diff --git a/mapping.csv b/mapping.csv index fd67cc4831d..1d14207bed3 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248460,3 +248460,54 @@ vulnerability,CVE-2023-52915,vulnerability--423287fc-7822-4e42-90ec-3c3742a7a461 vulnerability,CVE-2023-52916,vulnerability--5b36fb6c-c21e-48bd-8123-a04134e5cf68 vulnerability,CVE-2023-47563,vulnerability--6471c392-de04-4bb5-ba4b-6beda4f861fd vulnerability,CVE-2023-45038,vulnerability--f3fc4c4c-3c1a-4fea-9c09-8b0ffe4cb7d2 +vulnerability,CVE-2024-37068,vulnerability--4ded5a2f-8220-46d7-86be-6e415d6c4c05 +vulnerability,CVE-2024-1596,vulnerability--c1a32734-7599-4ac0-a15d-91da3d55fa76 +vulnerability,CVE-2024-6849,vulnerability--6ec890a7-3b1e-4052-9ab0-70cfd423c0d2 +vulnerability,CVE-2024-6010,vulnerability--414460c0-83b3-43e3-b339-ac56c9a220ce +vulnerability,CVE-2024-42020,vulnerability--9556423f-8bcd-4f5d-802d-9f7a68d91081 +vulnerability,CVE-2024-42022,vulnerability--34cbc456-7e48-46f4-8a8e-86983454b8b3 +vulnerability,CVE-2024-42024,vulnerability--2a1dc117-a144-4c9d-b9d2-7d8156b3420e +vulnerability,CVE-2024-42019,vulnerability--c2dd9bce-9b4d-492f-9e58-1ff1f42aff85 +vulnerability,CVE-2024-42021,vulnerability--60887b67-27ec-43a6-b857-bffa87c6b191 +vulnerability,CVE-2024-42023,vulnerability--404ba775-9dac-402c-95af-0d450079ead8 +vulnerability,CVE-2024-38651,vulnerability--57936cf9-3e4e-42a4-9395-86bbd9623169 +vulnerability,CVE-2024-38650,vulnerability--a30bd0e3-291b-431e-b445-57d545fac7d8 +vulnerability,CVE-2024-8523,vulnerability--d470d2cb-316d-48ee-a19c-16e9a9244474 +vulnerability,CVE-2024-8560,vulnerability--6a839d9b-f68e-4939-9b68-37df20e16432 +vulnerability,CVE-2024-8559,vulnerability--71c2dca9-8d87-49a2-a3e1-bba26da4892d +vulnerability,CVE-2024-8562,vulnerability--f4f26840-68aa-402a-8cd0-2f6a43a2940a +vulnerability,CVE-2024-8564,vulnerability--a1b25b65-dade-46b4-a34e-40592524efcf +vulnerability,CVE-2024-8563,vulnerability--d3b28c68-6227-4b84-a2a3-d5f81d7d9ee3 +vulnerability,CVE-2024-8561,vulnerability--5149a758-a0d1-4fc8-8a2f-a2e30edcc345 +vulnerability,CVE-2024-8566,vulnerability--77d75baa-76d5-4d93-bdc1-844caca53fca +vulnerability,CVE-2024-8555,vulnerability--73a26379-b63b-446f-8eb0-c2b8edfd9f0d +vulnerability,CVE-2024-8521,vulnerability--d440a831-9922-40da-b204-5d6a1b6969ce +vulnerability,CVE-2024-8538,vulnerability--d69c03f6-b992-489c-a312-881db4172dcd +vulnerability,CVE-2024-8557,vulnerability--a86fddda-71a1-4270-a8f7-01617554ced3 +vulnerability,CVE-2024-8565,vulnerability--00596fbf-c550-4889-82ae-341bbae7ab0c +vulnerability,CVE-2024-8554,vulnerability--c56fbfb3-485a-49d6-a417-24c07b032b9e +vulnerability,CVE-2024-8558,vulnerability--e67ecc54-d708-4c42-82bf-4dffb8eeb133 +vulnerability,CVE-2024-39714,vulnerability--d67b6607-40cb-4547-b36e-3e33495717f8 +vulnerability,CVE-2024-39718,vulnerability--aaed6a32-070e-4844-866b-ae702f9c0d53 +vulnerability,CVE-2024-39715,vulnerability--1e2a6589-fa89-41cb-998a-3424a297da2c +vulnerability,CVE-2024-36138,vulnerability--b9ef53ed-68cd-4172-afd1-8f6bb7143bea +vulnerability,CVE-2024-36137,vulnerability--a99dda4d-7772-433b-ac3d-0886071e729e +vulnerability,CVE-2024-7620,vulnerability--5102e53c-e690-4d9b-8c9d-896372422dfb +vulnerability,CVE-2024-7112,vulnerability--0777640f-d579-469e-aae8-94c58903896c +vulnerability,CVE-2024-40712,vulnerability--393fa7c3-eb54-43cf-90db-3dbb65f6446d +vulnerability,CVE-2024-40714,vulnerability--fd7dada8-455f-4ecc-ba97-063e194e21d5 +vulnerability,CVE-2024-40710,vulnerability--9eac6112-d6e6-4cdd-be71-702590c52261 +vulnerability,CVE-2024-40709,vulnerability--c97be5de-f67c-42b0-a29b-9d6b22aa24fb +vulnerability,CVE-2024-40711,vulnerability--0f99091b-f288-4a07-917a-465ccfa28da4 +vulnerability,CVE-2024-40713,vulnerability--e84ffa7f-b331-4386-8c3e-01b98f69e036 +vulnerability,CVE-2024-40718,vulnerability--54a5ed7e-3b78-4366-8639-6aeff0db8869 +vulnerability,CVE-2024-40681,vulnerability--39ab9d76-a26e-43a8-8ffd-a864549d9a0a +vulnerability,CVE-2024-40680,vulnerability--6a2f835d-d196-4abd-b327-28dfc5d154e0 +vulnerability,CVE-2024-45034,vulnerability--0efa4da2-bd07-47cc-b46f-f462043967ea +vulnerability,CVE-2024-45498,vulnerability--eea75cd4-df55-463b-9741-af2db9698392 +vulnerability,CVE-2023-46809,vulnerability--af526e27-9fa5-48e2-aaa9-0babc5ab1062 +vulnerability,CVE-2023-30583,vulnerability--6f4a4feb-5841-4b1c-a5b4-332f7598a36d +vulnerability,CVE-2023-30582,vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650 +vulnerability,CVE-2023-30587,vulnerability--6224293e-36ec-4199-a626-932d5acb7e33 +vulnerability,CVE-2023-30584,vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3 +vulnerability,CVE-2023-39333,vulnerability--298907cf-485f-4874-8989-84e1418adcb7 diff --git a/objects/vulnerability/vulnerability--00596fbf-c550-4889-82ae-341bbae7ab0c.json b/objects/vulnerability/vulnerability--00596fbf-c550-4889-82ae-341bbae7ab0c.json new file mode 100644 index 00000000000..546818fbb06 --- /dev/null +++ b/objects/vulnerability/vulnerability--00596fbf-c550-4889-82ae-341bbae7ab0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13101064-eb32-4479-8b1c-09b805407d28", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00596fbf-c550-4889-82ae-341bbae7ab0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.632428Z", + "modified": "2024-09-08T00:21:43.632428Z", + "name": "CVE-2024-8565", + "description": "A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /print_diseases.php. The manipulation of the argument disease/from/to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8565" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0777640f-d579-469e-aae8-94c58903896c.json b/objects/vulnerability/vulnerability--0777640f-d579-469e-aae8-94c58903896c.json new file mode 100644 index 00000000000..93fb256cf2d --- /dev/null +++ b/objects/vulnerability/vulnerability--0777640f-d579-469e-aae8-94c58903896c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7970427-0487-4042-9e22-3014310ee46a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0777640f-d579-469e-aae8-94c58903896c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.116154Z", + "modified": "2024-09-08T00:21:44.116154Z", + "name": "CVE-2024-7112", + "description": "The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0efa4da2-bd07-47cc-b46f-f462043967ea.json b/objects/vulnerability/vulnerability--0efa4da2-bd07-47cc-b46f-f462043967ea.json new file mode 100644 index 00000000000..0deb34b2a85 --- /dev/null +++ b/objects/vulnerability/vulnerability--0efa4da2-bd07-47cc-b46f-f462043967ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58b7df0e-c882-4c83-964e-970c72fa8bbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0efa4da2-bd07-47cc-b46f-f462043967ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.511313Z", + "modified": "2024-09-08T00:21:44.511313Z", + "name": "CVE-2024-45034", + "description": "Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f99091b-f288-4a07-917a-465ccfa28da4.json b/objects/vulnerability/vulnerability--0f99091b-f288-4a07-917a-465ccfa28da4.json new file mode 100644 index 00000000000..23b865f8184 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f99091b-f288-4a07-917a-465ccfa28da4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a6d14e8-e630-48d5-b982-ccab3362032e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f99091b-f288-4a07-917a-465ccfa28da4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.260636Z", + "modified": "2024-09-08T00:21:44.260636Z", + "name": "CVE-2024-40711", + "description": "A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40711" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e2a6589-fa89-41cb-998a-3424a297da2c.json b/objects/vulnerability/vulnerability--1e2a6589-fa89-41cb-998a-3424a297da2c.json new file mode 100644 index 00000000000..6a96102dd6b --- /dev/null +++ b/objects/vulnerability/vulnerability--1e2a6589-fa89-41cb-998a-3424a297da2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--677a4e5d-c3f8-42a9-97f7-0f9f034f209f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e2a6589-fa89-41cb-998a-3424a297da2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.766475Z", + "modified": "2024-09-08T00:21:43.766475Z", + "name": "CVE-2024-39715", + "description": "A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--298907cf-485f-4874-8989-84e1418adcb7.json b/objects/vulnerability/vulnerability--298907cf-485f-4874-8989-84e1418adcb7.json new file mode 100644 index 00000000000..cbea91d8f82 --- /dev/null +++ b/objects/vulnerability/vulnerability--298907cf-485f-4874-8989-84e1418adcb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1fb36973-92a4-4ad3-bdc2-744ab6675696", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--298907cf-485f-4874-8989-84e1418adcb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:50.910639Z", + "modified": "2024-09-08T00:21:50.910639Z", + "name": "CVE-2023-39333", + "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.\n\nThis vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a1dc117-a144-4c9d-b9d2-7d8156b3420e.json b/objects/vulnerability/vulnerability--2a1dc117-a144-4c9d-b9d2-7d8156b3420e.json new file mode 100644 index 00000000000..a46656b9bca --- /dev/null +++ b/objects/vulnerability/vulnerability--2a1dc117-a144-4c9d-b9d2-7d8156b3420e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--881c8890-ce44-4853-acf6-3e33ad038f45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a1dc117-a144-4c9d-b9d2-7d8156b3420e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.054329Z", + "modified": "2024-09-08T00:21:43.054329Z", + "name": "CVE-2024-42024", + "description": "A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34cbc456-7e48-46f4-8a8e-86983454b8b3.json b/objects/vulnerability/vulnerability--34cbc456-7e48-46f4-8a8e-86983454b8b3.json new file mode 100644 index 00000000000..30b481d08cd --- /dev/null +++ b/objects/vulnerability/vulnerability--34cbc456-7e48-46f4-8a8e-86983454b8b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2e4108e-2dc2-449b-9771-f355edbed322", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34cbc456-7e48-46f4-8a8e-86983454b8b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.032435Z", + "modified": "2024-09-08T00:21:43.032435Z", + "name": "CVE-2024-42022", + "description": "An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42022" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--393fa7c3-eb54-43cf-90db-3dbb65f6446d.json b/objects/vulnerability/vulnerability--393fa7c3-eb54-43cf-90db-3dbb65f6446d.json new file mode 100644 index 00000000000..76aa4867450 --- /dev/null +++ b/objects/vulnerability/vulnerability--393fa7c3-eb54-43cf-90db-3dbb65f6446d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--776a09fa-edab-4f1a-bb32-4100c27e42b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--393fa7c3-eb54-43cf-90db-3dbb65f6446d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.225652Z", + "modified": "2024-09-08T00:21:44.225652Z", + "name": "CVE-2024-40712", + "description": "A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40712" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39ab9d76-a26e-43a8-8ffd-a864549d9a0a.json b/objects/vulnerability/vulnerability--39ab9d76-a26e-43a8-8ffd-a864549d9a0a.json new file mode 100644 index 00000000000..617eb80fb03 --- /dev/null +++ b/objects/vulnerability/vulnerability--39ab9d76-a26e-43a8-8ffd-a864549d9a0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b3e9c46-233c-44c2-a882-1a6e68901fa1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39ab9d76-a26e-43a8-8ffd-a864549d9a0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.273903Z", + "modified": "2024-09-08T00:21:44.273903Z", + "name": "CVE-2024-40681", + "description": "IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--404ba775-9dac-402c-95af-0d450079ead8.json b/objects/vulnerability/vulnerability--404ba775-9dac-402c-95af-0d450079ead8.json new file mode 100644 index 00000000000..801db15321b --- /dev/null +++ b/objects/vulnerability/vulnerability--404ba775-9dac-402c-95af-0d450079ead8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33e2cfd9-c5df-408e-9ad8-d2810de10247", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--404ba775-9dac-402c-95af-0d450079ead8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.075282Z", + "modified": "2024-09-08T00:21:43.075282Z", + "name": "CVE-2024-42023", + "description": "An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--414460c0-83b3-43e3-b339-ac56c9a220ce.json b/objects/vulnerability/vulnerability--414460c0-83b3-43e3-b339-ac56c9a220ce.json new file mode 100644 index 00000000000..6c7f4a839d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--414460c0-83b3-43e3-b339-ac56c9a220ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7c84b3a-e515-4e78-92b3-1abdd515bbbb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--414460c0-83b3-43e3-b339-ac56c9a220ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.024068Z", + "modified": "2024-09-08T00:21:43.024068Z", + "name": "CVE-2024-6010", + "description": "The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.1.96. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6010" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ded5a2f-8220-46d7-86be-6e415d6c4c05.json b/objects/vulnerability/vulnerability--4ded5a2f-8220-46d7-86be-6e415d6c4c05.json new file mode 100644 index 00000000000..5e20a3a143f --- /dev/null +++ b/objects/vulnerability/vulnerability--4ded5a2f-8220-46d7-86be-6e415d6c4c05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b078ee25-d2d3-4288-8ebc-b0ec3b77b867", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ded5a2f-8220-46d7-86be-6e415d6c4c05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:42.613676Z", + "modified": "2024-09-08T00:21:42.613676Z", + "name": "CVE-2024-37068", + "description": "IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5102e53c-e690-4d9b-8c9d-896372422dfb.json b/objects/vulnerability/vulnerability--5102e53c-e690-4d9b-8c9d-896372422dfb.json new file mode 100644 index 00000000000..c86b9c003ed --- /dev/null +++ b/objects/vulnerability/vulnerability--5102e53c-e690-4d9b-8c9d-896372422dfb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cbe02a1-910b-47eb-8726-cebebf7aea03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5102e53c-e690-4d9b-8c9d-896372422dfb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.091639Z", + "modified": "2024-09-08T00:21:44.091639Z", + "name": "CVE-2024-7620", + "description": "The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5149a758-a0d1-4fc8-8a2f-a2e30edcc345.json b/objects/vulnerability/vulnerability--5149a758-a0d1-4fc8-8a2f-a2e30edcc345.json new file mode 100644 index 00000000000..34a06609b59 --- /dev/null +++ b/objects/vulnerability/vulnerability--5149a758-a0d1-4fc8-8a2f-a2e30edcc345.