diff --git a/mapping.csv b/mapping.csv
index 0c6a41929d6..19b0fe8aa7a 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -226231,3 +226231,82 @@ vulnerability,CVE-2024-25748,vulnerability--e2cfcddb-cc5f-41cd-ad78-f452f2487b2c
vulnerability,CVE-2024-25828,vulnerability--7cc00804-a8bc-4c8f-a1e8-93d9acf7521b
vulnerability,CVE-2024-25423,vulnerability--801dd8ec-2a48-4a38-9a50-9e16f1f1e336
vulnerability,CVE-2022-25377,vulnerability--d7ea8a48-423c-4941-b6b1-e7990d42ad15
+vulnerability,CVE-2023-52462,vulnerability--849a9ca7-7fe0-4c5d-83fa-867c9ee4febc
+vulnerability,CVE-2023-52463,vulnerability--b357c0a0-b481-4159-9e13-15a2ef87f042
+vulnerability,CVE-2023-52453,vulnerability--b2860a6f-4118-4c40-859f-5a1746ff0abf
+vulnerability,CVE-2023-52455,vulnerability--9f2d93a9-00f5-4b0e-a890-c4e22ff89a07
+vulnerability,CVE-2023-52456,vulnerability--b9fc56fa-5852-4af3-8142-5f948c79ebf0
+vulnerability,CVE-2023-52457,vulnerability--7bc0a404-e4f2-42fc-958e-3a56b03e36cb
+vulnerability,CVE-2023-52458,vulnerability--d6cdb0b7-0a18-4c40-829a-f9b777a73ef2
+vulnerability,CVE-2023-52454,vulnerability--287d7bc5-a75c-4e11-afd1-58fc80a75792
+vulnerability,CVE-2023-52464,vulnerability--ceef9d52-842b-4008-9c91-a62f3569b167
+vulnerability,CVE-2023-52461,vulnerability--3aa33fe1-ca57-4d3c-ab90-aabe57b6820b
+vulnerability,CVE-2023-52459,vulnerability--d090964d-e924-4495-ac03-b537d2fd49bc
+vulnerability,CVE-2023-52460,vulnerability--208c0b43-5a25-4754-a8c1-2cc3ca9cb7bd
+vulnerability,CVE-2023-4826,vulnerability--f2e83c2b-e284-4b39-8d50-a7db0355d5af
+vulnerability,CVE-2023-51392,vulnerability--cd40a56e-685a-4683-848f-3fc6e8f8ada4
+vulnerability,CVE-2023-51393,vulnerability--4b10e3e3-c04a-4dc2-8628-9819b47275d1
+vulnerability,CVE-2023-51394,vulnerability--9ca3ec0c-7454-4c8d-a4c1-90e947c8f0ec
+vulnerability,CVE-2023-24416,vulnerability--81c944cc-5fcd-4989-a6c6-9759446ec1d4
+vulnerability,CVE-2023-37540,vulnerability--bcbf23ed-c618-4ebb-a100-af589fd57921
+vulnerability,CVE-2024-22776,vulnerability--20c3fd33-8a22-4265-92aa-8bc41aa3d458
+vulnerability,CVE-2024-22243,vulnerability--dafac234-6e2f-462a-a8c5-5f8a1346717e
+vulnerability,CVE-2024-22395,vulnerability--60916385-b25a-4f32-904f-575289b406fb
+vulnerability,CVE-2024-22988,vulnerability--399590f7-4039-4047-8917-b45e605dcb7a
+vulnerability,CVE-2024-1819,vulnerability--dbc63ae3-f5d6-438e-92bb-1625fcd526b2
+vulnerability,CVE-2024-1590,vulnerability--26a598b7-3f38-483f-8160-4720739debee
+vulnerability,CVE-2024-1828,vulnerability--f406b0c8-7b6e-4ea5-9c0b-ba9cad091530
+vulnerability,CVE-2024-1783,vulnerability--312f11da-459e-47e8-bee2-29316d867b2e
+vulnerability,CVE-2024-1820,vulnerability--1c0bbc1a-b54b-467b-a8a0-e96474effbb8
+vulnerability,CVE-2024-1825,vulnerability--79d82391-f7ed-4cdc-af7e-cb1ad7db8624
+vulnerability,CVE-2024-1822,vulnerability--406c9e5c-62df-47b2-afee-2cf2c3108e4c
+vulnerability,CVE-2024-1824,vulnerability--c1d95967-7db5-4092-852e-6d16e3b6c0f2
+vulnerability,CVE-2024-1826,vulnerability--a72238ec-0f0f-45ac-8c41-f7fe7dfb0f2b
+vulnerability,CVE-2024-1829,vulnerability--f200bc10-4b9d-4391-b283-1c43a63ae6c2
+vulnerability,CVE-2024-1831,vulnerability--2712e262-4763-46f2-b050-4812c855d925
+vulnerability,CVE-2024-1777,vulnerability--8b07c704-1714-494a-b57f-fc69dfe0ae42
+vulnerability,CVE-2024-1784,vulnerability--9b2ab68d-9fd8-4e24-988d-df3e21e487be
+vulnerability,CVE-2024-1823,vulnerability--3547b632-ca5b-49c3-8c29-cde1eb1cac04
+vulnerability,CVE-2024-1683,vulnerability--1fa06e76-a889-440b-a728-e138bcb129f9
+vulnerability,CVE-2024-1361,vulnerability--4356d90c-90e1-404c-b1cc-4db50d058f6a
+vulnerability,CVE-2024-1821,vulnerability--ec50eddd-2599-4d37-8f10-7980f464eeb2
+vulnerability,CVE-2024-1362,vulnerability--3eff4a9d-bec5-4814-92b3-06ad70c247fb
+vulnerability,CVE-2024-1833,vulnerability--a03611c4-4d6a-407a-bbf7-1604e6302e7c
+vulnerability,CVE-2024-1778,vulnerability--dd93870b-0d95-4145-bcb9-ba33e0f90130
+vulnerability,CVE-2024-1830,vulnerability--b5b116de-3a7f-4529-9d32-f0eb80ed781f
+vulnerability,CVE-2024-1786,vulnerability--6de24247-3b1c-4f13-8ba4-1b4a856b2506
+vulnerability,CVE-2024-1781,vulnerability--5040efaf-0fbc-4f41-b215-2af3924fffcb
+vulnerability,CVE-2024-1817,vulnerability--0335007a-0d10-417e-b6b7-fab46c897d60
+vulnerability,CVE-2024-1779,vulnerability--79eba483-a9fa-4f37-a198-33078f9865fe
+vulnerability,CVE-2024-1360,vulnerability--742ced16-0973-4166-b916-fc8942a76b4e
+vulnerability,CVE-2024-1832,vulnerability--13b2231f-2507-4f89-9ba5-3c661e521e93
+vulnerability,CVE-2024-1834,vulnerability--44510872-f41f-4929-9133-a15e9cde5d60
+vulnerability,CVE-2024-1776,vulnerability--79dbadb1-fb91-4928-868d-f64c303dc771
+vulnerability,CVE-2024-1818,vulnerability--ca7ecf22-bd7c-4a1d-b9e6-c8ff84950f16
+vulnerability,CVE-2024-1827,vulnerability--6c8775d4-8b12-4ab9-8382-eabfa5c30b8e
+vulnerability,CVE-2024-23320,vulnerability--e1a2ca95-51c2-44db-87d7-27fa954a8e84
+vulnerability,CVE-2024-26188,vulnerability--055e20b9-12a3-4ad8-ba9a-abf9b5ec3360
+vulnerability,CVE-2024-26599,vulnerability--fe7f6b39-95a4-4375-9c76-915bcac4ad68
+vulnerability,CVE-2024-26595,vulnerability--1923889d-fe27-4a0e-87ce-74ba4bc10bcc
+vulnerability,CVE-2024-26598,vulnerability--48552711-82cf-4256-9c7b-14517fd9b056
+vulnerability,CVE-2024-26192,vulnerability--3a6cf568-40c7-40d8-8e78-1c1b6fc41b59
+vulnerability,CVE-2024-26150,vulnerability--e0f77025-6af2-479b-adf2-6965b0d26711
+vulnerability,CVE-2024-26596,vulnerability--cd5140ff-e9d7-40f4-b7cd-7c75a4710678
+vulnerability,CVE-2024-26597,vulnerability--38e4a8d5-b123-4bff-8207-67c1eb339e9a
+vulnerability,CVE-2024-26593,vulnerability--9e6eb399-a801-405b-b7e9-4bde20ce5db2
+vulnerability,CVE-2024-26594,vulnerability--9eac7ae2-7481-4edc-aebb-81ba8be70d92
+vulnerability,CVE-2024-27319,vulnerability--8781de29-3536-42d6-9e9a-395a4eb74437
+vulnerability,CVE-2024-27318,vulnerability--2bdba782-65da-4c82-883d-f57769b82b60
+vulnerability,CVE-2024-27133,vulnerability--652403d1-0068-43eb-bdd3-2bb8811ef170
+vulnerability,CVE-2024-27132,vulnerability--43a2f164-e95e-4361-8392-e5fcf961b071
+vulnerability,CVE-2024-0563,vulnerability--870b8d4b-8277-4da0-ae90-ffa36a495e64
+vulnerability,CVE-2024-24310,vulnerability--c0a40774-8e52-433f-898d-7e06b827a0dd
+vulnerability,CVE-2024-24309,vulnerability--28f45076-6a17-4825-8d65-9013fe3f5269
+vulnerability,CVE-2024-24681,vulnerability--c48f8a6c-f945-4620-bce7-2479d4b3f81d
+vulnerability,CVE-2024-21423,vulnerability--319a268a-af28-4021-9c9a-c188bd86b03e
+vulnerability,CVE-2024-25928,vulnerability--16b30ee0-2e39-4528-bfb7-3f969b04663c
+vulnerability,CVE-2024-25469,vulnerability--34c884de-9495-439c-ad10-ca86c66d8fad
+vulnerability,CVE-2024-25730,vulnerability--55d268b7-67b2-48a3-b24b-9f634e0ec734
+vulnerability,CVE-2024-25915,vulnerability--93b1cabb-7351-405e-a1d2-b145eaac9386
+vulnerability,CVE-2024-25629,vulnerability--67db61b8-a144-4b85-bb43-f4e11e6526b6
+vulnerability,CVE-2022-43842,vulnerability--5ced3f73-d3fc-440e-b02f-74f795ffdf16
diff --git a/objects/vulnerability/vulnerability--0335007a-0d10-417e-b6b7-fab46c897d60.json b/objects/vulnerability/vulnerability--0335007a-0d10-417e-b6b7-fab46c897d60.json
new file mode 100644
index 00000000000..bd3dd274707
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0335007a-0d10-417e-b6b7-fab46c897d60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4f8a8a3d-45f2-4950-a3d5-7594841f68d8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0335007a-0d10-417e-b6b7-fab46c897d60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.168011Z",
+ "modified": "2024-02-24T00:15:17.168011Z",
+ "name": "CVE-2024-1817",
+ "description": "A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1817"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--055e20b9-12a3-4ad8-ba9a-abf9b5ec3360.json b/objects/vulnerability/vulnerability--055e20b9-12a3-4ad8-ba9a-abf9b5ec3360.json
new file mode 100644
index 00000000000..185cd694e16
--- /dev/null
+++ b/objects/vulnerability/vulnerability--055e20b9-12a3-4ad8-ba9a-abf9b5ec3360.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--701c1eaf-2cd3-4488-808e-36a9f336ebf3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--055e20b9-12a3-4ad8-ba9a-abf9b5ec3360",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.237903Z",
+ "modified": "2024-02-24T00:15:17.237903Z",
+ "name": "CVE-2024-26188",
+ "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26188"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--13b2231f-2507-4f89-9ba5-3c661e521e93.json b/objects/vulnerability/vulnerability--13b2231f-2507-4f89-9ba5-3c661e521e93.json
new file mode 100644
index 00000000000..1ca3c1cb2cc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--13b2231f-2507-4f89-9ba5-3c661e521e93.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9caf8731-bf12-4436-827c-262ee9e25ca9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--13b2231f-2507-4f89-9ba5-3c661e521e93",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.174737Z",
+ "modified": "2024-02-24T00:15:17.174737Z",
+ "name": "CVE-2024-1832",
+ "description": "A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1832"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--16b30ee0-2e39-4528-bfb7-3f969b04663c.json b/objects/vulnerability/vulnerability--16b30ee0-2e39-4528-bfb7-3f969b04663c.json
new file mode 100644
