diff --git a/mapping.csv b/mapping.csv index 572ae84f54a..244ffa86592 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247773,3 +247773,139 @@ vulnerability,CVE-2023-26321,vulnerability--d9551144-fef1-48ca-aa58-984b8884bbe5 vulnerability,CVE-2023-26324,vulnerability--a7107762-7073-454d-b8ce-3dc73991fef9 vulnerability,CVE-2023-43078,vulnerability--05b9188b-3e40-49ea-ad02-5d378c36f701 vulnerability,CVE-2023-45896,vulnerability--2d027451-9846-437f-bf4f-30bb71a36e97 +vulnerability,CVE-2022-2440,vulnerability--87d1c184-29d4-495e-8a7b-2fa7d1684081 +vulnerability,CVE-2021-4442,vulnerability--fd3fdc48-1484-4e92-a00a-7740ac8d133d +vulnerability,CVE-2024-41350,vulnerability--bd9a7f7e-d22d-4c7f-b00f-644356e4bee1 +vulnerability,CVE-2024-41371,vulnerability--3ad07897-5e61-4e6e-9c4a-88ce254f05aa +vulnerability,CVE-2024-41364,vulnerability--8a1b34d5-dc06-4d82-bd2f-382939670c24 +vulnerability,CVE-2024-41918,vulnerability--2680db1e-97d2-42f7-9ca2-4623e7555ccc +vulnerability,CVE-2024-41349,vulnerability--91216c04-a3b3-4dbf-b8a2-6238ee33067b +vulnerability,CVE-2024-41347,vulnerability--b5d9b99a-aa9f-4bb1-b82e-ff23720c6de0 +vulnerability,CVE-2024-41346,vulnerability--4e73e746-8ae8-4baa-a600-2eb040787783 +vulnerability,CVE-2024-41369,vulnerability--611f19af-7c26-44c7-a63f-5bc49474e1c7 +vulnerability,CVE-2024-41358,vulnerability--c3c3bc70-0bde-4eef-8ab7-6ac5b1740f9d +vulnerability,CVE-2024-41361,vulnerability--140fd3fd-9ba4-42a0-b26d-4641a05af6ce +vulnerability,CVE-2024-41964,vulnerability--7c0dd35b-7b6f-4132-86f4-41aa0e927eb1 +vulnerability,CVE-2024-41345,vulnerability--a19bd500-f242-4d6b-a6c4-31257d873e90 +vulnerability,CVE-2024-41370,vulnerability--162ec8d1-5fd6-4cca-9d3d-b94d508a3346 +vulnerability,CVE-2024-41348,vulnerability--c62c0842-1adc-4ce2-b1f9-599fdc595ab7 +vulnerability,CVE-2024-41366,vulnerability--ffc3aca0-d12d-4767-9916-13a82e85429d +vulnerability,CVE-2024-41368,vulnerability--435e38d2-d5b5-4e69-992f-bf857c0fd989 +vulnerability,CVE-2024-41351,vulnerability--a251761f-3e5e-4dde-88c1-942edd15d5e8 +vulnerability,CVE-2024-41372,vulnerability--34b17362-3a15-4589-9127-f5b46bbe5547 +vulnerability,CVE-2024-41367,vulnerability--40cd5a62-33df-4deb-87a6-ad4dbad5c4c5 +vulnerability,CVE-2024-29725,vulnerability--050b59ca-a4dc-4819-83a2-36ae9d7652b8 +vulnerability,CVE-2024-29724,vulnerability--36874e41-a378-4599-a67d-0ed574d6af8a +vulnerability,CVE-2024-29728,vulnerability--b881a6bb-e2bd-4a89-ac23-eaeb1c7316c1 +vulnerability,CVE-2024-29726,vulnerability--42e41cce-9a33-4bc1-85b5-a02aecfc10d1 +vulnerability,CVE-2024-29723,vulnerability--12270a9f-0224-4860-81a0-ca1de65c9b14 +vulnerability,CVE-2024-29729,vulnerability--468cac4e-4e97-48fa-aeda-0b9d61aff577 +vulnerability,CVE-2024-29730,vulnerability--e10eefe6-c749-4fa5-8351-10a223dd4a11 +vulnerability,CVE-2024-29731,vulnerability--510d2322-985c-4cda-834d-3c051aeb3396 +vulnerability,CVE-2024-29727,vulnerability--aef61abd-e4b5-49d5-a510-6031d9255d55 +vulnerability,CVE-2024-44779,vulnerability--4bf01be5-6c98-4a05-8358-7ce763f14ff0 +vulnerability,CVE-2024-44717,vulnerability--5bf091aa-0648-4d1b-827a-c4eabdf1c2f1 +vulnerability,CVE-2024-44776,vulnerability--1f24ac70-3cd6-437c-9b66-4eb0cadd24d7 +vulnerability,CVE-2024-44930,vulnerability--0e3cf2f7-de49-47cc-a2e9-6a108361ad44 +vulnerability,CVE-2024-44716,vulnerability--f9f7d9bd-2e21-4dd7-8c3b-f79255ceaa5f +vulnerability,CVE-2024-44919,vulnerability--890ad079-69e4-4907-9b23-95a0ff3a362a +vulnerability,CVE-2024-44777,vulnerability--b0e5d8af-6397-4e06-a4ac-0b41e3d7aba3 +vulnerability,CVE-2024-44778,vulnerability--9f2782f5-4efc-4982-861c-abd4ee349b62 +vulnerability,CVE-2024-34018,vulnerability--96c2863c-b535-43c5-aedd-42c374714e5a +vulnerability,CVE-2024-34019,vulnerability--820e6d66-3f9e-412b-858f-60452485f287 +vulnerability,CVE-2024-34017,vulnerability--c6db4a5a-b99a-42af-9042-3c82225df11f +vulnerability,CVE-2024-2541,vulnerability--6c5974bc-ef85-4804-af02-6e201f415b9f +vulnerability,CVE-2024-2502,vulnerability--3c1dd8f8-d2e0-4680-8eac-b4fa663b73ff +vulnerability,CVE-2024-2881,vulnerability--a9771cdb-dcd1-45cf-86e0-327397529719 +vulnerability,CVE-2024-38793,vulnerability--f2096451-aef9-40f4-ab5a-d96018063cc0 +vulnerability,CVE-2024-38693,vulnerability--e58e02cc-d32c-4e84-acfa-ab97194f3005 +vulnerability,CVE-2024-38304,vulnerability--0a63bf18-75dd-4ed1-b758-34bb2263e777 +vulnerability,CVE-2024-38303,vulnerability--7c63c51f-609f-4146-9a4b-87cd9f86bc7e +vulnerability,CVE-2024-38795,vulnerability--09080038-38f7-49b9-801a-79308e6775f5 +vulnerability,CVE-2024-7857,vulnerability--c943c372-00d0-451a-9073-d85d03cf6d37 +vulnerability,CVE-2024-7606,vulnerability--a05840e3-1f60-41b0-b551-5bd599235262 +vulnerability,CVE-2024-7132,vulnerability--9535f121-0e13-4649-8950-3ae37e25de1f +vulnerability,CVE-2024-7607,vulnerability--10173689-6bc0-49b0-bc88-c5397125ba0d +vulnerability,CVE-2024-7856,vulnerability--c280b4f7-e964-46c1-9b4d-3b73b4b2787c +vulnerability,CVE-2024-7895,vulnerability--fdda80d6-b34c-4e86-a0b3-e4b4f9bfc789 +vulnerability,CVE-2024-7418,vulnerability--d15da26f-22f2-4175-92f4-20cbe8b202c3 +vulnerability,CVE-2024-1384,vulnerability--c5ac2b06-0e05-4c80-a03f-2e6f920a8f7a +vulnerability,CVE-2024-1543,vulnerability--03f38113-753c-4938-8be4-ed0c52bc980f +vulnerability,CVE-2024-1545,vulnerability--c1813291-b4bb-483e-9b66-a15e3529eb7c +vulnerability,CVE-2024-1056,vulnerability--2b24daf8-f9a3-40c9-8373-25331a479695 +vulnerability,CVE-2024-39622,vulnerability--d4101de6-154f-48be-b4a7-41a09e717da7 +vulnerability,CVE-2024-39620,vulnerability--170d8a92-9718-4dd6-a0d5-87116a6a1d49 +vulnerability,CVE-2024-39653,vulnerability--a61a5d15-4a3a-4e40-a59c-7a8f78952636 +vulnerability,CVE-2024-39658,vulnerability--f8691b68-c3a6-43b6-b5d3-4a032980139f +vulnerability,CVE-2024-39638,vulnerability--38dabd2c-073e-4fb3-a331-6976c9c1854d +vulnerability,CVE-2024-43946,vulnerability--738aa3fc-5dcd-409d-8988-506076244f30 +vulnerability,CVE-2024-43918,vulnerability--f0bad7e7-cfe8-4fd9-8347-76199d0c83c4 +vulnerability,CVE-2024-43955,vulnerability--445560c7-4634-4dcd-836f-cf0b590bec8f +vulnerability,CVE-2024-43144,vulnerability--30499c9b-47c9-4fdf-80f1-08dbe2d9a6c1 +vulnerability,CVE-2024-43921,vulnerability--20f04a43-0d45-4b03-9641-6d02cc2f5eae +vulnerability,CVE-2024-43949,vulnerability--0f0dc1c8-935c-43c1-bf0c-2ca2d5423db9 +vulnerability,CVE-2024-43943,vulnerability--fa85f95b-149f-408d-9f62-d2f8c1afc235 +vulnerability,CVE-2024-43941,vulnerability--e0c7a7a6-4f3c-445d-bc97-7bbafc235164 +vulnerability,CVE-2024-43700,vulnerability--ab493253-3c2d-4bf2-821f-be37300a5666 +vulnerability,CVE-2024-43920,vulnerability--c69296b1-8399-40b5-b4d9-e17ad4e1501f +vulnerability,CVE-2024-43917,vulnerability--14641c1b-1be0-4164-b0bc-2d69f1636bad +vulnerability,CVE-2024-43922,vulnerability--0b191f8f-4ee4-41b8-bee5-7da285d61c0c +vulnerability,CVE-2024-43940,vulnerability--4b0158be-e112-48c8-b0ca-55e2ece42fa4 +vulnerability,CVE-2024-43132,vulnerability--6f8e291e-d4fa-406d-9045-5956edd20782 +vulnerability,CVE-2024-43845,vulnerability--dc206a30-e691-458a-aeeb-d7b425f81faa +vulnerability,CVE-2024-43958,vulnerability--6e144149-1b6a-48df-b815-217c347d2576 +vulnerability,CVE-2024-43935,vulnerability--acef20a0-2ab3-45a0-ad70-8c7f7dffa956 +vulnerability,CVE-2024-43954,vulnerability--3264e325-7ed3-4f60-a081-e3b55fccdbef +vulnerability,CVE-2024-43957,vulnerability--e9e505c1-2798-42fb-bd18-217773662a2b +vulnerability,CVE-2024-43960,vulnerability--5ad6cee5-90f4-41ab-9284-4dd1a38e3b1c +vulnerability,CVE-2024-43931,vulnerability--c1c5ca34-aa02-4d39-9d6b-428ae3b3f55d +vulnerability,CVE-2024-43934,vulnerability--6aa4edbf-3dae-4288-8ce4-37139a8a5855 +vulnerability,CVE-2024-43951,vulnerability--f2c9ed97-623d-4225-b4d8-76e70ba0a8e1 +vulnerability,CVE-2024-43936,vulnerability--b1106442-674e-412a-9d74-bc0e3ac99101 +vulnerability,CVE-2024-43942,vulnerability--74f73f04-7beb-4fc4-936d-09e457276994 +vulnerability,CVE-2024-43964,vulnerability--250ba551-9ae5-4588-b897-f43db98fd305 +vulnerability,CVE-2024-43950,vulnerability--cb301674-9a14-4b50-bd78-6658e7781629 +vulnerability,CVE-2024-43965,vulnerability--a50b2732-a881-4891-82f1-1808321b7797 +vulnerability,CVE-2024-43939,vulnerability--78a26130-f85e-4e6d-b17e-bc0f6f529832 +vulnerability,CVE-2024-43947,vulnerability--8610fa4e-983a-4f3d-b109-2da84bf31c9a +vulnerability,CVE-2024-43804,vulnerability--a9e0afa5-eb87-4df9-a7fb-b5f78c99e0e0 +vulnerability,CVE-2024-43953,vulnerability--ebf63f45-3b0c-4ba9-95bd-df68f70c729b +vulnerability,CVE-2024-43944,vulnerability--75892214-b1d1-4a1c-a116-30224d1518df +vulnerability,CVE-2024-43963,vulnerability--54da2100-1053-458c-94df-32c81804e5c8 +vulnerability,CVE-2024-43952,vulnerability--02a0a5d0-22dd-4b05-8720-aab0c6329449 +vulnerability,CVE-2024-43926,vulnerability--5a1a29f2-da96-4e99-bfed-a171e866f5c1 +vulnerability,CVE-2024-43948,vulnerability--4f677f42-a740-43d1-9aa5-d5337596721b +vulnerability,CVE-2024-43961,vulnerability--d9e575e8-38df-4465-ab8f-badc483141d8 +vulnerability,CVE-2024-43986,vulnerability--29edb3df-32b3-416a-88ed-f7dfb2b18c65 +vulnerability,CVE-2024-5987,vulnerability--95954fb6-206c-403b-b91b-2f53812ffd28 +vulnerability,CVE-2024-5624,vulnerability--f2917f60-08dd-4a44-8a0d-d992bd3f3c67 +vulnerability,CVE-2024-5623,vulnerability--fae2412c-7ebe-47a3-936d-6b74d6ac1aa0 +vulnerability,CVE-2024-5857,vulnerability--eec7adae-faf4-41a4-92e1-26ef7bd389f4 +vulnerability,CVE-2024-5417,vulnerability--fcc1244e-e46b-4f62-9131-42a45267701d +vulnerability,CVE-2024-5622,vulnerability--d2b0b802-d1e2-4516-b10d-743c08c9d24d +vulnerability,CVE-2024-5057,vulnerability--bd0e641f-5950-4a64-9780-25ab894a3e51 +vulnerability,CVE-2024-4428,vulnerability--369f72ac-8715-4f24-83b7-0d80b01927d0 +vulnerability,CVE-2024-8304,vulnerability--b21adc79-1628-4e0e-a043-177e5d9605ab +vulnerability,CVE-2024-8302,vulnerability--8a8700dc-b88c-443e-a07e-fb8e72ba059e +vulnerability,CVE-2024-8295,vulnerability--365e869d-5388-43ac-91b6-7573106c3fdf +vulnerability,CVE-2024-8296,vulnerability--11916870-c492-4fbb-865f-64d3b80cea14 +vulnerability,CVE-2024-8294,vulnerability--63568b2a-2cfb-468a-8691-aa8312ea28c1 +vulnerability,CVE-2024-8255,vulnerability--8394655c-2362-4758-a040-367a58f4bad2 +vulnerability,CVE-2024-8301,vulnerability--24923750-6718-4294-bfba-5c76ec7b8fed +vulnerability,CVE-2024-8297,vulnerability--faf977f2-995c-4ece-b3a3-86118c8f0f62 +vulnerability,CVE-2024-8303,vulnerability--4a210028-ae4d-464d-b77a-3f57efef6c73 +vulnerability,CVE-2024-3679,vulnerability--75dd572a-c893-4c8d-ba30-24425b986356 +vulnerability,CVE-2024-3944,vulnerability--3ed37db6-5b37-4a29-a0d0-d29b2ddfc05f +vulnerability,CVE-2024-45045,vulnerability--c1d548bf-ae24-415f-84b8-edb7903ef1cd +vulnerability,CVE-2024-45440,vulnerability--e0346d04-5b43-4016-b6db-1ad89060afb1 +vulnerability,CVE-2024-45435,vulnerability--dd84044f-1c89-41f7-be95-51f793ae23ef +vulnerability,CVE-2024-45056,vulnerability--dac513db-9b9f-4559-b991-a21004982ffc +vulnerability,CVE-2024-45436,vulnerability--22ea1da0-5fe9-4c5c-bbf2-4d73543ca58a +vulnerability,CVE-2024-45302,vulnerability--40c33c78-166d-473c-9f1d-1d750da81a34 +vulnerability,CVE-2024-6670,vulnerability--6d1309fb-9ab1-4d85-8ddb-c40c81e94549 +vulnerability,CVE-2024-6927,vulnerability--8f3ebf8b-fe22-489d-bae2-cb8e7c09c5d2 +vulnerability,CVE-2024-6551,vulnerability--2ed34515-0447-4173-b702-0320865cbe73 +vulnerability,CVE-2024-6672,vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4 +vulnerability,CVE-2024-6671,vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef +vulnerability,CVE-2024-35118,vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b +vulnerability,CVE-2024-35133,vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525 diff --git a/objects/vulnerability/vulnerability--02a0a5d0-22dd-4b05-8720-aab0c6329449.json b/objects/vulnerability/vulnerability--02a0a5d0-22dd-4b05-8720-aab0c6329449.json new file mode 100644 index 00000000000..ad08469599f --- /dev/null +++ b/objects/vulnerability/vulnerability--02a0a5d0-22dd-4b05-8720-aab0c6329449.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7106431f-1007-4d55-b3e9-36e39b6444e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02a0a5d0-22dd-4b05-8720-aab0c6329449", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.573386Z", + "modified": "2024-08-30T00:19:21.573386Z", + "name": "CVE-2024-43952", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.This issue affects Esotera: from n/a through 1.2.5.