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c132f44-40ce-4c6d-923f-7ae7c0f65d8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5149a758-a0d1-4fc8-8a2f-a2e30edcc345", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.607412Z", + "modified": "2024-09-08T00:21:43.607412Z", + "name": "CVE-2024-8561", + "description": "A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack can be launched remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54a5ed7e-3b78-4366-8639-6aeff0db8869.json b/objects/vulnerability/vulnerability--54a5ed7e-3b78-4366-8639-6aeff0db8869.json new file mode 100644 index 00000000000..aeb0a363446 --- /dev/null +++ b/objects/vulnerability/vulnerability--54a5ed7e-3b78-4366-8639-6aeff0db8869.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e11b7c78-3416-49d3-a521-9e03f1732c3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54a5ed7e-3b78-4366-8639-6aeff0db8869", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.269666Z", + "modified": "2024-09-08T00:21:44.269666Z", + "name": "CVE-2024-40718", + "description": "A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40718" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57936cf9-3e4e-42a4-9395-86bbd9623169.json b/objects/vulnerability/vulnerability--57936cf9-3e4e-42a4-9395-86bbd9623169.json new file mode 100644 index 00000000000..8c8b8e972da --- /dev/null +++ b/objects/vulnerability/vulnerability--57936cf9-3e4e-42a4-9395-86bbd9623169.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3dc2980-d2b5-4f1e-81f1-6676856ec6b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57936cf9-3e4e-42a4-9395-86bbd9623169", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.267895Z", + "modified": "2024-09-08T00:21:43.267895Z", + "name": "CVE-2024-38651", + "description": "A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60887b67-27ec-43a6-b857-bffa87c6b191.json b/objects/vulnerability/vulnerability--60887b67-27ec-43a6-b857-bffa87c6b191.json new file mode 100644 index 00000000000..0cfe1ff2f48 --- /dev/null +++ b/objects/vulnerability/vulnerability--60887b67-27ec-43a6-b857-bffa87c6b191.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e625713e-dc1f-4e28-8ed1-1bbb63c3d6ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60887b67-27ec-43a6-b857-bffa87c6b191", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.060539Z", + "modified": "2024-09-08T00:21:43.060539Z", + "name": "CVE-2024-42021", + "description": "An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6224293e-36ec-4199-a626-932d5acb7e33.json b/objects/vulnerability/vulnerability--6224293e-36ec-4199-a626-932d5acb7e33.json new file mode 100644 index 00000000000..ec53ba0d865 --- /dev/null +++ b/objects/vulnerability/vulnerability--6224293e-36ec-4199-a626-932d5acb7e33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8ef3c1f-f20a-4239-a442-262e093df9fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6224293e-36ec-4199-a626-932d5acb7e33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:50.227064Z", + "modified": "2024-09-08T00:21:50.227064Z", + "name": "CVE-2023-30587", + "description": "A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector).\n\nBy exploiting the Worker class's ability to create an \"internal worker\" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a2f835d-d196-4abd-b327-28dfc5d154e0.json b/objects/vulnerability/vulnerability--6a2f835d-d196-4abd-b327-28dfc5d154e0.json new file mode 100644 index 00000000000..4abaeda03da --- /dev/null +++ b/objects/vulnerability/vulnerability--6a2f835d-d196-4abd-b327-28dfc5d154e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe94bed0-f9e3-4195-b169-dd954d6e7547", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a2f835d-d196-4abd-b327-28dfc5d154e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.276448Z", + "modified": "2024-09-08T00:21:44.276448Z", + "name": "CVE-2024-40680", + "description": "IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a839d9b-f68e-4939-9b68-37df20e16432.json b/objects/vulnerability/vulnerability--6a839d9b-f68e-4939-9b68-37df20e16432.json new file mode 100644 index 00000000000..fd66cd49c22 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a839d9b-f68e-4939-9b68-37df20e16432.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bcad7879-0937-4a86-89ff-86b34afce380", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a839d9b-f68e-4939-9b68-37df20e16432", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.594532Z", + "modified": "2024-09-08T00:21:43.594532Z", + "name": "CVE-2024-8560", + "description": "A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ec890a7-3b1e-4052-9ab0-70cfd423c0d2.json b/objects/vulnerability/vulnerability--6ec890a7-3b1e-4052-9ab0-70cfd423c0d2.json new file mode 100644 index 