diff --git a/mapping.csv b/mapping.csv index 19a60119a0b..07b359182db 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248945,3 +248945,121 @@ vulnerability,CVE-2024-45789,vulnerability--a69c07d0-8138-4baa-b86a-f8dfb50c43a2 vulnerability,CVE-2024-45012,vulnerability--e9e90f8c-5e58-41a7-95f5-dbb53a4f9c32 vulnerability,CVE-2024-45023,vulnerability--6c7c7832-bdc6-4b5d-9b07-51d9948cbdc5 vulnerability,CVE-2024-45790,vulnerability--35f8bacb-aa2c-4326-ae2a-92325c26d654 +vulnerability,CVE-2022-26322,vulnerability--6702c71c-825f-4a8c-a41a-1060a3aed1e6 +vulnerability,CVE-2020-24061,vulnerability--d6307c15-6485-437d-ace0-0c9201229786 +vulnerability,CVE-2024-27320,vulnerability--86b7e4f8-a338-4f83-a261-01972029858d +vulnerability,CVE-2024-27321,vulnerability--35955dd8-143b-46e8-baa4-04c9fb3118c3 +vulnerability,CVE-2024-37397,vulnerability--9f67ab49-8c5e-4dbc-a663-931243bfa855 +vulnerability,CVE-2024-32845,vulnerability--f7918e88-c01c-4f50-875a-1b7371ac7f9a +vulnerability,CVE-2024-32842,vulnerability--f971a6e0-26e8-466c-a23c-e51c776bbd10 +vulnerability,CVE-2024-32848,vulnerability--a9609baf-ba4c-444d-a226-6592f3661a31 +vulnerability,CVE-2024-32840,vulnerability--6a30ced3-7a96-44dc-9fc5-c3a64b66a7cd +vulnerability,CVE-2024-32843,vulnerability--6bd85ec2-9b2c-4d0d-91ae-82eaa1563b4a +vulnerability,CVE-2024-32846,vulnerability--aeeca933-d946-41d3-ac93-3ddb756c5e61 +vulnerability,CVE-2024-44460,vulnerability--409cdd07-8ec5-44c4-ae27-fb11f2520327 +vulnerability,CVE-2024-44459,vulnerability--d92d9177-0e2b-416d-95cb-4662c87e7935 +vulnerability,CVE-2024-25270,vulnerability--2be7805c-b908-4f81-9bf9-587ca57f702c +vulnerability,CVE-2024-6389,vulnerability--a5547ca4-f000-4a64-9302-3b4223ad176e +vulnerability,CVE-2024-6840,vulnerability--338b94d6-b854-4273-b198-412bd1ec655a +vulnerability,CVE-2024-6017,vulnerability--0e147bae-1e0e-477e-8e9d-b62277141090 +vulnerability,CVE-2024-6678,vulnerability--3f0382f4-c48f-423f-8f05-28d08fc6e71b +vulnerability,CVE-2024-6887,vulnerability--a949f96e-e276-4cae-b307-6d792f79ae0f +vulnerability,CVE-2024-6019,vulnerability--b10f0218-fbd5-48de-b38d-bc06d350d3ae +vulnerability,CVE-2024-6701,vulnerability--9f133e40-9b90-4e37-a758-ea2d946174cd +vulnerability,CVE-2024-6700,vulnerability--185fb002-a004-4d38-aa02-96ec634f7ef2 +vulnerability,CVE-2024-6446,vulnerability--e6828bc6-6faa-47c9-a7a9-555fa5106f2a +vulnerability,CVE-2024-6018,vulnerability--8096b1b9-36d0-4b44-9453-9c8d4c2114c2 +vulnerability,CVE-2024-6077,vulnerability--c695e065-69a6-4b79-98d8-d95b5c38bcce +vulnerability,CVE-2024-6510,vulnerability--6ee57b04-93f8-4f24-9e49-3cd3740ba915 +vulnerability,CVE-2024-6702,vulnerability--6a649beb-1a66-4a9f-8324-dc5173e35dab +vulnerability,CVE-2024-6658,vulnerability--cc9dda5c-906b-4974-96a9-6714d2fba949 +vulnerability,CVE-2024-42484,vulnerability--60322d5b-109a-43f1-9ba2-5220dde74966 +vulnerability,CVE-2024-42483,vulnerability--99046ae3-f275-42b0-b4cb-0a0d9288e789 +vulnerability,CVE-2024-4472,vulnerability--1c068357-8ba5-4e16-a920-94da252553d8 +vulnerability,CVE-2024-4660,vulnerability--11a7499d-e9d6-4e54-90fa-9bbcaf5fee51 +vulnerability,CVE-2024-4612,vulnerability--9ca1bac9-3386-4630-a141-938b2ea13050 +vulnerability,CVE-2024-38222,vulnerability--d7895cb2-9d74-42e3-b3b1-fe5aad3d3409 +vulnerability,CVE-2024-20430,vulnerability--038a5a58-13e5-4b8e-b8de-6bfdc854a615 +vulnerability,CVE-2024-28991,vulnerability--3faaa38f-f27e-4022-9968-f715155372ea +vulnerability,CVE-2024-28990,vulnerability--b81dd4cd-d3f9-4735-9b04-6427e62060f3 +vulnerability,CVE-2024-8711,vulnerability--ba178760-fe96-4d8d-b068-4bf4048d720a +vulnerability,CVE-2024-8056,vulnerability--6878b399-2ac1-442f-901a-e9ff10bcf581 +vulnerability,CVE-2024-8709,vulnerability--15b45458-4cd1-410f-9a81-65acf531588e +vulnerability,CVE-2024-8641,vulnerability--04d370bb-9843-4fa0-b264-9a8257241dae +vulnerability,CVE-2024-8054,vulnerability--61f26ad7-4303-47c4-9098-3986b3464336 +vulnerability,CVE-2024-8311,vulnerability--cccce2ac-2a8a-465d-8e8e-21e9cd992378 +vulnerability,CVE-2024-8696,vulnerability--10ed1a8c-c480-4bc9-863c-2765a9c648c7 +vulnerability,CVE-2024-8635,vulnerability--cb12a062-0cbc-4279-9ab2-e9cb0a5f570c +vulnerability,CVE-2024-8754,vulnerability--eac01688-9282-43f6-9e1d-6fb3ad34b989 +vulnerability,CVE-2024-8622,vulnerability--796cde43-8502-4bf6-ba5b-4f7ef0657b02 +vulnerability,CVE-2024-8631,vulnerability--70d58d2a-1f56-4f78-88b1-5858e67edb0c +vulnerability,CVE-2024-8640,vulnerability--4fdf0549-4965-4764-aff6-118116a87995 +vulnerability,CVE-2024-8695,vulnerability--ab0d5829-8c58-45c6-b26d-2fec4c8e8df1 +vulnerability,CVE-2024-8710,vulnerability--758584af-a412-4a26-9ec4-2641b6b70129 +vulnerability,CVE-2024-8124,vulnerability--a27dfda5-15a5-46d2-8564-859433360269 +vulnerability,CVE-2024-8529,vulnerability--1ce57a8f-396f-45ff-94ef-3563b7c70ba2 +vulnerability,CVE-2024-8533,vulnerability--263a4190-cf1b-48e9-a446-c41e45953b83 +vulnerability,CVE-2024-8707,vulnerability--897e3b64-47ed-48be-9218-ccc14c6c9a4a +vulnerability,CVE-2024-8751,vulnerability--c5d90e0a-a9e2-441e-a80e-446acc522035 +vulnerability,CVE-2024-8749,vulnerability--f78b4513-ba0e-4fe7-946d-5c36ff9f7f88 +vulnerability,CVE-2024-8750,vulnerability--4cb91196-c047-4443-99e0-bb0dd40d6baa +vulnerability,CVE-2024-8522,vulnerability--d3e642c9-05a2-43dd-bdfe-c211528f3d99 +vulnerability,CVE-2024-8708,vulnerability--be06d3cf-c666-48f2-9e84-0b053a2d6245 +vulnerability,CVE-2024-29847,vulnerability--380ddcc0-6b13-4fd3-bc33-737bcc8e572f +vulnerability,CVE-2024-36066,vulnerability--b59e518a-d64c-4a73-b2dd-ab97646132e3 +vulnerability,CVE-2024-3306,vulnerability--74ecf10f-d6b9-4316-9f86-1e60d6070b87 +vulnerability,CVE-2024-3163,vulnerability--570b2a89-2fa9-4c63-9ca0-446b51e51b5f +vulnerability,CVE-2024-3305,vulnerability--b379ad48-bb89-4eae-920a-372f2b2fd7fc +vulnerability,CVE-2024-34336,vulnerability--25cc6655-1532-4313-b626-75bf776a0656 +vulnerability,CVE-2024-34783,vulnerability--0991dd16-edd6-4d18-be0d-b77ffcb58c74 +vulnerability,CVE-2024-34785,vulnerability--1e268c9f-2664-4811-988a-d5bd6041bac8 +vulnerability,CVE-2024-34335,vulnerability--fb906366-a41f-4c4a-8513-27c4aa1814e0 +vulnerability,CVE-2024-34779,vulnerability--28ad5b24-0a86-4257-a8fb-9844e2359e11 +vulnerability,CVE-2024-34334,vulnerability--17a6160d-9f41-4c12-b041-20dbe1a0e870 +vulnerability,CVE-2024-7961,vulnerability--f03931f3-5608-4958-bb98-640a2f1a247e +vulnerability,CVE-2024-7960,vulnerability--909dc71f-018c-43b6-a055-59c39062d569 +vulnerability,CVE-2024-7818,vulnerability--3f14426e-84d7-4bd6-b837-80a4eee57b98 +vulnerability,CVE-2024-7862,vulnerability--2989b39e-a931-4d10-913a-3ba81e09027b +vulnerability,CVE-2024-7817,vulnerability--517162e5-ebbe-4b8b-a2aa-164375182698 +vulnerability,CVE-2024-7860,vulnerability--a82de3fe-f9d6-4506-ace1-05ba77f62605 +vulnerability,CVE-2024-7822,vulnerability--91f0ddc6-f705-44aa-bade-f0c6086e9cd1 +vulnerability,CVE-2024-7861,vulnerability--2ba2a43f-e0ca-499a-9d7c-526eee2c3488 +vulnerability,CVE-2024-7859,vulnerability--bd19f34d-0875-44e9-b829-58c010c16a36 +vulnerability,CVE-2024-7816,vulnerability--58b01dd4-d22a-413d-b48b-f6cefd809c44 +vulnerability,CVE-2024-7766,vulnerability--9bf4ebf2-7cd4-44ee-915c-eeb002ac6531 +vulnerability,CVE-2024-7820,vulnerability--806cd98b-dfc9-4a40-9247-f5d3b848e489 +vulnerability,CVE-2024-41629,vulnerability--f6ae57bf-fc84-4a69-ae36-e4c58b6bedb0 +vulnerability,CVE-2024-40457,vulnerability--bbf7efe9-f20b-44cf-9993-1fa181edae2e +vulnerability,CVE-2024-5435,vulnerability--dbd03c25-0054-47de-a151-eb8dc13ae61d +vulnerability,CVE-2024-5799,vulnerability--049b84ce-e206-4fa3-8a0c-a62fc623d74a +vulnerability,CVE-2024-2743,vulnerability--410872f5-919c-4296-a76d-e1016d331bed +vulnerability,CVE-2024-2010,vulnerability--752de727-102a-4a03-96cb-8ceaca73a8a9 +vulnerability,CVE-2024-45182,vulnerability--0f8207b7-b83e-4057-8117-f8fe29f51815 +vulnerability,CVE-2024-45855,vulnerability--bf432d36-f5e2-4be5-a6ac-5b0f5f7c77d3 +vulnerability,CVE-2024-45825,vulnerability--12933e03-ec59-47fa-ad1b-73acba95b800 +vulnerability,CVE-2024-45852,vulnerability--26eb9189-fc70-4e74-b1c3-e1e3ffa1980e +vulnerability,CVE-2024-45853,vulnerability--16f34ec9-cea1-41cf-8023-0670ccf14a94 +vulnerability,CVE-2024-45824,vulnerability--57cdd5cb-4e04-48d8-9959-3b7ed8e9219c +vulnerability,CVE-2024-45849,vulnerability--539b6b72-4cba-4187-832d-9176e63c77df +vulnerability,CVE-2024-45383,vulnerability--1d7ca42e-822f-4b12-a5b3-600bf6e4015d +vulnerability,CVE-2024-45847,vulnerability--3ded57e1-19fb-499b-8151-c288299fa8ff +vulnerability,CVE-2024-45851,vulnerability--abe39573-e4ff-474a-8814-a2fe666e14f5 +vulnerability,CVE-2024-45856,vulnerability--88de9a4e-6763-477a-a929-b34470635861 +vulnerability,CVE-2024-45850,vulnerability--d68285a4-8ea5-49f7-a676-c3e7a429dd4c +vulnerability,CVE-2024-45857,vulnerability--b0bc64dc-9aa2-4e87-8d7d-ddeb7f4f7ca6 +vulnerability,CVE-2024-45181,vulnerability--247803ca-126c-44b5-a60a-940d26dbc8f5 +vulnerability,CVE-2024-45854,vulnerability--5761bdab-c8a0-4fa3-a347-44a3b00438fb +vulnerability,CVE-2024-45846,vulnerability--0659224a-14df-436b-8679-483fc2e51c28 +vulnerability,CVE-2024-45823,vulnerability--edae5092-5a81-4413-a6c2-f42d3c305bd7 +vulnerability,CVE-2024-45624,vulnerability--f9153586-856d-478d-b4f3-34e785a1aa0a +vulnerability,CVE-2024-45826,vulnerability--e90f1db4-581d-4722-b2ca-8c6fa395e43c +vulnerability,CVE-2024-45607,vulnerability--3d4f8753-f569-492c-bc7a-b1b706dd6a04 +vulnerability,CVE-2024-45848,vulnerability--eb0e6cf2-3b66-4603-ac93-e07abb0d4cbc +vulnerability,CVE-2024-45303,vulnerability--bca4c911-47fb-427f-bf73-e0d3b3aeacaa +vulnerability,CVE-2021-38133,vulnerability--16c1dbfb-b80f-4454-9b40-40b5bc18d6c5 +vulnerability,CVE-2021-38131,vulnerability--e8cb1fe3-fcbc-4b31-92e5-bf1c45544276 +vulnerability,CVE-2021-38132,vulnerability--47d0495a-9160-4a51-b6f4-fbcfe1af4ee1 +vulnerability,CVE-2021-22518,vulnerability--6b393c37-c7e4-4d7a-8237-4edbf5a8e2e7 +vulnerability,CVE-2021-22503,vulnerability--42b498b4-55c5-4b9a-a214-5c4777c96c89 +vulnerability,CVE-2021-22532,vulnerability--22811736-5928-4fc4-bef8-c270c44120a0 +vulnerability,CVE-2021-22533,vulnerability--7f85b1b4-18c2-43f0-a806-4c986c92c2eb diff --git a/objects/vulnerability/vulnerability--038a5a58-13e5-4b8e-b8de-6bfdc854a615.json b/objects/vulnerability/vulnerability--038a5a58-13e5-4b8e-b8de-6bfdc854a615.json new file mode 100644 index 00000000000..67c8125fa6d --- /dev/null +++ b/objects/vulnerability/vulnerability--038a5a58-13e5-4b8e-b8de-6bfdc854a615.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4421f429-a4e3-45db-a23a-f819c320a1d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--038a5a58-13e5-4b8e-b8de-6bfdc854a615", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.855253Z", + "modified": "2024-09-13T00:19:31.855253Z", + "name": "CVE-2024-20430", + "description": "A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. \r\n\r\nThis vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20430" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--049b84ce-e206-4fa3-8a0c-a62fc623d74a.json b/objects/vulnerability/vulnerability--049b84ce-e206-4fa3-8a0c-a62fc623d74a.json new file mode 100644 index 00000000000..0b285b9cf3e --- /dev/null +++ b/objects/vulnerability/vulnerability--049b84ce-e206-4fa3-8a0c-a62fc623d74a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03aed1dc-6b7f-4ec7-bdcb-4e064368af1f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--049b84ce-e206-4fa3-8a0c-a62fc623d74a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.854247Z", + "modified": "2024-09-13T00:19:32.854247Z", + "name": "CVE-2024-5799", + "description": "The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04d370bb-9843-4fa0-b264-9a8257241dae.json b/objects/vulnerability/vulnerability--04d370bb-9843-4fa0-b264-9a8257241dae.json new file mode 100644 index 00000000000..0c988697ef6 --- /dev/null +++ b/objects/vulnerability/vulnerability--04d370bb-9843-4fa0-b264-9a8257241dae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c86e802e-cc16-497d-bffc-fb73160ea967", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04d370bb-9843-4fa0-b264-9a8257241dae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.999605Z", + "modified": "2024-09-13T00:19:31.999605Z", + "name": "CVE-2024-8641", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0659224a-14df-436b-8679-483fc2e51c28.json b/objects/vulnerability/vulnerability--0659224a-14df-436b-8679-483fc2e51c28.json new file mode 100644 index 00000000000..bffa6067a55 --- /dev/null +++ b/objects/vulnerability/vulnerability--0659224a-14df-436b-8679-483fc2e51c28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9267cf6-ba82-433c-a8ce-cbe47a251a0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0659224a-14df-436b-8679-483fc2e51c28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.976262Z", + "modified": "2024-09-13T00:19:32.976262Z", + "name": "CVE-2024-45846", + "description": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0991dd16-edd6-4d18-be0d-b77ffcb58c74.json b/objects/vulnerability/vulnerability--0991dd16-edd6-4d18-be0d-b77ffcb58c74.json new file mode 100644 index 00000000000..2873edae6e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0991dd16-edd6-4d18-be0d-b77ffcb58c74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e3aa530d-be99-43b9-90fd-24a8ed03a8b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0991dd16-edd6-4d18-be0d-b77ffcb58c74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.453132Z", + "modified": "2024-09-13T00:19:32.453132Z", + "name": "CVE-2024-34783", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e147bae-1e0e-477e-8e9d-b62277141090.json b/objects/vulnerability/vulnerability--0e147bae-1e0e-477e-8e9d-b62277141090.json new file mode 100644 index 00000000000..49898079dab --- /dev/null +++ b/objects/vulnerability/vulnerability--0e147bae-1e0e-477e-8e9d-b62277141090.