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43952" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03f38113-753c-4938-8be4-ed0c52bc980f.json b/objects/vulnerability/vulnerability--03f38113-753c-4938-8be4-ed0c52bc980f.json new file mode 100644 index 00000000000..79ed6312acd --- /dev/null +++ b/objects/vulnerability/vulnerability--03f38113-753c-4938-8be4-ed0c52bc980f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e4fe3d8-89d9-4a59-aaa9-69346af3dfc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03f38113-753c-4938-8be4-ed0c52bc980f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.122312Z", + "modified": "2024-08-30T00:19:21.122312Z", + "name": "CVE-2024-1543", + "description": "The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--050b59ca-a4dc-4819-83a2-36ae9d7652b8.json b/objects/vulnerability/vulnerability--050b59ca-a4dc-4819-83a2-36ae9d7652b8.json new file mode 100644 index 00000000000..04270386131 --- /dev/null +++ b/objects/vulnerability/vulnerability--050b59ca-a4dc-4819-83a2-36ae9d7652b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a431488-93a8-4717-a83d-4287d3531fe4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--050b59ca-a4dc-4819-83a2-36ae9d7652b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.017638Z", + "modified": "2024-08-30T00:19:20.017638Z", + "name": "CVE-2024-29725", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29725" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09080038-38f7-49b9-801a-79308e6775f5.json b/objects/vulnerability/vulnerability--09080038-38f7-49b9-801a-79308e6775f5.json new file mode 100644 index 00000000000..4eddb9c2d7f --- /dev/null +++ b/objects/vulnerability/vulnerability--09080038-38f7-49b9-801a-79308e6775f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--755e981e-29d7-485a-9401-5681805f9894", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09080038-38f7-49b9-801a-79308e6775f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.790835Z", + "modified": "2024-08-30T00:19:20.790835Z", + "name": "CVE-2024-38795", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef.json b/objects/vulnerability/vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef.json new file mode 100644 index 00000000000..c5d396fd669 --- /dev/null +++ b/objects/vulnerability/vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7106dad-4798-4ae4-8f98-f2813854bf46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.122308Z", + "modified": "2024-08-30T00:19:22.122308Z", + "name": "CVE-2024-6671", + "description": "In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a63bf18-75dd-4ed1-b758-34bb2263e777.json b/objects/vulnerability/vulnerability--0a63bf18-75dd-4ed1-b758-34bb2263e777.json new file mode 100644 index 00000000000..d3d6b3939a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a63bf18-75dd-4ed1-b758-34bb2263e777.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--571d5aa7-00e1-4a6d-b350-b6ab37dd9972", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a63bf18-75dd-4ed1-b758-34bb2263e777", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.758685Z", + "modified": "2024-08-30T00:19:20.758685Z", + "name": "CVE-2024-38304", + "description": "Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b191f8f-4ee4-41b8-bee5-7da285d61c0c.json b/objects/vulnerability/vulnerability--0b191f8f-4ee4-41b8-bee5-7da285d61c0c.json new file mode 100644 index 00000000000..c2b41e75b96 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b191f8f-4ee4-41b8-bee5-7da285d61c0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d379e175-aa31-4412-83ca-e742f33d1bd9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b191f8f-4ee4-41b8-bee5-7da285d61c0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.530465Z", + "modified": "2024-08-30T00:19:21.530465Z", + "name": "CVE-2024-43922", + "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43922" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e3cf2f7-de49-47cc-a2e9-6a108361ad44.json b/objects/vulnerability/vulnerability--0e3cf2f7-de49-47cc-a2e9-6a108361ad44.json new file mode 100644 index 00000000000..7773e048ff4 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e3cf2f7-de49-47cc-a2e9-6a108361ad44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb63cae3-2891-4134-aa1e-ffd3cd64c9fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e3cf2f7-de49-47cc-a2e9-6a108361ad44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.198985Z", + "modified": "2024-08-30T00:19:20.198985Z", + "name": "CVE-2024-44930", + "description": "Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44930" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f0dc1c8-935c-43c1-bf0c-2ca2d5423db9.json b/objects/vulnerability/vulnerability--0f0dc1c8-935c-43c1-bf0c-2ca2d5423db9.json new file mode 100644 index 00000000000..fff6d09d27e --- /dev/null +++ b/objects/vulnerability/vulnerability--0f0dc1c8-935c-43c1-bf0c-2ca2d5423db9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7fe71edf-fcf4-4566-b910-9610c5764cbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f0dc1c8-935c-43c1-bf0c-2ca2d5423db9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.518075Z", + "modified": "2024-08-30T00:19:21.518075Z", + "name": "CVE-2024-43949", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10173689-6bc0-49b0-bc88-c5397125ba0d.json b/objects/vulnerability/vulnerability--10173689-6bc0-49b0-bc88-c5397125ba0d.json new file mode 100644 index 00000000000..bf337b83e26 --- /dev/null +++ b/objects/vulnerability/vulnerability--10173689-6bc0-49b0-bc88-c5397125ba0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e995f30-e9ad-4220-93e8-a2ee85bcd31b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10173689-6bc0-49b0-bc88-c5397125ba0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.058048Z", + "modified": "2024-08-30T00:19:21.058048Z", + "name": "CVE-2024-7607", + "description": "The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11916870-c492-4fbb-865f-64d3b80cea14.json b/objects/vulnerability/vulnerability--11916870-c492-4fbb-865f-64d3b80cea14.json new file mode 100644 index 00000000000..b3d8331880b --- /dev/null +++ b/objects/vulnerability/vulnerability--11916870-c492-4fbb-865f-64d3b80cea14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e940b33-a6e1-4b49-816e-bba403dd1140", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11916870-c492-4fbb-865f-64d3b80cea14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.981709Z", + "modified": "2024-08-30T00:19:21.981709Z", + "name": "CVE-2024-8296", + "description": "A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8296" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12270a9f-0224-4860-81a0-ca1de65c9b14.json b/objects/vulnerability/vulnerability--12270a9f-0224-4860-81a0-ca1de65c9b14.json new file mode 100644 index 00000000000..9e39bfe5134 --- /dev/null +++ b/objects/vulnerability/vulnerability--12270a9f-0224-4860-81a0-ca1de65c9b14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1cf1262-df6c-4bc6-893e-de7749a9aef5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12270a9f-0224-4860-81a0-ca1de65c9b14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.037221Z", + "modified": "2024-08-30T00:19:20.037221Z", + "name": "CVE-2024-29723", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29723" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--140fd3fd-9ba4-42a0-b26d-4641a05af6ce.json b/objects/vulnerability/vulnerability--140fd3fd-9ba4-42a0-b26d-4641a05af6ce.json new file mode 100644 index 00000000000..da269f26bb0 --- /dev/null +++ b/objects/vulnerability/vulnerability--140fd3fd-9ba4-42a0-b26d-4641a05af6ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e5bb728-24d4-4a4e-86aa-5d12bddbab05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--140fd3fd-9ba4-42a0-b26d-4641a05af6ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.978893Z", + "modified": "2024-08-30T00:19:19.978893Z", + "name": "CVE-2024-41361", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\manageFilesFolders.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41361" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14641c1b-1be0-4164-b0bc-2d69f1636bad.json b/objects/vulnerability/vulnerability--14641c1b-1be0-4164-b0bc-2d69f1636bad.json new file mode 100644 index 00000000000..951614c3976 --- /dev/null +++ b/objects/vulnerability/vulnerability--14641c1b-1be0-4164-b0bc-2d69f1636bad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9091e3d4-6f97-47aa-8b85-25055392e172", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14641c1b-1be0-4164-b0bc-2d69f1636bad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.529153Z", + "modified": "2024-08-30T00:19:21.529153Z", + "name": "CVE-2024-43917", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43917" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--162ec8d1-5fd6-4cca-9d3d-b94d508a3346.json b/objects/vulnerability/vulnerability--162ec8d1-5fd6-4cca-9d3d-b94d508a3346.json new file mode 100644 index 00000000000..aeebbe7d35b --- /dev/null +++ b/objects/vulnerability/vulnerability--162ec8d1-5fd6-4cca-9d3d-b94d508a3346.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a29371be-5a1e-44f9-b185-37a516dbfca0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--162ec8d1-5fd6-4cca-9d3d-b94d508a3346", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.984989Z", + "modified": "2024-08-30T00:19:19.984989Z", + "name": "CVE-2024-41370", + "description": "** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--170d8a92-9718-4dd6-a0d5-87116a6a1d49.json b/objects/vulnerability/vulnerability--170d8a92-9718-4dd6-a0d5-87116a6a1d49.json new file mode 100644 index 00000000000..a905c35c94d --- /dev/null +++ b/objects/vulnerability/vulnerability--170d8a92-9718-4dd6-a0d5-87116a6a1d49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--080c8099-a83b-4dda-bfaa-cfcb8d930280", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--170d8a92-9718-4dd6-a0d5-87116a6a1d49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.173787Z", + "modified": "2024-08-30T00:19:21.173787Z", + "name": "CVE-2024-39620", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f24ac70-3cd6-437c-9b66-4eb0cadd24d7.json b/objects/vulnerability/vulnerability--1f24ac70-3cd6-437c-9b66-4eb0cadd24d7.json new file mode 100644 index 00000000000..371c97ca835 --- /dev/null +++ b/objects/vulnerability/vulnerability--1f24ac70-3cd6-437c-9b66-4eb0cadd24d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22f6f803-34dc-4307-9e2f-7e31f74fbb0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f24ac70-3cd6-437c-9b66-4eb0cadd24d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.1956Z", + "modified": "2024-08-30T00:19:20.1956Z", + "name": "CVE-2024-44776", + "description": "An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44776" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20f04a43-0d45-4b03-9641-6d02cc2f5eae.json b/objects/vulnerability/vulnerability--20f04a43-0d45-4b03-9641-6d02cc2f5eae.json new file mode 100644 index 00000000000..808a8a324aa --- /dev/null +++ b/objects/vulnerability/vulnerability--20f04a43-0d45-4b03-9641-6d02cc2f5eae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c827abe-a70d-4429-8f68-95226f7e39db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20f04a43-0d45-4b03-9641-6d02cc2f5eae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.515225Z", + "modified": "2024-08-30T00:19:21.515225Z", + "name": "CVE-2024-43921", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b.json b/objects/vulnerability/vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b.json new file mode 100644 index 00000000000..67f8c26bc78 --- /dev/null +++ b/objects/vulnerability/vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96724ca3-221c-4272-812f-5864779c6182", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.158244Z", + "modified": "2024-08-30T00:19:22.158244Z", + "name": "CVE-2024-35118", + "description": "IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35118" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22ea1da0-5fe9-4c5c-bbf2-4d73543ca58a.json b/objects/vulnerability/vulnerability--22ea1da0-5fe9-4c5c-bbf2-4d73543ca58a.json new file mode 100644 index 00000000000..97391aa0f85 --- /dev/null +++ b/objects/vulnerability/vulnerability--22ea1da0-5fe9-4c5c-bbf2-4d73543ca58a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93d141b9-88e0-497d-8875-98bdb17b437f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22ea1da0-5fe9-4c5c-bbf2-4d73543ca58a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.081533Z", + "modified": "2024-08-30T00:19:22.081533Z", + "name": "CVE-2024-45436", + "description": "extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24923750-6718-4294-bfba-5c76ec7b8fed.json b/objects/vulnerability/vulnerability--24923750-6718-4294-bfba-5c76ec7b8fed.json new file mode 100644 index 00000000000..63635871931 --- /dev/null +++ b/objects/vulnerability/vulnerability--24923750-6718-4294-bfba-5c76ec7b8fed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62ec6e8e-f0e8-458e-a3ec-70952d84a0b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24923750-6718-4294-bfba-5c76ec7b8fed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.987301Z", + "modified": "2024-08-30T00:19:21.987301Z", + "name": "CVE-2024-8301", + "description": "A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8301" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--250ba551-9ae5-4588-b897-f43db98fd305.json b/objects/vulnerability/vulnerability--250ba551-9ae5-4588-b897-f43db98fd305.json new file mode 100644 index 00000000000..a727c82ce76 --- /dev/null +++ b/objects/vulnerability/vulnerability--250ba551-9ae5-4588-b897-f43db98fd305.