rcv_cb+0x2d/0x295\n[ 54.928872] ? xfrm4_rcv_cb+0x3d/0x5e\n[ 54.929354] xfrm4_rcv_cb+0x46/0x5e\n[ 54.929804] xfrm_rcv_cb+0x7e/0xa1\n[ 54.930240] xfrm_input+0x1b3a/0x1b96\n[ 54.930715] ? xfrm_offload+0x41/0x41\n[ 54.931182] ? raw_rcv+0x292/0x292\n[ 54.931617] ? nf_conntrack_confirm+0xa2/0xa2\n[ 54.932158] ? skb_sec_path+0xd/0x3f\n[ 54.932610] ? xfrmi_input+0x90/0xce\n[ 54.933066] xfrm4_esp_rcv+0x33/0x54\n[ 54.933521] ip_protocol_deliver_rcu+0xd7/0x1b2\n[ 54.934089] ip_local_deliver_finish+0x110/0x120\n[ 54.934659] ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[ 54.935248] NF_HOOK.constprop.0+0xf8/0x138\n[ 54.935767] ? ip_sublist_rcv_finish+0x68/0x68\n[ 54.936317] ? secure_tcpv6_ts_off+0x23/0x168\n[ 54.936859] ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[ 54.937454] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[ 54.938135] NF_HOOK.constprop.0+0xf8/0x138\n[ 54.938663] ? ip_sublist_rcv_finish+0x68/0x68\n[ 54.939220] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[ 54.939904] ? ip_local_deliver_finish+0x120/0x120\n[ 54.940497] __netif_receive_skb_one_core+0xc9/0x107\n[ 54.941121] ? __netif_receive_skb_list_core+0x1c2/0x1c2\n[ 54.941771] ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\n[ 54.942413] ? blk_mq_start_stopped_hw_queue+0x38/0x38\n[ 54.943044] ? virtqueue_get_buf_ctx+0x295/0x46b\n[ 54.943618] process_backlog+0xb3/0x187\n[ 54.944102] __napi_poll.constprop.0+0x57/0x1a7\n[ 54.944669] net_rx_action+0x1cb/0x380\n[ 54.945150] ? __napi_poll.constprop.0+0x1a7/0x1a7\n[ 54.945744] ? vring_new_virtqueue+0x17a/0x17a\n[ 54.946300] ? note_interrupt+0x2cd/0x367\n[ 54.946805] handle_softirqs+0x13c/0x2c9\n[ 54.947300] do_softirq+0x5f/0x7d\n[ 54.947727] \n[ 54.948014] \n[ 54.948300] __local_bh_enable_ip+0x48/0x62\n[ 54.948832] __neigh_event_send+0x3fd/0x4ca\n[ 54.949361] neigh_resolve_output+0x1e/0x210\n[ 54.949896] ip_finish_output2+0x4bf/0x4f0\n[ 54.950410] ? __ip_finish_output+0x171/0x1b8\n[ 54.950956] ip_send_skb+0x25/0x57\n[ 54.951390] raw_sendmsg+0xf95/0x10c0\n[ 54.951850] ? check_new_pages+0x45/0x71\n[ 54.952343] ? raw_hash_sk+0x21b/0x21b\n[ 54.952815] ? kernel_init_pages+0x42/0x51\n[ 54.953337] ? prep_new_page+0x44/0x51\n[ 54.953811] ? get_page_from_freelist+0x72b/0x915\n[ 54.954390] ? signal_pending_state+0x77/0x77\n[ 54.954936] ? preempt_count_sub+0x14/0xb3\n[ 54.955450] ? __might_resched+0x8a/0x240\n[ 54.955951] ? __might_sleep+0x25/0xa0\n[ 54.956424] ? first_zones_zonelist+0x2c/0x43\n[ 54.956977] ? __rcu_read_lock+0x2d/0x3a\n[ 54.957476] ? __pte_offset_map+0x32/0xa4\n[ 54.957980] ? __might_resched+0x8a/0x240\n[ 54.958483] ? __might_sleep+0x25/0xa0\n[ 54.958963] ? inet_send_prepare+0x54/0x54\n[ 54.959478] ? sock_sendmsg_nosec+0x42/0x6c\n[ 54.960000] sock_sendmsg_nosec+0x42/0x6c\n[ 54.960502] __sys_sendto+0x15d/0x1cc\n[ 54.960966] ? __x64_sys_getpeername+0x44/0x44\n[ 54.961522] ? __handle_mm_fault+0x679/0xae4\n[ 54.962068] ? find_vma+0x6b/0x\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43878"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78.json b/objects/vulnerability/vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78.json
new file mode 100644
index 00000000000..2654b352042
--- /dev/null
+++ b/objects/vulnerability/vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4b32031b-6fc9-4742-a924-8ed0c5358469",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--743f2018-b17d-4f04-8d80-c70d0d742d78",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.714716Z",
+ "modified": "2024-08-22T00:18:37.714716Z",
+ "name": "CVE-2024-43407",
+ "description": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server. The GeSHi library is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software. The fix is be available in version 4.25.0-lts.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43407"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8.json b/objects/vulnerability/vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8.json
new file mode 100644
index 00000000000..be9e3a98753
--- /dev/null
+++ b/objects/vulnerability/vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ead03e5c-90a6-4428-8aab-372ca2e8e10d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--767b94a0-6038-4ab8-929e-fe095f5d42b8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.018438Z",
+ "modified": "2024-08-22T00:18:40.018438Z",
+ "name": "CVE-2023-52914",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: add hash if ready poll request can't complete inline\n\nIf we don't, then we may lose access to it completely, leading to a\nrequest leak. This will eventually stall the ring exit process as\nwell.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52914"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--785acff9-7186-49ea-ba37-56471b7091b1.json b/objects/vulnerability/vulnerability--785acff9-7186-49ea-ba37-56471b7091b1.json
new file mode 100644
index 00000000000..dfbe88643a0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--785acff9-7186-49ea-ba37-56471b7091b1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--af2cbce4-8172-4591-aed2-355f5f8abe2d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--785acff9-7186-49ea-ba37-56471b7091b1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:39.992691Z",
+ "modified": "2024-08-22T00:18:39.992691Z",
+ "name": "CVE-2023-52903",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: lock overflowing for IOPOLL\n\nsyzbot reports an issue with overflow filling for IOPOLL:\n\nWARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\nCPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0\nWorkqueue: events_unbound io_ring_exit_work\nCall trace:\n io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\n io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773\n io_fill_cqe_req io_uring/io_uring.h:168 [inline]\n io_do_iopoll+0x474/0x62c io_uring/rw.c:1065\n io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513\n io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056\n io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869\n process_one_work+0x2d8/0x504 kernel/workqueue.c:2289\n worker_thread+0x340/0x610 kernel/workqueue.c:2436\n kthread+0x12c/0x158 kernel/kthread.c:376\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863\n\nThere is no real problem for normal IOPOLL as flush is also called with\nuring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL,\nfor which __io_cqring_overflow_flush() happens from the CQ waiting path.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52903"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--79685090-4612-4f68-b827-05a51b52f206.json b/objects/vulnerability/vulnerability--79685090-4612-4f68-b827-05a51b52f206.json
new file mode 100644
index 00000000000..2cf1f00d53f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--79685090-4612-4f68-b827-05a51b52f206.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--25879cbf-e1e9-46db-b7ef-a6eecc65aaa2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--79685090-4612-4f68-b827-05a51b52f206",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.25234Z",
+ "modified": "2024-08-22T00:18:38.25234Z",
+ "name": "CVE-2024-6812",
+ "description": "IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WSQ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23273.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6812"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734.json b/objects/vulnerability/vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734.json
new file mode 100644
index 00000000000..cb0ce451640
--- /dev/null
+++ b/objects/vulnerability/vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e1dd8126-9dd4-4d24-995a-ee19741ab587",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--79e2111c-ac36-4a64-8735-03659f5c5734",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.590935Z",
+ "modified": "2024-08-22T00:18:37.590935Z",
+ "name": "CVE-2024-20466",
+ "description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.\r\n\r\nThis vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20466"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0.json b/objects/vulnerability/vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0.json
new file mode 100644
index 00000000000..2477ef3e684
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f788e14a-5620-41dd-8406-43cfc5be5c1d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7b21f9f5-82b1-44f0-8db0-556f24af96d0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.129088Z",
+ "modified": "2024-08-22T00:18:38.129088Z",
+ "name": "CVE-2024-8035",
+ "description": "Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8035"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740.json b/objects/vulnerability/vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740.json
new file mode 100644
index 00000000000..9651f83b7c4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c06f0268-6f2d-48a9-82d0-40b00b0860fd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7bc94e70-1924-400e-9149-f69e0ebd3740",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.259158Z",
+ "modified": "2024-08-22T00:18:38.259158Z",
+ "name": "CVE-2024-6141",
+ "description": "Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Windscribe Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23441.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6141"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43.json b/objects/vulnerability/vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43.json
new file mode 100644
index 00000000000..7dbeed14685
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--59dbbc31-fbd3-427a-ac03-b68d87c087f6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7d4a68a2-fcbf-4511-a2ff-a1f72a271c43",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.33568Z",