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f476aff4-1cad-4263-bd67-8369294cce7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e147bae-1e0e-477e-8e9d-b62277141090", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.359624Z", + "modified": "2024-09-13T00:19:31.359624Z", + "name": "CVE-2024-6017", + "description": "The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f8207b7-b83e-4057-8117-f8fe29f51815.json b/objects/vulnerability/vulnerability--0f8207b7-b83e-4057-8117-f8fe29f51815.json new file mode 100644 index 00000000000..5d63ca8fab4 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f8207b7-b83e-4057-8117-f8fe29f51815.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20849985-5c78-4e38-ac30-65ce4822ef5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f8207b7-b83e-4057-8117-f8fe29f51815", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.934161Z", + "modified": "2024-09-13T00:19:32.934161Z", + "name": "CVE-2024-45182", + "description": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10ed1a8c-c480-4bc9-863c-2765a9c648c7.json b/objects/vulnerability/vulnerability--10ed1a8c-c480-4bc9-863c-2765a9c648c7.json new file mode 100644 index 00000000000..72596ceb293 --- /dev/null +++ b/objects/vulnerability/vulnerability--10ed1a8c-c480-4bc9-863c-2765a9c648c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c628dff8-9aed-4c3f-a578-f3cc9ebc34e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10ed1a8c-c480-4bc9-863c-2765a9c648c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.008503Z", + "modified": "2024-09-13T00:19:32.008503Z", + "name": "CVE-2024-8696", + "description": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11a7499d-e9d6-4e54-90fa-9bbcaf5fee51.json b/objects/vulnerability/vulnerability--11a7499d-e9d6-4e54-90fa-9bbcaf5fee51.json new file mode 100644 index 00000000000..f1d0de6b6d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--11a7499d-e9d6-4e54-90fa-9bbcaf5fee51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5ff642d-0293-4537-996c-f3149a050b07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11a7499d-e9d6-4e54-90fa-9bbcaf5fee51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.564436Z", + "modified": "2024-09-13T00:19:31.564436Z", + "name": "CVE-2024-4660", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12933e03-ec59-47fa-ad1b-73acba95b800.json b/objects/vulnerability/vulnerability--12933e03-ec59-47fa-ad1b-73acba95b800.json new file mode 100644 index 00000000000..49770f4845e --- /dev/null +++ b/objects/vulnerability/vulnerability--12933e03-ec59-47fa-ad1b-73acba95b800.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c47b3f85-67c3-485a-bfef-5e7b044c8e0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12933e03-ec59-47fa-ad1b-73acba95b800", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.940659Z", + "modified": "2024-09-13T00:19:32.940659Z", + "name": "CVE-2024-45825", + "description": "CVE-2024-45825 IMPACT\nA denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45825" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15b45458-4cd1-410f-9a81-65acf531588e.json b/objects/vulnerability/vulnerability--15b45458-4cd1-410f-9a81-65acf531588e.json new file mode 100644 index 00000000000..bbc01e51075 --- /dev/null +++ b/objects/vulnerability/vulnerability--15b45458-4cd1-410f-9a81-65acf531588e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c17bc162-0e64-4246-81bb-c11e0e481506", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15b45458-4cd1-410f-9a81-65acf531588e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.996193Z", + "modified": "2024-09-13T00:19:31.996193Z", + "name": "CVE-2024-8709", + "description": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16c1dbfb-b80f-4454-9b40-40b5bc18d6c5.json b/objects/vulnerability/vulnerability--16c1dbfb-b80f-4454-9b40-40b5bc18d6c5.json new file mode 100644 index 00000000000..71ac9251ca7 --- /dev/null +++ b/objects/vulnerability/vulnerability--16c1dbfb-b80f-4454-9b40-40b5bc18d6c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0a7c1d9-569c-4f22-aaff-3d83a223deb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16c1dbfb-b80f-4454-9b40-40b5bc18d6c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.013655Z", + "modified": "2024-09-13T00:19:41.013655Z", + "name": "CVE-2021-38133", + "description": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText™ eDirectory. This impact all version before 9.2.6.