index 00000000000..edc754e1b1b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--16b30ee0-2e39-4528-bfb7-3f969b04663c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d54c2145-83aa-4999-bcd8-e1a4275a1abf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--16b30ee0-2e39-4528-bfb7-3f969b04663c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.469849Z",
+ "modified": "2024-02-24T00:15:17.469849Z",
+ "name": "CVE-2024-25928",
+ "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-25928"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1923889d-fe27-4a0e-87ce-74ba4bc10bcc.json b/objects/vulnerability/vulnerability--1923889d-fe27-4a0e-87ce-74ba4bc10bcc.json
new file mode 100644
index 00000000000..cefe1105258
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1923889d-fe27-4a0e-87ce-74ba4bc10bcc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--821ca987-4c3c-444f-9b4d-cd9dfdb563f7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1923889d-fe27-4a0e-87ce-74ba4bc10bcc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.24357Z",
+ "modified": "2024-02-24T00:15:17.24357Z",
+ "name": "CVE-2024-26595",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region->group->tcam' [1].\n\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26595"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1c0bbc1a-b54b-467b-a8a0-e96474effbb8.json b/objects/vulnerability/vulnerability--1c0bbc1a-b54b-467b-a8a0-e96474effbb8.json
new file mode 100644
index 00000000000..28c7ce3693d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1c0bbc1a-b54b-467b-a8a0-e96474effbb8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--386ad226-ac99-419b-a867-7e4f07ac35e8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1c0bbc1a-b54b-467b-a8a0-e96474effbb8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.121598Z",
+ "modified": "2024-02-24T00:15:17.121598Z",
+ "name": "CVE-2024-1820",
+ "description": "A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1820"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1fa06e76-a889-440b-a728-e138bcb129f9.json b/objects/vulnerability/vulnerability--1fa06e76-a889-440b-a728-e138bcb129f9.json
new file mode 100644
index 00000000000..3b2b09a71fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1fa06e76-a889-440b-a728-e138bcb129f9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--077cdcff-c468-4492-a9b1-e8f81bb6e5fc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1fa06e76-a889-440b-a728-e138bcb129f9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.136361Z",
+ "modified": "2024-02-24T00:15:17.136361Z",
+ "name": "CVE-2024-1683",
+ "description": "\nA DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1683"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--208c0b43-5a25-4754-a8c1-2cc3ca9cb7bd.json b/objects/vulnerability/vulnerability--208c0b43-5a25-4754-a8c1-2cc3ca9cb7bd.json
new file mode 100644
index 00000000000..661090740e1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--208c0b43-5a25-4754-a8c1-2cc3ca9cb7bd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--14d69db0-56db-4af6-8c15-13f49fed56be",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--208c0b43-5a25-4754-a8c1-2cc3ca9cb7bd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.816418Z",
+ "modified": "2024-02-24T00:15:13.816418Z",
+ "name": "CVE-2023-52460",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference at hibernate\n\nDuring hibernate sequence the source context might not have a clk_mgr.\nSo don't use it to look for DML2 support.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52460"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--20c3fd33-8a22-4265-92aa-8bc41aa3d458.json b/objects/vulnerability/vulnerability--20c3fd33-8a22-4265-92aa-8bc41aa3d458.json
new file mode 100644
index 00000000000..90677e1dd43
--- /dev/null
+++ b/objects/vulnerability/vulnerability--20c3fd33-8a22-4265-92aa-8bc41aa3d458.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b7697121-0c57-4559-a325-ce6374328cfd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--20c3fd33-8a22-4265-92aa-8bc41aa3d458",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.010933Z",
+ "modified": "2024-02-24T00:15:17.010933Z",
+ "name": "CVE-2024-22776",
+ "description": "Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-22776"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--26a598b7-3f38-483f-8160-4720739debee.json b/objects/vulnerability/vulnerability--26a598b7-3f38-483f-8160-4720739debee.json
new file mode 100644
index 00000000000..e18cc14d8c6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--26a598b7-3f38-483f-8160-4720739debee.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--78b036dc-c832-4842-970e-1562467ba692",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--26a598b7-3f38-483f-8160-4720739debee",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.107108Z",
+ "modified": "2024-02-24T00:15:17.107108Z",
+ "name": "CVE-2024-1590",
+ "description": "The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1590"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2712e262-4763-46f2-b050-4812c855d925.json b/objects/vulnerability/vulnerability--2712e262-4763-46f2-b050-4812c855d925.json
new file mode 100644
index 00000000000..e9ef9fb6b6a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2712e262-4763-46f2-b050-4812c855d925.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fef0009e-01a9-4053-abe0-eebbce435d5c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2712e262-4763-46f2-b050-4812c855d925",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.131319Z",
+ "modified": "2024-02-24T00:15:17.131319Z",
+ "name": "CVE-2024-1831",
+ "description": "A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254622 is the identifier assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1831"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--287d7bc5-a75c-4e11-afd1-58fc80a75792.json b/objects/vulnerability/vulnerability--287d7bc5-a75c-4e11-afd1-58fc80a75792.json
new file mode 100644
index 00000000000..de2d0b3dbbc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--287d7bc5-a75c-4e11-afd1-58fc80a75792.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ea881bf9-2f3a-4aab-aec0-10f7e8bb80a1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--287d7bc5-a75c-4e11-afd1-58fc80a75792",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.804911Z",
+ "modified": "2024-02-24T00:15:13.804911Z",
+ "name": "CVE-2023-52454",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn't coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52454"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--28f45076-6a17-4825-8d65-9013fe3f5269.json b/objects/vulnerability/vulnerability--28f45076-6a17-4825-8d65-9013fe3f5269.json
new file mode 100644
index 00000000000..0fa66aa39bd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--28f45076-6a17-4825-8d65-9013fe3f5269.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8f0256aa-e1a4-4f27-a9c5-1dda2885d25f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--28f45076-6a17-4825-8d65-9013fe3f5269",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.391594Z",
+ "modified": "2024-02-24T00:15:17.391594Z",
+ "name": "CVE-2024-24309",
+ "description": "In the module \"Survey TMA\" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-24309"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2bdba782-65da-4c82-883d-f57769b82b60.json b/objects/vulnerability/vulnerability--2bdba782-65da-4c82-883d-f57769b82b60.json
new file mode 100644
index 00000000000..8b8d299dede
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2bdba782-65da-4c82-883d-f57769b82b60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f2663294-aaf5-4b9b-9ec9-251470ee9b45",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2bdba782-65da-4c82-883d-f57769b82b60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.296522Z",
+ "modified": "2024-02-24T00:15:17.296522Z",
+ "name": "CVE-2024-27318",
+ "description": "Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-27318"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--312f11da-459e-47e8-bee2-29316d867b2e.json b/objects/vulnerability/vulnerability--312f11da-459e-47e8-bee2-29316d867b2e.json
new file mode 100644
index 00000000000..8e53cb817d4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--312f11da-459e-47e8-bee2-29316d867b2e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--95781127-d53a-4f6e-b22b-7080ad71b5fd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--312f11da-459e-47e8-bee2-29316d867b2e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.11342Z",
+ "modified": "2024-02-24T00:15:17.11342Z",
+ "name": "CVE-2024-1783",
+ "description": "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1783"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--319a268a-af28-4021-9c9a-c188bd86b03e.json b/objects/vulnerability/vulnerability--319a268a-af28-4021-9c9a-c188bd86b03e.json
new file mode 100644
index 00000000000..ebbc11d8f20
--- /dev/null
+++ b/objects/vulnerability/vulnerability--319a268a-af28-4021-9c9a-c188bd86b03e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--834ad91f-c966-4367-a44c-278c612c7677",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--319a268a-af28-4021-9c9a-c188bd86b03e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.437145Z",