+ "modified": "2024-08-22T00:18:40.33568Z",
+ "name": "CVE-2023-49198",
+ "description": "Mysql security vulnerability in Apache SeaTunnel.\n\nAttackers can read files on the MySQL server by modifying the information in the MySQL URL\n\n allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version [1.0.1], which fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-49198"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7eab1813-5c10-47d5-8a30-924a44456922.json b/objects/vulnerability/vulnerability--7eab1813-5c10-47d5-8a30-924a44456922.json
new file mode 100644
index 00000000000..9a1b6198cb0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7eab1813-5c10-47d5-8a30-924a44456922.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9a31ac2b-81af-443a-b829-01fbdf4e8548",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7eab1813-5c10-47d5-8a30-924a44456922",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.226747Z",
+ "modified": "2024-08-22T00:18:37.226747Z",
+ "name": "CVE-2024-28000",
+ "description": "Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-28000"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567.json b/objects/vulnerability/vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567.json
new file mode 100644
index 00000000000..2b086fef799
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ca4089e8-2eec-42b2-928a-611ac2ae0e87",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8195fbd9-cfcd-4518-b86e-2213dedf5567",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.422437Z",
+ "modified": "2024-08-22T00:18:24.422437Z",
+ "name": "CVE-2022-48879",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48879"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--821f2165-6251-4566-91c6-39558e19a984.json b/objects/vulnerability/vulnerability--821f2165-6251-4566-91c6-39558e19a984.json
new file mode 100644
index 00000000000..5a6c150255d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--821f2165-6251-4566-91c6-39558e19a984.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3e93a1a3-c43d-4a5f-a6e3-6313a533a9bb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--821f2165-6251-4566-91c6-39558e19a984",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.441039Z",
+ "modified": "2024-08-22T00:18:24.441039Z",
+ "name": "CVE-2022-48871",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer\n\nDriver's probe allocates memory for RX FIFO (port->rx_fifo) based on\ndefault RX FIFO depth, e.g. 16. Later during serial startup the\nqcom_geni_serial_port_setup() updates the RX FIFO depth\n(port->rx_fifo_depth) to match real device capabilities, e.g. to 32.\n\nThe RX UART handle code will read \"port->rx_fifo_depth\" number of words\ninto \"port->rx_fifo\" buffer, thus exceeding the bounds. This can be\nobserved in certain configurations with Qualcomm Bluetooth HCI UART\ndevice and KASAN:\n\n Bluetooth: hci0: QCA Product ID :0x00000010\n Bluetooth: hci0: QCA SOC Version :0x400a0200\n Bluetooth: hci0: QCA ROM Version :0x00000200\n Bluetooth: hci0: QCA Patch Version:0x00000d2b\n Bluetooth: hci0: QCA controller version 0x02000200\n Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv\n bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2\n Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)\n Bluetooth: hci0: QCA Failed to download patch (-2)\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c\n Write of size 4 at addr ffff279347d578c0 by task swapper/0/0\n\n CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x40\n dump_stack_lvl+0x8c/0xb8\n print_report+0x188/0x488\n kasan_report+0xb4/0x100\n __asan_store4+0x80/0xa4\n handle_rx_uart+0xa8/0x18c\n qcom_geni_serial_handle_rx+0x84/0x9c\n qcom_geni_serial_isr+0x24c/0x760\n __handle_irq_event_percpu+0x108/0x500\n handle_irq_event+0x6c/0x110\n handle_fasteoi_irq+0x138/0x2cc\n generic_handle_domain_irq+0x48/0x64\n\nIf the RX FIFO depth changes after probe, be sure to resize the buffer.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48871"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d.json b/objects/vulnerability/vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d.json
new file mode 100644
index 00000000000..ecbe22a37bb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--65973658-5e32-4f19-b28a-19913ddd104d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--832130a5-760d-49f8-97c6-09d1671cc56d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.432643Z",
+ "modified": "2024-08-22T00:18:24.432643Z",
+ "name": "CVE-2022-48870",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix possible null-ptr-defer in spk_ttyio_release\n\nRun the following tests on the qemu platform:\n\nsyzkaller:~# modprobe speakup_audptr\n input: Speakup as /devices/virtual/input/input4\n initialized device: /dev/synth, node (MAJOR 10, MINOR 125)\n speakup 3.1.6: initialized\n synth name on entry is: (null)\n synth probe\n\nspk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned\nfailed (errno -16), then remove the module, we will get a null-ptr-defer\nproblem, as follow:\n\nsyzkaller:~# modprobe -r speakup_audptr\n releasing synth audptr\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1\n RIP: 0010:mutex_lock+0x14/0x30\n Call Trace:\n \n spk_ttyio_release+0x19/0x70 [speakup]\n synth_release.part.6+0xac/0xc0 [speakup]\n synth_remove+0x56/0x60 [speakup]\n __x64_sys_delete_module+0x156/0x250\n ? fpregs_assert_state_consistent+0x1d/0x50\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \n Modules linked in: speakup_audptr(-) speakup\n Dumping ftrace buffer:\n\nin_synth->dev was not initialized during modprobe, so we add check\nfor in_synth->dev to fix this bug.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48870"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd.json b/objects/vulnerability/vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd.json
new file mode 100644
index 00000000000..a7fa08ce923
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ba6fddfd-dbbf-482c-9b50-ebcef162372c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8470d267-410c-472a-8bc1-2d33f3fdd0dd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.388266Z",
+ "modified": "2024-08-22T00:18:37.388266Z",
+ "name": "CVE-2024-7723",
+ "description": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23736.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7723"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--85618269-2750-4f0c-bebc-20f1401d7529.json b/objects/vulnerability/vulnerability--85618269-2750-4f0c-bebc-20f1401d7529.json
new file mode 100644
index 00000000000..cc1d0457166
--- /dev/null
+++ b/objects/vulnerability/vulnerability--85618269-2750-4f0c-bebc-20f1401d7529.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1e428ac7-fec9-4ffa-a5c0-33f6453712a5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--85618269-2750-4f0c-bebc-20f1401d7529",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.389693Z",
+ "modified": "2024-08-22T00:18:37.389693Z",
+ "name": "CVE-2024-7998",
+ "description": "In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7998"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c.json b/objects/vulnerability/vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c.json
new file mode 100644
index 00000000000..c90ea30c38c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--03087739-60d3-461b-9469-cdea660000b4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--86dbc803-7c95-4932-8b21-6f852946a48c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.219681Z",
+ "modified": "2024-08-22T00:18:38.219681Z",
+ "name": "CVE-2024-6508",
+ "description": "An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6508"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a.json b/objects/vulnerability/vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a.json
new file mode 100644
index 00000000000..e3544c10ba5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2ec21c0f-33fd-4df8-9848-0cdd2c1a25f7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--896864bd-dc3e-4034-b353-d3a713378e6a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.356552Z",
+ "modified": "2024-08-22T00:18:37.356552Z",
+ "name": "CVE-2024-7603",
+ "description": "Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7603"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c.json b/objects/vulnerability/vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c.json
new file mode 100644
index 00000000000..08e1099c773
--- /dev/null
+++ b/objects/vulnerability/vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--28efefbd-720f-48d0-98e5-5dfe3bcdf761",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--89741f0d-d7ab-45a3-ba03-722f137a638c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.06104Z",
+ "modified": "2024-08-22T00:18:40.06104Z",
+ "name": "CVE-2023-52913",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this. And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52913"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427.json b/objects/vulnerability/vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427.json
new file mode 100644
index 00000000000..149be062087
--- /dev/null
+++ b/objects/vulnerability/vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7975d443-710b-4879-a4a9-0f0026dfd138",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--89aa1775-83f7-4fc5-82c5-ebead7f64427",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.058766Z",
+ "modified": "2024-08-22T00:18:40.058766Z",