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89b053ed-e3f8-4161-b648-f480bcd464e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--250ba551-9ae5-4588-b897-f43db98fd305", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.562913Z", + "modified": "2024-08-30T00:19:21.562913Z", + "name": "CVE-2024-43964", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2680db1e-97d2-42f7-9ca2-4623e7555ccc.json b/objects/vulnerability/vulnerability--2680db1e-97d2-42f7-9ca2-4623e7555ccc.json new file mode 100644 index 00000000000..94ff27abebc --- /dev/null +++ b/objects/vulnerability/vulnerability--2680db1e-97d2-42f7-9ca2-4623e7555ccc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c67c516-dd9d-4932-980d-48e51b4f417e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2680db1e-97d2-42f7-9ca2-4623e7555ccc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.955316Z", + "modified": "2024-08-30T00:19:19.955316Z", + "name": "CVE-2024-41918", + "description": "'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29edb3df-32b3-416a-88ed-f7dfb2b18c65.json b/objects/vulnerability/vulnerability--29edb3df-32b3-416a-88ed-f7dfb2b18c65.json new file mode 100644 index 00000000000..d379d6005b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--29edb3df-32b3-416a-88ed-f7dfb2b18c65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4924a688-33bd-41d7-8d63-c234b964e733", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29edb3df-32b3-416a-88ed-f7dfb2b18c65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.579635Z", + "modified": "2024-08-30T00:19:21.579635Z", + "name": "CVE-2024-43986", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43986" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b24daf8-f9a3-40c9-8373-25331a479695.json b/objects/vulnerability/vulnerability--2b24daf8-f9a3-40c9-8373-25331a479695.json new file mode 100644 index 00000000000..4d5db6848da --- /dev/null +++ b/objects/vulnerability/vulnerability--2b24daf8-f9a3-40c9-8373-25331a479695.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acc2070f-0727-4189-8787-a6213099f2fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b24daf8-f9a3-40c9-8373-25331a479695", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.146036Z", + "modified": "2024-08-30T00:19:21.146036Z", + "name": "CVE-2024-1056", + "description": "The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ed34515-0447-4173-b702-0320865cbe73.json b/objects/vulnerability/vulnerability--2ed34515-0447-4173-b702-0320865cbe73.json new file mode 100644 index 00000000000..3b2bed3b69d --- /dev/null +++ b/objects/vulnerability/vulnerability--2ed34515-0447-4173-b702-0320865cbe73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac137e64-2029-4f51-adc1-236f9eb022db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ed34515-0447-4173-b702-0320865cbe73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.111104Z", + "modified": "2024-08-30T00:19:22.111104Z", + "name": "CVE-2024-6551", + "description": "The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6551" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525.json b/objects/vulnerability/vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525.json new file mode 100644 index 00000000000..bcdccebb13d --- /dev/null +++ b/objects/vulnerability/vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be151a46-81c0-4163-8041-f357beb407b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.18654Z", + "modified": "2024-08-30T00:19:22.18654Z", + "name": "CVE-2024-35133", + "description": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30499c9b-47c9-4fdf-80f1-08dbe2d9a6c1.json b/objects/vulnerability/vulnerability--30499c9b-47c9-4fdf-80f1-08dbe2d9a6c1.json new file mode 100644 index 00000000000..1ccdca076f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--30499c9b-47c9-4fdf-80f1-08dbe2d9a6c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a14240b-fb3e-4f8b-a2b8-628591d850bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30499c9b-47c9-4fdf-80f1-08dbe2d9a6c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.511706Z", + "modified": "2024-08-30T00:19:21.511706Z", + "name": "CVE-2024-43144", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3264e325-7ed3-4f60-a081-e3b55fccdbef.json b/objects/vulnerability/vulnerability--3264e325-7ed3-4f60-a081-e3b55fccdbef.json new file mode 100644 index 00000000000..cc37e440975 --- /dev/null +++ b/objects/vulnerability/vulnerability--3264e325-7ed3-4f60-a081-e3b55fccdbef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87469e29-4518-4f68-a183-1f5d4faccfde", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3264e325-7ed3-4f60-a081-e3b55fccdbef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.544654Z", + "modified": "2024-08-30T00:19:21.544654Z", + "name": "CVE-2024-43954", + "description": "Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43954" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34b17362-3a15-4589-9127-f5b46bbe5547.json b/objects/vulnerability/vulnerability--34b17362-3a15-4589-9127-f5b46bbe5547.json new file mode 100644 index 00000000000..fc3f31c107a --- /dev/null +++ b/objects/vulnerability/vulnerability--34b17362-3a15-4589-9127-f5b46bbe5547.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ad3e59f-7a64-4aa0-a376-b88b39424f85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34b17362-3a15-4589-9127-f5b46bbe5547", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.00233Z", + "modified": "2024-08-30T00:19:20.00233Z", + "name": "CVE-2024-41372", + "description": "** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41372" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--365e869d-5388-43ac-91b6-7573106c3fdf.json b/objects/vulnerability/vulnerability--365e869d-5388-43ac-91b6-7573106c3fdf.json new file mode 100644 index 00000000000..87dc4add864 --- /dev/null +++ b/objects/vulnerability/vulnerability--365e869d-5388-43ac-91b6-7573106c3fdf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a53845d1-6c96-4b28-8544-b355fa2c8f91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--365e869d-5388-43ac-91b6-7573106c3fdf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.980544Z", + "modified": "2024-08-30T00:19:21.980544Z", + "name": "CVE-2024-8295", + "description": "A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36874e41-a378-4599-a67d-0ed574d6af8a.json b/objects/vulnerability/vulnerability--36874e41-a378-4599-a67d-0ed574d6af8a.json new file mode 100644 index 00000000000..15d44fdcb6b --- /dev/null +++ b/objects/vulnerability/vulnerability--36874e41-a378-4599-a67d-0ed574d6af8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4408b10c-2403-4eeb-a423-d3708d1a27e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36874e41-a378-4599-a67d-0ed574d6af8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.026568Z", + "modified": "2024-08-30T00:19:20.026568Z", + "name": "CVE-2024-29724", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29724" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--369f72ac-8715-4f24-83b7-0d80b01927d0.json b/objects/vulnerability/vulnerability--369f72ac-8715-4f24-83b7-0d80b01927d0.json new file mode 100644 index 00000000000..cf0acd2a8af --- /dev/null +++ b/objects/vulnerability/vulnerability--369f72ac-8715-4f24-83b7-0d80b01927d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac8bc82a-6242-4ae0-9149-2214bb799495", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--369f72ac-8715-4f24-83b7-0d80b01927d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.964759Z", + "modified": "2024-08-30T00:19:21.964759Z", + "name": "CVE-2024-4428", + "description": "Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38dabd2c-073e-4fb3-a331-6976c9c1854d.json b/objects/vulnerability/vulnerability--38dabd2c-073e-4fb3-a331-6976c9c1854d.json new file mode 100644 index 00000000000..5408df7ea46 --- /dev/null +++ b/objects/vulnerability/vulnerability--38dabd2c-073e-4fb3-a331-6976c9c1854d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1516515a-a9e2-4cca-a267-8138b794e1ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38dabd2c-073e-4fb3-a331-6976c9c1854d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.380442Z", + "modified": "2024-08-30T00:19:21.380442Z", + "name": "CVE-2024-39638", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ad07897-5e61-4e6e-9c4a-88ce254f05aa.json b/objects/vulnerability/vulnerability--3ad07897-5e61-4e6e-9c4a-88ce254f05aa.json new file mode 100644 index 00000000000..1d505f93d1f --- /dev/null +++ b/objects/vulnerability/vulnerability--3ad07897-5e61-4e6e-9c4a-88ce254f05aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb3c6de3-7b14-42cf-be8b-cd66ec645dc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ad07897-5e61-4e6e-9c4a-88ce254f05aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.949528Z", + "modified": "2024-08-30T00:19:19.949528Z", + "name": "CVE-2024-41371", + "description": "** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c1dd8f8-d2e0-4680-8eac-b4fa663b73ff.json b/objects/vulnerability/vulnerability--3c1dd8f8-d2e0-4680-8eac-b4fa663b73ff.json new file mode 100644 index 00000000000..f18d676ef4a --- /dev/null +++ b/objects/vulnerability/vulnerability--3c1dd8f8-d2e0-4680-8eac-b4fa663b73ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99bdebb5-45c5-433c-a776-059f048e0fc5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c1dd8f8-d2e0-4680-8eac-b4fa663b73ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.36116Z", + "modified": "2024-08-30T00:19:20.36116Z", + "name": "CVE-2024-2502", + "description": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ed37db6-5b37-4a29-a0d0-d29b2ddfc05f.json b/objects/vulnerability/vulnerability--3ed37db6-5b37-4a29-a0d0-d29b2ddfc05f.json new file mode 100644 index 00000000000..7802b1a7b4f --- /dev/null +++ b/objects/vulnerability/vulnerability--3ed37db6-5b37-4a29-a0d0-d29b2ddfc05f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afab1abf-7230-4839-8c02-d6836efa3416", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ed37db6-5b37-4a29-a0d0-d29b2ddfc05f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.05551Z", + "modified": "2024-08-30T00:19:22.05551Z", + "name": "CVE-2024-3944", + "description": "The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3944" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40c33c78-166d-473c-9f1d-1d750da81a34.json b/objects/vulnerability/vulnerability--40c33c78-166d-473c-9f1d-1d750da81a34.json new file mode 100644 index 00000000000..dbff8a0e536 --- /dev/null +++ b/objects/vulnerability/vulnerability--40c33c78-166d-473c-9f1d-1d750da81a34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c467f972-1502-4056-a884-5ce99b58e6dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40c33c78-166d-473c-9f1d-1d750da81a34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.083233Z", + "modified": "2024-08-30T00:19:22.083233Z", + "name": "CVE-2024-45302", + "description": "RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45302" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40cd5a62-33df-4deb-87a6-ad4dbad5c4c5.json b/objects/vulnerability/vulnerability--40cd5a62-33df-4deb-87a6-ad4dbad5c4c5.json new file mode 100644 index 00000000000..90d6b5076af --- /dev/null +++ b/objects/vulnerability/vulnerability--40cd5a62-33df-4deb-87a6-ad4dbad5c4c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a397210d-c1c1-42a5-afbd-03504980a9c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40cd5a62-33df-4deb-87a6-ad4dbad5c4c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.003262Z", + "modified": "2024-08-30T00:19:20.003262Z", + "name": "CVE-2024-41367", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\api\\playlist\\appendFileToPlaylist.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42e41cce-9a33-4bc1-85b5-a02aecfc10d1.json b/objects/vulnerability/vulnerability--42e41cce-9a33-4bc1-85b5-a02aecfc10d1.json new file mode 100644 index 00000000000..5f587553d39 --- /dev/null +++ b/objects/vulnerability/vulnerability--42e41cce-9a33-4bc1-85b5-a02aecfc10d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6feafcaa-9ffe-4e24-851e-d741ee737173", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42e41cce-9a33-4bc1-85b5-a02aecfc10d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.03435Z", + "modified": "2024-08-30T00:19:20.03435Z", + "name": "CVE-2024-29726", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29726" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--435e38d2-d5b5-4e69-992f-bf857c0fd989.json b/objects/vulnerability/vulnerability--435e38d2-d5b5-4e69-992f-bf857c0fd989.json new file mode 100644 index 00000000000..ff275000ae6 --- /dev/null +++ b/objects/vulnerability/vulnerability--435e38d2-d5b5-4e69-992f-bf857c0fd989.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b4e212e-93a4-444d-9613-c7826b7bacce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--435e38d2-d5b5-4e69-992f-bf857c0fd989", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.998918Z", + "modified": "2024-08-30T00:19:19.998918Z", + "name": "CVE-2024-41368", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\inc.setWlanIpMail.