diff --git a/mapping.csv b/mapping.csv index 8c13d0a7f0a..6b73e82ca5e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247632,3 +247632,69 @@ vulnerability,CVE-2024-45036,vulnerability--6c583874-8a14-40fa-a747-56f8bad3c0a7 vulnerability,CVE-2024-6879,vulnerability--023cfc77-5852-43f3-ae71-00041cfc33e1 vulnerability,CVE-2023-26315,vulnerability--d6782490-0b70-4248-b84c-5b1e9f39db8b vulnerability,CVE-2023-49582,vulnerability--b388b486-9e4f-41ea-9e4b-1223263808ef +vulnerability,CVE-2022-39997,vulnerability--5b87eae8-78e7-4ec4-ac6b-379252bb94a6 +vulnerability,CVE-2022-39996,vulnerability--d03581e9-a829-4c68-91a0-4d8e408eeff2 +vulnerability,CVE-2024-41174,vulnerability--e3bbe404-42ac-4400-b63f-720efd635268 +vulnerability,CVE-2024-41173,vulnerability--0712fff5-e83f-42bb-a15c-514fd2fca6af +vulnerability,CVE-2024-41175,vulnerability--dc693254-26dd-4472-85f6-874c4dc3a002 +vulnerability,CVE-2024-41622,vulnerability--6c3c1dba-d131-40ad-ac1c-fbf52ffa0f23 +vulnerability,CVE-2024-41176,vulnerability--b3e4b99c-81cc-4571-b404-a10c9ae2c8bc +vulnerability,CVE-2024-44340,vulnerability--a0d85cde-6157-4542-adba-539cc28fb33e +vulnerability,CVE-2024-44342,vulnerability--4c5ca100-9ba9-40ed-aa32-b7d8341abe6c +vulnerability,CVE-2024-44341,vulnerability--8cd76235-9ac1-45cf-9ab7-5ce9b3a2b5f5 +vulnerability,CVE-2024-40395,vulnerability--976619e9-5885-4531-b20b-04af2a587f09 +vulnerability,CVE-2024-42851,vulnerability--ddd3f0ea-ab2b-4b4d-8b0a-d3faac8dd6e2 +vulnerability,CVE-2024-36068,vulnerability--2c485ffc-7550-48c5-b54b-91f420628bbc +vulnerability,CVE-2024-7791,vulnerability--4fb6d43e-3a53-4e3a-be3c-642e1860ac81 +vulnerability,CVE-2024-7071,vulnerability--563c3b78-96bc-432a-b1e0-d83c088555b8 +vulnerability,CVE-2024-7304,vulnerability--c6f850fc-95a4-4256-85a0-993c795a32cb +vulnerability,CVE-2024-7941,vulnerability--a6a22318-5beb-4caf-b682-46f288b3cb6b +vulnerability,CVE-2024-7720,vulnerability--d9bd835d-c5a4-4d52-986c-fa4601560c6a +vulnerability,CVE-2024-7940,vulnerability--e582470b-6838-4b52-bfce-dc112c6d6672 +vulnerability,CVE-2024-7125,vulnerability--29689e82-88d3-448f-8c3a-14ba08596953 +vulnerability,CVE-2024-7608,vulnerability--1d96a346-ca83-49cc-b707-62d2a745c0b0 +vulnerability,CVE-2024-1544,vulnerability--968b67df-164e-4d3c-90e1-4208eec91a3c +vulnerability,CVE-2024-43783,vulnerability--59612234-aea7-44f9-9ba6-32f20ceb9dc1 +vulnerability,CVE-2024-43414,vulnerability--a5eead2d-4d5d-4c95-8393-73e0a42f2060 +vulnerability,CVE-2024-43788,vulnerability--b0f3c7c1-a040-4d14-b49f-715da3d574f7 +vulnerability,CVE-2024-5288,vulnerability--eacf061f-9d6b-4995-ac0e-f709e9a1d0cc +vulnerability,CVE-2024-5814,vulnerability--bf2d0938-1b4a-4055-9478-6edeb7eef1d8 +vulnerability,CVE-2024-5991,vulnerability--a72e7899-eca2-4211-8556-009719597655 +vulnerability,CVE-2024-4872,vulnerability--e12f9bab-7167-4e5f-b831-50cacd6d02c3 +vulnerability,CVE-2024-8223,vulnerability--83d0ed6d-0267-430c-acf3-1c7dc1b96112 +vulnerability,CVE-2024-8226,vulnerability--4850a485-9c33-48ff-8afe-4d1cd462d253 +vulnerability,CVE-2024-8216,vulnerability--058eae69-6f23-443d-b274-51512ce241d2 +vulnerability,CVE-2024-8197,vulnerability--25fc460a-36be-48db-a6fd-d1f19580e8e3 +vulnerability,CVE-2024-8213,vulnerability--e925f5e7-e513-4f3b-84c9-0102b04f2196 +vulnerability,CVE-2024-8199,vulnerability--55972ff9-f2d6-4f1c-8c21-2da126f47129 +vulnerability,CVE-2024-8200,vulnerability--65ea8bb0-ceab-44c5-b7c0-ff5d6e32266f +vulnerability,CVE-2024-8211,vulnerability--eb029678-d65e-4711-a534-3ccec85d34a4 +vulnerability,CVE-2024-8046,vulnerability--4ec62894-fe58-496a-a37f-f1cae2f9060c +vulnerability,CVE-2024-8210,vulnerability--5d3898b7-4089-4679-9f67-53259890f088 +vulnerability,CVE-2024-8207,vulnerability--0d5b1b06-fd8e-4246-8270-abc02e17e7b5 +vulnerability,CVE-2024-8221,vulnerability--331d7a92-6f6f-4111-b217-6e716039f73e +vulnerability,CVE-2024-8182,vulnerability--d91465c9-2649-4f24-8275-116e387605b1 +vulnerability,CVE-2024-8219,vulnerability--af660148-5e84-4ed9-81f3-728b17067223 +vulnerability,CVE-2024-8217,vulnerability--e7da45f0-0999-4af9-beb2-adb7e9e5f3c5 +vulnerability,CVE-2024-8220,vulnerability--1af57f19-1887-4024-8436-061944a57497 +vulnerability,CVE-2024-8218,vulnerability--4b5a8e4d-7c1f-4685-8a7b-a5b0a3f0fad6 +vulnerability,CVE-2024-8225,vulnerability--d520c3a1-b221-4213-a90d-33b698c39730 +vulnerability,CVE-2024-8224,vulnerability--f874ed7b-d466-4149-b69d-ff4b8e57f578 +vulnerability,CVE-2024-8209,vulnerability--22282e69-9ed5-49d4-bd68-ba3cb5e17ecb +vulnerability,CVE-2024-8208,vulnerability--1d613cd9-8ce4-4922-b0f0-f3c49e44c042 +vulnerability,CVE-2024-8181,vulnerability--bd8f18b1-a2aa-4907-a6ab-c198f791dccc +vulnerability,CVE-2024-8214,vulnerability--01ded183-4ad1-43ec-861b-426221dbb97f +vulnerability,CVE-2024-8212,vulnerability--79865a18-54ee-474f-bf07-35f5ec8d89b1 +vulnerability,CVE-2024-8222,vulnerability--72924eaa-d771-4983-9e60-9daef8a6e031 +vulnerability,CVE-2024-3982,vulnerability--d08a6d20-be41-4844-adeb-d1ed7fb0af58 +vulnerability,CVE-2024-3980,vulnerability--de5fdd12-e6c7-40e4-aac1-dae863d634ef +vulnerability,CVE-2024-45037,vulnerability--7f076169-7f94-43cc-a38a-d4a09d92982b +vulnerability,CVE-2024-45049,vulnerability--393f9734-193e-46e0-b2e5-c9938d584799 +vulnerability,CVE-2024-45321,vulnerability--3142a715-e32f-48af-8814-7202a1125a7d +vulnerability,CVE-2024-45264,vulnerability--ea3e7963-95c3-4de4-8a4e-a3a6f92c1b28 +vulnerability,CVE-2024-45038,vulnerability--f31f6de9-8ba6-4d89-88cd-78111d039405 +vulnerability,CVE-2024-6804,vulnerability--2f181b8c-4007-41a4-a8ea-6361cadf115d +vulnerability,CVE-2024-6633,vulnerability--ebd9097a-8a4f-45d6-a730-3622640edcca +vulnerability,CVE-2024-6632,vulnerability--b947f994-db86-4cd9-a07f-6f27e0b5b579 +vulnerability,CVE-2024-6789,vulnerability--06b3a8b9-e604-4b6e-bb27-64abcfb2fc16 +vulnerability,CVE-2024-6688,vulnerability--e9b8a3ef-5269-43c5-a33b-5542600aee2d diff --git a/objects/vulnerability/vulnerability--01ded183-4ad1-43ec-861b-426221dbb97f.json b/objects/vulnerability/vulnerability--01ded183-4ad1-43ec-861b-426221dbb97f.json new file mode 100644 index 00000000000..d13274d979d --- /dev/null +++ b/objects/vulnerability/vulnerability--01ded183-4ad1-43ec-861b-426221dbb97f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e3aa840-e965-4840-8225-0c6ad7d02b50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01ded183-4ad1-43ec-861b-426221dbb97f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.860857Z", + "modified": "2024-08-28T00:18:59.860857Z", + "name": "CVE-2024-8214", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--058eae69-6f23-443d-b274-51512ce241d2.json b/objects/vulnerability/vulnerability--058eae69-6f23-443d-b274-51512ce241d2.json new file mode 100644 index 00000000000..30ea0d32f8c --- /dev/null +++ b/objects/vulnerability/vulnerability--058eae69-6f23-443d-b274-51512ce241d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2093336-926d-48a6-bf98-be8407067548", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--058eae69-6f23-443d-b274-51512ce241d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.829737Z", + "modified": "2024-08-28T00:18:59.829737Z", + "name": "CVE-2024-8216", + "description": "A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06b3a8b9-e604-4b6e-bb27-64abcfb2fc16.json b/objects/vulnerability/vulnerability--06b3a8b9-e604-4b6e-bb27-64abcfb2fc16.json new file