+ "name": "CVE-2023-52909",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix handling of cached open files in nfsd4_open codepath\n\nCommit fb70bf124b05 (\"NFSD: Instantiate a struct file when creating a\nregular NFSv4 file\") added the ability to cache an open fd over a\ncompound. There are a couple of problems with the way this currently\nworks:\n\nIt's racy, as a newly-created nfsd_file can end up with its PENDING bit\ncleared while the nf is hashed, and the nf_file pointer is still zeroed\nout. Other tasks can find it in this state and they expect to see a\nvalid nf_file, and can oops if nf_file is NULL.\n\nAlso, there is no guarantee that we'll end up creating a new nfsd_file\nif one is already in the hash. If an extant entry is in the hash with a\nvalid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer with\nthe value of op_file and the old nf_file will leak.\n\nFix both issues by making a new nfsd_file_acquirei_opened variant that\ntakes an optional file pointer. If one is present when this is called,\nwe'll take a new reference to it instead of trying to open the file. If\nthe nfsd_file already has a valid nf_file, we'll just ignore the\noptional file and pass the nfsd_file back as-is.\n\nAlso rework the tracepoints a bit to allow for an \"opened\" variant and\ndon't try to avoid counting acquisitions in the case where we already\nhave a cached open file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52909"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21.json b/objects/vulnerability/vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21.json
new file mode 100644
index 00000000000..e870ef328ad
--- /dev/null
+++ b/objects/vulnerability/vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2f42d39c-1617-4b54-b75c-4644635a33b6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--90de7d8d-9983-486f-9d26-d90e28a66b21",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.898549Z",
+ "modified": "2024-08-22T00:18:36.898549Z",
+ "name": "CVE-2024-40453",
+ "description": "squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-40453"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa.json b/objects/vulnerability/vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa.json
new file mode 100644
index 00000000000..da754c63b91
--- /dev/null
+++ b/objects/vulnerability/vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9ea7be0d-af24-4c1c-8b14-d7e97bc405ec",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--930ea3dd-5ebb-4575-9f0d-d8d376ef36fa",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.030895Z",
+ "modified": "2024-08-22T00:18:40.030895Z",
+ "name": "CVE-2023-52896",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between quota rescan and disable leading to NULL pointer deref\n\nIf we have one task trying to start the quota rescan worker while another\none is trying to disable quotas, we can end up hitting a race that results\nin the quota rescan worker doing a NULL pointer dereference. The steps for\nthis are the following:\n\n1) Quotas are enabled;\n\n2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().\n It calls qgroup_rescan_init() which returns 0 (success) and then joins a\n transaction and commits it;\n\n3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().\n It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info->flags and calls\n btrfs_qgroup_wait_for_completion(), which returns immediately since the\n rescan worker is not yet running.\n Then it starts a transaction and locks fs_info->qgroup_ioctl_lock;\n\n4) Task A queues the rescan worker, by calling btrfs_queue_work();\n\n5) The rescan worker starts, and calls rescan_should_stop() at the start\n of its while loop, which results in 0 iterations of the loop, since\n the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info->flags by\n task B at step 3);\n\n6) Task B sets fs_info->quota_root to NULL;\n\n7) The rescan worker tries to start a transaction and uses\n fs_info->quota_root as the root argument for btrfs_start_transaction().\n This results in a NULL pointer dereference down the call chain of\n btrfs_start_transaction(). The stack trace is something like the one\n reported in Link tag below:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]\n CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: btrfs-qgroup-rescan btrfs_work_helper\n RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564\n Code: 48 89 fb 48 (...)\n RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206\n RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\n RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d\n R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402\n btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \n Modules linked in:\n\nSo fix this by having the rescan worker function not attempt to start a\ntransaction if it didn't do any rescan work.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52896"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7.json b/objects/vulnerability/vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7.json
new file mode 100644
index 00000000000..7fd49ca5dd5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--433fc8a9-88d7-4881-b422-6ad3f962d137",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--942b5342-15bd-4eb6-9563-476ee1e16fb7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.041635Z",
+ "modified": "2024-08-22T00:18:40.041635Z",
+ "name": "CVE-2023-52897",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: do not warn on record without old_roots populated\n\n[BUG]\nThere are some reports from the mailing list that since v6.1 kernel, the\nWARN_ON() inside btrfs_qgroup_account_extent() gets triggered during\nrescan:\n\n WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs]\n CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7\n RIP: 0010:btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs]\n Call Trace:\n \n btrfs_commit_transaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n ? start_transaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n btrfs_qgroup_rescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n btrfs_ioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n ? __rseq_handle_notify_resume+0xa9/0x4a0\n ? mntput_no_expire+0x4a/0x240\n ? __seccomp_filter+0x319/0x4d0\n __x64_sys_ioctl+0x90/0xd0\n do_syscall_64+0x5b/0x80\n ? syscall_exit_to_user_mode+0x17/0x40\n ? do_syscall_64+0x67/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fd9b790d9bf\n \n\n[CAUSE]\nSince commit e15e9f43c7ca (\"btrfs: introduce\nBTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting\"), if\nour qgroup is already in inconsistent state, we will no longer do the\ntime-consuming backref walk.\n\nThis can leave some qgroup records without a valid old_roots ulist.\nNormally this is fine, as btrfs_qgroup_account_extents() would also skip\nthose records if we have NO_ACCOUNTING flag set.\n\nBut there is a small window, if we have NO_ACCOUNTING flag set, and\ninserted some qgroup_record without a old_roots ulist, but then the user\ntriggered a qgroup rescan.\n\nDuring btrfs_qgroup_rescan(), we firstly clear NO_ACCOUNTING flag, then\ncommit current transaction.\n\nAnd since we have a qgroup_record with old_roots = NULL, we trigger the\nWARN_ON() during btrfs_qgroup_account_extents().\n\n[FIX]\nUnfortunately due to the introduction of NO_ACCOUNTING flag, the\nassumption that every qgroup_record would have its old_roots populated\nis no longer correct.\n\nFix the false alerts and drop the WARN_ON().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52897"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e.json b/objects/vulnerability/vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e.json
new file mode 100644
index 00000000000..50c6c7965f2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--50f4ea6f-ac83-474d-a888-b68175d1de2c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--964a276f-ab34-4362-b6b4-ee4899e1317e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:39.998604Z",
+ "modified": "2024-08-22T00:18:39.998604Z",
+ "name": "CVE-2023-52912",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1\n[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 377.706361] Call Trace:\n[ 377.706365] \n[ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[ 377.706975] drm_dev_release+0x20/0x40 [drm]\n[ 377.707006] release_nodes+0x35/0xb0\n[ 377.707014] devres_release_all+0x8b/0xc0\n[ 377.707020] device_unbind_cleanup+0xe/0x70\n[ 377.707027] device_release_driver_internal+0xee/0x160\n[ 377.707033] driver_detach+0x44/0x90\n[ 377.707039] bus_remove_driver+0x55/0xe0\n[ 377.707045] pci_unregister_driver+0x3b/0x90\n[ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu]\n[ 377.707194] __x64_sys_delete_module+0x142/0x2b0\n[ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50\n[ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190\n[ 377.707215] do_syscall_64+0x38/0x90\n[ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52912"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392.json b/objects/vulnerability/vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392.json
new file mode 100644
index 00000000000..253de633bda
--- /dev/null
+++ b/objects/vulnerability/vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0d599658-1209-4c5a-8c8b-e36e4c00f0e8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--964b1b75-c7e0-4e6d-9696-0e09ba0d4392",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:30.450341Z",
+ "modified": "2024-08-22T00:18:30.450341Z",
+ "name": "CVE-2020-11846",
+ "description": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2020-11846"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d.json b/objects/vulnerability/vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d.json
new file mode 100644
index 00000000000..781d917b83b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bbda06c6-f03d-4989-a6f6-ba40bd959c9b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--989e57bf-1af5-4e38-a4f6-95fb0f1d9a3d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.378701Z",