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--445560c7-4634-4dcd-836f-cf0b590bec8f.json b/objects/vulnerability/vulnerability--445560c7-4634-4dcd-836f-cf0b590bec8f.json new file mode 100644 index 00000000000..dd4566b17c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--445560c7-4634-4dcd-836f-cf0b590bec8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a775db0-a6be-4406-bb63-4caa23f3e74a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--445560c7-4634-4dcd-836f-cf0b590bec8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.509774Z", + "modified": "2024-08-30T00:19:21.509774Z", + "name": "CVE-2024-43955", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--468cac4e-4e97-48fa-aeda-0b9d61aff577.json b/objects/vulnerability/vulnerability--468cac4e-4e97-48fa-aeda-0b9d61aff577.json new file mode 100644 index 00000000000..bfa1bc15c59 --- /dev/null +++ b/objects/vulnerability/vulnerability--468cac4e-4e97-48fa-aeda-0b9d61aff577.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7faa29d-c4f2-4df8-a004-898a55b98120", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--468cac4e-4e97-48fa-aeda-0b9d61aff577", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.043669Z", + "modified": "2024-08-30T00:19:20.043669Z", + "name": "CVE-2024-29729", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a210028-ae4d-464d-b77a-3f57efef6c73.json b/objects/vulnerability/vulnerability--4a210028-ae4d-464d-b77a-3f57efef6c73.json new file mode 100644 index 00000000000..a64080e34f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a210028-ae4d-464d-b77a-3f57efef6c73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--153ffb75-f5d0-4275-a909-37b574261baf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a210028-ae4d-464d-b77a-3f57efef6c73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.994253Z", + "modified": "2024-08-30T00:19:21.994253Z", + "name": "CVE-2024-8303", + "description": "A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b0158be-e112-48c8-b0ca-55e2ece42fa4.json b/objects/vulnerability/vulnerability--4b0158be-e112-48c8-b0ca-55e2ece42fa4.json new file mode 100644 index 00000000000..94d98f6d095 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b0158be-e112-48c8-b0ca-55e2ece42fa4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66041b81-ec4e-49b4-ba6a-85c6783d1cb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b0158be-e112-48c8-b0ca-55e2ece42fa4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.531816Z", + "modified": "2024-08-30T00:19:21.531816Z", + "name": "CVE-2024-43940", + "description": "Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43940" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bf01be5-6c98-4a05-8358-7ce763f14ff0.json b/objects/vulnerability/vulnerability--4bf01be5-6c98-4a05-8358-7ce763f14ff0.json new file mode 100644 index 00000000000..da9004530b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bf01be5-6c98-4a05-8358-7ce763f14ff0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2da0e065-ffc3-49bb-b4e7-58267002b465", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bf01be5-6c98-4a05-8358-7ce763f14ff0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.183282Z", + "modified": "2024-08-30T00:19:20.183282Z", + "name": "CVE-2024-44779", + "description": "A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44779" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e73e746-8ae8-4baa-a600-2eb040787783.json b/objects/vulnerability/vulnerability--4e73e746-8ae8-4baa-a600-2eb040787783.json new file mode 100644 index 00000000000..bb365f49abb --- /dev/null +++ b/objects/vulnerability/vulnerability--4e73e746-8ae8-4baa-a600-2eb040787783.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27c728ef-e3be-453f-a48e-6576888bd153", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e73e746-8ae8-4baa-a600-2eb040787783", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.971675Z", + "modified": "2024-08-30T00:19:19.971675Z", + "name": "CVE-2024-41346", + "description": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41346" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f677f42-a740-43d1-9aa5-d5337596721b.json b/objects/vulnerability/vulnerability--4f677f42-a740-43d1-9aa5-d5337596721b.json new file mode 100644 index 00000000000..4b75dde50be --- /dev/null +++ b/objects/vulnerability/vulnerability--4f677f42-a740-43d1-9aa5-d5337596721b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc315c2d-3bf2-4c79-acc9-b337c42db67e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f677f42-a740-43d1-9aa5-d5337596721b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.576359Z", + "modified": "2024-08-30T00:19:21.576359Z", + "name": "CVE-2024-43948", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43948" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--510d2322-985c-4cda-834d-3c051aeb3396.json b/objects/vulnerability/vulnerability--510d2322-985c-4cda-834d-3c051aeb3396.json new file mode 100644 index 00000000000..0156046245f --- /dev/null +++ b/objects/vulnerability/vulnerability--510d2322-985c-4cda-834d-3c051aeb3396.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0cdab32-3822-4d03-811c-c19ba77561ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--510d2322-985c-4cda-834d-3c051aeb3396", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.059112Z", + "modified": "2024-08-30T00:19:20.059112Z", + "name": "CVE-2024-29731", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29731" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54da2100-1053-458c-94df-32c81804e5c8.json b/objects/vulnerability/vulnerability--54da2100-1053-458c-94df-32c81804e5c8.json new file mode 100644 index 00000000000..c9a777a39ff --- /dev/null +++ b/objects/vulnerability/vulnerability--54da2100-1053-458c-94df-32c81804e5c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d430ea19-48a9-409d-bbc7-dec428239919", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54da2100-1053-458c-94df-32c81804e5c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.572289Z", + "modified": "2024-08-30T00:19:21.572289Z", + "name": "CVE-2024-43963", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a1a29f2-da96-4e99-bfed-a171e866f5c1.json b/objects/vulnerability/vulnerability--5a1a29f2-da96-4e99-bfed-a171e866f5c1.json new file mode 100644 index 00000000000..d7acf4cb5c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a1a29f2-da96-4e99-bfed-a171e866f5c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cdef233e-8c2a-44a6-918c-c6c36df7fa84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a1a29f2-da96-4e99-bfed-a171e866f5c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.574722Z", + "modified": "2024-08-30T00:19:21.574722Z", + "name": "CVE-2024-43926", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.This issue affects Beaver Builder: from n/a through 2.8.3.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43926" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ad6cee5-90f4-41ab-9284-4dd1a38e3b1c.json b/objects/vulnerability/vulnerability--5ad6cee5-90f4-41ab-9284-4dd1a38e3b1c.json new file mode 100644 index 00000000000..4eabce417c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--5ad6cee5-90f4-41ab-9284-4dd1a38e3b1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3fbc652-3a66-45ed-9dba-b6671b3feed4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ad6cee5-90f4-41ab-9284-4dd1a38e3b1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.548076Z", + "modified": "2024-08-30T00:19:21.548076Z", + "name": "CVE-2024-43960", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bf091aa-0648-4d1b-827a-c4eabdf1c2f1.json b/objects/vulnerability/vulnerability--5bf091aa-0648-4d1b-827a-c4eabdf1c2f1.json new file mode 100644 index 00000000000..e58e885060a --- /dev/null +++ b/objects/vulnerability/vulnerability--5bf091aa-0648-4d1b-827a-c4eabdf1c2f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3dcc238-00de-46b3-864e-167b2064d13d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bf091aa-0648-4d1b-827a-c4eabdf1c2f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.188827Z", + "modified": "2024-08-30T00:19:20.188827Z", + "name": "CVE-2024-44717", + "description": "A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44717" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--611f19af-7c26-44c7-a63f-5bc49474e1c7.json b/objects/vulnerability/vulnerability--611f19af-7c26-44c7-a63f-5bc49474e1c7.json new file mode 100644 index 00000000000..24607d87870 --- /dev/null +++ b/objects/vulnerability/vulnerability--611f19af-7c26-44c7-a63f-5bc49474e1c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9addb1c-efac-48dc-a27a-f618da7e67c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--611f19af-7c26-44c7-a63f-5bc49474e1c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.97277Z", + "modified": "2024-08-30T00:19:19.97277Z", + "name": "CVE-2024-41369", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\inc.setWifi.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63568b2a-2cfb-468a-8691-aa8312ea28c1.json b/objects/vulnerability/vulnerability--63568b2a-2cfb-468a-8691-aa8312ea28c1.json new file mode 100644 index 00000000000..3faad3f796a --- /dev/null +++ b/objects/vulnerability/vulnerability--63568b2a-2cfb-468a-8691-aa8312ea28c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3648180-360f-4bb3-aac8-f66b6bf52c3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63568b2a-2cfb-468a-8691-aa8312ea28c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.982757Z", + "modified": "2024-08-30T00:19:21.982757Z", + "name": "CVE-2024-8294", + "description": "A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4.json b/objects/vulnerability/vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4.json new file mode 100644 index 00000000000..33f1ccfc88f --- /dev/null +++ b/objects/vulnerability/vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d43f873-100c-48d9-8fd2-fc12b308bb33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.115714Z", + "modified": "2024-08-30T00:19:22.115714Z", + "name": "CVE-2024-6672", + "description": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6aa4edbf-3dae-4288-8ce4-37139a8a5855.json b/objects/vulnerability/vulnerability--6aa4edbf-3dae-4288-8ce4-37139a8a5855.json new file mode 100644 index 00000000000..eb620c9a0da --- /dev/null +++ b/objects/vulnerability/vulnerability--6aa4edbf-3dae-4288-8ce4-37139a8a5855.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c2bf311-9302-430d-a2bd-20fc5f349a2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6aa4edbf-3dae-4288-8ce4-37139a8a5855", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.55099Z", + "modified": "2024-08-30T00:19:21.55099Z", + "name": "CVE-2024-43934", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43934" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c5974bc-ef85-4804-af02-6e201f415b9f.json b/objects/vulnerability/vulnerability--6c5974bc-ef85-4804-af02-6e201f415b9f.json new file mode 100644 index 00000000000..dd728ebcbb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c5974bc-ef85-4804-af02-6e201f415b9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4754903-c8db-4432-9b51-e79c32692ad3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c5974bc-ef85-4804-af02-6e201f415b9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.34671Z", + "modified": "2024-08-30T00:19:20.34671Z", + "name": "CVE-2024-2541", + "description": "The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d1309fb-9ab1-4d85-8ddb-c40c81e94549.json b/objects/vulnerability/vulnerability--6d1309fb-9ab1-4d85-8ddb-c40c81e94549.json new file mode 100644 index 00000000000..dc23160b285 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d1309fb-9ab1-4d85-8ddb-c40c81e94549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6e8eafc-75ea-46a0-9696-eada075efeea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d1309fb-9ab1-4d85-8ddb-c40c81e94549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.100078Z", + "modified": "2024-08-30T00:19:22.100078Z", + "name": "CVE-2024-6670", + "description": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e144149-1b6a-48df-b815-217c347d2576.json b/objects/vulnerability/vulnerability--6e144149-1b6a-48df-b815-217c347d2576.json new file mode 100644 index 00000000000..0590873d219 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e144149-1b6a-48df-b815-217c347d2576.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5d937ec-df71-4dad-9004-82458f308067", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e144149-1b6a-48df-b815-217c347d2576", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.541095Z", + "modified": "2024-08-30T00:19:21.541095Z", + "name": "CVE-2024-43958", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43958" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f8e291e-d4fa-406d-9045-5956edd20782.json b/objects/vulnerability/vulnerability--6f8e291e-d4fa-406d-9045-5956edd20782.json new file mode 100644 index 00000000000..aabc742267a --- /dev/null +++ b/objects/vulnerability/vulnerability--6f8e291e-d4fa-406d-9045-5956edd20782.