+ "modified": "2024-02-24T00:15:17.437145Z",
+ "name": "CVE-2024-21423",
+ "description": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-21423"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--34c884de-9495-439c-ad10-ca86c66d8fad.json b/objects/vulnerability/vulnerability--34c884de-9495-439c-ad10-ca86c66d8fad.json
new file mode 100644
index 00000000000..2e5ab788b74
--- /dev/null
+++ b/objects/vulnerability/vulnerability--34c884de-9495-439c-ad10-ca86c66d8fad.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e0c51637-7164-499d-a97e-1e813941eb75",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--34c884de-9495-439c-ad10-ca86c66d8fad",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.472767Z",
+ "modified": "2024-02-24T00:15:17.472767Z",
+ "name": "CVE-2024-25469",
+ "description": "SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-25469"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3547b632-ca5b-49c3-8c29-cde1eb1cac04.json b/objects/vulnerability/vulnerability--3547b632-ca5b-49c3-8c29-cde1eb1cac04.json
new file mode 100644
index 00000000000..030b5dc7dd6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3547b632-ca5b-49c3-8c29-cde1eb1cac04.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b68d22b5-48db-4e88-822a-4baf3c422fdc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3547b632-ca5b-49c3-8c29-cde1eb1cac04",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.135139Z",
+ "modified": "2024-02-24T00:15:17.135139Z",
+ "name": "CVE-2024-1823",
+ "description": "A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1823"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--38e4a8d5-b123-4bff-8207-67c1eb339e9a.json b/objects/vulnerability/vulnerability--38e4a8d5-b123-4bff-8207-67c1eb339e9a.json
new file mode 100644
index 00000000000..ae8a0f64b6a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--38e4a8d5-b123-4bff-8207-67c1eb339e9a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1ea94124-9c7a-4188-97f0-d280a23c2414",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--38e4a8d5-b123-4bff-8207-67c1eb339e9a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.276944Z",
+ "modified": "2024-02-24T00:15:17.276944Z",
+ "name": "CVE-2024-26597",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26597"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--399590f7-4039-4047-8917-b45e605dcb7a.json b/objects/vulnerability/vulnerability--399590f7-4039-4047-8917-b45e605dcb7a.json
new file mode 100644
index 00000000000..96e24d70303
--- /dev/null
+++ b/objects/vulnerability/vulnerability--399590f7-4039-4047-8917-b45e605dcb7a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--83f3a23e-0046-4da8-9d77-6a84787244df",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--399590f7-4039-4047-8917-b45e605dcb7a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.100725Z",
+ "modified": "2024-02-24T00:15:17.100725Z",
+ "name": "CVE-2024-22988",
+ "description": "An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-22988"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3a6cf568-40c7-40d8-8e78-1c1b6fc41b59.json b/objects/vulnerability/vulnerability--3a6cf568-40c7-40d8-8e78-1c1b6fc41b59.json
new file mode 100644
index 00000000000..21b82e45847
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3a6cf568-40c7-40d8-8e78-1c1b6fc41b59.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c251f413-ebb6-414f-978c-10a3f847acaa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3a6cf568-40c7-40d8-8e78-1c1b6fc41b59",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.256428Z",
+ "modified": "2024-02-24T00:15:17.256428Z",
+ "name": "CVE-2024-26192",
+ "description": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26192"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3aa33fe1-ca57-4d3c-ab90-aabe57b6820b.json b/objects/vulnerability/vulnerability--3aa33fe1-ca57-4d3c-ab90-aabe57b6820b.json
new file mode 100644
index 00000000000..b1b406588d0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3aa33fe1-ca57-4d3c-ab90-aabe57b6820b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--521cc572-7893-44cc-ac65-b87e1fb385ca",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3aa33fe1-ca57-4d3c-ab90-aabe57b6820b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.810514Z",
+ "modified": "2024-02-24T00:15:13.810514Z",
+ "name": "CVE-2023-52461",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix bounds limiting when given a malformed entity\n\nIf we're given a malformed entity in drm_sched_entity_init()--shouldn't\nhappen, but we verify--with out-of-bounds priority value, we set it to an\nallowed value. Fix the expression which sets this limit.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52461"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3eff4a9d-bec5-4814-92b3-06ad70c247fb.json b/objects/vulnerability/vulnerability--3eff4a9d-bec5-4814-92b3-06ad70c247fb.json
new file mode 100644
index 00000000000..ddd629b64ec
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3eff4a9d-bec5-4814-92b3-06ad70c247fb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7d4a948e-906a-4dda-afa3-ea77dde2cdd7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3eff4a9d-bec5-4814-92b3-06ad70c247fb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.141864Z",
+ "modified": "2024-02-24T00:15:17.141864Z",
+ "name": "CVE-2024-1362",
+ "description": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1362"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--406c9e5c-62df-47b2-afee-2cf2c3108e4c.json b/objects/vulnerability/vulnerability--406c9e5c-62df-47b2-afee-2cf2c3108e4c.json
new file mode 100644
index 00000000000..09ca64c09f4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--406c9e5c-62df-47b2-afee-2cf2c3108e4c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5b18c4cb-fb14-4c76-a546-81249d1deecf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--406c9e5c-62df-47b2-afee-2cf2c3108e4c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.125646Z",
+ "modified": "2024-02-24T00:15:17.125646Z",
+ "name": "CVE-2024-1822",
+ "description": "A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1822"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4356d90c-90e1-404c-b1cc-4db50d058f6a.json b/objects/vulnerability/vulnerability--4356d90c-90e1-404c-b1cc-4db50d058f6a.json
new file mode 100644
index 00000000000..3abaa5d2aea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4356d90c-90e1-404c-b1cc-4db50d058f6a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5fc01370-4674-4f27-9c40-3540485f63fc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4356d90c-90e1-404c-b1cc-4db50d058f6a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.139478Z",
+ "modified": "2024-02-24T00:15:17.139478Z",
+ "name": "CVE-2024-1361",
+ "description": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1361"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--43a2f164-e95e-4361-8392-e5fcf961b071.json b/objects/vulnerability/vulnerability--43a2f164-e95e-4361-8392-e5fcf961b071.json
new file mode 100644
index 00000000000..cf2747dd561
--- /dev/null
+++ b/objects/vulnerability/vulnerability--43a2f164-e95e-4361-8392-e5fcf961b071.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2ee62046-aaac-4e35-800b-50919603015f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--43a2f164-e95e-4361-8392-e5fcf961b071",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.306961Z",
+ "modified": "2024-02-24T00:15:17.306961Z",
+ "name": "CVE-2024-27132",
+ "description": "Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.\n\nThis issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.\n\nThe vulnerability stems from lack of sanitization over template variables.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-27132"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--44510872-f41f-4929-9133-a15e9cde5d60.json b/objects/vulnerability/vulnerability--44510872-f41f-4929-9133-a15e9cde5d60.json
new file mode 100644
index 00000000000..b70e00e872d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--44510872-f41f-4929-9133-a15e9cde5d60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8368cb16-5765-4c30-9055-813cf562b9bc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--44510872-f41f-4929-9133-a15e9cde5d60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.177805Z",
+ "modified": "2024-02-24T00:15:17.177805Z",
+ "name": "CVE-2024-1834",
+ "description": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1834"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--48552711-82cf-4256-9c7b-14517fd9b056.json b/objects/vulnerability/vulnerability--48552711-82cf-4256-9c7b-14517fd9b056.json
new file mode 100644
index 00000000000..a13e519043c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--48552711-82cf-4256-9c7b-14517fd9b056.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7ee4fa69-47f0-4cfc-8e25-8b27b3f905cd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--48552711-82cf-4256-9c7b-14517fd9b056",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.246135Z",
+ "modified": "2024-02-24T00:15:17.246135Z",