+ "modified": "2024-08-22T00:18:37.378701Z",
+ "name": "CVE-2024-7134",
+ "description": "The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7134"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51.json b/objects/vulnerability/vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51.json
new file mode 100644
index 00000000000..c961cd907a2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4939b83f-a41e-4773-b857-3caa3a3a5266",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9914c9c2-698e-43eb-8459-ed08c330cd51",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.720057Z",
+ "modified": "2024-08-22T00:18:24.720057Z",
+ "name": "CVE-2022-26328",
+ "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-26328"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055.json b/objects/vulnerability/vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055.json
new file mode 100644
index 00000000000..833a229490f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e30b7c4e-138a-441b-b650-78a13fdf44b4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9acb48dd-c6b4-47e0-b3ce-f4b11bf6c055",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.674246Z",
+ "modified": "2024-08-22T00:18:37.674246Z",
+ "name": "CVE-2024-43880",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter's mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43880"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203.json b/objects/vulnerability/vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203.json
new file mode 100644
index 00000000000..e08ffdfef98
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a01203b2-7472-4730-8c5d-dcefc1484d74",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9b958137-bd69-4a65-ad43-8baa3f2a0203",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.390954Z",
+ "modified": "2024-08-22T00:18:37.390954Z",
+ "name": "CVE-2024-7981",
+ "description": "Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7981"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3.json b/objects/vulnerability/vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3.json
new file mode 100644
index 00000000000..edcee3010b7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--070a81ea-f0ef-4d12-ae31-7173413fc960",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9c83a34b-b385-4de2-9601-8118f7f741e3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.707235Z",
+ "modified": "2024-08-22T00:18:37.707235Z",
+ "name": "CVE-2024-43881",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43881"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe.json b/objects/vulnerability/vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe.json
new file mode 100644
index 00000000000..39b82ca1123
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4ca93db5-7b1d-4b4a-8ead-0c5000aa6b30",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9d337fc0-8e63-4f0d-b461-8a8c73e71ffe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.392955Z",
+ "modified": "2024-08-22T00:18:37.392955Z",
+ "name": "CVE-2024-7965",
+ "description": "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7965"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede.json b/objects/vulnerability/vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede.json
new file mode 100644
index 00000000000..0690bce2a98
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--aaa6cf81-ebb4-4d34-8c1f-a9a7e6106657",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9e14385a-a44b-432d-940a-a1da396d5ede",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.617934Z",
+ "modified": "2024-08-22T00:18:37.617934Z",
+ "name": "CVE-2024-20488",
+ "description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20488"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8.json b/objects/vulnerability/vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8.json
new file mode 100644
index 00000000000..fbb43ce52f3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b4b29684-df6f-4de0-a067-4265d246c79b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9e5edc45-0233-4685-b612-31c49d2a9ca8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.437034Z",
+ "modified": "2024-08-22T00:18:24.437034Z",
+ "name": "CVE-2022-48882",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48882"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc.json b/objects/vulnerability/vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc.json
new file mode 100644
index 00000000000..73c16872264
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--07b34fcf-d9a7-4b81-a43e-14dfb71c35cd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f2d0c6e-7e12-4065-a905-3bc79545bafc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.300818Z",
+ "modified": "2024-08-22T00:18:36.300818Z",
+ "name": "CVE-2024-41572",
+ "description": "Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41572"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e.json b/objects/vulnerability/vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e.json
new file mode 100644
index 00000000000..633bd4dbcb1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cd9651d1-3f5b-447f-afee-4604d102fc63",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a01982e2-6413-4db7-bd83-98a876f4538e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.232681Z",
+ "modified": "2024-08-22T00:18:38.232681Z",
+ "name": "CVE-2024-6813",
+ "description": "NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23207.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6813"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40.json b/objects/vulnerability/vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40.json
new file mode 100644
index 00000000000..1451c4f3b70
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9abbca35-169a-4c83-831f-03a554b0ce57",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a5f4b7b7-87d5-48b2-aeb9-a3f08af32b40",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.125988Z",
+ "modified": "2024-08-22T00:18:38.125988Z",
+ "name": "CVE-2024-8033",
+ "description": "Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8033"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de.json b/objects/vulnerability/vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de.json
new file mode 100644
index 00000000000..26153081b3f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8ef41f5a-9f78-45fc-97fa-649d3952af26",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a68cfa6d-acaf-40f6-a23e-80e1b9bd92de",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.368827Z",
+ "modified": "2024-08-22T00:18:37.368827Z",
+ "name": "CVE-2024-7647",
+ "description": "The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasync_widget_settings_fnc() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7647"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4.json b/objects/vulnerability/vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4.json
new file mode 100644
index 00000000000..d66d729f09d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--eb1d07de-39d9-406f-819b-9b5eedbc8687",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a78142e8-9ce6-4552-9c80-015ac3a8bbd4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.04827Z",
+ "modified": "2024-08-22T00:18:40.04827Z",
+ "name": "CVE-2023-52904",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52904"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d.json b/objects/vulnerability/vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d.json
new file mode 100644
index 00000000000..46f62986929
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6371bdb0-e076-4645-920d-3e921ed94a9e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a8938ec6-df50-4d06-92f6-05900869f83d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.360231Z",
+ "modified": "2024-08-22T00:18:37.360231Z",
+ "name": "CVE-2024-7964",
+ "description": "Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7964"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b.json b/objects/vulnerability/vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b.json
new file mode 100644
index 00000000000..3978f977808
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2b621feb-fe0f-4ebd-a49a-1d82364c2698",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ad4432e0-c6ea-4862-8826-b049d43fa03b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.349659Z",
+ "modified": "2024-08-22T00:18:37.349659Z",
+ "name": "CVE-2024-7030",
+ "description": "The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7030"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807.json b/objects/vulnerability/vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807.json
new file mode 100644
index 00000000000..1a1fbf11d88
--- /dev/null
+++ b/objects/vulnerability/vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--548b8b9e-5365-4a71-be76-72dbe68a6b20",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--add28160-4645-4cf5-81b8-417ae5fe7807",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.443567Z",
+ "modified": "2024-08-22T00:18:24.443567Z",