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-38133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16f34ec9-cea1-41cf-8023-0670ccf14a94.json b/objects/vulnerability/vulnerability--16f34ec9-cea1-41cf-8023-0670ccf14a94.json new file mode 100644 index 00000000000..ec012c3fb61 --- /dev/null +++ b/objects/vulnerability/vulnerability--16f34ec9-cea1-41cf-8023-0670ccf14a94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--575eb2ce-1c01-4e9e-83e5-0dbf1a7dcfdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16f34ec9-cea1-41cf-8023-0670ccf14a94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.949509Z", + "modified": "2024-09-13T00:19:32.949509Z", + "name": "CVE-2024-45853", + "description": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45853" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17a6160d-9f41-4c12-b041-20dbe1a0e870.json b/objects/vulnerability/vulnerability--17a6160d-9f41-4c12-b041-20dbe1a0e870.json new file mode 100644 index 00000000000..df7f65b3bec --- /dev/null +++ b/objects/vulnerability/vulnerability--17a6160d-9f41-4c12-b041-20dbe1a0e870.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2abb2045-fc25-4878-aef0-834d03f39f5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17a6160d-9f41-4c12-b041-20dbe1a0e870", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.492093Z", + "modified": "2024-09-13T00:19:32.492093Z", + "name": "CVE-2024-34334", + "description": "ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34334" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--185fb002-a004-4d38-aa02-96ec634f7ef2.json b/objects/vulnerability/vulnerability--185fb002-a004-4d38-aa02-96ec634f7ef2.json new file mode 100644 index 00000000000..274fa14cf49 --- /dev/null +++ b/objects/vulnerability/vulnerability--185fb002-a004-4d38-aa02-96ec634f7ef2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b57935eb-9d70-406f-9798-715e04dbb730", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--185fb002-a004-4d38-aa02-96ec634f7ef2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.388744Z", + "modified": "2024-09-13T00:19:31.388744Z", + "name": "CVE-2024-6700", + "description": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c068357-8ba5-4e16-a920-94da252553d8.json b/objects/vulnerability/vulnerability--1c068357-8ba5-4e16-a920-94da252553d8.json new file mode 100644 index 00000000000..2cea786f328 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c068357-8ba5-4e16-a920-94da252553d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b12f13e0-56f8-408d-8de0-0736115bded7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c068357-8ba5-4e16-a920-94da252553d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.535844Z", + "modified": "2024-09-13T00:19:31.535844Z", + "name": "CVE-2024-4472", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ce57a8f-396f-45ff-94ef-3563b7c70ba2.json b/objects/vulnerability/vulnerability--1ce57a8f-396f-45ff-94ef-3563b7c70ba2.json new file mode 100644 index 00000000000..94e90f5edbc --- /dev/null +++ b/objects/vulnerability/vulnerability--1ce57a8f-396f-45ff-94ef-3563b7c70ba2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29729c10-06c5-4568-b7fd-20f9efe6ec3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ce57a8f-396f-45ff-94ef-3563b7c70ba2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.02999Z", + "modified": "2024-09-13T00:19:32.02999Z", + "name": "CVE-2024-8529", + "description": "The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d7ca42e-822f-4b12-a5b3-600bf6e4015d.json b/objects/vulnerability/vulnerability--1d7ca42e-822f-4b12-a5b3-600bf6e4015d.json new file mode 100644 index 00000000000..595b9c7296d --- /dev/null +++ b/objects/vulnerability/vulnerability--1d7ca42e-822f-4b12-a5b3-600bf6e4015d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e139a93a-938a-4984-b9cc-4d79b8a0a868", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d7ca42e-822f-4b12-a5b3-600bf6e4015d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.955644Z", + "modified": "2024-09-13T00:19:32.955644Z", + "name": "CVE-2024-45383", + "description": "A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e268c9f-2664-4811-988a-d5bd6041bac8.json b/objects/vulnerability/vulnerability--1e268c9f-2664-4811-988a-d5bd6041bac8.json