+ "name": "CVE-2024-26598",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache\n\nThere is a potential UAF scenario in the case of an LPI translation\ncache hit racing with an operation that invalidates the cache, such\nas a DISCARD ITS command. The root of the problem is that\nvgic_its_check_cache() does not elevate the refcount on the vgic_irq\nbefore dropping the lock that serializes refcount changes.\n\nHave vgic_its_check_cache() raise the refcount on the returned vgic_irq\nand add the corresponding decrement after queueing the interrupt.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26598"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4b10e3e3-c04a-4dc2-8628-9819b47275d1.json b/objects/vulnerability/vulnerability--4b10e3e3-c04a-4dc2-8628-9819b47275d1.json
new file mode 100644
index 00000000000..a6d5ac3fc0c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4b10e3e3-c04a-4dc2-8628-9819b47275d1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1e7acc09-87c8-4678-9170-8d0c37798674",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4b10e3e3-c04a-4dc2-8628-9819b47275d1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:15.090484Z",
+ "modified": "2024-02-24T00:15:15.090484Z",
+ "name": "CVE-2023-51393",
+ "description": "\nDue to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-51393"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5040efaf-0fbc-4f41-b215-2af3924fffcb.json b/objects/vulnerability/vulnerability--5040efaf-0fbc-4f41-b215-2af3924fffcb.json
new file mode 100644
index 00000000000..077a741fd5c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5040efaf-0fbc-4f41-b215-2af3924fffcb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--93d4e560-0b92-4f9a-a246-09a2ee489fe4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5040efaf-0fbc-4f41-b215-2af3924fffcb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.155917Z",
+ "modified": "2024-02-24T00:15:17.155917Z",
+ "name": "CVE-2024-1781",
+ "description": "A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1781"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--55d268b7-67b2-48a3-b24b-9f634e0ec734.json b/objects/vulnerability/vulnerability--55d268b7-67b2-48a3-b24b-9f634e0ec734.json
new file mode 100644
index 00000000000..efb4cb873ed
--- /dev/null
+++ b/objects/vulnerability/vulnerability--55d268b7-67b2-48a3-b24b-9f634e0ec734.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a6769875-3068-4a63-9e7d-242bcdd5b929",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--55d268b7-67b2-48a3-b24b-9f634e0ec734",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.495975Z",
+ "modified": "2024-02-24T00:15:17.495975Z",
+ "name": "CVE-2024-25730",
+ "description": "Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a \"Hitron\" substring, resulting in insufficient entropy (only about one million possibilities).",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-25730"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5ced3f73-d3fc-440e-b02f-74f795ffdf16.json b/objects/vulnerability/vulnerability--5ced3f73-d3fc-440e-b02f-74f795ffdf16.json
new file mode 100644
index 00000000000..263d6443ce4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5ced3f73-d3fc-440e-b02f-74f795ffdf16.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5445dfaf-c9f3-47f5-8c7e-9674f695590c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5ced3f73-d3fc-440e-b02f-74f795ffdf16",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:22.384691Z",
+ "modified": "2024-02-24T00:15:22.384691Z",
+ "name": "CVE-2022-43842",
+ "description": "IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-43842"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--60916385-b25a-4f32-904f-575289b406fb.json b/objects/vulnerability/vulnerability--60916385-b25a-4f32-904f-575289b406fb.json
new file mode 100644
index 00000000000..f75f832b69b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--60916385-b25a-4f32-904f-575289b406fb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b1727529-68c7-4e01-a48c-83fad98607d2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--60916385-b25a-4f32-904f-575289b406fb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.076694Z",
+ "modified": "2024-02-24T00:15:17.076694Z",
+ "name": "CVE-2024-22395",
+ "description": "Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-22395"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--652403d1-0068-43eb-bdd3-2bb8811ef170.json b/objects/vulnerability/vulnerability--652403d1-0068-43eb-bdd3-2bb8811ef170.json
new file mode 100644
index 00000000000..ca218d71cdf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--652403d1-0068-43eb-bdd3-2bb8811ef170.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f87978fa-7cd8-483c-9f1a-93818a12b065",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--652403d1-0068-43eb-bdd3-2bb8811ef170",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.300597Z",
+ "modified": "2024-02-24T00:15:17.300597Z",
+ "name": "CVE-2024-27133",
+ "description": "Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-27133"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--67db61b8-a144-4b85-bb43-f4e11e6526b6.json b/objects/vulnerability/vulnerability--67db61b8-a144-4b85-bb43-f4e11e6526b6.json
new file mode 100644
index 00000000000..e697d79b535
--- /dev/null
+++ b/objects/vulnerability/vulnerability--67db61b8-a144-4b85-bb43-f4e11e6526b6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bf8a45d0-80c3-4345-9ae1-0868753f475c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--67db61b8-a144-4b85-bb43-f4e11e6526b6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.504578Z",
+ "modified": "2024-02-24T00:15:17.504578Z",
+ "name": "CVE-2024-25629",
+ "description": "c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-25629"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6c8775d4-8b12-4ab9-8382-eabfa5c30b8e.json b/objects/vulnerability/vulnerability--6c8775d4-8b12-4ab9-8382-eabfa5c30b8e.json
new file mode 100644
index 00000000000..b8072ef0c83
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6c8775d4-8b12-4ab9-8382-eabfa5c30b8e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3032ae2f-10ed-4962-adb2-09f4fe647280",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6c8775d4-8b12-4ab9-8382-eabfa5c30b8e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.182449Z",
+ "modified": "2024-02-24T00:15:17.182449Z",
+ "name": "CVE-2024-1827",
+ "description": "A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1827"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6de24247-3b1c-4f13-8ba4-1b4a856b2506.json b/objects/vulnerability/vulnerability--6de24247-3b1c-4f13-8ba4-1b4a856b2506.json
new file mode 100644
index 00000000000..1b831e30590
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6de24247-3b1c-4f13-8ba4-1b4a856b2506.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c34f6e11-45e6-4328-9350-804f911da6ec",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6de24247-3b1c-4f13-8ba4-1b4a856b2506",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.152101Z",
+ "modified": "2024-02-24T00:15:17.152101Z",
+ "name": "CVE-2024-1786",
+ "description": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1786"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--742ced16-0973-4166-b916-fc8942a76b4e.json b/objects/vulnerability/vulnerability--742ced16-0973-4166-b916-fc8942a76b4e.json
new file mode 100644
index 00000000000..345d29b89a8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--742ced16-0973-4166-b916-fc8942a76b4e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cf07525f-2a1d-4e6a-9347-d6c8bd4aecd3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--742ced16-0973-4166-b916-fc8942a76b4e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.173456Z",
+ "modified": "2024-02-24T00:15:17.173456Z",
+ "name": "CVE-2024-1360",
+ "description": "The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1360"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--79d82391-f7ed-4cdc-af7e-cb1ad7db8624.json b/objects/vulnerability/vulnerability--79d82391-f7ed-4cdc-af7e-cb1ad7db8624.json
new file mode 100644
index 00000000000..6e81a0b4834
--- /dev/null
+++ b/objects/vulnerability/vulnerability--79d82391-f7ed-4cdc-af7e-cb1ad7db8624.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--82bc6a21-babf-472b-9d13-d016b52f3849",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--79d82391-f7ed-4cdc-af7e-cb1ad7db8624",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.122992Z",
+ "modified": "2024-02-24T00:15:17.122992Z",
+ "name": "CVE-2024-1825",
+ "description": "A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1825"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--79dbadb1-fb91-4928-868d-f64c303dc771.json b/objects/vulnerability/vulnerability--79dbadb1-fb91-4928-868d-f64c303dc771.json
new file mode 100644
index 00000000000..027ed56799c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--79dbadb1-fb91-4928-868d-f64c303dc771.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--349c0b00-746c-4c43-a47d-cf7f73a50937",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--79dbadb1-fb91-4928-868d-f64c303dc771",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.179742Z",
+ "modified": "2024-02-24T00:15:17.179742Z",
+ "name": "CVE-2024-1776",