+ "name": "CVE-2022-48876",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix initialization of rx->link and rx->link_sta\n\nThere are some codepaths that do not initialize rx->link_sta properly. This\ncauses a crash in places which assume that rx->link_sta is valid if rx->sta\nis valid.\nOne known instance is triggered by __ieee80211_rx_h_amsdu being called from\nfast-rx. It results in a crash like this one:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a8\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 506 Comm: mt76-usb-rx phy Tainted: G E 6.1.0-debian64x+1.7 #3\n Hardware name: ZOTAC ZBOX-ID92/ZBOX-IQ01/ZBOX-ID92/ZBOX-IQ01, BIOS B220P007 05/21/2014\n RIP: 0010:ieee80211_deliver_skb+0x62/0x1f0 [mac80211]\n Code: 00 48 89 04 24 e8 9e a7 c3 df 89 c0 48 03 1c c5 a0 ea 39 a1 4c 01 6b 08 48 ff 03 48\n 83 7d 28 00 74 11 48 8b 45 30 48 63 55 44 <48> 83 84 d0 a8 00 00 00 01 41 8b 86 c0\n 11 00 00 8d 50 fd 83 fa 01\n RSP: 0018:ffff999040803b10 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffffb9903f496480 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff999040803ce0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d21828ac900\n R13: 000000000000004a R14: ffff8d2198ed89c0 R15: ffff8d2198ed8000\n FS: 0000000000000000(0000) GS:ffff8d24afe80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000a8 CR3: 0000000429810002 CR4: 00000000001706e0\n Call Trace:\n \n __ieee80211_rx_h_amsdu+0x1b5/0x240 [mac80211]\n ? ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]\n ? __local_bh_enable_ip+0x3b/0xa0\n ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]\n ? prepare_transfer+0x109/0x1a0 [xhci_hcd]\n ieee80211_rx_list+0xa80/0xda0 [mac80211]\n mt76_rx_complete+0x207/0x2e0 [mt76]\n mt76_rx_poll_complete+0x357/0x5a0 [mt76]\n mt76u_rx_worker+0x4f5/0x600 [mt76_usb]\n ? mt76_get_min_avg_rssi+0x140/0x140 [mt76]\n __mt76_worker_fn+0x50/0x80 [mt76]\n kthread+0xed/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n\nSince the initialization of rx->link and rx->link_sta is rather convoluted\nand duplicated in many places, clean it up by using a helper function to\nset it.\n\n[remove unnecessary rx->sta->sta.mlo check]",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48876"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ae488561-b80c-453a-ae36-fdb823b65268.json b/objects/vulnerability/vulnerability--ae488561-b80c-453a-ae36-fdb823b65268.json
new file mode 100644
index 00000000000..9c6d89cde8c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ae488561-b80c-453a-ae36-fdb823b65268.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--84155281-c82b-4581-805f-0f4fb3696e84",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ae488561-b80c-453a-ae36-fdb823b65268",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:39.995754Z",
+ "modified": "2024-08-22T00:18:39.995754Z",
+ "name": "CVE-2023-52908",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL dereference\n\nFix potential NULL dereference, in the case when \"man\", the resource manager\nmight be NULL, when/if we print debug information.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52908"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b.json b/objects/vulnerability/vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b.json
new file mode 100644
index 00000000000..1e3d50cd44b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f2f3607f-b34b-4f25-9664-8a2c03db11ef",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aef46275-fe78-40d7-a76d-4d1ddc9aca6b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.348067Z",
+ "modified": "2024-08-22T00:18:37.348067Z",
+ "name": "CVE-2024-7854",
+ "description": "The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7854"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da.json b/objects/vulnerability/vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da.json
new file mode 100644
index 00000000000..5b5268ca1e5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a9ed03ea-1cfa-4c8f-a6df-8eea30c1e50a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--af9b4412-1d31-4746-8d25-e8fd9f0683da",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.346556Z",
+ "modified": "2024-08-22T00:18:37.346556Z",
+ "name": "CVE-2024-7604",
+ "description": "Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the user's license expiration date. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25029.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7604"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18.json b/objects/vulnerability/vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18.json
new file mode 100644
index 00000000000..18876ab98bd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--48ad4c6a-2b64-4164-91d7-fadf5cf88705",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b396ffba-5752-4cc0-83c1-0432350a9a18",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.404567Z",
+ "modified": "2024-08-22T00:18:24.404567Z",
+ "name": "CVE-2022-48873",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Don't remove map on creater_process and device_release\n\nDo not remove the map from the list on error path in\nfastrpc_init_create_process, instead call fastrpc_map_put, to avoid\nuse-after-free. Do not remove it on fastrpc_device_release either,\ncall fastrpc_map_put instead.\n\nThe fastrpc_free_map is the only proper place to remove the map.\nThis is called only after the reference count is 0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48873"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b398398a-942d-4ca7-8c24-f907270324ce.json b/objects/vulnerability/vulnerability--b398398a-942d-4ca7-8c24-f907270324ce.json
new file mode 100644
index 00000000000..77b45c06a07
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b398398a-942d-4ca7-8c24-f907270324ce.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--09c21dd8-eb0c-4f36-8181-3211e42dd855",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b398398a-942d-4ca7-8c24-f907270324ce",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.842036Z",
+ "modified": "2024-08-22T00:18:37.842036Z",
+ "name": "CVE-2024-5762",
+ "description": "Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5762"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1.json b/objects/vulnerability/vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1.json
new file mode 100644
index 00000000000..6853aabe66f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1b25d4ad-cfa7-45f1-beee-745510de8f6b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b90bfe7b-55ec-4a60-ad7a-bc57399443d1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.973109Z",
+ "modified": "2024-08-22T00:18:36.973109Z",
+ "name": "CVE-2024-42785",
+ "description": "A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"id\" parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42785"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08.json b/objects/vulnerability/vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08.json
new file mode 100644
index 00000000000..9f2be40db59
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e551d3c7-bbfe-45df-892a-1a67d2009b45",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b936386f-0fd9-44ca-b27f-a59b7233bc08",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.977773Z",
+ "modified": "2024-08-22T00:18:36.977773Z",
+ "name": "CVE-2024-42777",
+ "description": "An Unrestricted file upload vulnerability was found in \"/music/ajax.php?action=signup\" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42777"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada.json b/objects/vulnerability/vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada.json
new file mode 100644
index 00000000000..bb8f908026e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--134fa7a9-a813-453b-bf14-69a16fad9f61",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ba483b54-9327-4885-8965-e8f6d26ebada",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.397545Z",
+ "modified": "2024-08-22T00:18:24.397545Z",
+ "name": "CVE-2022-48877",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: let's avoid panic if extent_tree is not created\n\nThis patch avoids the below panic.\n\npc : __lookup_extent_tree+0xd8/0x760\nlr : f2fs_do_write_data_page+0x104/0x87c\nsp : ffffffc010cbb3c0\nx29: ffffffc010cbb3e0 x28: 0000000000000000\nx27: ffffff8803e7f020 x26: ffffff8803e7ed40\nx25: ffffff8803e7f020 x24: ffffffc010cbb460\nx23: ffffffc010cbb480 x22: 0000000000000000\nx21: 0000000000000000 x20: ffffffff22e90900\nx19: 0000000000000000 x18: ffffffc010c5d080\nx17: 0000000000000000 x16: 0000000000000020\nx15: ffffffdb1acdbb88 x14: ffffff888759e2b0\nx13: 0000000000000000 x12: ffffff802da49000\nx11: 000000000a001200 x10: ffffff8803e7ed40\nx9 : ffffff8023195800 x8 : ffffff802da49078\nx7 : 0000000000000001 x6 : 0000000000000000\nx5 : 0000000000000006 x4 : ffffffc010cbba28\nx3 : 0000000000000000 x2 : ffffffc010cbb480\nx1 : 0000000000000000 x0 : ffffff8803e7ed40\nCall trace:\n __lookup_extent_tree+0xd8/0x760\n f2fs_do_write_data_page+0x104/0x87c\n f2fs_write_single_data_page+0x420/0xb60\n f2fs_write_cache_pages+0x418/0xb1c\n __f2fs_write_data_pages+0x428/0x58c\n f2fs_write_data_pages+0x30/0x40\n do_writepages+0x88/0x190\n __writeback_single_inode+0x48/0x448\n writeback_sb_inodes+0x468/0x9e8\n __writeback_inodes_wb+0xb8/0x2a4\n wb_writeback+0x33c/0x740\n wb_do_writeback+0x2b4/0x400\n wb_workfn+0xe4/0x34c\n process_one_work+0x24c/0x5bc\n worker_thread+0x3e8/0xa50\n kthread+0x150/0x1b4",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48877"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f.json b/objects/vulnerability/vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f.json
new file mode 100644
index 00000000000..4e58ae4f9cd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8d843117-483f-4c26-ac55-4743eedd36fe",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bcc830d8-ed3c-4000-acd9-c308b6d1cb2f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.340751Z",
+ "modified": "2024-08-22T00:18:37.340751Z",
+ "name": "CVE-2024-7975",
+ "description": "Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7975"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8.json b/objects/vulnerability/vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8.json
new file mode 100644