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2794cea7-56a4-4d90-9e03-9bf608f114a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f8e291e-d4fa-406d-9045-5956edd20782", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.535571Z", + "modified": "2024-08-30T00:19:21.535571Z", + "name": "CVE-2024-43132", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--738aa3fc-5dcd-409d-8988-506076244f30.json b/objects/vulnerability/vulnerability--738aa3fc-5dcd-409d-8988-506076244f30.json new file mode 100644 index 00000000000..b4fe16e55f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--738aa3fc-5dcd-409d-8988-506076244f30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72f04f6a-5a9f-4419-b985-9481ee0c2529", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--738aa3fc-5dcd-409d-8988-506076244f30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.506052Z", + "modified": "2024-08-30T00:19:21.506052Z", + "name": "CVE-2024-43946", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43946" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74f73f04-7beb-4fc4-936d-09e457276994.json b/objects/vulnerability/vulnerability--74f73f04-7beb-4fc4-936d-09e457276994.json new file mode 100644 index 00000000000..68a4759609c --- /dev/null +++ b/objects/vulnerability/vulnerability--74f73f04-7beb-4fc4-936d-09e457276994.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b0c78e8-0848-4506-8bc2-fef3610fd7ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74f73f04-7beb-4fc4-936d-09e457276994", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.561679Z", + "modified": "2024-08-30T00:19:21.561679Z", + "name": "CVE-2024-43942", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43942" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75892214-b1d1-4a1c-a116-30224d1518df.json b/objects/vulnerability/vulnerability--75892214-b1d1-4a1c-a116-30224d1518df.json new file mode 100644 index 00000000000..7245c61e0b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--75892214-b1d1-4a1c-a116-30224d1518df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5ca358b-dd11-4f5d-8354-fc250ee9717d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75892214-b1d1-4a1c-a116-30224d1518df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.571056Z", + "modified": "2024-08-30T00:19:21.571056Z", + "name": "CVE-2024-43944", + "description": "Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43944" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75dd572a-c893-4c8d-ba30-24425b986356.json b/objects/vulnerability/vulnerability--75dd572a-c893-4c8d-ba30-24425b986356.json new file mode 100644 index 00000000000..da30da124a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--75dd572a-c893-4c8d-ba30-24425b986356.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58c1f6a3-21e9-4872-9cb2-931b0da8bc77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75dd572a-c893-4c8d-ba30-24425b986356", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.005725Z", + "modified": "2024-08-30T00:19:22.005725Z", + "name": "CVE-2024-3679", + "description": "The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3679" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78a26130-f85e-4e6d-b17e-bc0f6f529832.json b/objects/vulnerability/vulnerability--78a26130-f85e-4e6d-b17e-bc0f6f529832.json new file mode 100644 index 00000000000..c1feee239be --- /dev/null +++ b/objects/vulnerability/vulnerability--78a26130-f85e-4e6d-b17e-bc0f6f529832.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb8fb1bc-1d7f-49df-a141-3b85326cdb21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78a26130-f85e-4e6d-b17e-bc0f6f529832", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.566764Z", + "modified": "2024-08-30T00:19:21.566764Z", + "name": "CVE-2024-43939", + "description": "Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43939" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c0dd35b-7b6f-4132-86f4-41aa0e927eb1.json b/objects/vulnerability/vulnerability--7c0dd35b-7b6f-4132-86f4-41aa0e927eb1.json new file mode 100644 index 00000000000..d522ab5c598 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c0dd35b-7b6f-4132-86f4-41aa0e927eb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3b09a8a-165e-4cbd-9751-9ad35d3f7c37", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c0dd35b-7b6f-4132-86f4-41aa0e927eb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.982002Z", + "modified": "2024-08-30T00:19:19.982002Z", + "name": "CVE-2024-41964", + "description": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c63c51f-609f-4146-9a4b-87cd9f86bc7e.json b/objects/vulnerability/vulnerability--7c63c51f-609f-4146-9a4b-87cd9f86bc7e.json new file mode 100644 index 00000000000..bddee82b765 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c63c51f-609f-4146-9a4b-87cd9f86bc7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b18f33f9-a450-4522-b660-a4eb5c94aa18", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c63c51f-609f-4146-9a4b-87cd9f86bc7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.785489Z", + "modified": "2024-08-30T00:19:20.785489Z", + "name": "CVE-2024-38303", + "description": "Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--820e6d66-3f9e-412b-858f-60452485f287.json b/objects/vulnerability/vulnerability--820e6d66-3f9e-412b-858f-60452485f287.json new file mode 100644 index 00000000000..5edaede884c --- /dev/null +++ b/objects/vulnerability/vulnerability--820e6d66-3f9e-412b-858f-60452485f287.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d33e3da8-dc4c-4875-927d-5314a048f09f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--820e6d66-3f9e-412b-858f-60452485f287", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.264796Z", + "modified": "2024-08-30T00:19:20.264796Z", + "name": "CVE-2024-34019", + "description": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8394655c-2362-4758-a040-367a58f4bad2.json b/objects/vulnerability/vulnerability--8394655c-2362-4758-a040-367a58f4bad2.json new file mode 100644 index 00000000000..d9fa77d0848 --- /dev/null +++ b/objects/vulnerability/vulnerability--8394655c-2362-4758-a040-367a58f4bad2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34154c58-3b3d-4d05-b9a4-36006ae36acf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8394655c-2362-4758-a040-367a58f4bad2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.985375Z", + "modified": "2024-08-30T00:19:21.985375Z", + "name": "CVE-2024-8255", + "description": "Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8255" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8610fa4e-983a-4f3d-b109-2da84bf31c9a.json b/objects/vulnerability/vulnerability--8610fa4e-983a-4f3d-b109-2da84bf31c9a.json new file mode 100644 index 00000000000..c069e210714 --- /dev/null +++ b/objects/vulnerability/vulnerability--8610fa4e-983a-4f3d-b109-2da84bf31c9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c0a485c-6f57-47f9-b4f0-132b1b4252b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8610fa4e-983a-4f3d-b109-2da84bf31c9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.567737Z", + "modified": "2024-08-30T00:19:21.567737Z", + "name": "CVE-2024-43947", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43947" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87d1c184-29d4-495e-8a7b-2fa7d1684081.json b/objects/vulnerability/vulnerability--87d1c184-29d4-495e-8a7b-2fa7d1684081.json new file mode 100644 index 00000000000..8b5fb9c962a --- /dev/null +++ b/objects/vulnerability/vulnerability--87d1c184-29d4-495e-8a7b-2fa7d1684081.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a751d738-27f3-43e8-a916-9301b0947d16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87d1c184-29d4-495e-8a7b-2fa7d1684081", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:08.396148Z", + "modified": "2024-08-30T00:19:08.396148Z", + "name": "CVE-2022-2440", + "description": "The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-2440" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--890ad079-69e4-4907-9b23-95a0ff3a362a.json b/objects/vulnerability/vulnerability--890ad079-69e4-4907-9b23-95a0ff3a362a.json new file mode 100644 index 00000000000..36eeaee4c76 --- /dev/null +++ b/objects/vulnerability/vulnerability--890ad079-69e4-4907-9b23-95a0ff3a362a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80ba7f26-ce67-41d4-9113-413c898c6fdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--890ad079-69e4-4907-9b23-95a0ff3a362a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.202548Z", + "modified": "2024-08-30T00:19:20.202548Z", + "name": "CVE-2024-44919", + "description": "A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44919" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a1b34d5-dc06-4d82-bd2f-382939670c24.json b/objects/vulnerability/vulnerability--8a1b34d5-dc06-4d82-bd2f-382939670c24.json new file mode 100644 index 00000000000..ee98aae7b94 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a1b34d5-dc06-4d82-bd2f-382939670c24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fff810b-5f83-4ae9-9e7a-297051f61b1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a1b34d5-dc06-4d82-bd2f-382939670c24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.952588Z", + "modified": "2024-08-30T00:19:19.952588Z", + "name": "CVE-2024-41364", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\trackEdit.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a8700dc-b88c-443e-a07e-fb8e72ba059e.json b/objects/vulnerability/vulnerability--8a8700dc-b88c-443e-a07e-fb8e72ba059e.json new file mode 100644 index 00000000000..b830b9d82a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a8700dc-b88c-443e-a07e-fb8e72ba059e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--868ad45d-7788-42bb-b0b1-89d0b566fa80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a8700dc-b88c-443e-a07e-fb8e72ba059e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.978035Z", + "modified": "2024-08-30T00:19:21.978035Z", + "name": "CVE-2024-8302", + "description": "A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8302" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f3ebf8b-fe22-489d-bae2-cb8e7c09c5d2.json b/objects/vulnerability/vulnerability--8f3ebf8b-fe22-489d-bae2-cb8e7c09c5d2.json new file mode 100644 index 00000000000..6e47ad8a126 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f3ebf8b-fe22-489d-bae2-cb8e7c09c5d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d329c8e-845f-4eb2-a618-23af115cb814", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f3ebf8b-fe22-489d-bae2-cb8e7c09c5d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.10707Z", + "modified": "2024-08-30T00:19:22.10707Z", + "name": "CVE-2024-6927", + "description": "The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6927" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91216c04-a3b3-4dbf-b8a2-6238ee33067b.json b/objects/vulnerability/vulnerability--91216c04-a3b3-4dbf-b8a2-6238ee33067b.json new file mode 100644 index 00000000000..b8e0e1c5e57 --- /dev/null +++ b/objects/vulnerability/vulnerability--91216c04-a3b3-4dbf-b8a2-6238ee33067b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9df71a62-ee5c-46ba-a1c6-23c6c3e25bd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91216c04-a3b3-4dbf-b8a2-6238ee33067b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.959719Z", + "modified": "2024-08-30T00:19:19.959719Z", + "name": "CVE-2024-41349", + "description": "unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41349" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9535f121-0e13-4649-8950-3ae37e25de1f.json b/objects/vulnerability/vulnerability--9535f121-0e13-4649-8950-3ae37e25de1f.json new file mode 100644 index 00000000000..9399d26c4e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--9535f121-0e13-4649-8950-3ae37e25de1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--354580e4-faee-45df-9ea8-bb5f916096f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9535f121-0e13-4649-8950-3ae37e25de1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.055572Z", + "modified": "2024-08-30T00:19:21.055572Z", + "name": "CVE-2024-7132", + "description": "The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95954fb6-206c-403b-b91b-2f53812ffd28.json b/objects/vulnerability/vulnerability--95954fb6-206c-403b-b91b-2f53812ffd28.json new file mode 100644 index 00000000000..eb8763ebb91 --- /dev/null +++ b/objects/vulnerability/vulnerability--95954fb6-206c-403b-b91b-2f53812ffd28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e15ef8f-7627-41f4-8c52-6872f0c0bcfe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95954fb6-206c-403b-b91b-2f53812ffd28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.710146Z", + "modified": "2024-08-30T00:19:21.710146Z", + "name": "CVE-2024-5987", + "description": "The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings. Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5987" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96c2863c-b535-43c5-aedd-42c374714e5a.json b/objects/vulnerability/vulnerability--96c2863c-b535-43c5-aedd-42c374714e5a.json new file mode 100644 index 00000000000..ecb23a3aae9 --- /dev/null +++ b/objects/vulnerability/vulnerability--96c2863c-b535-43c5-aedd-42c374714e5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0031d2e-aacb-4144-b52a-04c5bc13deb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96c2863c-b535-43c5-aedd-42c374714e5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.261936Z", + "modified": "2024-08-30T00:19:20.261936Z", + "name": "CVE-2024-34018", + "description": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f2782f5-4efc-4982-861c-abd4ee349b62.json b/objects/vulnerability/vulnerability--9f2782f5-4efc-4982-861c-abd4ee349b62.json new file mode 100644 index 00000000000..61e0bed959e --- /dev/null +++ b/objects/vulnerability/vulnerability--9f2782f5-4efc-4982-861c-abd4ee349b62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b102362d-d37e-4f0e-873b-0e34e3c85a36", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f2782f5-4efc-4982-861c-abd4ee349b62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.218737Z", + "modified": "2024-08-30T00:19:20.218737Z", + "name": "CVE-2024-44778", + "description": "A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44778" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a05840e3-1f60-41b0-b551-5bd599235262.json b/objects/vulnerability/vulnerability--a05840e3-1f60-41b0-b551-5bd599235262.json new file mode 100644 index 00000000000..a33f617b639 --- /dev/null +++ b/objects/vulnerability/vulnerability--a05840e3-1f60-41b0-b551-5bd599235262.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0cbec58c-a8ab-4d19-b7dd-0ba6b489c5a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a05840e3-1f60-41b0-b551-5bd599235262", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.040982Z", + "modified": "2024-08-30T00:19:21.040982Z", + "name": "CVE-2024-7606", + "description": "The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a19bd500-f242-4d6b-a6c4-31257d873e90.json b/objects/vulnerability/vulnerability--a19bd500-f242-4d6b-a6c4-31257d873e90.json new file mode 100644 index 00000000000..616eb37900a --- /dev/null +++ b/objects/vulnerability/vulnerability--a19bd500-f242-4d6b-a6c4-31257d873e90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b573bb9-ef0d-4c9f-8a4b-905fefe1f4e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a19bd500-f242-4d6b-a6c4-31257d873e90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.983926Z", + "modified": "2024-08-30T00:19:19.983926Z", + "name": "CVE-2024-41345", + "description": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a251761f-3e5e-4dde-88c1-942edd15d5e8.json b/objects/vulnerability/vulnerability--a251761f-3e5e-4dde-88c1-942edd15d5e8.json new file mode 100644 index 00000000000..421a695308b --- /dev/null +++ b/objects/vulnerability/vulnerability--a251761f-3e5e-4dde-88c1-942edd15d5e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81923605-4c20-4d12-ae88-dfb62a6b905d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a251761f-3e5e-4dde-88c1-942edd15d5e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.000885Z", + "modified": "2024-08-30T00:19:20.000885Z", + "name": "CVE-2024-41351", + "description": "** UNSUPPORTED WHEN ASSIGNED ** bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a50b2732-a881-4891-82f1-1808321b7797.json b/objects/vulnerability/vulnerability--a50b2732-a881-4891-82f1-1808321b7797.json new file mode 100644 index 00000000000..6a757ceb91a --- /dev/null +++ b/objects/vulnerability/vulnerability--a50b2732-a881-4891-82f1-1808321b7797.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c2d7769-199e-4df8-af7f-ee55b526428b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a50b2732-a881-4891-82f1-1808321b7797", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.565792Z", + "modified": "2024-08-30T00:19:21.565792Z", + "name": "CVE-2024-43965", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a61a5d15-4a3a-4e40-a59c-7a8f78952636.json b/objects/vulnerability/vulnerability--a61a5d15-4a3a-4e40-a59c-7a8f78952636.json new file mode 100644 index 00000000000..fd5f90c0392 --- /dev/null +++ b/objects/vulnerability/vulnerability--a61a5d15-4a3a-4e40-a59c-7a8f78952636.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0ad00f6-0c76-41ac-8c0a-38f4546ef499", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a61a5d15-4a3a-4e40-a59c-7a8f78952636", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.369388Z", + "modified": "2024-08-30T00:19:21.369388Z", + "name": "CVE-2024-39653", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9771cdb-dcd1-45cf-86e0-327397529719.json b/objects/vulnerability/vulnerability--a9771cdb-dcd1-45cf-86e0-327397529719.json new file mode 100644 index 00000000000..a90c3b40cbd --- /dev/null +++ b/objects/vulnerability/vulnerability--a9771cdb-dcd1-45cf-86e0-327397529719.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8dc27331-bcd8-4da2-8b5a-21e80bdcb400", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9771cdb-dcd1-45cf-86e0-327397529719", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.380627Z", + "modified": "2024-08-30T00:19:20.380627Z", + "name": "CVE-2024-2881", + "description": "Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2881" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9e0afa5-eb87-4df9-a7fb-b5f78c99e0e0.json b/objects/vulnerability/vulnerability--a9e0afa5-eb87-4df9-a7fb-b5f78c99e0e0.json new file mode 100644 index 00000000000..7fb9035486f --- /dev/null +++ b/objects/vulnerability/vulnerability--a9e0afa5-eb87-4df9-a7fb-b5f78c99e0e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b4f5c2a-a590-47ff-8c0c-3b505edb586f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9e0afa5-eb87-4df9-a7fb-b5f78c99e0e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.568797Z", + "modified": "2024-08-30T00:19:21.568797Z", + "name": "CVE-2024-43804", + "description": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if \"id\" JSON key does not exist, JSON value supplied via \"ip\" JSON key is assigned to the \"ip\" variable. Later on, \"ip\" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab493253-3c2d-4bf2-821f-be37300a5666.json b/objects/vulnerability/vulnerability--ab493253-3c2d-4bf2-821f-be37300a5666.json new file mode 100644 index 00000000000..25d8320be60 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab493253-3c2d-4bf2-821f-be37300a5666.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9148e842-6fa1-418b-87a9-9116ab35b67e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab493253-3c2d-4bf2-821f-be37300a5666", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.526299Z", + "modified": "2024-08-30T00:19:21.526299Z", + "name": "CVE-2024-43700", + "description": "xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acef20a0-2ab3-45a0-ad70-8c7f7dffa956.json b/objects/vulnerability/vulnerability--acef20a0-2ab3-45a0-ad70-8c7f7dffa956.json new file mode 100644 index 00000000000..484e34c0748 --- /dev/null +++ b/objects/vulnerability/vulnerability--acef20a0-2ab3-45a0-ad70-8c7f7dffa956.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4eb27b1a-db87-4a97-862e-4b04030590c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acef20a0-2ab3-45a0-ad70-8c7f7dffa956", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.542626Z", + "modified": "2024-08-30T00:19:21.542626Z", + "name": "CVE-2024-43935", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43935" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aef61abd-e4b5-49d5-a510-6031d9255d55.json b/objects/vulnerability/vulnerability--aef61abd-e4b5-49d5-a510-6031d9255d55.json new file mode 100644 index 00000000000..f8bdb486c69 --- /dev/null +++ b/objects/vulnerability/vulnerability--aef61abd-e4b5-49d5-a510-6031d9255d55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--666bc892-22ca-4899-adfa-52759765c64d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aef61abd-e4b5-49d5-a510-6031d9255d55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.069596Z", + "modified": "2024-08-30T00:19:20.069596Z", + "name": "CVE-2024-29727", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29727" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0e5d8af-6397-4e06-a4ac-0b41e3d7aba3.json b/objects/vulnerability/vulnerability--b0e5d8af-6397-4e06-a4ac-0b41e3d7aba3.json new file mode 100644 index 00000000000..fe7735572dd --- /dev/null +++ b/objects/vulnerability/vulnerability--b0e5d8af-6397-4e06-a4ac-0b41e3d7aba3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c210226d-c296-4853-9b3a-c5efdc2d4eb1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0e5d8af-6397-4e06-a4ac-0b41e3d7aba3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.217339Z", + "modified": "2024-08-30T00:19:20.217339Z", + "name": "CVE-2024-44777", + "description": "A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44777" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1106442-674e-412a-9d74-bc0e3ac99101.json b/objects/vulnerability/vulnerability--b1106442-674e-412a-9d74-bc0e3ac99101.json new file mode 100644 index 00000000000..032c406cc7c --- /dev/null +++ b/objects/vulnerability/vulnerability--b1106442-674e-412a-9d74-bc0e3ac99101.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--950b5947-ecc3-4d99-addf-c313d9431dd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1106442-674e-412a-9d74-bc0e3ac99101", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.558483Z", + "modified": "2024-08-30T00:19:21.558483Z", + "name": "CVE-2024-43936", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43936" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b21adc79-1628-4e0e-a043-177e5d9605ab.json b/objects/vulnerability/vulnerability--b21adc79-1628-4e0e-a043-177e5d9605ab.json new file mode 100644 index 00000000000..c89dfdfa468 --- /dev/null +++ b/objects/vulnerability/vulnerability--b21adc79-1628-4e0e-a043-177e5d9605ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--930dfc01-4510-4e83-9d4c-891a4332b697", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b21adc79-1628-4e0e-a043-177e5d9605ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.976868Z", + "modified": "2024-08-30T00:19:21.976868Z", + "name": "CVE-2024-8304", + "description": "A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5d9b99a-aa9f-4bb1-b82e-ff23720c6de0.json b/objects/vulnerability/vulnerability--b5d9b99a-aa9f-4bb1-b82e-ff23720c6de0.json new file mode 100644 index 00000000000..102986862c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b5d9b99a-aa9f-4bb1-b82e-ff23720c6de0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca8e75ca-2c5a-4cd9-8f01-c94910d283b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5d9b99a-aa9f-4bb1-b82e-ff23720c6de0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.966847Z", + "modified": "2024-08-30T00:19:19.966847Z", + "name": "CVE-2024-41347", + "description": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41347" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b881a6bb-e2bd-4a89-ac23-eaeb1c7316c1.json b/objects/vulnerability/vulnerability--b881a6bb-e2bd-4a89-ac23-eaeb1c7316c1.json new file mode 100644 index 00000000000..b44d5007b0a --- /dev/null +++ b/objects/vulnerability/vulnerability--b881a6bb-e2bd-4a89-ac23-eaeb1c7316c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6abf2089-e197-4e02-bf30-db7456a55f20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b881a6bb-e2bd-4a89-ac23-eaeb1c7316c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.030265Z", + "modified": "2024-08-30T00:19:20.030265Z", + "name": "CVE-2024-29728", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd0e641f-5950-4a64-9780-25ab894a3e51.json b/objects/vulnerability/vulnerability--bd0e641f-5950-4a64-9780-25ab894a3e51.json new file mode 100644 index 00000000000..685caaf6a81 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd0e641f-5950-4a64-9780-25ab894a3e51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac4faa6c-f009-44d1-a59f-d1090e79d7a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd0e641f-5950-4a64-9780-25ab894a3e51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.755235Z", + "modified": "2024-08-30T00:19:21.755235Z", + "name": "CVE-2024-5057", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd9a7f7e-d22d-4c7f-b00f-644356e4bee1.json b/objects/vulnerability/vulnerability--bd9a7f7e-d22d-4c7f-b00f-644356e4bee1.json new file mode 100644 index 00000000000..91e01ddca57 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd9a7f7e-d22d-4c7f-b00f-644356e4bee1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96fdd0bb-cbce-40e2-814e-8b96c68b9da1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd9a7f7e-d22d-4c7f-b00f-644356e4bee1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.944885Z", + "modified": "2024-08-30T00:19:19.944885Z", + "name": "CVE-2024-41350", + "description": "** UNSUPPORTED WHEN ASSIGNED ** bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41350" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1813291-b4bb-483e-9b66-a15e3529eb7c.json b/objects/vulnerability/vulnerability--c1813291-b4bb-483e-9b66-a15e3529eb7c.json new file mode 100644 index 00000000000..334fbbda4d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1813291-b4bb-483e-9b66-a15e3529eb7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e90e817e-4bed-4723-8879-f6a21021d235", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1813291-b4bb-483e-9b66-a15e3529eb7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.140509Z", + "modified": "2024-08-30T00:19:21.140509Z", + "name": "CVE-2024-1545", + "description": "Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1c5ca34-aa02-4d39-9d6b-428ae3b3f55d.json b/objects/vulnerability/vulnerability--c1c5ca34-aa02-4d39-9d6b-428ae3b3f55d.json