00000000000..ddf749113d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ec890a7-3b1e-4052-9ab0-70cfd423c0d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--faf3298d-d1d1-4592-89ea-3d89b8cae9ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ec890a7-3b1e-4052-9ab0-70cfd423c0d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.02033Z", + "modified": "2024-09-08T00:21:43.02033Z", + "name": "CVE-2024-6849", + "description": "The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f4a4feb-5841-4b1c-a5b4-332f7598a36d.json b/objects/vulnerability/vulnerability--6f4a4feb-5841-4b1c-a5b4-332f7598a36d.json new file mode 100644 index 00000000000..9fa8a382042 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f4a4feb-5841-4b1c-a5b4-332f7598a36d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3ae83f3-70e0-4998-95ec-ff3b44d2ef34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f4a4feb-5841-4b1c-a5b4-332f7598a36d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:50.223897Z", + "modified": "2024-09-08T00:21:50.223897Z", + "name": "CVE-2023-30583", + "description": "fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71c2dca9-8d87-49a2-a3e1-bba26da4892d.json b/objects/vulnerability/vulnerability--71c2dca9-8d87-49a2-a3e1-bba26da4892d.json new file mode 100644 index 00000000000..6cb0ed7698a --- /dev/null +++ b/objects/vulnerability/vulnerability--71c2dca9-8d87-49a2-a3e1-bba26da4892d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e3f32c95-65ff-40c8-af40-92c2d22b520f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71c2dca9-8d87-49a2-a3e1-bba26da4892d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.59648Z", + "modified": "2024-09-08T00:21:43.59648Z", + "name": "CVE-2024-8559", + "description": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73a26379-b63b-446f-8eb0-c2b8edfd9f0d.json b/objects/vulnerability/vulnerability--73a26379-b63b-446f-8eb0-c2b8edfd9f0d.json new file mode 100644 index 00000000000..26643055732 --- /dev/null +++ b/objects/vulnerability/vulnerability--73a26379-b63b-446f-8eb0-c2b8edfd9f0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21515954-95f3-4ba6-80b0-e05f565b423f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73a26379-b63b-446f-8eb0-c2b8edfd9f0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.617458Z", + "modified": "2024-09-08T00:21:43.617458Z", + "name": "CVE-2024-8555", + "description": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8555" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77d75baa-76d5-4d93-bdc1-844caca53fca.json b/objects/vulnerability/vulnerability--77d75baa-76d5-4d93-bdc1-844caca53fca.json new file mode 100644 index 00000000000..ff684cecb8f --- /dev/null +++ b/objects/vulnerability/vulnerability--77d75baa-76d5-4d93-bdc1-844caca53fca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5c18d88-f600-41f3-b35b-338c5fd14d3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77d75baa-76d5-4d93-bdc1-844caca53fca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.611985Z", + "modified": "2024-09-08T00:21:43.611985Z", + "name": "CVE-2024-8566", + "description": "A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0. This vulnerability affects unknown code of the file /settings.php. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3.json b/objects/vulnerability/vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3.json new file mode 100644 index 00000000000..ef5a493121f --- /dev/null +++ b/objects/vulnerability/vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e05f033-29d5-4dbf-b73b-d38ebc6694dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:50.229525Z", + "modified": "2024-09-08T00:21:50.229525Z", + "name": "CVE-2023-30584", + "description": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9556423f-8bcd-4f5d-802d-9f7a68d91081.json b/objects/vulnerability/vulnerability--9556423f-8bcd-4f5d-802d-9f7a68d91081.json new file mode 100644 index 00000000000..0ca8645903d --- /dev/null +++ b/objects/vulnerability/vulnerability--9556423f-8bcd-4f5d-802d-9f7a68d91081.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afbf907a-3e1f-4c0c-9929-57f0e487b538", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9556423f-8bcd-4f5d-802d-9f7a68d91081", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.029333Z", + "modified": "2024-09-08T00:21:43.029333Z", + "name": "CVE-2024-42020", + "description": "A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650.json b/objects/vulnerability/vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650.json new file mode 100644 index 00000000000..81d511852a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28b46ab2-497b-4802-a5a7-00a137da6774", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:50.225691Z", + "modified": "2024-09-08T00:21:50.225691Z", + "name": "CVE-2023-30582", + "description": "A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9eac6112-d6e6-4cdd-be71-702590c52261.json b/objects/vulnerability/vulnerability--9eac6112-d6e6-4cdd-be71-702590c52261.json new file mode 100644 index 00000000000..2dac4a7a797 --- /dev/null +++ b/objects/vulnerability/vulnerability--9eac6112-d6e6-4cdd-be71-702590c52261.