index 00000000000..cb5aa729c6c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b5935957-928b-4080-a8cf-6001197f97b9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bd88b499-18c7-4465-8c4c-94cf196cb6f8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.367513Z",
+ "modified": "2024-08-22T00:18:37.367513Z",
+ "name": "CVE-2024-7390",
+ "description": "The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7390"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2.json b/objects/vulnerability/vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2.json
new file mode 100644
index 00000000000..f8d3f146e98
--- /dev/null
+++ b/objects/vulnerability/vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63ef7d60-96c2-462a-a292-b9e74a46cae5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--be321c21-1dc3-4092-a69b-039fb8d750b2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.40705Z",
+ "modified": "2024-08-22T00:18:37.40705Z",
+ "name": "CVE-2024-7629",
+ "description": "The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7629"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319.json b/objects/vulnerability/vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319.json
new file mode 100644
index 00000000000..6641846beb9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9cebd09f-2cf4-40a4-a6d8-a2149f5c6105",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c3f000fe-b0ca-4012-b8cc-c608e131f319",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.365102Z",
+ "modified": "2024-08-22T00:18:37.365102Z",
+ "name": "CVE-2024-7969",
+ "description": "Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7969"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb.json b/objects/vulnerability/vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb.json
new file mode 100644
index 00000000000..2305a22ff05
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3181d1a4-31cb-492e-b71d-64138b1c266d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c5f1c390-2836-4980-badd-ed1ed2f775cb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.982981Z",
+ "modified": "2024-08-22T00:18:36.982981Z",
+ "name": "CVE-2024-42778",
+ "description": "An Unrestricted file upload vulnerability was found in \"/music/ajax.php?action=save_playlist\" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42778"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c897a99c-5356-49fa-b884-efed867b3644.json b/objects/vulnerability/vulnerability--c897a99c-5356-49fa-b884-efed867b3644.json
new file mode 100644
index 00000000000..9587412af9a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c897a99c-5356-49fa-b884-efed867b3644.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b278455f-a3e8-4d52-9b30-b984ab7c2bc5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c897a99c-5356-49fa-b884-efed867b3644",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.92208Z",
+ "modified": "2024-08-22T00:18:36.92208Z",
+ "name": "CVE-2024-42939",
+ "description": "A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42939"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2.json b/objects/vulnerability/vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2.json
new file mode 100644
index 00000000000..18c26f9cd63
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b345b84b-0eaf-4792-bb8f-7810da021f82",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c8bb8832-0f66-45cc-845f-6474938123e2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.691729Z",
+ "modified": "2024-08-22T00:18:37.691729Z",
+ "name": "CVE-2024-43869",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n prepare_task_switch()\n=======> \n perf_event_overflow()\n event->pending_sigtrap = ...\n irq_work_queue(&event->pending_irq)\n<======= \n perf_event_task_sched_out()\n event_sched_out()\n event->pending_sigtrap = 0;\n atomic_long_inc_not_zero(&event->refcount)\n task_work_add(&event->pending_task)\n finish_lock_switch()\n=======> \n perf_pending_irq()\n //do nothing, rely on pending task work\n<======= \n\nbegin_new_exec()\n perf_event_exit_task()\n perf_event_exit_event()\n // If is child event\n free_event()\n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43869"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809.json b/objects/vulnerability/vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809.json
new file mode 100644
index 00000000000..fd4fd3b3bde
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--74c14277-92cd-4d69-9cc6-3ad23258446c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ca198aa7-6c2f-425b-9df5-0d773e46b809",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:30.422537Z",
+ "modified": "2024-08-22T00:18:30.422537Z",
+ "name": "CVE-2020-11847",
+ "description": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2020-11847"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91.json b/objects/vulnerability/vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91.json
new file mode 100644
index 00000000000..e32a7dd5c6f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--599f1681-75e3-4240-aced-81da106bf1cd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cb82c7c5-a230-478d-9709-fd87b5304f91",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.405823Z",
+ "modified": "2024-08-22T00:18:37.405823Z",
+ "name": "CVE-2024-7602",
+ "description": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25027.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7602"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67.json b/objects/vulnerability/vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67.json
new file mode 100644
index 00000000000..f6b6463bb38
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0f0ac546-3919-41ff-bc01-2546e062b7d0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d2c3dcb8-c53a-4f8f-97e6-ad0f05d0aa67",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.00137Z",
+ "modified": "2024-08-22T00:18:40.00137Z",
+ "name": "CVE-2023-52911",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [] lr : [] psr: 600e0013\nsp : e0851d30 ip : ee4eb7eb fp : 00090acc\nr10: 00000058 r9 : c2193014 r8 : c4310000\nr7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000\nr3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000\nFlags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 10c5387d Table: 74910019 DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20: c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52911"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a.json b/objects/vulnerability/vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a.json
new file mode 100644
index 00000000000..f89bfbd6bc7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1bede43f-288a-4ecc-a0df-1ebadc25f329",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d41010e5-6d7c-468d-8960-0235319f2d9a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.875162Z",
+ "modified": "2024-08-22T00:18:37.875162Z",
+ "name": "CVE-2024-5723",
+ "description": "Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateServiceHost function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-23294.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5723"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265.json b/objects/vulnerability/vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265.json
new file mode 100644
index 00000000000..cc72c45773b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--377e4abe-c41b-49c0-8fc1-2ff15e162b76",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d4a3453c-ea2a-4207-b9d7-a9af27f61265",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.043299Z",
+ "modified": "2024-08-22T00:18:40.043299Z",
+ "name": "CVE-2023-52901",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check endpoint is valid before dereferencing it\n\nWhen the host controller is not responding, all URBs queued to all\nendpoints need to be killed. This can cause a kernel panic if we\ndereference an invalid endpoint.\n\nFix this by using xhci_get_virt_ep() helper to find the endpoint and\nchecking if the endpoint is valid before dereferencing it.\n\n[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead\n[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8\n\n[233311.853964] pc : xhci_hc_died+0x10c/0x270\n[233311.853971] lr : xhci_hc_died+0x1ac/0x270\n\n[233311.854077] Call trace:\n[233311.854085] xhci_hc_died+0x10c/0x270\n[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4\n[233311.854105] call_timer_fn+0x50/0x2d4\n[233311.854112] expire_timers+0xac/0x2e4\n[233311.854118] run_timer_softirq+0x300/0xabc\n[233311.854127] __do_softirq+0x148/0x528\n[233311.854135] irq_exit+0x194/0x1a8\n[233311.854143] __handle_domain_irq+0x164/0x1d0\n[233311.854149] gic_handle_irq.22273+0x10c/0x188\n[233311.854156] el1_irq+0xfc/0x1a8\n[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]\n[233311.854185] cpuidle_enter_state+0x1f0/0x764\n[233311.854194] do_idle+0x594/0x6ac\n[233311.854201] cpu_startup_entry+0x7c/0x80\n[233311.854209] secondary_start_kernel+0x170/0x198",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52901"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5.json b/objects/vulnerability/vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5.json
new file mode 100644
index 00000000000..d8b16984a50
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fbe07093-c14a-4246-b320-445d64b14cc4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d624ecd4-57df-4dfc-b173-8a1df27bb1f5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.513537Z",
+ "modified": "2024-08-22T00:18:37.513537Z",
+ "name": "CVE-2024-39344",
+ "description": "An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-39344"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871.json b/objects/vulnerability/vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871.json