new file mode 100644 index 00000000000..9711916c117 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1c5ca34-aa02-4d39-9d6b-428ae3b3f55d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ad97e10-07a8-4b40-a842-52581ad80299", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1c5ca34-aa02-4d39-9d6b-428ae3b3f55d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.549193Z", + "modified": "2024-08-30T00:19:21.549193Z", + "name": "CVE-2024-43931", + "description": "Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43931" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1d548bf-ae24-415f-84b8-edb7903ef1cd.json b/objects/vulnerability/vulnerability--c1d548bf-ae24-415f-84b8-edb7903ef1cd.json new file mode 100644 index 00000000000..f29ca9400f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1d548bf-ae24-415f-84b8-edb7903ef1cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15723049-08ac-4888-9a2c-168cd4702c87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1d548bf-ae24-415f-84b8-edb7903ef1cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.062024Z", + "modified": "2024-08-30T00:19:22.062024Z", + "name": "CVE-2024-45045", + "description": "Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c280b4f7-e964-46c1-9b4d-3b73b4b2787c.json b/objects/vulnerability/vulnerability--c280b4f7-e964-46c1-9b4d-3b73b4b2787c.json new file mode 100644 index 00000000000..b4cb7a1b780 --- /dev/null +++ b/objects/vulnerability/vulnerability--c280b4f7-e964-46c1-9b4d-3b73b4b2787c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df6fefa7-9c35-490c-9b57-613e5bb48dbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c280b4f7-e964-46c1-9b4d-3b73b4b2787c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.063985Z", + "modified": "2024-08-30T00:19:21.063985Z", + "name": "CVE-2024-7856", + "description": "The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3c3bc70-0bde-4eef-8ab7-6ac5b1740f9d.json b/objects/vulnerability/vulnerability--c3c3bc70-0bde-4eef-8ab7-6ac5b1740f9d.json new file mode 100644 index 00000000000..af6f74bc23c --- /dev/null +++ b/objects/vulnerability/vulnerability--c3c3bc70-0bde-4eef-8ab7-6ac5b1740f9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bcfd56ee-b7af-4218-9fd3-6f423304f763", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3c3bc70-0bde-4eef-8ab7-6ac5b1740f9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.97759Z", + "modified": "2024-08-30T00:19:19.97759Z", + "name": "CVE-2024-41358", + "description": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\import-export\\import-load-data.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41358" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5ac2b06-0e05-4c80-a03f-2e6f920a8f7a.json b/objects/vulnerability/vulnerability--c5ac2b06-0e05-4c80-a03f-2e6f920a8f7a.json new file mode 100644 index 00000000000..8a6f3c25b47 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5ac2b06-0e05-4c80-a03f-2e6f920a8f7a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79d8d72c-1eb1-4f26-95ef-0292e65324b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5ac2b06-0e05-4c80-a03f-2e6f920a8f7a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.11057Z", + "modified": "2024-08-30T00:19:21.11057Z", + "name": "CVE-2024-1384", + "description": "The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1384" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c62c0842-1adc-4ce2-b1f9-599fdc595ab7.json b/objects/vulnerability/vulnerability--c62c0842-1adc-4ce2-b1f9-599fdc595ab7.json new file mode 100644 index 00000000000..957725dcb23 --- /dev/null +++ b/objects/vulnerability/vulnerability--c62c0842-1adc-4ce2-b1f9-599fdc595ab7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a0b0206-9947-473d-9cbd-e7f65c1a65f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c62c0842-1adc-4ce2-b1f9-599fdc595ab7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.991055Z", + "modified": "2024-08-30T00:19:19.991055Z", + "name": "CVE-2024-41348", + "description": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41348" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c69296b1-8399-40b5-b4d9-e17ad4e1501f.json b/objects/vulnerability/vulnerability--c69296b1-8399-40b5-b4d9-e17ad4e1501f.json new file mode 100644 index 00000000000..bacc5b971cb --- /dev/null +++ b/objects/vulnerability/vulnerability--c69296b1-8399-40b5-b4d9-e17ad4e1501f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21235cd5-1028-4f94-8df8-30bcac2653a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c69296b1-8399-40b5-b4d9-e17ad4e1501f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.528092Z", + "modified": "2024-08-30T00:19:21.528092Z", + "name": "CVE-2024-43920", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6db4a5a-b99a-42af-9042-3c82225df11f.json b/objects/vulnerability/vulnerability--c6db4a5a-b99a-42af-9042-3c82225df11f.json new file mode 100644 index 00000000000..0479b1c58f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c6db4a5a-b99a-42af-9042-3c82225df11f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a74e2de6-7f44-4536-9593-5febcf5fa441", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6db4a5a-b99a-42af-9042-3c82225df11f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.271165Z", + "modified": "2024-08-30T00:19:20.271165Z", + "name": "CVE-2024-34017", + "description": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c943c372-00d0-451a-9073-d85d03cf6d37.json b/objects/vulnerability/vulnerability--c943c372-00d0-451a-9073-d85d03cf6d37.json new file mode 100644 index 00000000000..59a49858b36 --- /dev/null +++ b/objects/vulnerability/vulnerability--c943c372-00d0-451a-9073-d85d03cf6d37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcba18cf-6394-41f0-956f-bc2fd2877cb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c943c372-00d0-451a-9073-d85d03cf6d37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.037505Z", + "modified": "2024-08-30T00:19:21.037505Z", + "name": "CVE-2024-7857", + "description": "The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb301674-9a14-4b50-bd78-6658e7781629.json b/objects/vulnerability/vulnerability--cb301674-9a14-4b50-bd78-6658e7781629.json new file mode 100644 index 00000000000..c9fe6678ecd --- /dev/null +++ b/objects/vulnerability/vulnerability--cb301674-9a14-4b50-bd78-6658e7781629.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67248ae1-084a-48a1-ab56-978822e1b66c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb301674-9a14-4b50-bd78-6658e7781629", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.564486Z", + "modified": "2024-08-30T00:19:21.564486Z", + "name": "CVE-2024-43950", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43950" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d15da26f-22f2-4175-92f4-20cbe8b202c3.json b/objects/vulnerability/vulnerability--d15da26f-22f2-4175-92f4-20cbe8b202c3.json new file mode 100644 index 00000000000..da2695d0bfb --- /dev/null +++ b/objects/vulnerability/vulnerability--d15da26f-22f2-4175-92f4-20cbe8b202c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2838515f-a5f6-4b3a-8e47-e3b52f24efa5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d15da26f-22f2-4175-92f4-20cbe8b202c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.08903Z", + "modified": "2024-08-30T00:19:21.08903Z", + "name": "CVE-2024-7418", + "description": "The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2b0b802-d1e2-4516-b10d-743c08c9d24d.json b/objects/vulnerability/vulnerability--d2b0b802-d1e2-4516-b10d-743c08c9d24d.json new file mode 100644 index 00000000000..0526c094a44 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2b0b802-d1e2-4516-b10d-743c08c9d24d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fff4379f-c8af-421d-aa7b-ec8b44e0acfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2b0b802-d1e2-4516-b10d-743c08c9d24d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.751073Z", + "modified": "2024-08-30T00:19:21.751073Z", + "name": "CVE-2024-5622", + "description": "An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4101de6-154f-48be-b4a7-41a09e717da7.json b/objects/vulnerability/vulnerability--d4101de6-154f-48be-b4a7-41a09e717da7.json new file mode 100644 index 00000000000..a013e9e9527 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4101de6-154f-48be-b4a7-41a09e717da7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--017be2a6-da8f-42d2-ada8-ebd752210636", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4101de6-154f-48be-b4a7-41a09e717da7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.162318Z", + "modified": "2024-08-30T00:19:21.162318Z", + "name": "CVE-2024-39622", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9e575e8-38df-4465-ab8f-badc483141d8.json b/objects/vulnerability/vulnerability--d9e575e8-38df-4465-ab8f-badc483141d8.json new file mode 100644 index 00000000000..f33d60dfaa5 --- /dev/null +++ b/objects/vulnerability/vulnerability--d9e575e8-38df-4465-ab8f-badc483141d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7d86df8-2c32-45e0-b176-2a0c901a3408", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9e575e8-38df-4465-ab8f-badc483141d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.577982Z", + "modified": "2024-08-30T00:19:21.577982Z", + "name": "CVE-2024-43961", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43961" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dac513db-9b9f-4559-b991-a21004982ffc.json b/objects/vulnerability/vulnerability--dac513db-9b9f-4559-b991-a21004982ffc.json new file mode 100644 index 00000000000..12628d7662d --- /dev/null +++ b/objects/vulnerability/vulnerability--dac513db-9b9f-4559-b991-a21004982ffc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8f49916-e72e-44e3-a3a8-4c2884c4bf2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dac513db-9b9f-4559-b991-a21004982ffc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.075075Z", + "modified": "2024-08-30T00:19:22.075075Z", + "name": "CVE-2024-45056", + "description": "zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc206a30-e691-458a-aeeb-d7b425f81faa.json b/objects/vulnerability/vulnerability--dc206a30-e691-458a-aeeb-d7b425f81faa.json new file mode 100644 index 00000000000..e9ea67dcde1 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc206a30-e691-458a-aeeb-d7b425f81faa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe8dc2ba-a9fb-4c0e-bab7-0b66f5840c7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc206a30-e691-458a-aeeb-d7b425f81faa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.538128Z", + "modified": "2024-08-30T00:19:21.538128Z", + "name": "CVE-2024-43845", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd84044f-1c89-41f7-be95-51f793ae23ef.json b/objects/vulnerability/vulnerability--dd84044f-1c89-41f7-be95-51f793ae23ef.json new file mode 100644 index 00000000000..2034a9a27ee --- /dev/null +++ b/objects/vulnerability/vulnerability--dd84044f-1c89-41f7-be95-51f793ae23ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--480bc006-fdde-4a23-aa3d-84cc4e9643f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd84044f-1c89-41f7-be95-51f793ae23ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.070577Z", + "modified": "2024-08-30T00:19:22.070577Z", + "name": "CVE-2024-45435", + "description": "Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0346d04-5b43-4016-b6db-1ad89060afb1.json b/objects/vulnerability/vulnerability--e0346d04-5b43-4016-b6db-1ad89060afb1.json new file mode 100644 index 00000000000..ae6c9bf2d6b --- /dev/null +++ b/objects/vulnerability/vulnerability--e0346d04-5b43-4016-b6db-1ad89060afb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f4768ff-58a6-473d-be7b-aa96497af522", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0346d04-5b43-4016-b6db-1ad89060afb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:22.067188Z", + "modified": "2024-08-30T00:19:22.067188Z", + "name": "CVE-2024-45440", + "description": "core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45440" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0c7a7a6-4f3c-445d-bc97-7bbafc235164.json b/objects/vulnerability/vulnerability--e0c7a7a6-4f3c-445d-bc97-7bbafc235164.json new file mode 100644 index 00000000000..56a8738abac --- /dev/null +++ b/objects/vulnerability/vulnerability--e0c7a7a6-4f3c-445d-bc97-7bbafc235164.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f00708fe-f348-4ea8-ac7b-4a3a0c777a9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0c7a7a6-4f3c-445d-bc97-7bbafc235164", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.523153Z", + "modified": "2024-08-30T00:19:21.523153Z", + "name": "CVE-2024-43941", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43941" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e10eefe6-c749-4fa5-8351-10a223dd4a11.json b/objects/vulnerability/vulnerability--e10eefe6-c749-4fa5-8351-10a223dd4a11.json new file mode 100644 index 00000000000..ab6dc4cf262 --- /dev/null +++ b/objects/vulnerability/vulnerability--e10eefe6-c749-4fa5-8351-10a223dd4a11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb20e211-a544-4b05-b554-cea09c139926", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e10eefe6-c749-4fa5-8351-10a223dd4a11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.047759Z", + "modified": "2024-08-30T00:19:20.047759Z", + "name": "CVE-2024-29730", + "description": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29730" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e58e02cc-d32c-4e84-acfa-ab97194f3005.json b/objects/vulnerability/vulnerability--e58e02cc-d32c-4e84-acfa-ab97194f3005.json new file mode 100644 index 00000000000..57c32b5b101 --- /dev/null +++ b/objects/vulnerability/vulnerability--e58e02cc-d32c-4e84-acfa-ab97194f3005.