new file mode 100644 index 00000000000..8dcf6d2bdb9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e268c9f-2664-4811-988a-d5bd6041bac8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8cbe103-abf3-4b19-8697-44aecd42e69d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e268c9f-2664-4811-988a-d5bd6041bac8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.462926Z", + "modified": "2024-09-13T00:19:32.462926Z", + "name": "CVE-2024-34785", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22811736-5928-4fc4-bef8-c270c44120a0.json b/objects/vulnerability/vulnerability--22811736-5928-4fc4-bef8-c270c44120a0.json new file mode 100644 index 00000000000..a7be5743e7e --- /dev/null +++ b/objects/vulnerability/vulnerability--22811736-5928-4fc4-bef8-c270c44120a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89bd1e7b-a021-4c48-8b3d-87e705bc4ada", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22811736-5928-4fc4-bef8-c270c44120a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.406237Z", + "modified": "2024-09-13T00:19:41.406237Z", + "name": "CVE-2021-22532", + "description": "Possible NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText™ \neDirectory before 9.2.4.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--247803ca-126c-44b5-a60a-940d26dbc8f5.json b/objects/vulnerability/vulnerability--247803ca-126c-44b5-a60a-940d26dbc8f5.json new file mode 100644 index 00000000000..d8eb0b14c00 --- /dev/null +++ b/objects/vulnerability/vulnerability--247803ca-126c-44b5-a60a-940d26dbc8f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8fd08a69-055f-4af8-b51a-58ff4e64f409", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--247803ca-126c-44b5-a60a-940d26dbc8f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.970504Z", + "modified": "2024-09-13T00:19:32.970504Z", + "name": "CVE-2024-45181", + "description": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25cc6655-1532-4313-b626-75bf776a0656.json b/objects/vulnerability/vulnerability--25cc6655-1532-4313-b626-75bf776a0656.json new file mode 100644 index 00000000000..d3c94fbc6b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--25cc6655-1532-4313-b626-75bf776a0656.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b3c0d8d-64a0-40d5-ac47-a29f0f616900", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25cc6655-1532-4313-b626-75bf776a0656", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.44245Z", + "modified": "2024-09-13T00:19:32.44245Z", + "name": "CVE-2024-34336", + "description": "User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--263a4190-cf1b-48e9-a446-c41e45953b83.json b/objects/vulnerability/vulnerability--263a4190-cf1b-48e9-a446-c41e45953b83.json new file mode 100644 index 00000000000..949f1b003dd --- /dev/null +++ b/objects/vulnerability/vulnerability--263a4190-cf1b-48e9-a446-c41e45953b83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86d5f35d-5c78-4b46-9df9-de77eb42e243", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--263a4190-cf1b-48e9-a446-c41e45953b83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.034615Z", + "modified": "2024-09-13T00:19:32.034615Z", + "name": "CVE-2024-8533", + "description": "A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26eb9189-fc70-4e74-b1c3-e1e3ffa1980e.json b/objects/vulnerability/vulnerability--26eb9189-fc70-4e74-b1c3-e1e3ffa1980e.json new file mode 100644 index 00000000000..58297b486cc --- /dev/null +++ b/objects/vulnerability/vulnerability--26eb9189-fc70-4e74-b1c3-e1e3ffa1980e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4561c2f4-8201-4ef1-860a-87d981144b4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26eb9189-fc70-4e74-b1c3-e1e3ffa1980e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.941847Z", + "modified": "2024-09-13T00:19:32.941847Z", + "name": "CVE-2024-45852", + "description": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28ad5b24-0a86-4257-a8fb-9844e2359e11.json b/objects/vulnerability/vulnerability--28ad5b24-0a86-4257-a8fb-9844e2359e11.json new file mode 100644 index 00000000000..2738024e7ab --- /dev/null +++ b/objects/vulnerability/vulnerability--28ad5b24-0a86-4257-a8fb-9844e2359e11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cad654f-5a44-48ec-a4f9-75857fd1022a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28ad5b24-0a86-4257-a8fb-9844e2359e11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.482569Z", + "modified": "2024-09-13T00:19:32.482569Z", + "name": "CVE-2024-34779", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34779" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2989b39e-a931-4d10-913a-3ba81e09027b.json