mode 100644 index 00000000000..810e329afec --- /dev/null +++ b/objects/vulnerability/vulnerability--06b3a8b9-e604-4b6e-bb27-64abcfb2fc16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c618f0f1-4e2c-45e4-a77e-1484945840ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06b3a8b9-e604-4b6e-bb27-64abcfb2fc16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.972453Z", + "modified": "2024-08-28T00:18:59.972453Z", + "name": "CVE-2024-6789", + "description": "A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0712fff5-e83f-42bb-a15c-514fd2fca6af.json b/objects/vulnerability/vulnerability--0712fff5-e83f-42bb-a15c-514fd2fca6af.json new file mode 100644 index 00000000000..c5d92d13131 --- /dev/null +++ b/objects/vulnerability/vulnerability--0712fff5-e83f-42bb-a15c-514fd2fca6af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87ba617a-bad7-43ee-ab74-e1a15f7b3add", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0712fff5-e83f-42bb-a15c-514fd2fca6af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.089677Z", + "modified": "2024-08-28T00:18:58.089677Z", + "name": "CVE-2024-41173", + "description": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d5b1b06-fd8e-4246-8270-abc02e17e7b5.json b/objects/vulnerability/vulnerability--0d5b1b06-fd8e-4246-8270-abc02e17e7b5.json new file mode 100644 index 00000000000..d2c71c02fed --- /dev/null +++ b/objects/vulnerability/vulnerability--0d5b1b06-fd8e-4246-8270-abc02e17e7b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da1a214f-3396-4835-a9af-8da556fe35dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d5b1b06-fd8e-4246-8270-abc02e17e7b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.841811Z", + "modified": "2024-08-28T00:18:59.841811Z", + "name": "CVE-2024-8207", + "description": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1af57f19-1887-4024-8436-061944a57497.json b/objects/vulnerability/vulnerability--1af57f19-1887-4024-8436-061944a57497.json new file mode 100644 index 00000000000..9ccca5104e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--1af57f19-1887-4024-8436-061944a57497.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13855d84-5bc1-4fa9-8f3c-031bb5c12af5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1af57f19-1887-4024-8436-061944a57497", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.849886Z", + "modified": "2024-08-28T00:18:59.849886Z", + "name": "CVE-2024-8220", + "description": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file staffedit.php. The manipulation of the argument id/stafftype/address/fullname/phonenumber/salary leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d613cd9-8ce4-4922-b0f0-f3c49e44c042.json b/objects/vulnerability/vulnerability--1d613cd9-8ce4-4922-b0f0-f3c49e44c042.json new file mode 100644 index 00000000000..43fe037f93d --- /dev/null +++ b/objects/vulnerability/vulnerability--1d613cd9-8ce4-4922-b0f0-f3c49e44c042.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26d01ef8-b774-448a-8f3b-69cbc73a589a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d613cd9-8ce4-4922-b0f0-f3c49e44c042", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.858679Z", + "modified": "2024-08-28T00:18:59.858679Z", + "name": "CVE-2024-8208", + "description": "A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d96a346-ca83-49cc-b707-62d2a745c0b0.json b/objects/vulnerability/vulnerability--1d96a346-ca83-49cc-b707-62d2a745c0b0.json new file mode 100644 index 00000000000..3ce137d23c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d96a346-ca83-49cc-b707-62d2a745c0b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ef126dc-655f-482e-b395-143c133e58de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d96a346-ca83-49cc-b707-62d2a745c0b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.162455Z", + "modified": "2024-08-28T00:18:59.162455Z", + "name": "CVE-2024-7608", + "description": "An authenticated user can download sensitive files from Trellix products NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22282e69-9ed5-49d4-bd68-ba3cb5e17ecb.json b/objects/vulnerability/vulnerability--22282e69-9ed5-49d4-bd68-ba3cb5e17ecb.json new file mode 100644 index 00000000000..fa6eed08438 --- /dev/null +++ b/objects/vulnerability/vulnerability--22282e69-9ed5-49d4-bd68-ba3cb5e17ecb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dabc8cd-14ac-4bb9-a9a7-50f6d65fe1a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22282e69-9ed5-49d4-bd68-ba3cb5e17ecb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.857589Z", + "modified": "2024-08-28T00:18:59.857589Z", + "name": "CVE-2024-8209", + "description": "A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8209" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25fc460a-36be-48db-a6fd-d1f19580e8e3.json b/objects/vulnerability/vulnerability--25fc460a-36be-48db-a6fd-d1f19580e8e3.json new file mode 100644 index 00000000000..878df0e4fa7 --- /dev/null +++ b/objects/vulnerability/vulnerability--25fc460a-36be-48db-a6fd-d1f19580e8e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--885aa2a4-fd23-45b9-8810-248ce10a1621", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25fc460a-36be-48db-a6fd-d1f19580e8e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.83201Z", + "modified": "2024-08-28T00:18:59.83201Z", + "name": "CVE-2024-8197", + "description": "The Visual Sound plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.03. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29689e82-88d3-448f-8c3a-14ba08596953.json b/objects/vulnerability/vulnerability--29689e82-88d3-448f-8c3a-14ba08596953.json new file mode 100644 index 00000000000..0d5fca52fc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--29689e82-88d3-448f-8c3a-14ba08596953.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4cba70b-ee79-4d83-8b05-451eba51d337", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29689e82-88d3-448f-8c3a-14ba08596953", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.146322Z", + "modified": "2024-08-28T00:18:59.146322Z", + "name": "CVE-2024-7125", + "description": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7125" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c485ffc-7550-48c5-b54b-91f420628bbc.json b/objects/vulnerability/vulnerability--2c485ffc-7550-48c5-b54b-91f420628bbc.json new file mode 100644 index 00000000000..2c69ecf19bd --- /dev/null +++ b/objects/vulnerability/vulnerability--2c485ffc-7550-48c5-b54b-91f420628bbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7b6b99e-01e4-4c7a-bc8c-150f7e85ad6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c485ffc-7550-48c5-b54b-91f420628bbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.952687Z", + "modified": "2024-08-28T00:18:58.952687Z", + "name": "CVE-2024-36068", + "description": "An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f181b8c-4007-41a4-a8ea-6361cadf115d.json b/objects/vulnerability/vulnerability--2f181b8c-4007-41a4-a8ea-6361cadf115d.json new file mode 100644 index 00000000000..dc04fdd0a8e --- /dev/null +++ b/objects/vulnerability/vulnerability--2f181b8c-4007-41a4-a8ea-6361cadf115d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ae592ee-9d09-4241-a177-de4dac37ac0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f181b8c-4007-41a4-a8ea-6361cadf115d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.944484Z", + "modified": "2024-08-28T00:18:59.944484Z", + "name": "CVE-2024-6804", + "description": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3142a715-e32f-48af-8814-7202a1125a7d.json