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a6db7df-0eb4-44f7-9ef7-3095ac537095", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e58e02cc-d32c-4e84-acfa-ab97194f3005", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.752221Z", + "modified": "2024-08-30T00:19:20.752221Z", + "name": "CVE-2024-38693", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9e505c1-2798-42fb-bd18-217773662a2b.json b/objects/vulnerability/vulnerability--e9e505c1-2798-42fb-bd18-217773662a2b.json new file mode 100644 index 00000000000..9d3bdb53c9b --- /dev/null +++ b/objects/vulnerability/vulnerability--e9e505c1-2798-42fb-bd18-217773662a2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9b6554a-82c2-43fd-9aa7-5c79ef21069c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9e505c1-2798-42fb-bd18-217773662a2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.546241Z", + "modified": "2024-08-30T00:19:21.546241Z", + "name": "CVE-2024-43957", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43957" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebf63f45-3b0c-4ba9-95bd-df68f70c729b.json b/objects/vulnerability/vulnerability--ebf63f45-3b0c-4ba9-95bd-df68f70c729b.json new file mode 100644 index 00000000000..7c240025521 --- /dev/null +++ b/objects/vulnerability/vulnerability--ebf63f45-3b0c-4ba9-95bd-df68f70c729b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa562967-b69e-4036-b447-74ac95fe8961", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebf63f45-3b0c-4ba9-95bd-df68f70c729b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.570023Z", + "modified": "2024-08-30T00:19:21.570023Z", + "name": "CVE-2024-43953", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43953" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eec7adae-faf4-41a4-92e1-26ef7bd389f4.json b/objects/vulnerability/vulnerability--eec7adae-faf4-41a4-92e1-26ef7bd389f4.json new file mode 100644 index 00000000000..2df3db66e8a --- /dev/null +++ b/objects/vulnerability/vulnerability--eec7adae-faf4-41a4-92e1-26ef7bd389f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0765868b-9198-46c2-8a56-9a49cecd7b6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eec7adae-faf4-41a4-92e1-26ef7bd389f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.742336Z", + "modified": "2024-08-30T00:19:21.742336Z", + "name": "CVE-2024-5857", + "description": "The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to delete arbitrary media files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0bad7e7-cfe8-4fd9-8347-76199d0c83c4.json b/objects/vulnerability/vulnerability--f0bad7e7-cfe8-4fd9-8347-76199d0c83c4.json new file mode 100644 index 00000000000..cbd64f5db2b --- /dev/null +++ b/objects/vulnerability/vulnerability--f0bad7e7-cfe8-4fd9-8347-76199d0c83c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--429e17b4-517f-42b4-b96d-6c7fd1796357", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0bad7e7-cfe8-4fd9-8347-76199d0c83c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.508649Z", + "modified": "2024-08-30T00:19:21.508649Z", + "name": "CVE-2024-43918", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2096451-aef9-40f4-ab5a-d96018063cc0.json b/objects/vulnerability/vulnerability--f2096451-aef9-40f4-ab5a-d96018063cc0.json new file mode 100644 index 00000000000..8fb7c361ea3 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2096451-aef9-40f4-ab5a-d96018063cc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb7d273a-cf78-4b79-afc2-8dd3d6b0f891", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2096451-aef9-40f4-ab5a-d96018063cc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.751011Z", + "modified": "2024-08-30T00:19:20.751011Z", + "name": "CVE-2024-38793", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2917f60-08dd-4a44-8a0d-d992bd3f3c67.json b/objects/vulnerability/vulnerability--f2917f60-08dd-4a44-8a0d-d992bd3f3c67.json new file mode 100644 index 00000000000..f8bf229a71a --- /dev/null +++ b/objects/vulnerability/vulnerability--f2917f60-08dd-4a44-8a0d-d992bd3f3c67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38ce051a-4422-4049-aba6-040b4b580fe8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2917f60-08dd-4a44-8a0d-d992bd3f3c67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.729155Z", + "modified": "2024-08-30T00:19:21.729155Z", + "name": "CVE-2024-5624", + "description": "Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2c9ed97-623d-4225-b4d8-76e70ba0a8e1.json b/objects/vulnerability/vulnerability--f2c9ed97-623d-4225-b4d8-76e70ba0a8e1.json new file mode 100644 index 00000000000..4ffa933d244 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2c9ed97-623d-4225-b4d8-76e70ba0a8e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0fbf5af-62ad-444e-a855-a072dda1b1ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2c9ed97-623d-4225-b4d8-76e70ba0a8e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.556032Z", + "modified": "2024-08-30T00:19:21.556032Z", + "name": "CVE-2024-43951", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.This issue affects Tempera: from n/a through 1.8.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43951" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8691b68-c3a6-43b6-b5d3-4a032980139f.json b/objects/vulnerability/vulnerability--f8691b68-c3a6-43b6-b5d3-4a032980139f.json new file mode 100644 index 00000000000..6a2a6d3d4dd --- /dev/null +++ b/objects/vulnerability/vulnerability--f8691b68-c3a6-43b6-b5d3-4a032980139f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c12c1f7d-673d-42ad-8afb-607216bbc81e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8691b68-c3a6-43b6-b5d3-4a032980139f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.376848Z", + "modified": "2024-08-30T00:19:21.376848Z", + "name": "CVE-2024-39658", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9f7d9bd-2e21-4dd7-8c3b-f79255ceaa5f.json b/objects/vulnerability/vulnerability--f9f7d9bd-2e21-4dd7-8c3b-f79255ceaa5f.json new file mode 100644 index 00000000000..507747b2e4b --- /dev/null +++ b/objects/vulnerability/vulnerability--f9f7d9bd-2e21-4dd7-8c3b-f79255ceaa5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36d8c26a-d210-4f86-b91d-06fa486c2fe8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9f7d9bd-2e21-4dd7-8c3b-f79255ceaa5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:20.201599Z", + "modified": "2024-08-30T00:19:20.201599Z", + "name": "CVE-2024-44716", + "description": "A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44716" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa85f95b-149f-408d-9f62-d2f8c1afc235.json b/objects/vulnerability/vulnerability--fa85f95b-149f-408d-9f62-d2f8c1afc235.json new file mode 100644 index 00000000000..425d0b67921 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa85f95b-149f-408d-9f62-d2f8c1afc235.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40480557-bfa6-4507-9e21-8de66ad5af3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa85f95b-149f-408d-9f62-d2f8c1afc235", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.519978Z", + "modified": "2024-08-30T00:19:21.519978Z", + "name": "CVE-2024-43943", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43943" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fae2412c-7ebe-47a3-936d-6b74d6ac1aa0.json b/objects/vulnerability/vulnerability--fae2412c-7ebe-47a3-936d-6b74d6ac1aa0.json new file mode 100644 index 00000000000..8dc343e84f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--fae2412c-7ebe-47a3-936d-6b74d6ac1aa0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e67a6100-0e32-4489-abd1-402ef652398d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fae2412c-7ebe-47a3-936d-6b74d6ac1aa0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.736399Z", + "modified": "2024-08-30T00:19:21.736399Z", + "name": "CVE-2024-5623", + "description": "An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--faf977f2-995c-4ece-b3a3-86118c8f0f62.json b/objects/vulnerability/vulnerability--faf977f2-995c-4ece-b3a3-86118c8f0f62.json new file mode 100644 index 00000000000..a06e24e31e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--faf977f2-995c-4ece-b3a3-86118c8f0f62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53588419-404f-4a45-85c7-a728581ae05c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--faf977f2-995c-4ece-b3a3-86118c8f0f62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.988742Z", + "modified": "2024-08-30T00:19:21.988742Z", + "name": "CVE-2024-8297", + "description": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fcc1244e-e46b-4f62-9131-42a45267701d.json b/objects/vulnerability/vulnerability--fcc1244e-e46b-4f62-9131-42a45267701d.json new file mode 100644 index 00000000000..3d148cb508e --- /dev/null +++ b/objects/vulnerability/vulnerability--fcc1244e-e46b-4f62-9131-42a45267701d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18198501-5114-4f05-9039-892b21f66a38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fcc1244e-e46b-4f62-9131-42a45267701d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.744667Z", + "modified": "2024-08-30T00:19:21.744667Z", + "name": "CVE-2024-5417", + "description": "The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd3fdc48-1484-4e92-a00a-7740ac8d133d.json b/objects/vulnerability/vulnerability--fd3fdc48-1484-4e92-a00a-7740ac8d133d.json new file mode 100644 index 00000000000..5da7d934e14 --- /dev/null +++ b/objects/vulnerability/vulnerability--fd3fdc48-1484-4e92-a00a-7740ac8d133d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68d25341-da6b-4de3-8d7e-869660dba954", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd3fdc48-1484-4e92-a00a-7740ac8d133d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.707162Z", + "modified": "2024-08-30T00:19:19.707162Z", + "name": "CVE-2021-4442", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity tests to TCP_QUEUE_SEQ\n\nQingyu Li reported a syzkaller bug where the repro\nchanges RCV SEQ _after_ restoring data in the receive queue.\n\nmprotect(0x4aa000, 12288, PROT_READ) = 0\nmmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000\nmmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000\nmmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000\nsocket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0\nconnect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, \"::1\", &sin6_addr), sin6_scope_id=0}, 28) = 0\nsetsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0\nsendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\"0x0000000000000003\\0\\0\", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0\nsetsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0\nrecvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer)\n\nsyslog shows:\n[ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0\n[ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0\n\nThis should not be allowed. TCP_QUEUE_SEQ should only be used\nwhen queues are empty.\n\nThis patch fixes this case, and the tx path as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-4442" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdda80d6-b34c-4e86-a0b3-e4b4f9bfc789.json b/objects/vulnerability/vulnerability--fdda80d6-b34c-4e86-a0b3-e4b4f9bfc789.json new file mode 100644 index 00000000000..998c3812e83 --- /dev/null +++ b/objects/vulnerability/vulnerability--fdda80d6-b34c-4e86-a0b3-e4b4f9bfc789.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51b4330a-2e66-4e6f-8181-e5621618d360", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdda80d6-b34c-4e86-a0b3-e4b4f9bfc789", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:21.065583Z", + "modified": "2024-08-30T00:19:21.065583Z", + "name": "CVE-2024-7895", + "description": "The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7895" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ffc3aca0-d12d-4767-9916-13a82e85429d.json b/objects/vulnerability/vulnerability--ffc3aca0-d12d-4767-9916-13a82e85429d.json new file mode 100644 index 00000000000..59b067aa39f --- /dev/null +++ b/objects/vulnerability/vulnerability--ffc3aca0-d12d-4767-9916-13a82e85429d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b115cc98-d70f-486b-8685-556ced25690e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ffc3aca0-d12d-4767-9916-13a82e85429d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-30T00:19:19.995054Z", + "modified": "2024-08-30T00:19:19.995054Z", + "name": "CVE-2024-41366", + "description": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\userScripts.php", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41366" + } + ] + } + ] +} \ No newline at end of file