new file mode 100644
index 00000000000..7acbccedd8f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--41e1cbac-fd03-4974-a6a7-2844fb7d9d18",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d6f063d1-5481-4c0e-951d-396c6c032871",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.688088Z",
+ "modified": "2024-08-22T00:18:37.688088Z",
+ "name": "CVE-2024-43876",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43876"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d.json b/objects/vulnerability/vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d.json
new file mode 100644
index 00000000000..5996f7b1904
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a75772a4-6ce7-4d7f-859f-179550814585",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d89eca83-1ad4-4926-af93-d8c5a0b3178d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.391519Z",
+ "modified": "2024-08-22T00:18:24.391519Z",
+ "name": "CVE-2022-48867",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Prevent use after free on completion memory\n\nOn driver unload any pending descriptors are flushed at the\ntime the interrupt is freed:\nidxd_dmaengine_drv_remove() ->\n\tdrv_disable_wq() ->\n\t\tidxd_wq_free_irq() ->\n\t\t\tidxd_flush_pending_descs().\n\nIf there are any descriptors present that need to be flushed this\nflow triggers a \"not present\" page fault as below:\n\n BUG: unable to handle page fault for address: ff391c97c70c9040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\nThe address that triggers the fault is the address of the\ndescriptor that was freed moments earlier via:\ndrv_disable_wq()->idxd_wq_free_resources()\n\nFix the use after free by freeing the descriptors after any possible\nusage. This is done after idxd_wq_reset() to ensure that the memory\nremains accessible during possible completion writes by the device.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48867"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff.json b/objects/vulnerability/vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff.json
new file mode 100644
index 00000000000..2997a40c1a6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5ce23ec1-66d3-423c-bc3e-265c8302a475",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d99afffd-0274-4812-8d62-cdfbb047ccff",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.335793Z",
+ "modified": "2024-08-22T00:18:37.335793Z",
+ "name": "CVE-2024-7600",
+ "description": "Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7600"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e.json b/objects/vulnerability/vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e.json
new file mode 100644
index 00000000000..10258ba33c9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9c33ea3a-2d30-4e34-82fe-c30932648195",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--da0239e0-c382-4f5d-93d1-a089729fd38e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.324812Z",
+ "modified": "2024-08-22T00:18:37.324812Z",
+ "name": "CVE-2024-7448",
+ "description": "Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device.\n\nThe specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23964.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7448"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95.json b/objects/vulnerability/vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95.json
new file mode 100644
index 00000000000..0fb821bb2de
--- /dev/null
+++ b/objects/vulnerability/vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8a3a0bb8-3724-4408-8cd0-0526843bafc2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--db778ee7-84a1-4f2f-a989-0a5ee2dc1b95",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.337663Z",
+ "modified": "2024-08-22T00:18:37.337663Z",
+ "name": "CVE-2024-7601",
+ "description": "Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25026.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7601"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dfe44b48-a280-4532-a50f-95861260b181.json b/objects/vulnerability/vulnerability--dfe44b48-a280-4532-a50f-95861260b181.json
new file mode 100644
index 00000000000..226df51752d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dfe44b48-a280-4532-a50f-95861260b181.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--aeacb29c-abc8-4421-bb9f-7e4788a4a3ca",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dfe44b48-a280-4532-a50f-95861260b181",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.434204Z",
+ "modified": "2024-08-22T00:18:24.434204Z",
+ "name": "CVE-2022-48883",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\n\nA user is able to configure an arbitrary number of rx queues when\ncreating an interface via netlink. This doesn't work for child PKEY\ninterfaces because the child interface uses the parent receive channels.\n\nAlthough the child shares the parent's receive channels, the number of\nrx queues is important for the channel_stats array: the parent's rx\nchannel index is used to access the child's channel_stats. So the array\nhas to be at least as large as the parent's rx queue size for the\ncounting to work correctly and to prevent out of bound accesses.\n\nThis patch checks for the mentioned scenario and returns an error when\ntrying to create the interface. The error is propagated to the user.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48883"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d.json b/objects/vulnerability/vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d.json
new file mode 100644
index 00000000000..44658739a8e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0c79e02b-4b30-453b-b10a-12b60d4204f3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e18aaa2c-204c-461f-86e4-ed1bdcbbcd1d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:40.037758Z",
+ "modified": "2024-08-22T00:18:40.037758Z",
+ "name": "CVE-2023-52893",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52893"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd.json b/objects/vulnerability/vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd.json
new file mode 100644
index 00000000000..a696d620153
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dc676c84-1af4-45b2-995f-01455847968a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e2011cf2-6a71-4665-af7a-caae843248fd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.21579Z",
+ "modified": "2024-08-22T00:18:37.21579Z",
+ "name": "CVE-2024-28987",
+ "description": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-28987"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f.json b/objects/vulnerability/vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f.json
new file mode 100644
index 00000000000..d7a7bc40dfa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5ce05105-c914-49ee-be8b-fbc08672873a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e487a274-4353-44c9-95f3-f7fd4aaef12f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.698303Z",
+ "modified": "2024-08-22T00:18:37.698303Z",
+ "name": "CVE-2024-43870",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n TASK A\n -----\n\n do_exit()\n exit_task_work(tsk);\n\n \n perf_event_overflow()\n event->pending_sigtrap = pending_id;\n irq_work_queue(&event->pending_irq);\n \n =========> PREEMPTION: TASK A -> TASK B\n event_sched_out()\n event->pending_sigtrap = 0;\n atomic_long_inc_not_zero(&event->refcount)\n // FAILS: task work has exited\n task_work_add(&event->pending_task)\n [...]\n \n perf_pending_irq()\n // early return: event->oncpu = -1\n \n [...]\n =========> TASK B -> TASK A\n perf_event_exit_task(tsk)\n perf_event_exit_event()\n free_event()\n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43870"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0.json b/objects/vulnerability/vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0.json
new file mode 100644
index 00000000000..b751a2f0c0f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--95f14f14-2b61-445e-a09e-dfa2f9eee9c0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e48cdfaa-a58f-450d-94d1-5bca07fbbac0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.90883Z",
+ "modified": "2024-08-22T00:18:36.90883Z",
+ "name": "CVE-2024-42782",
+ "description": "A SQL injection vulnerability in \"/music/ajax.php?action=find_music\" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"search\" parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42782"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f.json b/objects/vulnerability/vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f.json
new file mode 100644
index 00000000000..df2a389edf8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7505b9e4-655d-40e3-a7a9-30df9f0489df",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e65f9909-5eb2-4f17-a41b-c40b0914d72f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.721173Z",
+ "modified": "2024-08-22T00:18:37.721173Z",
+ "name": "CVE-2024-43875",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43875"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0.json b/objects/vulnerability/vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0.json
new file mode 100644
index 00000000000..f2aa75cc68a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a2dccd7a-f522-4665-b99a-58d96c029858",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e6801d6e-4731-4453-a70d-1a65655510c0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.635572Z",
+ "modified": "2024-08-22T00:18:37.635572Z",
+ "name": "CVE-2024-20417",
+ "description": "Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks.\r\n\r\nThese vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-20417"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7.json b/objects/vulnerability/vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7.json