b/objects/vulnerability/vulnerability--3142a715-e32f-48af-8814-7202a1125a7d.json new file mode 100644 index 00000000000..47fc664b98e --- /dev/null +++ b/objects/vulnerability/vulnerability--3142a715-e32f-48af-8814-7202a1125a7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09fda30d-9c98-490c-8927-9577c5792518", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3142a715-e32f-48af-8814-7202a1125a7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.933798Z", + "modified": "2024-08-28T00:18:59.933798Z", + "name": "CVE-2024-45321", + "description": "The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--331d7a92-6f6f-4111-b217-6e716039f73e.json b/objects/vulnerability/vulnerability--331d7a92-6f6f-4111-b217-6e716039f73e.json new file mode 100644 index 00000000000..190f229270a --- /dev/null +++ b/objects/vulnerability/vulnerability--331d7a92-6f6f-4111-b217-6e716039f73e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ea12b70-db87-45d0-8328-cf65e81c320d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--331d7a92-6f6f-4111-b217-6e716039f73e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.843094Z", + "modified": "2024-08-28T00:18:59.843094Z", + "name": "CVE-2024-8221", + "description": "A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8221" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--393f9734-193e-46e0-b2e5-c9938d584799.json b/objects/vulnerability/vulnerability--393f9734-193e-46e0-b2e5-c9938d584799.json new file mode 100644 index 00000000000..0014f435245 --- /dev/null +++ b/objects/vulnerability/vulnerability--393f9734-193e-46e0-b2e5-c9938d584799.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e441947c-39d9-45da-ba01-60b015e7f5cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--393f9734-193e-46e0-b2e5-c9938d584799", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.931639Z", + "modified": "2024-08-28T00:18:59.931639Z", + "name": "CVE-2024-45049", + "description": "Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the \"Evaluate jobset\" button in the frontend.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45049" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4850a485-9c33-48ff-8afe-4d1cd462d253.json b/objects/vulnerability/vulnerability--4850a485-9c33-48ff-8afe-4d1cd462d253.json new file mode 100644 index 00000000000..855cb94d2c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4850a485-9c33-48ff-8afe-4d1cd462d253.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef59bc1c-8b8e-41c4-bed2-53204eea5601", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4850a485-9c33-48ff-8afe-4d1cd462d253", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.828222Z", + "modified": "2024-08-28T00:18:59.828222Z", + "name": "CVE-2024-8226", + "description": "A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b5a8e4d-7c1f-4685-8a7b-a5b0a3f0fad6.json b/objects/vulnerability/vulnerability--4b5a8e4d-7c1f-4685-8a7b-a5b0a3f0fad6.json new file mode 100644 index 00000000000..bdb7b7f6ae3 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b5a8e4d-7c1f-4685-8a7b-a5b0a3f0fad6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e98f9a1a-1353-4643-9d51-651702ba8544", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b5a8e4d-7c1f-4685-8a7b-a5b0a3f0fad6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.851327Z", + "modified": "2024-08-28T00:18:59.851327Z", + "name": "CVE-2024-8218", + "description": "A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument loginid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8218" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c5ca100-9ba9-40ed-aa32-b7d8341abe6c.json b/objects/vulnerability/vulnerability--4c5ca100-9ba9-40ed-aa32-b7d8341abe6c.json new file mode 100644 index 00000000000..7d1eb0c41e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c5ca100-9ba9-40ed-aa32-b7d8341abe6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53781858-ae50-48cc-80e4-90cdfb9e8a8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c5ca100-9ba9-40ed-aa32-b7d8341abe6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.302814Z", + "modified": "2024-08-28T00:18:58.302814Z", + "name": "CVE-2024-44342", + "description": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ec62894-fe58-496a-a37f-f1cae2f9060c.json b/objects/vulnerability/vulnerability--4ec62894-fe58-496a-a37f-f1cae2f9060c.json new file mode 100644 index 00000000000..d84e3aec0f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ec62894-fe58-496a-a37f-f1cae2f9060c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cb2ecf4-4aa7-4982-8475-068253db2535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ec62894-fe58-496a-a37f-f1cae2f9060c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.838393Z", + "modified": "2024-08-28T00:18:59.838393Z", + "name": "CVE-2024-8046", + "description": "The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8046" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fb6d43e-3a53-4e3a-be3c-642e1860ac81.json b/objects/vulnerability/vulnerability--4fb6d43e-3a53-4e3a-be3c-642e1860ac81.json new file mode 100644 index 00000000000..27c037a9176 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fb6d43e-3a53-4e3a-be3c-642e1860ac81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--50303a80-28c2-4ce7-b15d-690c42879aeb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fb6d43e-3a53-4e3a-be3c-642e1860ac81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.111549Z", + "modified": "2024-08-28T00:18:59.111549Z", + "name": "CVE-2024-7791", + "description": "The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55972ff9-f2d6-4f1c-8c21-2da126f47129.json b/objects/vulnerability/vulnerability--55972ff9-f2d6-4f1c-8c21-2da126f47129.json new file mode 100644 index 00000000000..75240a312fc --- /dev/null +++ b/objects/vulnerability/vulnerability--55972ff9-f2d6-4f1c-8c21-2da126f47129.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a5c78a8-bda6-40f5-9ea7-cda1be1a63e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55972ff9-f2d6-4f1c-8c21-2da126f47129", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.8347Z", + "modified": "2024-08-28T00:18:59.8347Z", + "name": "CVE-2024-8199", + "description": "The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8199" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--563c3b78-96bc-432a-b1e0-d83c088555b8.json b/objects/vulnerability/vulnerability--563c3b78-96bc-432a-b1e0-d83c088555b8.json new file mode 100644 index 00000000000..766030f7996 --- /dev/null +++ b/objects/vulnerability/vulnerability--563c3b78-96bc-432a-b1e0-d83c088555b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e067926f-7613-4a1c-b63a-28a76c723f4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--563c3b78-96bc-432a-b1e0-d83c088555b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.124168Z", + "modified": "2024-08-28T00:18:59.124168Z", + "name": "CVE-2024-7071", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7071" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59612234-aea7-44f9-9ba6-32f20ceb9dc1.json b/objects/vulnerability/vulnerability--59612234-aea7-44f9-9ba6-32f20ceb9dc1.json new file mode 100644 index 00000000000..ba6697376d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--59612234-aea7-44f9-9ba6-32f20ceb9dc1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72d8356f-7975-4d37-8ae7-94881ec69df4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59612234-aea7-44f9-9ba6-32f20ceb9dc1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.406257Z", + "modified": "2024-08-28T00:18:59.406257Z", + "name": "CVE-2024-43783", + "description": "The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of the following are true: 1. The Apollo Router has been configured to support [External Coprocessing](https://www.apollographql.com/docs/router/customizations/coprocessor). 