+ "description": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1776"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--79eba483-a9fa-4f37-a198-33078f9865fe.json b/objects/vulnerability/vulnerability--79eba483-a9fa-4f37-a198-33078f9865fe.json
new file mode 100644
index 00000000000..f14bff984fa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--79eba483-a9fa-4f37-a198-33078f9865fe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--72d20a63-7645-463b-82f0-80712fd34e7f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--79eba483-a9fa-4f37-a198-33078f9865fe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.169538Z",
+ "modified": "2024-02-24T00:15:17.169538Z",
+ "name": "CVE-2024-1779",
+ "description": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1779"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7bc0a404-e4f2-42fc-958e-3a56b03e36cb.json b/objects/vulnerability/vulnerability--7bc0a404-e4f2-42fc-958e-3a56b03e36cb.json
new file mode 100644
index 00000000000..0e7ff55b635
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7bc0a404-e4f2-42fc-958e-3a56b03e36cb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3edd312c-2aca-4d08-a2e5-fab549092bb6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7bc0a404-e4f2-42fc-958e-3a56b03e36cb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.801068Z",
+ "modified": "2024-02-24T00:15:13.801068Z",
+ "name": "CVE-2023-52457",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed\n\nReturning an error code from .remove() makes the driver core emit the\nlittle helpful error message:\n\n\tremove callback returned a non-zero value. This will be ignored.\n\nand then remove the device anyhow. So all resources that were not freed\nare leaked in this case. Skipping serial8250_unregister_port() has the\npotential to keep enough of the UART around to trigger a use-after-free.\n\nSo replace the error return (and with it the little helpful error\nmessage) by a more useful error message and continue to cleanup.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52457"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--81c944cc-5fcd-4989-a6c6-9759446ec1d4.json b/objects/vulnerability/vulnerability--81c944cc-5fcd-4989-a6c6-9759446ec1d4.json
new file mode 100644
index 00000000000..de9ac6b2d3b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--81c944cc-5fcd-4989-a6c6-9759446ec1d4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--77a69f78-48f2-4426-946e-b9ae619bd0fa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--81c944cc-5fcd-4989-a6c6-9759446ec1d4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:15.530973Z",
+ "modified": "2024-02-24T00:15:15.530973Z",
+ "name": "CVE-2023-24416",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-24416"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--849a9ca7-7fe0-4c5d-83fa-867c9ee4febc.json b/objects/vulnerability/vulnerability--849a9ca7-7fe0-4c5d-83fa-867c9ee4febc.json
new file mode 100644
index 00000000000..e7572c8b3f6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--849a9ca7-7fe0-4c5d-83fa-867c9ee4febc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--97ab7223-c731-4de3-9dbf-2058373bdc08",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--849a9ca7-7fe0-4c5d-83fa-867c9ee4febc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.780124Z",
+ "modified": "2024-02-24T00:15:13.780124Z",
+ "name": "CVE-2023-52462",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix check for attempt to corrupt spilled pointer\n\nWhen register is spilled onto a stack as a 1/2/4-byte register, we set\nslot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,\ndepending on actual spill size). So to check if some stack slot has\nspilled register we need to consult slot_type[7], not slot_type[0].\n\nTo avoid the need to remember and double-check this in the future, just\nuse is_spilled_reg() helper.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52462"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--870b8d4b-8277-4da0-ae90-ffa36a495e64.json b/objects/vulnerability/vulnerability--870b8d4b-8277-4da0-ae90-ffa36a495e64.json
new file mode 100644
index 00000000000..b51175afd5f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--870b8d4b-8277-4da0-ae90-ffa36a495e64.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--40440b7f-a76f-4ce9-ac30-28026adb9a00",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--870b8d4b-8277-4da0-ae90-ffa36a495e64",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.337221Z",
+ "modified": "2024-02-24T00:15:17.337221Z",
+ "name": "CVE-2024-0563",
+ "description": "Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-0563"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8781de29-3536-42d6-9e9a-395a4eb74437.json b/objects/vulnerability/vulnerability--8781de29-3536-42d6-9e9a-395a4eb74437.json
new file mode 100644
index 00000000000..011ba9a940e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8781de29-3536-42d6-9e9a-395a4eb74437.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9e7068e1-d798-47d2-be1c-da6051af3ec7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8781de29-3536-42d6-9e9a-395a4eb74437",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.29245Z",
+ "modified": "2024-02-24T00:15:17.29245Z",
+ "name": "CVE-2024-27319",
+ "description": "Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-27319"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8b07c704-1714-494a-b57f-fc69dfe0ae42.json b/objects/vulnerability/vulnerability--8b07c704-1714-494a-b57f-fc69dfe0ae42.json
new file mode 100644
index 00000000000..40529171fcd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8b07c704-1714-494a-b57f-fc69dfe0ae42.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e06b67f6-55bd-4861-aa2e-ce2b2f6968d5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8b07c704-1714-494a-b57f-fc69dfe0ae42",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.132785Z",
+ "modified": "2024-02-24T00:15:17.132785Z",
+ "name": "CVE-2024-1777",
+ "description": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1777"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--93b1cabb-7351-405e-a1d2-b145eaac9386.json b/objects/vulnerability/vulnerability--93b1cabb-7351-405e-a1d2-b145eaac9386.json
new file mode 100644
index 00000000000..12ef89ba80a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--93b1cabb-7351-405e-a1d2-b145eaac9386.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cdd2274c-c076-40e2-95fa-c72444e2bc15",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--93b1cabb-7351-405e-a1d2-b145eaac9386",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.49975Z",
+ "modified": "2024-02-24T00:15:17.49975Z",
+ "name": "CVE-2024-25915",
+ "description": "Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-25915"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9b2ab68d-9fd8-4e24-988d-df3e21e487be.json b/objects/vulnerability/vulnerability--9b2ab68d-9fd8-4e24-988d-df3e21e487be.json
new file mode 100644
index 00000000000..2363865c1fc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9b2ab68d-9fd8-4e24-988d-df3e21e487be.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bd2bead3-b0aa-475e-bfc3-57cff2ea5d64",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9b2ab68d-9fd8-4e24-988d-df3e21e487be",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.133946Z",
+ "modified": "2024-02-24T00:15:17.133946Z",
+ "name": "CVE-2024-1784",
+ "description": "A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1784"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9ca3ec0c-7454-4c8d-a4c1-90e947c8f0ec.json b/objects/vulnerability/vulnerability--9ca3ec0c-7454-4c8d-a4c1-90e947c8f0ec.json
new file mode 100644
index 00000000000..d85e061ff16
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9ca3ec0c-7454-4c8d-a4c1-90e947c8f0ec.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f4c40ccf-6ff2-4954-ace0-3f4a4db1f152",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9ca3ec0c-7454-4c8d-a4c1-90e947c8f0ec",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:15.097954Z",
+ "modified": "2024-02-24T00:15:15.097954Z",
+ "name": "CVE-2023-51394",
+ "description": "High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-51394"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9e6eb399-a801-405b-b7e9-4bde20ce5db2.json b/objects/vulnerability/vulnerability--9e6eb399-a801-405b-b7e9-4bde20ce5db2.json
new file mode 100644
index 00000000000..02be79774fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9e6eb399-a801-405b-b7e9-4bde20ce5db2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--33593f49-5dce-4c48-abf4-dfeb58db7808",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9e6eb399-a801-405b-b7e9-4bde20ce5db2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.278052Z",
+ "modified": "2024-02-24T00:15:17.278052Z",
+ "name": "CVE-2024-26593",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26593"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9eac7ae2-7481-4edc-aebb-81ba8be70d92.json b/objects/vulnerability/vulnerability--9eac7ae2-7481-4edc-aebb-81ba8be70d92.json
new file mode 100644