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c96ba1b-b727-4bf5-bb51-8ac0b5d86523", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9eac6112-d6e6-4cdd-be71-702590c52261", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.245594Z", + "modified": "2024-09-08T00:21:44.245594Z", + "name": "CVE-2024-40710", + "description": "A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40710" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1b25b65-dade-46b4-a34e-40592524efcf.json b/objects/vulnerability/vulnerability--a1b25b65-dade-46b4-a34e-40592524efcf.json new file mode 100644 index 00000000000..2d2886d6545 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1b25b65-dade-46b4-a34e-40592524efcf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77ee1951-57e1-4a58-9008-352e22a361d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1b25b65-dade-46b4-a34e-40592524efcf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.600172Z", + "modified": "2024-09-08T00:21:43.600172Z", + "name": "CVE-2024-8564", + "description": "A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a30bd0e3-291b-431e-b445-57d545fac7d8.json b/objects/vulnerability/vulnerability--a30bd0e3-291b-431e-b445-57d545fac7d8.json new file mode 100644 index 00000000000..fbb5a894a38 --- /dev/null +++ b/objects/vulnerability/vulnerability--a30bd0e3-291b-431e-b445-57d545fac7d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2db20775-44b8-4802-b0f8-2a267f1e789e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a30bd0e3-291b-431e-b445-57d545fac7d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.288842Z", + "modified": "2024-09-08T00:21:43.288842Z", + "name": "CVE-2024-38650", + "description": "An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a86fddda-71a1-4270-a8f7-01617554ced3.json b/objects/vulnerability/vulnerability--a86fddda-71a1-4270-a8f7-01617554ced3.json new file mode 100644 index 00000000000..ed064756ae6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a86fddda-71a1-4270-a8f7-01617554ced3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1891fd59-19d4-4e31-9d2d-b723dc9c8981", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a86fddda-71a1-4270-a8f7-01617554ced3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.625283Z", + "modified": "2024-09-08T00:21:43.625283Z", + "name": "CVE-2024-8557", + "description": "A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a99dda4d-7772-433b-ac3d-0886071e729e.json b/objects/vulnerability/vulnerability--a99dda4d-7772-433b-ac3d-0886071e729e.json new file mode 100644 index 00000000000..2268852ebbc --- /dev/null +++ b/objects/vulnerability/vulnerability--a99dda4d-7772-433b-ac3d-0886071e729e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6abf738-e0cf-4909-a959-9ae284bdad04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a99dda4d-7772-433b-ac3d-0886071e729e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.871542Z", + "modified": "2024-09-08T00:21:43.871542Z", + "name": "CVE-2024-36137", + "description": "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aaed6a32-070e-4844-866b-ae702f9c0d53.json b/objects/vulnerability/vulnerability--aaed6a32-070e-4844-866b-ae702f9c0d53.json new file mode 100644 index 00000000000..e6b5e7467f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--aaed6a32-070e-4844-866b-ae702f9c0d53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1540d100-49a5-4bd6-92dc-21f3bedf8b95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aaed6a32-070e-4844-866b-ae702f9c0d53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.757021Z", + "modified": "2024-09-08T00:21:43.757021Z", + "name": "CVE-2024-39718", + "description": "An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39718" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af526e27-9fa5-48e2-aaa9-0babc5ab1062.json b/objects/vulnerability/vulnerability--af526e27-9fa5-48e2-aaa9-0babc5ab1062.json new file mode 100644 index 00000000000..4a855b115a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--af526e27-9fa5-48e2-aaa9-0babc5ab1062.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2750d9c7-a7a9-4888-9d01-a5d786c577e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af526e27-9fa5-48e2-aaa9-0babc5ab1062", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:49.892064Z", + "modified": "2024-09-08T00:21:49.892064Z", + "name": "CVE-2023-46809", + "description": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46809" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9ef53ed-68cd-4172-afd1-8f6bb7143bea.json b/objects/vulnerability/vulnerability--b9ef53ed-68cd-4172-afd1-8f6bb7143bea.json new file mode 100644 index 00000000000..322f998c435 --- /dev/null +++ b/objects/vulnerability/vulnerability--b9ef53ed-68cd-4172-afd1-8f6bb7143bea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e31bb33e-6c34-4acf-80eb-1f04da7a6094", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9ef53ed-68cd-4172-afd1-8f6bb7143bea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.865123Z", + "modified": "2024-09-08T00:21:43.865123Z", + "name": "CVE-2024-36138", + "description": "Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1a32734-7599-4ac0-a15d-91da3d55fa76.json b/objects/vulnerability/vulnerability--c1a32734-7599-4ac0-a15d-91da3d55fa76.json new file mode 100644 index 00000000000..8421512b965 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1a32734-7599-4ac0-a15d-91da3d55fa76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c717d87e-49fc-4ff3-9484-18cef270519e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1a32734-7599-4ac0-a15d-91da3d55fa76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:42.920912Z", + "modified": "2024-09-08T00:21:42.920912Z", + "name": "CVE-2024-1596", + "description": "The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2dd9bce-9b4d-492f-9e58-1ff1f42aff85.json b/objects/vulnerability/vulnerability--c2dd9bce-9b4d-492f-9e58-1ff1f42aff85.json new file mode 100644 index 00000000000..34989462955 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2dd9bce-9b4d-492f-9e58-1ff1f42aff85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ebc5c398-8ae8-4bcf-b3c5-4b2b3aff67a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2dd9bce-9b4d-492f-9e58-1ff1f42aff85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.058252Z", + "modified": "2024-09-08T00:21:43.058252Z", + "name": "CVE-2024-42019", + "description": "A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c56fbfb3-485a-49d6-a417-24c07b032b9e.json b/objects/vulnerability/vulnerability--c56fbfb3-485a-49d6-a417-24c07b032b9e.json new file mode 100644 index 00000000000..edb4cdb4bce --- /dev/null +++ b/objects/vulnerability/vulnerability--c56fbfb3-485a-49d6-a417-24c07b032b9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7598d972-0e91-44fd-b449-bd2e9c586426", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c56fbfb3-485a-49d6-a417-24c07b032b9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.634145Z", + "modified": "2024-09-08T00:21:43.634145Z", + "name": "CVE-2024-8554", + "description": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8554" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c97be5de-f67c-42b0-a29b-9d6b22aa24fb.json b/objects/vulnerability/vulnerability--c97be5de-f67c-42b0-a29b-9d6b22aa24fb.json new file mode 100644 index 00000000000..b4128f522df --- /dev/null +++ b/objects/vulnerability/vulnerability--c97be5de-f67c-42b0-a29b-9d6b22aa24fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7871fd79-c007-4e29-9a9a-3e0086881a61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c97be5de-f67c-42b0-a29b-9d6b22aa24fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.255335Z", + "modified": "2024-09-08T00:21:44.255335Z", + "name": "CVE-2024-40709", + "description": "A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3b28c68-6227-4b84-a2a3-d5f81d7d9ee3.json b/objects/vulnerability/vulnerability--d3b28c68-6227-4b84-a2a3-d5f81d7d9ee3.json new file mode 100644 index 00000000000..e56d5d760fe --- /dev/null +++ b/objects/vulnerability/vulnerability--d3b28c68-6227-4b84-a2a3-d5f81d7d9ee3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b9146fa-34d6-438a-811f-33066202c4d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3b28c68-6227-4b84-a2a3-d5f81d7d9ee3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.603111Z", + "modified": "2024-09-08T00:21:43.603111Z", + "name": "CVE-2024-8563", + "description": "A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8563" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d440a831-9922-40da-b204-5d6a1b6969ce.json b/objects/vulnerability/vulnerability--d440a831-9922-40da-b204-5d6a1b6969ce.json new file mode 100644 index 00000000000..39aa8f6c288 --- /dev/null +++ b/objects/vulnerability/vulnerability--d440a831-9922-40da-b204-5d6a1b6969ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa5f4a91-799e-47ad-8b04-a52de32a96fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d440a831-9922-40da-b204-5d6a1b6969ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.622798Z", + "modified": "2024-09-08T00:21:43.622798Z", + "name": "CVE-2024-8521", + "description": "A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8521" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d470d2cb-316d-48ee-a19c-16e9a9244474.json b/objects/vulnerability/vulnerability--d470d2cb-316d-48ee-a19c-16e9a9244474.json new file mode 100644 index 00000000000..1cbb0b2c415 --- /dev/null +++ b/objects/vulnerability/vulnerability--d470d2cb-316d-48ee-a19c-16e9a9244474.