2. The Apollo Router has been configured to send request bodies to coprocessors. This is a non-default configuration and must be configured intentionally by administrators. Instances of the Apollo Router running versions >=1.7.0 and <1.52.1 are impacted by a denial-of-service vulnerability if all of the following are true: 1. Router has been configured to use a custom-developed Native Rust Plugin. 2. The plugin accesses Request.router_request in the RouterService layer. 3. You are accumulating the body from Request.router_request into memory. If using an impacted configuration, the Router will load entire HTTP request bodies into memory without respect to other HTTP request size-limiting configurations like limits.http_max_request_bytes. This can cause the Router to be out-of-memory (OOM) terminated if a sufficiently large request is sent to the Router. By default, the Router sets limits.http_max_request_bytes to 2 MB. If you have an impacted configuration as defined above, please upgrade to at least Apollo Router 1.52.1. If you cannot upgrade, you can mitigate the denial-of-service opportunity impacting External Coprocessors by setting the coprocessor.router.request.body configuration option to false. Please note that changing this configuration option will change the information sent to any coprocessors you have configured and may impact functionality implemented by those coprocessors. If you have developed a Native Rust Plugin and cannot upgrade, you can update your plugin to either not accumulate the request body or enforce a maximum body size limit. You can also mitigate this issue by limiting HTTP body payload sizes prior to the Router (e.g., in a proxy or web application firewall appliance).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b87eae8-78e7-4ec4-ac6b-379252bb94a6.json b/objects/vulnerability/vulnerability--5b87eae8-78e7-4ec4-ac6b-379252bb94a6.json new file mode 100644 index 00000000000..0d3477a1ec2 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b87eae8-78e7-4ec4-ac6b-379252bb94a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--414b6784-0ad7-4cc3-84da-3667c3a8eb38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b87eae8-78e7-4ec4-ac6b-379252bb94a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:46.959885Z", + "modified": "2024-08-28T00:18:46.959885Z", + "name": "CVE-2022-39997", + "description": "A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-39997" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d3898b7-4089-4679-9f67-53259890f088.json b/objects/vulnerability/vulnerability--5d3898b7-4089-4679-9f67-53259890f088.json new file mode 100644 index 00000000000..f3f73353c52 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d3898b7-4089-4679-9f67-53259890f088.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92e676ab-6490-47ea-ad47-0c33267428c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d3898b7-4089-4679-9f67-53259890f088", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.839563Z", + "modified": "2024-08-28T00:18:59.839563Z", + "name": "CVE-2024-8210", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65ea8bb0-ceab-44c5-b7c0-ff5d6e32266f.json b/objects/vulnerability/vulnerability--65ea8bb0-ceab-44c5-b7c0-ff5d6e32266f.json new file mode 100644 index 00000000000..0ed61b8b6fd --- /dev/null +++ b/objects/vulnerability/vulnerability--65ea8bb0-ceab-44c5-b7c0-ff5d6e32266f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc105bdf-5db4-46c3-b204-8f2856ef83c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65ea8bb0-ceab-44c5-b7c0-ff5d6e32266f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.835812Z", + "modified": "2024-08-28T00:18:59.835812Z", + "name": "CVE-2024-8200", + "description": "The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c3c1dba-d131-40ad-ac1c-fbf52ffa0f23.json b/objects/vulnerability/vulnerability--6c3c1dba-d131-40ad-ac1c-fbf52ffa0f23.json new file mode 100644 index 00000000000..bb79eca611d --- /dev/null +++ b/objects/vulnerability/vulnerability--6c3c1dba-d131-40ad-ac1c-fbf52ffa0f23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4959371a-8665-4355-babe-36da5d072e7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c3c1dba-d131-40ad-ac1c-fbf52ffa0f23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.121434Z", + "modified": "2024-08-28T00:18:58.121434Z", + "name": "CVE-2024-41622", + "description": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72924eaa-d771-4983-9e60-9daef8a6e031.json b/objects/vulnerability/vulnerability--72924eaa-d771-4983-9e60-9daef8a6e031.json new file mode 100644 index 00000000000..3bf75429cc4 --- /dev/null +++ b/objects/vulnerability/vulnerability--72924eaa-d771-4983-9e60-9daef8a6e031.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6844a415-9ade-449c-a8f7-eb20022a7500", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72924eaa-d771-4983-9e60-9daef8a6e031", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.86328Z", + "modified": "2024-08-28T00:18:59.86328Z", + "name": "CVE-2024-8222", + "description": "A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79865a18-54ee-474f-bf07-35f5ec8d89b1.json b/objects/vulnerability/vulnerability--79865a18-54ee-474f-bf07-35f5ec8d89b1.json new file mode 100644 index 00000000000..15907a5975f --- /dev/null +++ b/objects/vulnerability/vulnerability--79865a18-54ee-474f-bf07-35f5ec8d89b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--137ff7ee-5126-489c-b2db-4569bbb9113f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79865a18-54ee-474f-bf07-35f5ec8d89b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.862138Z", + "modified": "2024-08-28T00:18:59.862138Z", + "name": "CVE-2024-8212", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f076169-7f94-43cc-a38a-d4a09d92982b.json b/objects/vulnerability/vulnerability--7f076169-7f94-43cc-a38a-d4a09d92982b.json new file mode 100644 index 00000000000..f9b10db1ecc --- /dev/null +++ b/objects/vulnerability/vulnerability--7f076169-7f94-43cc-a38a-d4a09d92982b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--034de8a6-37d8-41da-89a0-29e60c859f19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f076169-7f94-43cc-a38a-d4a09d92982b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.929347Z", + "modified": "2024-08-28T00:18:59.929347Z", + "name": "CVE-2024-45037", + "description": "The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called \"constructs\" that are higher-level abstractions providing defaults and best practices. This approach enables developers to use familiar programming languages to define complex cloud infrastructure more efficiently than writing raw CloudFormation templates. We