b/objects/vulnerability/vulnerability--2989b39e-a931-4d10-913a-3ba81e09027b.json new file mode 100644 index 00000000000..a797a83b289 --- /dev/null +++ b/objects/vulnerability/vulnerability--2989b39e-a931-4d10-913a-3ba81e09027b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33329407-d355-4942-9f20-1d6609651fa9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2989b39e-a931-4d10-913a-3ba81e09027b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.519578Z", + "modified": "2024-09-13T00:19:32.519578Z", + "name": "CVE-2024-7862", + "description": "The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7862" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ba2a43f-e0ca-499a-9d7c-526eee2c3488.json b/objects/vulnerability/vulnerability--2ba2a43f-e0ca-499a-9d7c-526eee2c3488.json new file mode 100644 index 00000000000..b055b877bfe --- /dev/null +++ b/objects/vulnerability/vulnerability--2ba2a43f-e0ca-499a-9d7c-526eee2c3488.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5faee13-d84a-47cd-8890-294128e4bb68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ba2a43f-e0ca-499a-9d7c-526eee2c3488", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.534637Z", + "modified": "2024-09-13T00:19:32.534637Z", + "name": "CVE-2024-7861", + "description": "The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7861" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2be7805c-b908-4f81-9bf9-587ca57f702c.json b/objects/vulnerability/vulnerability--2be7805c-b908-4f81-9bf9-587ca57f702c.json new file mode 100644 index 00000000000..5991b534b5b --- /dev/null +++ b/objects/vulnerability/vulnerability--2be7805c-b908-4f81-9bf9-587ca57f702c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6d08a6b-13ad-4e81-85ce-66831285d065", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2be7805c-b908-4f81-9bf9-587ca57f702c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.263612Z", + "modified": "2024-09-13T00:19:31.263612Z", + "name": "CVE-2024-25270", + "description": "An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25270" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--338b94d6-b854-4273-b198-412bd1ec655a.json b/objects/vulnerability/vulnerability--338b94d6-b854-4273-b198-412bd1ec655a.json new file mode 100644 index 00000000000..02ccd447ae2 --- /dev/null +++ b/objects/vulnerability/vulnerability--338b94d6-b854-4273-b198-412bd1ec655a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc72aa17-9469-472f-910b-fd8546975798", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--338b94d6-b854-4273-b198-412bd1ec655a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.353095Z", + "modified": "2024-09-13T00:19:31.353095Z", + "name": "CVE-2024-6840", + "description": "An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35955dd8-143b-46e8-baa4-04c9fb3118c3.json b/objects/vulnerability/vulnerability--35955dd8-143b-46e8-baa4-04c9fb3118c3.json new file mode 100644 index 00000000000..817ba2bea89 --- /dev/null +++ b/objects/vulnerability/vulnerability--35955dd8-143b-46e8-baa4-04c9fb3118c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7261fb4-265c-4751-8af5-00b140ff05de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35955dd8-143b-46e8-baa4-04c9fb3118c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:30.923163Z", + "modified": "2024-09-13T00:19:30.923163Z", + "name": "CVE-2024-27321", + "description": "An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--380ddcc0-6b13-4fd3-bc33-737bcc8e572f.json b/objects/vulnerability/vulnerability--380ddcc0-6b13-4fd3-bc33-737bcc8e572f.json new file mode 100644 index 00000000000..60b404b95c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--380ddcc0-6b13-4fd3-bc33-737bcc8e572f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9cd069d-8cb1-4e93-a282-62f077d1152e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--380ddcc0-6b13-4fd3-bc33-737bcc8e572f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.06074Z", + "modified": "2024-09-13T00:19:32.06074Z", + "name": "CVE-2024-29847", + "description": "Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29847" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d4f8753-f569-492c-bc7a-b1b706dd6a04.json b/objects/vulnerability/vulnerability--3d4f8753-f569-492c-bc7a-b1b706dd6a04.json new file mode 100644 index 00000000000..8d6ff702c05 