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ca00199-7e8c-4800-b55c-c58cc1b89be3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d470d2cb-316d-48ee-a19c-16e9a9244474", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.592672Z", + "modified": "2024-09-08T00:21:43.592672Z", + "name": "CVE-2024-8523", + "description": "A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d67b6607-40cb-4547-b36e-3e33495717f8.json b/objects/vulnerability/vulnerability--d67b6607-40cb-4547-b36e-3e33495717f8.json new file mode 100644 index 00000000000..f138f010163 --- /dev/null +++ b/objects/vulnerability/vulnerability--d67b6607-40cb-4547-b36e-3e33495717f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30cea364-59c6-4eba-a816-75b87b64d111", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d67b6607-40cb-4547-b36e-3e33495717f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.750467Z", + "modified": "2024-09-08T00:21:43.750467Z", + "name": "CVE-2024-39714", + "description": "A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39714" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d69c03f6-b992-489c-a312-881db4172dcd.json b/objects/vulnerability/vulnerability--d69c03f6-b992-489c-a312-881db4172dcd.json new file mode 100644 index 00000000000..d9cbdbd1a00 --- /dev/null +++ b/objects/vulnerability/vulnerability--d69c03f6-b992-489c-a312-881db4172dcd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a1c5488-6267-4605-ae19-0614169810c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d69c03f6-b992-489c-a312-881db4172dcd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.623835Z", + "modified": "2024-09-08T00:21:43.623835Z", + "name": "CVE-2024-8538", + "description": "The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e67ecc54-d708-4c42-82bf-4dffb8eeb133.json b/objects/vulnerability/vulnerability--e67ecc54-d708-4c42-82bf-4dffb8eeb133.json new file mode 100644 index 00000000000..2ab63c22548 --- /dev/null +++ b/objects/vulnerability/vulnerability--e67ecc54-d708-4c42-82bf-4dffb8eeb133.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2730a7a8-23f5-443e-9ba2-a03315d2c719", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e67ecc54-d708-4c42-82bf-4dffb8eeb133", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.635729Z", + "modified": "2024-09-08T00:21:43.635729Z", + "name": "CVE-2024-8558", + "description": "A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e84ffa7f-b331-4386-8c3e-01b98f69e036.json b/objects/vulnerability/vulnerability--e84ffa7f-b331-4386-8c3e-01b98f69e036.json new file mode 100644 index 00000000000..364089b6f48 --- /dev/null +++ b/objects/vulnerability/vulnerability--e84ffa7f-b331-4386-8c3e-01b98f69e036.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b45ca8b6-6702-42c6-8202-5427ed571a81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e84ffa7f-b331-4386-8c3e-01b98f69e036", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.263963Z", + "modified": "2024-09-08T00:21:44.263963Z", + "name": "CVE-2024-40713", + "description": "A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40713" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eea75cd4-df55-463b-9741-af2db9698392.json b/objects/vulnerability/vulnerability--eea75cd4-df55-463b-9741-af2db9698392.json new file mode 100644 index 00000000000..3fe594e9cbd --- /dev/null +++ b/objects/vulnerability/vulnerability--eea75cd4-df55-463b-9741-af2db9698392.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3fcfb35-8de5-43d7-9a39-9fbfba4e320b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eea75cd4-df55-463b-9741-af2db9698392", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.522302Z", + "modified": "2024-09-08T00:21:44.522302Z", + "name": "CVE-2024-45498", + "description": "Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4f26840-68aa-402a-8cd0-2f6a43a2940a.json b/objects/vulnerability/vulnerability--f4f26840-68aa-402a-8cd0-2f6a43a2940a.json new file mode 100644 index 00000000000..7202835a6c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4f26840-68aa-402a-8cd0-2f6a43a2940a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ffccdb04-e636-4530-bb0f-14a06475ef99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4f26840-68aa-402a-8cd0-2f6a43a2940a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:43.598003Z", + "modified": "2024-09-08T00:21:43.598003Z", + "name": "CVE-2024-8562", + "description": "A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8562" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd7dada8-455f-4ecc-ba97-063e194e21d5.json b/objects/vulnerability/vulnerability--fd7dada8-455f-4ecc-ba97-063e194e21d5.json new file mode 100644 index 00000000000..3d7ae8d4980 --- /dev/null +++ b/objects/vulnerability/vulnerability--fd7dada8-455f-4ecc-ba97-063e194e21d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a32bc884-538d-4872-9754-fc715b30e863", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd7dada8-455f-4ecc-ba97-063e194e21d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-08T00:21:44.237061Z", + "modified": "2024-09-08T00:21:44.237061Z", + "name": "CVE-2024-40714", + "description": "An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40714" + } + ] + } + ] +} \ No newline at end of file