index 00000000000..f5c3f2f638d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9eac7ae2-7481-4edc-aebb-81ba8be70d92.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7bd5edf5-f966-4472-a51c-03495857c40a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9eac7ae2-7481-4edc-aebb-81ba8be70d92",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.281372Z",
+ "modified": "2024-02-24T00:15:17.281372Z",
+ "name": "CVE-2024-26594",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate mech token in session setup\n\nIf client send invalid mech token in session setup request, ksmbd\nvalidate and make the error if it is invalid.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26594"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f2d93a9-00f5-4b0e-a890-c4e22ff89a07.json b/objects/vulnerability/vulnerability--9f2d93a9-00f5-4b0e-a890-c4e22ff89a07.json
new file mode 100644
index 00000000000..b73f4d00b5a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f2d93a9-00f5-4b0e-a890-c4e22ff89a07.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18c138da-0983-4dd4-a8e6-54988f16b273",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f2d93a9-00f5-4b0e-a890-c4e22ff89a07",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.791696Z",
+ "modified": "2024-02-24T00:15:13.791696Z",
+ "name": "CVE-2023-52455",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Don't reserve 0-length IOVA region\n\nWhen the bootloader/firmware doesn't setup the framebuffers, their\naddress and size are 0 in \"iommu-addresses\" property. If IOVA region is\nreserved with 0 length, then it ends up corrupting the IOVA rbtree with\nan entry which has pfn_hi < pfn_lo.\nIf we intend to use display driver in kernel without framebuffer then\nit's causing the display IOMMU mappings to fail as entire valid IOVA\nspace is reserved when address and length are passed as 0.\nAn ideal solution would be firmware removing the \"iommu-addresses\"\nproperty and corresponding \"memory-region\" if display is not present.\nBut the kernel should be able to handle this by checking for size of\nIOVA region and skipping the IOVA reservation if size is 0. Also, add\na warning if firmware is requesting 0-length IOVA region reservation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52455"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a03611c4-4d6a-407a-bbf7-1604e6302e7c.json b/objects/vulnerability/vulnerability--a03611c4-4d6a-407a-bbf7-1604e6302e7c.json
new file mode 100644
index 00000000000..a55b14740ea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a03611c4-4d6a-407a-bbf7-1604e6302e7c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6847ae01-b210-436a-bea0-9b19a81fcfbc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a03611c4-4d6a-407a-bbf7-1604e6302e7c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.142952Z",
+ "modified": "2024-02-24T00:15:17.142952Z",
+ "name": "CVE-2024-1833",
+ "description": "A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1833"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a72238ec-0f0f-45ac-8c41-f7fe7dfb0f2b.json b/objects/vulnerability/vulnerability--a72238ec-0f0f-45ac-8c41-f7fe7dfb0f2b.json
new file mode 100644
index 00000000000..8ef1add6d11
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a72238ec-0f0f-45ac-8c41-f7fe7dfb0f2b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ae4bb2ac-0165-48c4-a3e7-119e73f44a22",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a72238ec-0f0f-45ac-8c41-f7fe7dfb0f2b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.128507Z",
+ "modified": "2024-02-24T00:15:17.128507Z",
+ "name": "CVE-2024-1826",
+ "description": "A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1826"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b2860a6f-4118-4c40-859f-5a1746ff0abf.json b/objects/vulnerability/vulnerability--b2860a6f-4118-4c40-859f-5a1746ff0abf.json
new file mode 100644
index 00000000000..ac9779379da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b2860a6f-4118-4c40-859f-5a1746ff0abf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4d3ee6f6-214b-4dec-8a59-9642001a8bb1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b2860a6f-4118-4c40-859f-5a1746ff0abf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.786246Z",
+ "modified": "2024-02-24T00:15:13.786246Z",
+ "name": "CVE-2023-52453",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume\n\nWhen the optional PRE_COPY support was added to speed up the device\ncompatibility check, it failed to update the saving/resuming data\npointers based on the fd offset. This results in migration data\ncorruption and when the device gets started on the destination the\nfollowing error is reported in some cases,\n\n[ 478.907684] arm-smmu-v3 arm-smmu-v3.2.auto: event 0x10 received:\n[ 478.913691] arm-smmu-v3 arm-smmu-v3.2.auto: 0x0000310200000010\n[ 478.919603] arm-smmu-v3 arm-smmu-v3.2.auto: 0x000002088000007f\n[ 478.925515] arm-smmu-v3 arm-smmu-v3.2.auto: 0x0000000000000000\n[ 478.931425] arm-smmu-v3 arm-smmu-v3.2.auto: 0x0000000000000000\n[ 478.947552] hisi_zip 0000:31:00.0: qm_axi_rresp [error status=0x1] found\n[ 478.955930] hisi_zip 0000:31:00.0: qm_db_timeout [error status=0x400] found\n[ 478.955944] hisi_zip 0000:31:00.0: qm sq doorbell timeout in function 2",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52453"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b357c0a0-b481-4159-9e13-15a2ef87f042.json b/objects/vulnerability/vulnerability--b357c0a0-b481-4159-9e13-15a2ef87f042.json
new file mode 100644
index 00000000000..86fe90dd98c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b357c0a0-b481-4159-9e13-15a2ef87f042.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4f1673cb-84ed-43b3-853e-2c1419008904",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b357c0a0-b481-4159-9e13-15a2ef87f042",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.783009Z",
+ "modified": "2024-02-24T00:15:13.783009Z",
+ "name": "CVE-2023-52463",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: force RO when remounting if SetVariable is not supported\n\nIf SetVariable at runtime is not supported by the firmware we never assign\na callback for that function. At the same time mount the efivarfs as\nRO so no one can call that. However, we never check the permission flags\nwhen someone remounts the filesystem as RW. As a result this leads to a\ncrash looking like this:\n\n$ mount -o remount,rw /sys/firmware/efi/efivars\n$ efi-updatevar -f PK.auth PK\n\n[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 303.280482] Mem abort info:\n[ 303.280854] ESR = 0x0000000086000004\n[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 303.282016] SET = 0, FnV = 0\n[ 303.282414] EA = 0, S1PTW = 0\n[ 303.282821] FSC = 0x04: level 0 translation fault\n[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000\n[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6\n[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1\n[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023\n[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 303.292123] pc : 0x0\n[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec\n[ 303.293156] sp : ffff800008673c10\n[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000\n[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027\n[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000\n[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000\n[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54\n[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4\n[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002\n[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201\n[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc\n[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000\n[ 303.303341] Call trace:\n[ 303.303679] 0x0\n[ 303.303938] efivar_entry_set_get_size+0x98/0x16c\n[ 303.304585] efivarfs_file_write+0xd0/0x1a4\n[ 303.305148] vfs_write+0xc4/0x2e4\n[ 303.305601] ksys_write+0x70/0x104\n[ 303.306073] __arm64_sys_write+0x1c/0x28\n[ 303.306622] invoke_syscall+0x48/0x114\n[ 303.307156] el0_svc_common.constprop.0+0x44/0xec\n[ 303.307803] do_el0_svc+0x38/0x98\n[ 303.308268] el0_svc+0x2c/0x84\n[ 303.308702] el0t_64_sync_handler+0xf4/0x120\n[ 303.309293] el0t_64_sync+0x190/0x194\n[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)\n[ 303.310612] ---[ end trace 0000000000000000 ]---\n\nFix this by adding a .reconfigure() function to the fs operations which\nwe can use to check the requested flags and deny anything that's not RO\nif the firmware doesn't implement SetVariable at runtime.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52463"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b5b116de-3a7f-4529-9d32-f0eb80ed781f.json b/objects/vulnerability/vulnerability--b5b116de-3a7f-4529-9d32-f0eb80ed781f.json
new file mode 100644
index 00000000000..92e13088d9f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b5b116de-3a7f-4529-9d32-f0eb80ed781f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1ebe4363-bb2f-4dff-81a0-824f71369cef",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b5b116de-3a7f-4529-9d32-f0eb80ed781f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.146483Z",
+ "modified": "2024-02-24T00:15:17.146483Z",
+ "name": "CVE-2024-1830",