identified an issue in AWS Cloud Development Kit (CDK) which, under certain conditions, can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application uses the \"RestApi\" construct with \"CognitoUserPoolAuthorizer\" as the authorizer and uses authorization scopes to limit access. This issue does not affect the availability of the specific API resources. Authenticated Cognito users may gain unintended access to protected API resources or methods, leading to potential data disclosure, and modification issues. Impacted versions: >=2.142.0;<=2.148.0. A patch is included in CDK versions >=2.148.1. Users are advised to upgrade their AWS CDK version to 2.148.1 or newer and re-deploy their application(s) to address this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45037" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83d0ed6d-0267-430c-acf3-1c7dc1b96112.json b/objects/vulnerability/vulnerability--83d0ed6d-0267-430c-acf3-1c7dc1b96112.json new file mode 100644 index 00000000000..ea14dd45d76 --- /dev/null +++ b/objects/vulnerability/vulnerability--83d0ed6d-0267-430c-acf3-1c7dc1b96112.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d31a4297-3bf0-4b0d-aef4-11e1d36ce85e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83d0ed6d-0267-430c-acf3-1c7dc1b96112", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.826502Z", + "modified": "2024-08-28T00:18:59.826502Z", + "name": "CVE-2024-8223", + "description": "A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8223" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cd76235-9ac1-45cf-9ab7-5ce9b3a2b5f5.json b/objects/vulnerability/vulnerability--8cd76235-9ac1-45cf-9ab7-5ce9b3a2b5f5.json new file mode 100644 index 00000000000..e5325b87937 --- /dev/null +++ b/objects/vulnerability/vulnerability--8cd76235-9ac1-45cf-9ab7-5ce9b3a2b5f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--395b8036-7a5f-49a1-ad57-c29fd15280b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cd76235-9ac1-45cf-9ab7-5ce9b3a2b5f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.324705Z", + "modified": "2024-08-28T00:18:58.324705Z", + "name": "CVE-2024-44341", + "description": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--968b67df-164e-4d3c-90e1-4208eec91a3c.json b/objects/vulnerability/vulnerability--968b67df-164e-4d3c-90e1-4208eec91a3c.json new file mode 100644 index 00000000000..2cef48deecf --- /dev/null +++ b/objects/vulnerability/vulnerability--968b67df-164e-4d3c-90e1-4208eec91a3c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53ee0160-5a5c-4a5c-8373-92c5cf289cfc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--968b67df-164e-4d3c-90e1-4208eec91a3c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.204849Z", + "modified": "2024-08-28T00:18:59.204849Z", + "name": "CVE-2024-1544", + "description": "Generating the ECDSA nonce k samples a random number r and then \ntruncates this randomness with a modular reduction mod n where n is the \norder of the elliptic curve. Meaning k = r mod n. The division used \nduring the reduction estimates a factor q_e by dividing the upper two \ndigits (a digit having e.g. a size of 8 byte) of r by the upper digit of \nn and then decrements q_e in a loop until it has the correct size. \nObserving the number of times q_e is decremented through a control-flow \nrevealing side-channel reveals a bias in the most significant bits of \nk. Depending on the curve this is either a negligible bias or a \nsignificant bias large enough to reconstruct k with lattice reduction \nmethods. For SECP160R1, e.g., we find a bias of 15 bits.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--976619e9-5885-4531-b20b-04af2a587f09.json b/objects/vulnerability/vulnerability--976619e9-5885-4531-b20b-04af2a587f09.json new file mode 100644 index 00000000000..63518bd4d6b --- /dev/null +++ b/objects/vulnerability/vulnerability--976619e9-5885-4531-b20b-04af2a587f09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b95d1c2c-15f3-4577-90ad-d0ae01dcb351", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--976619e9-5885-4531-b20b-04af2a587f09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.701167Z", + "modified": "2024-08-28T00:18:58.701167Z", + "name": "CVE-2024-40395", + "description": "An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0d85cde-6157-4542-adba-539cc28fb33e.json b/objects/vulnerability/vulnerability--a0d85cde-6157-4542-adba-539cc28fb33e.json new file mode 100644 index 00000000000..71db754e40d --- /dev/null +++ b/objects/vulnerability/vulnerability--a0d85cde-6157-4542-adba-539cc28fb33e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--441cc1e9-fbd3-44d8-9e08-42531b215592", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0d85cde-6157-4542-adba-539cc28fb33e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.298128Z", + "modified": "2024-08-28T00:18:58.298128Z", + "name": "CVE-2024-44340", + "description": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44340" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5eead2d-4d5d-4c95-8393-73e0a42f2060.json b/objects/vulnerability/vulnerability--a5eead2d-4d5d-4c95-8393-73e0a42f2060.json new file mode 100644 index 00000000000..bc903c8d7f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5eead2d-4d5d-4c95-8393-73e0a42f2060.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e62301c9-9766-42a3-9543-be56fcd061dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5eead2d-4d5d-4c95-8393-73e0a42f2060", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.413786Z", + "modified": "2024-08-28T00:18:59.413786Z", + "name": "CVE-2024-43414", + "description": "Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-panner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination. This issue can be triggered if you have at least one non-@key field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using. You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a @link directive referencing the version of Federation being used while Federation 1 subgraphs will not. For example, in a Federation 2 subgraph, you will find a line like @link(url: \"https://specs.apollo.dev/federation/v2.0\"). If a similar @link directive is not present in your subgraph schema, it is using Federation 1. Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs. This issue results from the Apollo query planner attempting to use a Number exceeding Javascript’s Number.MAX_VALUE in some cases. In Javascript, Number.MAX_VALUE is (2^1024 - 2^971). When the query planner receives an inbound graphql request, it breaks the query into pieces and for each piece, generates a list of potential execution steps to solve the piece. These candidates represent the steps that the query planner will take to satisfy the pieces of the larger query. As part of normal operations, the query planner requires and calculates the number of possible query plans for the total query. That is, it needs the product of the number of query plan candidates for each piece of the query. Under normal circumstances, after generating all query plan candidates and calculating the number of all permutations, the query planner moves on to stack rank candidates and prune less-than-optimal options. In particularly complex queries, especially those where fields can be solved through multiple subgraphs, this can cause the number of all query plan permutations to balloon. In worst-case scenarios, this can end up being a number larger than Number.MAX_VALUE. In Javascript, if Number.MAX_VALUE is exceeded, Javascript represents the value as “infinity”. If the count of candidates is evaluated as infinity, the component of the query planner responsible for pruning less-than-optimal query plans does not actually prune candidates, causing the query planner to evaluate many orders of magnitude more query plan candidates than necessary. This issue has been addressed in @apollo/query-planner v2.8.5, @apollo/gateway v2.8.5, and Apollo Router v1.52.1. Users are advised to upgrade. This issue can be avoided by ensuring there are no fields resolvable from multiple subgraphs. If all subgraphs are using Federation 2, you can confirm that you are not impacted by ensuring that none of your subgraph schemas use the @shareable directive. If you are using Federation 1 subgraphs, you will need to validate that there are no fields resolvable by multiple subgraphs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43414" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6a22318-5beb-4caf-b682-46f288b3cb6b.json b/objects/vulnerability/vulnerability--a6a22318-5beb-4caf-b682-46f288b3cb6b.json new file mode 100644 index 00000000000..a4756aabb4a --- /dev/null +++ b/objects/vulnerability/vulnerability--a6a22318-5beb-4caf-b682-46f288b3cb6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84df2e1e-d62d-4570-9eb5-f27e99097c73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6a22318-5beb-4caf-b682-46f288b3cb6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.137696Z", + "modified": "2024-08-28T00:18:59.137696Z", + "name": "CVE-2024-7941", + "description": "An HTTP parameter may contain a URL value and could cause\nthe web application to redirect the request to the specified URL.\nBy modifying the URL value to a malicious site, an attacker may\nsuccessfully launch a phishing scam and steal user credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7941" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a72e7899-eca2-4211-8556-009719597655.json b/objects/vulnerability/vulnerability--a72e7899-eca2-4211-8556-009719597655.json new file mode 100644 index 00000000000..47b4833a7c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a72e7899-eca2-4211-8556-009719597655.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9ce9b85-77e1-4489-a692-d241d90832c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a72e7899-eca2-4211-8556-009719597655", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.606714Z", + "modified": "2024-08-28T00:18:59.606714Z", + "name": "CVE-2024-5991", + "description": "In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af660148-5e84-4ed9-81f3-728b17067223.json b/objects/vulnerability/vulnerability--af660148-5e84-4ed9-81f3-728b17067223.json new file mode 100644 index 00000000000..995939aef00 --- /dev/null +++ b/objects/vulnerability/vulnerability--af660148-5e84-4ed9-81f3-728b17067223.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61fe2590-7b08-4086-9a3b-e1d161f28d40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af660148-5e84-4ed9-81f3-728b17067223", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.84708Z", + "modified": "2024-08-28T00:18:59.84708Z", + "name": "CVE-2024-8219", + "description": "A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8219" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0f3c7c1-a040-4d14-b49f-715da3d574f7.json b/objects/vulnerability/vulnerability--b0f3c7c1-a040-4d14-b49f-715da3d574f7.json new file mode 100644 index 00000000000..0898ffa00cb --- /dev/null +++ b/objects/vulnerability/vulnerability--b0f3c7c1-a040-4d14-b49f-715da3d574f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5acc87d-e997-4fd0-a50b-143a5e39fc85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0f3c7c1-a040-4d14-b49f-715da3d574f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.419851Z", + "modified": "2024-08-28T00:18:59.419851Z", + "name": "CVE-2024-43788", + "description": "Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3e4b99c-81cc-4571-b404-a10c9ae2c8bc.json b/objects/vulnerability/vulnerability--b3e4b99c-81cc-4571-b404-a10c9ae2c8bc.json new file mode 100644 index 00000000000..9a1bfa19820 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3e4b99c-81cc-4571-b404-a10c9ae2c8bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28aae512-49f0-4865-9971-958f411cda48", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3e4b99c-81cc-4571-b404-a10c9ae2c8bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.122915Z", + "modified": "2024-08-28T00:18:58.122915Z", + "name": "CVE-2024-41176", + "description": "The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local\nattacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in\nthe context of user “root” via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41176" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b947f994-db86-4cd9-a07f-6f27e0b5b579.json b/objects/vulnerability/vulnerability--b947f994-db86-4cd9-a07f-6f27e0b5b579.json new file mode 100644 index 00000000000..c86a8a901c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b947f994-db86-4cd9-a07f-6f27e0b5b579.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c93039b7-3bbd-43b5-bdeb-8daf84739787", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b947f994-db86-4cd9-a07f-6f27e0b5b579", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.967238Z", + "modified": "2024-08-28T00:18:59.967238Z", + "name": "CVE-2024-6632", + "description": "A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd8f18b1-a2aa-4907-a6ab-c198f791dccc.json b/objects/vulnerability/vulnerability--bd8f18b1-a2aa-4907-a6ab-c198f791dccc.json new file mode 100644 index 00000000000..ee37464d839 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd8f18b1-a2aa-4907-a6ab-c198f791dccc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--826fc8ce-c96f-494a-b995-656bb54174fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd8f18b1-a2aa-4907-a6ab-c198f791dccc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.85986Z", + "modified": "2024-08-28T00:18:59.85986Z", + "name": "CVE-2024-8181", + "description": "An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf2d0938-1b4a-4055-9478-6edeb7eef1d8.json b/objects/vulnerability/vulnerability--bf2d0938-1b4a-4055-9478-6edeb7eef1d8.json new file mode 100644 index 00000000000..c11edc2e215 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf2d0938-1b4a-4055-9478-6edeb7eef1d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03a3325f-0050-437f-9dd4-b528e1aa9b7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf2d0938-1b4a-4055-9478-6edeb7eef1d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.570832Z", + "modified": "2024-08-28T00:18:59.570832Z", + "name": "CVE-2024-5814", + "description": "A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5814" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6f850fc-95a4-4256-85a0-993c795a32cb.json b/objects/vulnerability/vulnerability--c6f850fc-95a4-4256-85a0-993c795a32cb.json new file mode 100644 index 00000000000..9b3f2c0947a --- /dev/null +++ b/objects/vulnerability/vulnerability--c6f850fc-95a4-4256-85a0-993c795a32cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--893e5384-f761-4766-90b8-3524d44102d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6f850fc-95a4-4256-85a0-993c795a32cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.135387Z", + "modified": "2024-08-28T00:18:59.135387Z", + "name": "CVE-2024-7304", + "description": "The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d03581e9-a829-4c68-91a0-4d8e408eeff2.json b/objects/vulnerability/vulnerability--d03581e9-a829-4c68-91a0-4d8e408eeff2.json new file mode 100644 index 00000000000..0621fcdb6e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--d03581e9-a829-4c68-91a0-4d8e408eeff2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--648dbd80-29a5-4303-8413-d2333f13d6e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d03581e9-a829-4c68-91a0-4d8e408eeff2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:47.000105Z", + "modified": "2024-08-28T00:18:47.000105Z", + "name": "CVE-2022-39996", + "description": "Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-39996" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d08a6d20-be41-4844-adeb-d1ed7fb0af58.json b/objects/vulnerability/vulnerability--d08a6d20-be41-4844-adeb-d1ed7fb0af58.json new file mode 100644 index 00000000000..6bcb014491a --- /dev/null +++ b/objects/vulnerability/vulnerability--d08a6d20-be41-4844-adeb-d1ed7fb0af58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e364342f-ea9e-4b2e-bd1e-55c15ab47b34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d08a6d20-be41-4844-adeb-d1ed7fb0af58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.871656Z", + "modified": "2024-08-28T00:18:59.871656Z", + "name": "CVE-2024-3982", + "description": "An attacker with local access to machine where MicroSCADA X\nSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level\nis not enabled and only users with administrator rights can enable it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d520c3a1-b221-4213-a90d-33b698c39730.json b/objects/vulnerability/vulnerability--d520c3a1-b221-4213-a90d-33b698c39730.json new file mode 100644 index 00000000000..ce5e359892d --- /dev/null +++ b/objects/vulnerability/vulnerability--d520c3a1-b221-4213-a90d-33b698c39730.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ffa7226a-4264-46cb-aa71-55131d319f4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d520c3a1-b221-4213-a90d-33b698c39730", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.852649Z", + "modified": "2024-08-28T00:18:59.852649Z", + "name": "CVE-2024-8225", + "description": "A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d91465c9-2649-4f24-8275-116e387605b1.json b/objects/vulnerability/vulnerability--d91465c9-2649-4f24-8275-116e387605b1.json new file mode 100644 index 00000000000..9a284a62594 --- /dev/null +++ b/objects/vulnerability/vulnerability--d91465c9-2649-4f24-8275-116e387605b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdafa502-180b-4a24-840b-d87f0a1ac35a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d91465c9-2649-4f24-8275-116e387605b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.844913Z", + "modified": "2024-08-28T00:18:59.844913Z", + "name": "CVE-2024-8182", + "description": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9bd835d-c5a4-4d52-986c-fa4601560c6a.json b/objects/vulnerability/vulnerability--d9bd835d-c5a4-4d52-986c-fa4601560c6a.json new file mode 100644 index 00000000000..7005aae89ad --- /dev/null +++ b/objects/vulnerability/vulnerability--d9bd835d-c5a4-4d52-986c-fa4601560c6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9f901db-3bcc-495c-a43d-aa1b43448d27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9bd835d-c5a4-4d52-986c-fa4601560c6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.138742Z", + "modified": "2024-08-28T00:18:59.138742Z", + "name": "CVE-2024-7720", + "description": "HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7720" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc693254-26dd-4472-85f6-874c4dc3a002.json b/objects/vulnerability/vulnerability--dc693254-26dd-4472-85f6-874c4dc3a002.json new file mode 100644 index 00000000000..767e9b92b52 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc693254-26dd-4472-85f6-874c4dc3a002.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c0b7f6b-8b63-485c-9865-99aa3ae7382b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc693254-26dd-4472-85f6-874c4dc3a002", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.099316Z", + "modified": "2024-08-28T00:18:58.099316Z", + "name": "CVE-2024-41175", + "description": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ddd3f0ea-ab2b-4b4d-8b0a-d3faac8dd6e2.json b/objects/vulnerability/vulnerability--ddd3f0ea-ab2b-4b4d-8b0a-d3faac8dd6e2.json new file mode 100644 index 00000000000..3c169b3a7d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ddd3f0ea-ab2b-4b4d-8b0a-d3faac8dd6e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b90e9170-3575-4096-a318-989cd6e79298", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ddd3f0ea-ab2b-4b4d-8b0a-d3faac8dd6e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.733738Z", + "modified": "2024-08-28T00:18:58.733738Z", + "name": "CVE-2024-42851", + "description": "Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de5fdd12-e6c7-40e4-aac1-dae863d634ef.json b/objects/vulnerability/vulnerability--de5fdd12-e6c7-40e4-aac1-dae863d634ef.json new file mode 100644 index 00000000000..833b5d8e32a --- /dev/null +++ b/objects/vulnerability/vulnerability--de5fdd12-e6c7-40e4-aac1-dae863d634ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ee85234-568d-42cb-9b2f-cfc7032ab8fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de5fdd12-e6c7-40e4-aac1-dae863d634ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.912052Z", + "modified": "2024-08-28T00:18:59.912052Z", + "name": "CVE-2024-3980", + "description": "The product allows user input to control or influence paths or file\nnames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are\ncritical to the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e12f9bab-7167-4e5f-b831-50cacd6d02c3.json b/objects/vulnerability/vulnerability--e12f9bab-7167-4e5f-b831-50cacd6d02c3.json new file mode 100644 index 00000000000..a5689175544 --- /dev/null +++ b/objects/vulnerability/vulnerability--e12f9bab-7167-4e5f-b831-50cacd6d02c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c964455-f482-4ebe-b951-806f7d004d90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e12f9bab-7167-4e5f-b831-50cacd6d02c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.808699Z", + "modified": "2024-08-28T00:18:59.808699Z", + "name": "CVE-2024-4872", + "description": "The product does not validate any query towards persistent\ndata, resulting in a risk of injection attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3bbe404-42ac-4400-b63f-720efd635268.json b/objects/vulnerability/vulnerability--e3bbe404-42ac-4400-b63f-720efd635268.json new file mode 100644 index 00000000000..09d04c5744c --- /dev/null +++ b/objects/vulnerability/vulnerability--e3bbe404-42ac-4400-b63f-720efd635268.