new file mode 100644
index 00000000000..e75e442335a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0c370a29-5cc3-4e55-b8bf-70d74f0738bf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e955271c-00aa-4870-a7bc-26d3971bb8f7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.409902Z",
+ "modified": "2024-08-22T00:18:24.409902Z",
+ "name": "CVE-2022-48875",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: sdata can be NULL during AMPDU start\n\nieee80211_tx_ba_session_handle_start() may get NULL for sdata when a\ndeauthentication is ongoing.\n\nHere a trace triggering the race with the hostapd test\nmulti_ap_fronthaul_on_ap:\n\n(gdb) list *drv_ampdu_action+0x46\n0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396).\n391 int ret = -EOPNOTSUPP;\n392\n393 might_sleep();\n394\n395 sdata = get_bss_sdata(sdata);\n396 if (!check_sdata_in_driver(sdata))\n397 return -EIO;\n398\n399 trace_drv_ampdu_action(local, sdata, params);\n400\n\nwlan0: moving STA 02:00:00:00:03:00 to state 3\nwlan0: associated\nwlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING)\nwlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0\nwlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port)\nwlan0: moving STA 02:00:00:00:03:00 to state 2\nwlan0: moving STA 02:00:00:00:03:00 to state 1\nwlan0: Removed STA 02:00:00:00:03:00\nwlan0: Destroyed STA 02:00:00:00:03:00\nBUG: unable to handle page fault for address: fffffffffffffb48\nPGD 11814067 P4D 11814067 PUD 11816067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\nWorkqueue: phy3 ieee80211_ba_session_work [mac80211]\nRIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211]\nCode: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85\nRSP: 0018:ffffc900025ebd20 EFLAGS: 00010287\nRAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240\nRDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40\nRBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0\nR13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8\nFS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0\nCall Trace:\n \n ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211]\n ieee80211_ba_session_work+0xff/0x2e0 [mac80211]\n process_one_work+0x29f/0x620\n worker_thread+0x4d/0x3d0\n ? process_one_work+0x620/0x620\n kthread+0xfb/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n ",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48875"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85.json b/objects/vulnerability/vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85.json
new file mode 100644
index 00000000000..d314e6a4641
--- /dev/null
+++ b/objects/vulnerability/vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--919de262-77e2-4f82-897b-2045862da882",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--eab0b2c0-e0b2-4295-868a-3ba909d4ff85",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.445632Z",
+ "modified": "2024-08-22T00:18:24.445632Z",
+ "name": "CVE-2022-48885",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix potential memory leak in ice_gnss_tty_write()\n\nThe ice_gnss_tty_write() return directly if the write_buf alloc failed,\nleaking the cmd_buf.\n\nFix by free cmd_buf if write_buf alloc failed.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-48885"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca.json b/objects/vulnerability/vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca.json
new file mode 100644
index 00000000000..170051ae79f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--80e6f0de-1964-45fe-a383-73ed4ca88699",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ec46072c-eb8e-4758-82ae-ce202af68aca",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.309019Z",
+ "modified": "2024-08-22T00:18:36.309019Z",
+ "name": "CVE-2024-41675",
+ "description": "CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41675"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06.json b/objects/vulnerability/vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06.json
new file mode 100644
index 00000000000..47afb5e0560
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4b4c8fa0-a721-470d-9676-136a77f37377",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f0f1b348-9bcb-4337-96bd-c2ceea20ab06",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.722948Z",
+ "modified": "2024-08-22T00:18:37.722948Z",
+ "name": "CVE-2024-43022",
+ "description": "An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43022"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f154b968-0874-4b45-8114-7d04c43f8632.json b/objects/vulnerability/vulnerability--f154b968-0874-4b45-8114-7d04c43f8632.json
new file mode 100644
index 00000000000..145656c358e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f154b968-0874-4b45-8114-7d04c43f8632.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--303dd36c-8374-47ec-990e-b2a1256caae3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f154b968-0874-4b45-8114-7d04c43f8632",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.892831Z",
+ "modified": "2024-08-22T00:18:37.892831Z",
+ "name": "CVE-2024-5928",
+ "description": "VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5928"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018.json b/objects/vulnerability/vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018.json
new file mode 100644
index 00000000000..c8ad7142e6c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a584df70-86c6-461a-81c7-d547a781e6dc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f606a4d0-a7fa-427a-81b1-a45ea1e8a018",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.671773Z",
+ "modified": "2024-08-22T00:18:37.671773Z",
+ "name": "CVE-2024-43411",
+ "description": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-43411"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199.json b/objects/vulnerability/vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199.json
new file mode 100644
index 00000000000..cbef9465cbf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--de28bff9-5594-490a-b112-9b7847d7d8d6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f607625b-d490-4b9e-89d9-fe88f1fb3199",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:38.124297Z",
+ "modified": "2024-08-22T00:18:38.124297Z",
+ "name": "CVE-2024-8034",
+ "description": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8034"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0.json b/objects/vulnerability/vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0.json
new file mode 100644
index 00000000000..3668f18d121
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bf13d3ba-5c65-42d3-9709-0b0402e3998b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f6cbac38-9f76-4d1d-abec-ca79241e46a0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.37965Z",
+ "modified": "2024-08-22T00:18:37.37965Z",
+ "name": "CVE-2024-7725",
+ "description": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7725"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625.json b/objects/vulnerability/vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625.json
new file mode 100644
index 00000000000..1066753464e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bc478e63-5407-4f82-8b07-96573e46147f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f70c8a4b-ca42-49a7-b15c-ec1cac31c625",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:24.760184Z",
+ "modified": "2024-08-22T00:18:24.760184Z",
+ "name": "CVE-2022-26327",
+ "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-26327"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2.json b/objects/vulnerability/vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2.json
new file mode 100644
index 00000000000..8ed944af328
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--76d3f0a7-a536-4ea4-bc0b-f0a8edba3769",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f7b8d25c-66a2-4f21-bfc2-8320585249d2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.400253Z",
+ "modified": "2024-08-22T00:18:37.400253Z",
+ "name": "CVE-2024-7972",
+ "description": "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7972"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fcec04b1-5286-462a-8873-e2090010a85c.json b/objects/vulnerability/vulnerability--fcec04b1-5286-462a-8873-e2090010a85c.json
new file mode 100644
index 00000000000..26970ea761b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fcec04b1-5286-462a-8873-e2090010a85c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dfacb463-ee23-4599-a091-b99a85fa196c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fcec04b1-5286-462a-8873-e2090010a85c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:36.93782Z",
+ "modified": "2024-08-22T00:18:36.93782Z",
+ "name": "CVE-2024-42784",
+ "description": "A SQL injection vulnerability in \"/music/controller.php?page=view_music\" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"id\" parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42784"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2.json b/objects/vulnerability/vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2.json
new file mode 100644
index 00000000000..0205818414c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8518f97a-3024-42cf-9341-9909926780c4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fd4d870b-fa14-4722-8601-b9ffa5c7a8c2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-08-22T00:18:37.134602Z",
+ "modified": "2024-08-22T00:18:37.134602Z",
+ "name": "CVE-2024-33657",
+ "description": "This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-33657"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file