+ "description": "A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1830"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b9fc56fa-5852-4af3-8142-5f948c79ebf0.json b/objects/vulnerability/vulnerability--b9fc56fa-5852-4af3-8142-5f948c79ebf0.json
new file mode 100644
index 00000000000..9115b91ba6e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b9fc56fa-5852-4af3-8142-5f948c79ebf0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c2bee9b7-ce43-4499-b99c-adad36758937",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b9fc56fa-5852-4af3-8142-5f948c79ebf0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.798805Z",
+ "modified": "2024-02-24T00:15:13.798805Z",
+ "name": "CVE-2023-52456",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52456"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bcbf23ed-c618-4ebb-a100-af589fd57921.json b/objects/vulnerability/vulnerability--bcbf23ed-c618-4ebb-a100-af589fd57921.json
new file mode 100644
index 00000000000..23a9606f2da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bcbf23ed-c618-4ebb-a100-af589fd57921.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6d074713-1a9e-44ac-9c83-0c369d0fce01",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bcbf23ed-c618-4ebb-a100-af589fd57921",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:15.835949Z",
+ "modified": "2024-02-24T00:15:15.835949Z",
+ "name": "CVE-2023-37540",
+ "description": "Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-37540"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c0a40774-8e52-433f-898d-7e06b827a0dd.json b/objects/vulnerability/vulnerability--c0a40774-8e52-433f-898d-7e06b827a0dd.json
new file mode 100644
index 00000000000..0fcf5b2f697
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c0a40774-8e52-433f-898d-7e06b827a0dd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21c965ee-9d4d-4a98-8072-9bc3eacfc3bc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c0a40774-8e52-433f-898d-7e06b827a0dd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.377291Z",
+ "modified": "2024-02-24T00:15:17.377291Z",
+ "name": "CVE-2024-24310",
+ "description": "In the module \"Generate barcode on invoice / delivery slip\" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-24310"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c1d95967-7db5-4092-852e-6d16e3b6c0f2.json b/objects/vulnerability/vulnerability--c1d95967-7db5-4092-852e-6d16e3b6c0f2.json
new file mode 100644
index 00000000000..a0b2d9c8d97
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c1d95967-7db5-4092-852e-6d16e3b6c0f2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b1ffdbf1-751a-40d7-967c-a7ab092bba65",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c1d95967-7db5-4092-852e-6d16e3b6c0f2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.12754Z",
+ "modified": "2024-02-24T00:15:17.12754Z",
+ "name": "CVE-2024-1824",
+ "description": "A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1824"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c48f8a6c-f945-4620-bce7-2479d4b3f81d.json b/objects/vulnerability/vulnerability--c48f8a6c-f945-4620-bce7-2479d4b3f81d.json
new file mode 100644
index 00000000000..176696b1a1a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c48f8a6c-f945-4620-bce7-2479d4b3f81d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d0a0f2be-3aa3-41fd-a7a2-71b14467a5e1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c48f8a6c-f945-4620-bce7-2479d4b3f81d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.411167Z",
+ "modified": "2024-02-24T00:15:17.411167Z",
+ "name": "CVE-2024-24681",
+ "description": "Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-24681"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ca7ecf22-bd7c-4a1d-b9e6-c8ff84950f16.json b/objects/vulnerability/vulnerability--ca7ecf22-bd7c-4a1d-b9e6-c8ff84950f16.json
new file mode 100644
index 00000000000..53c5e640c02
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ca7ecf22-bd7c-4a1d-b9e6-c8ff84950f16.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5d7206d5-89b3-4b0e-84bc-31149a6008a4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ca7ecf22-bd7c-4a1d-b9e6-c8ff84950f16",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.181012Z",
+ "modified": "2024-02-24T00:15:17.181012Z",
+ "name": "CVE-2024-1818",
+ "description": "A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1818"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cd40a56e-685a-4683-848f-3fc6e8f8ada4.json b/objects/vulnerability/vulnerability--cd40a56e-685a-4683-848f-3fc6e8f8ada4.json
new file mode 100644
index 00000000000..741c3d3b43c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cd40a56e-685a-4683-848f-3fc6e8f8ada4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--84d36def-8201-40fc-81b6-71dddb3b3c03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cd40a56e-685a-4683-848f-3fc6e8f8ada4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:15.076093Z",
+ "modified": "2024-02-24T00:15:15.076093Z",
+ "name": "CVE-2023-51392",
+ "description": "Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-51392"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cd5140ff-e9d7-40f4-b7cd-7c75a4710678.json b/objects/vulnerability/vulnerability--cd5140ff-e9d7-40f4-b7cd-7c75a4710678.json
new file mode 100644
index 00000000000..7913c72ef53
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cd5140ff-e9d7-40f4-b7cd-7c75a4710678.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4ad5f790-65f7-4ec8-adc5-3699e6508058",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cd5140ff-e9d7-40f4-b7cd-7c75a4710678",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.272374Z",
+ "modified": "2024-02-24T00:15:17.272374Z",
+ "name": "CVE-2024-26596",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events\n\nAfter the blamed commit, we started doing this dereference for every\nNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.\n\nstatic inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)\n{\n\tstruct dsa_user_priv *p = netdev_priv(dev);\n\n\treturn p->dp;\n}\n\nWhich is obviously bogus, because not all net_devices have a netdev_priv()\nof type struct dsa_user_priv. But struct dsa_user_priv is fairly small,\nand p->dp means dereferencing 8 bytes starting with offset 16. Most\ndrivers allocate that much private memory anyway, making our access not\nfault, and we discard the bogus data quickly afterwards, so this wasn't\ncaught.\n\nBut the dummy interface is somewhat special in that it calls\nalloc_netdev() with a priv size of 0. So every netdev_priv() dereference\nis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event\nwith a VLAN as its new upper:\n\n$ ip link add dummy1 type dummy\n$ ip link add link dummy1 name dummy1.100 type vlan id 100\n[ 43.309174] ==================================================================\n[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8\n[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374\n[ 43.330058]\n[ 43.342436] Call trace:\n[ 43.366542] dsa_user_prechangeupper+0x30/0xe8\n[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8\n[ 43.375768] notifier_call_chain+0xa4/0x210\n[ 43.379985] raw_notifier_call_chain+0x24/0x38\n[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8\n[ 43.389120] netdev_upper_dev_link+0x70/0xa8\n[ 43.393424] register_vlan_dev+0x1bc/0x310\n[ 43.397554] vlan_newlink+0x210/0x248\n[ 43.401247] rtnl_newlink+0x9fc/0xe30\n[ 43.404942] rtnetlink_rcv_msg+0x378/0x580\n\nAvoid the kernel oops by dereferencing after the type check, as customary.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26596"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ceef9d52-842b-4008-9c91-a62f3569b167.json b/objects/vulnerability/vulnerability--ceef9d52-842b-4008-9c91-a62f3569b167.json
new file mode 100644
index 00000000000..51f17364437
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ceef9d52-842b-4008-9c91-a62f3569b167.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ad63d945-a95c-4f76-b50b-58df322e591e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ceef9d52-842b-4008-9c91-a62f3569b167",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.809286Z",
+ "modified": "2024-02-24T00:15:13.809286Z",
+ "name": "CVE-2023-52464",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/thunderx: Fix possible out-of-bounds string access\n\nEnabling -Wstringop-overflow globally exposes a warning for a common bug\nin the usage of strncat():\n\n drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':\n drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]\n 1136 | strncat(msg, other, OCX_MESSAGE_SIZE);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n ...\n 1145 | strncat(msg, other, OCX_MESSAGE_SIZE);\n ...\n 1150 | strncat(msg, other, OCX_MESSAGE_SIZE);\n\n ...\n\nApparently the author of this driver expected strncat() to behave the\nway that strlcat() does, which uses the size of the destination buffer\nas its third argument rather than the length of the source buffer. The\nresult is that there is no check on the size of the allocated buffer.\n\nChange it to strlcat().\n\n [ bp: Trim compiler output, fixup commit message. ]",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52464"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d090964d-e924-4495-ac03-b537d2fd49bc.json b/objects/vulnerability/vulnerability--d090964d-e924-4495-ac03-b537d2fd49bc.json