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39e52228-7678-4706-b1d8-959b9c197ead", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3bbe404-42ac-4400-b63f-720efd635268", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:58.064991Z", + "modified": "2024-08-28T00:18:58.064991Z", + "name": "CVE-2024-41174", + "description": "The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e582470b-6838-4b52-bfce-dc112c6d6672.json b/objects/vulnerability/vulnerability--e582470b-6838-4b52-bfce-dc112c6d6672.json new file mode 100644 index 00000000000..a150c3f0a43 --- /dev/null +++ b/objects/vulnerability/vulnerability--e582470b-6838-4b52-bfce-dc112c6d6672.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--175c2d11-46b5-4e60-b5b2-fd27513e53c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e582470b-6838-4b52-bfce-dc112c6d6672", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.143124Z", + "modified": "2024-08-28T00:18:59.143124Z", + "name": "CVE-2024-7940", + "description": "The product exposes a service that is intended for local only to\nall network interfaces without any authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7940" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7da45f0-0999-4af9-beb2-adb7e9e5f3c5.json b/objects/vulnerability/vulnerability--e7da45f0-0999-4af9-beb2-adb7e9e5f3c5.json new file mode 100644 index 00000000000..bf6677e0193 --- /dev/null +++ b/objects/vulnerability/vulnerability--e7da45f0-0999-4af9-beb2-adb7e9e5f3c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a814e165-ae13-4ad3-bda3-dd4f0f0f701a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7da45f0-0999-4af9-beb2-adb7e9e5f3c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.848442Z", + "modified": "2024-08-28T00:18:59.848442Z", + "name": "CVE-2024-8217", + "description": "A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8217" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e925f5e7-e513-4f3b-84c9-0102b04f2196.json b/objects/vulnerability/vulnerability--e925f5e7-e513-4f3b-84c9-0102b04f2196.json new file mode 100644 index 00000000000..4d6990d8972 --- /dev/null +++ b/objects/vulnerability/vulnerability--e925f5e7-e513-4f3b-84c9-0102b04f2196.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2edfef9a-e1c2-4ca4-b26e-73cd30d39710", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e925f5e7-e513-4f3b-84c9-0102b04f2196", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.833461Z", + "modified": "2024-08-28T00:18:59.833461Z", + "name": "CVE-2024-8213", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9b8a3ef-5269-43c5-a33b-5542600aee2d.json b/objects/vulnerability/vulnerability--e9b8a3ef-5269-43c5-a33b-5542600aee2d.json new file mode 100644 index 00000000000..7726af56143 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9b8a3ef-5269-43c5-a33b-5542600aee2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be6f41b5-3b8e-49a1-9e76-fb2697083c9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9b8a3ef-5269-43c5-a33b-5542600aee2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.988057Z", + "modified": "2024-08-28T00:18:59.988057Z", + "name": "CVE-2024-6688", + "description": "The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea3e7963-95c3-4de4-8a4e-a3a6f92c1b28.json b/objects/vulnerability/vulnerability--ea3e7963-95c3-4de4-8a4e-a3a6f92c1b28.json new file mode 100644 index 00000000000..9f163db82c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea3e7963-95c3-4de4-8a4e-a3a6f92c1b28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6cec59e-cf17-4f70-b62c-92cefdfe25cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea3e7963-95c3-4de4-8a4e-a3a6f92c1b28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.936283Z", + "modified": "2024-08-28T00:18:59.936283Z", + "name": "CVE-2024-45264", + "description": "A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45264" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eacf061f-9d6b-4995-ac0e-f709e9a1d0cc.json b/objects/vulnerability/vulnerability--eacf061f-9d6b-4995-ac0e-f709e9a1d0cc.json new file mode 100644 index 00000000000..6e73b9914a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--eacf061f-9d6b-4995-ac0e-f709e9a1d0cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d604d263-9ba3-4fef-92a7-d5836bb910e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eacf061f-9d6b-4995-ac0e-f709e9a1d0cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.553842Z", + "modified": "2024-08-28T00:18:59.553842Z", + "name": "CVE-2024-5288", + "description": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb029678-d65e-4711-a534-3ccec85d34a4.json b/objects/vulnerability/vulnerability--eb029678-d65e-4711-a534-3ccec85d34a4.json new file mode 100644 index 00000000000..9f36a767db7 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb029678-d65e-4711-a534-3ccec85d34a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5716334b-2834-481f-902f-7b6f632576a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb029678-d65e-4711-a534-3ccec85d34a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.837376Z", + "modified": "2024-08-28T00:18:59.837376Z", + "name": "CVE-2024-8211", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebd9097a-8a4f-45d6-a730-3622640edcca.json b/objects/vulnerability/vulnerability--ebd9097a-8a4f-45d6-a730-3622640edcca.json new file mode 100644 index 00000000000..f7c075ef7ba --- /dev/null +++ b/objects/vulnerability/vulnerability--ebd9097a-8a4f-45d6-a730-3622640edcca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95190403-144b-4c4b-9025-887e9e770243", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebd9097a-8a4f-45d6-a730-3622640edcca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.946537Z", + "modified": "2024-08-28T00:18:59.946537Z", + "name": "CVE-2024-6633", + "description": "The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.\n\nThe HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f31f6de9-8ba6-4d89-88cd-78111d039405.json b/objects/vulnerability/vulnerability--f31f6de9-8ba6-4d89-88cd-78111d039405.json new file mode 100644 index 00000000000..6cd2ea0a78e --- /dev/null +++ b/objects/vulnerability/vulnerability--f31f6de9-8ba6-4d89-88cd-78111d039405.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2051b0d-899f-4c32-9195-f0d47f70a31c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f31f6de9-8ba6-4d89-88cd-78111d039405", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.940542Z", + "modified": "2024-08-28T00:18:59.940542Z", + "name": "CVE-2024-45038", + "description": "Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT handling, fixed in version 2.4.1 of the Meshtastic firmware and on the Meshtastic public MQTT Broker. It's strongly suggested that all users of Meshtastic, particularly those that connect to a privately hosted MQTT server, update to this or a more recent stable version right away. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f874ed7b-d466-4149-b69d-ff4b8e57f578.json b/objects/vulnerability/vulnerability--f874ed7b-d466-4149-b69d-ff4b8e57f578.json new file mode 100644 index 00000000000..8f488e0512c --- /dev/null +++ b/objects/vulnerability/vulnerability--f874ed7b-d466-4149-b69d-ff4b8e57f578.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af1f2b42-34d9-43c5-9df4-c4cb9cb2b3ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f874ed7b-d466-4149-b69d-ff4b8e57f578", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-28T00:18:59.856444Z", + "modified": "2024-08-28T00:18:59.856444Z", + "name": "CVE-2024-8224", + "description": "A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8224" + } + ] + } + ] +} \ No newline at end of file