new file mode 100644
index 00000000000..fd5829725bf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d090964d-e924-4495-ac03-b537d2fd49bc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e1bff1d1-3943-4fd8-a1d3-0dd145198f7c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d090964d-e924-4495-ac03-b537d2fd49bc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.813016Z",
+ "modified": "2024-02-24T00:15:13.813016Z",
+ "name": "CVE-2023-52459",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix duplicated list deletion\n\nThe list deletion call dropped here is already called from the\nhelper function in the line before. Having a second list_del()\ncall results in either a warning (with CONFIG_DEBUG_LIST=y):\n\nlist_del corruption, c46c8198->next is LIST_POISON1 (00000100)\n\nIf CONFIG_DEBUG_LIST is disabled the operation results in a\nkernel error due to NULL pointer dereference.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52459"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d6cdb0b7-0a18-4c40-829a-f9b777a73ef2.json b/objects/vulnerability/vulnerability--d6cdb0b7-0a18-4c40-829a-f9b777a73ef2.json
new file mode 100644
index 00000000000..8d75117bad0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d6cdb0b7-0a18-4c40-829a-f9b777a73ef2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4fecc8e1-894f-4f87-95e0-51086c2584b7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d6cdb0b7-0a18-4c40-829a-f9b777a73ef2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:13.802687Z",
+ "modified": "2024-02-24T00:15:13.802687Z",
+ "name": "CVE-2023-52458",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-52458"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dafac234-6e2f-462a-a8c5-5f8a1346717e.json b/objects/vulnerability/vulnerability--dafac234-6e2f-462a-a8c5-5f8a1346717e.json
new file mode 100644
index 00000000000..886b7fcf985
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dafac234-6e2f-462a-a8c5-5f8a1346717e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f3797c58-e0c5-4fb1-8b49-289f4c7491dd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dafac234-6e2f-462a-a8c5-5f8a1346717e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.071433Z",
+ "modified": "2024-02-24T00:15:17.071433Z",
+ "name": "CVE-2024-22243",
+ "description": "Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-22243"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dbc63ae3-f5d6-438e-92bb-1625fcd526b2.json b/objects/vulnerability/vulnerability--dbc63ae3-f5d6-438e-92bb-1625fcd526b2.json
new file mode 100644
index 00000000000..ce20c93dbb0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dbc63ae3-f5d6-438e-92bb-1625fcd526b2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0ed550d7-5074-48d9-804f-b67281176a45",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dbc63ae3-f5d6-438e-92bb-1625fcd526b2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.105739Z",
+ "modified": "2024-02-24T00:15:17.105739Z",
+ "name": "CVE-2024-1819",
+ "description": "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254607.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1819"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dd93870b-0d95-4145-bcb9-ba33e0f90130.json b/objects/vulnerability/vulnerability--dd93870b-0d95-4145-bcb9-ba33e0f90130.json
new file mode 100644
index 00000000000..b79a4c0c101
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dd93870b-0d95-4145-bcb9-ba33e0f90130.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b28d1429-a044-4ac9-b6d0-bfd83f7e2b6c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dd93870b-0d95-4145-bcb9-ba33e0f90130",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.143949Z",
+ "modified": "2024-02-24T00:15:17.143949Z",
+ "name": "CVE-2024-1778",
+ "description": "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1778"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e0f77025-6af2-479b-adf2-6965b0d26711.json b/objects/vulnerability/vulnerability--e0f77025-6af2-479b-adf2-6965b0d26711.json
new file mode 100644
index 00000000000..b05d36f809e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e0f77025-6af2-479b-adf2-6965b0d26711.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e31b99ec-c64a-4d9d-9994-35ec92076990",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e0f77025-6af2-479b-adf2-6965b0d26711",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.268012Z",
+ "modified": "2024-02-24T00:15:17.268012Z",
+ "name": "CVE-2024-26150",
+ "description": "`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26150"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e1a2ca95-51c2-44db-87d7-27fa954a8e84.json b/objects/vulnerability/vulnerability--e1a2ca95-51c2-44db-87d7-27fa954a8e84.json
new file mode 100644
index 00000000000..54b2f0cf458
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e1a2ca95-51c2-44db-87d7-27fa954a8e84.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--572c7ddd-2e6d-44f3-bc72-56f960807fef",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e1a2ca95-51c2-44db-87d7-27fa954a8e84",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.190271Z",
+ "modified": "2024-02-24T00:15:17.190271Z",
+ "name": "CVE-2024-23320",
+ "description": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.\n\n",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-23320"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ec50eddd-2599-4d37-8f10-7980f464eeb2.json b/objects/vulnerability/vulnerability--ec50eddd-2599-4d37-8f10-7980f464eeb2.json
new file mode 100644
index 00000000000..849e43a5732
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ec50eddd-2599-4d37-8f10-7980f464eeb2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7f8fcad2-639c-4b18-98dd-2b432cea37c4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ec50eddd-2599-4d37-8f10-7980f464eeb2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.140742Z",
+ "modified": "2024-02-24T00:15:17.140742Z",
+ "name": "CVE-2024-1821",
+ "description": "A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1821"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f200bc10-4b9d-4391-b283-1c43a63ae6c2.json b/objects/vulnerability/vulnerability--f200bc10-4b9d-4391-b283-1c43a63ae6c2.json
new file mode 100644
index 00000000000..3b71b3af8da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f200bc10-4b9d-4391-b283-1c43a63ae6c2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d41e26ad-0216-4a15-aa17-7f15486bcec7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f200bc10-4b9d-4391-b283-1c43a63ae6c2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.130105Z",
+ "modified": "2024-02-24T00:15:17.130105Z",
+ "name": "CVE-2024-1829",
+ "description": "A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1829"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f2e83c2b-e284-4b39-8d50-a7db0355d5af.json b/objects/vulnerability/vulnerability--f2e83c2b-e284-4b39-8d50-a7db0355d5af.json
new file mode 100644
index 00000000000..58cdfb9ab27
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f2e83c2b-e284-4b39-8d50-a7db0355d5af.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--64776f60-454a-4f78-95c8-2c1d1c250cee",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f2e83c2b-e284-4b39-8d50-a7db0355d5af",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:14.575369Z",
+ "modified": "2024-02-24T00:15:14.575369Z",
+ "name": "CVE-2023-4826",
+ "description": "The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-4826"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f406b0c8-7b6e-4ea5-9c0b-ba9cad091530.json b/objects/vulnerability/vulnerability--f406b0c8-7b6e-4ea5-9c0b-ba9cad091530.json
new file mode 100644
index 00000000000..61ccebea7f2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f406b0c8-7b6e-4ea5-9c0b-ba9cad091530.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--463387f1-da2e-4449-a40c-a406ef970232",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f406b0c8-7b6e-4ea5-9c0b-ba9cad091530",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.109872Z",
+ "modified": "2024-02-24T00:15:17.109872Z",
+ "name": "CVE-2024-1828",
+ "description": "A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1828"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fe7f6b39-95a4-4375-9c76-915bcac4ad68.json b/objects/vulnerability/vulnerability--fe7f6b39-95a4-4375-9c76-915bcac4ad68.json
new file mode 100644
index 00000000000..1f5aa55b406
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fe7f6b39-95a4-4375-9c76-915bcac4ad68.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a2e729bf-014a-4faa-b8fc-2009ff5263e9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fe7f6b39-95a4-4375-9c76-915bcac4ad68",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-02-24T00:15:17.239599Z",
+ "modified": "2024-02-24T00:15:17.239599Z",
+ "name": "CVE-2024-26599",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: Fix out-of-bounds access in of_pwm_single_xlate()\n\nWith args->args_count == 2 args->args[2] is not defined. Actually the\nflags are contained in args->args[1].",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-26599"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file