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d4f8753-f569-492c-bc7a-b1b706dd6a04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5dc1f92d-6a7b-4901-9af6-bd7ea1aa84dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d4f8753-f569-492c-bc7a-b1b706dd6a04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.989238Z", + "modified": "2024-09-13T00:19:32.989238Z", + "name": "CVE-2024-45607", + "description": "whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ded57e1-19fb-499b-8151-c288299fa8ff.json b/objects/vulnerability/vulnerability--3ded57e1-19fb-499b-8151-c288299fa8ff.json new file mode 100644 index 00000000000..001fe467f5c --- /dev/null +++ b/objects/vulnerability/vulnerability--3ded57e1-19fb-499b-8151-c288299fa8ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0a51847-f1d9-4277-b6e2-bdcf4ea20bd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ded57e1-19fb-499b-8151-c288299fa8ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.957729Z", + "modified": "2024-09-13T00:19:32.957729Z", + "name": "CVE-2024-45847", + "description": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45847" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f0382f4-c48f-423f-8f05-28d08fc6e71b.json b/objects/vulnerability/vulnerability--3f0382f4-c48f-423f-8f05-28d08fc6e71b.json new file mode 100644 index 00000000000..4e24d9b798d --- /dev/null +++ b/objects/vulnerability/vulnerability--3f0382f4-c48f-423f-8f05-28d08fc6e71b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59ec9880-bd71-43d6-91fd-4abee2ca9c66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f0382f4-c48f-423f-8f05-28d08fc6e71b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.361572Z", + "modified": "2024-09-13T00:19:31.361572Z", + "name": "CVE-2024-6678", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f14426e-84d7-4bd6-b837-80a4eee57b98.json b/objects/vulnerability/vulnerability--3f14426e-84d7-4bd6-b837-80a4eee57b98.json new file mode 100644 index 00000000000..a9695d7a027 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f14426e-84d7-4bd6-b837-80a4eee57b98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b44a9e4a-d2a1-4471-9260-f817b5b9c539", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f14426e-84d7-4bd6-b837-80a4eee57b98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.508902Z", + "modified": "2024-09-13T00:19:32.508902Z", + "name": "CVE-2024-7818", + "description": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3faaa38f-f27e-4022-9968-f715155372ea.json b/objects/vulnerability/vulnerability--3faaa38f-f27e-4022-9968-f715155372ea.json new file mode 100644 index 00000000000..851c5913d30 --- /dev/null +++ b/objects/vulnerability/vulnerability--3faaa38f-f27e-4022-9968-f715155372ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1d64049-3ffb-4917-bf2c-6a9abbb40359", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3faaa38f-f27e-4022-9968-f715155372ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.892239Z", + "modified": "2024-09-13T00:19:31.892239Z", + "name": "CVE-2024-28991", + "description": "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--409cdd07-8ec5-44c4-ae27-fb11f2520327.json b/objects/vulnerability/vulnerability--409cdd07-8ec5-44c4-ae27-fb11f2520327.json new file mode 100644 index 00000000000..204f60eb5d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--409cdd07-8ec5-44c4-ae27-fb11f2520327.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1337c19b-ddf6-4307-935f-39cf751a040d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--409cdd07-8ec5-44c4-ae27-fb11f2520327", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.077823Z", + "modified": "2024-09-13T00:19:31.077823Z", + "name": "CVE-2024-44460", + "description": "An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44460" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--410872f5-919c-4296-a76d-e1016d331bed.json b/objects/vulnerability/vulnerability--410872f5-919c-4296-a76d-e1016d331bed.json new file mode 100644 index 00000000000..0c620049c83 --- /dev/null +++ b/objects/vulnerability/vulnerability--410872f5-919c-4296-a76d-e1016d331bed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff1fa82e-780d-4402-86c9-dc9c0cdaf4c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--410872f5-919c-4296-a76d-e1016d331bed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.906215Z", + "modified": "2024-09-13T00:19:32.906215Z", + "name": "CVE-2024-2743", + "description": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2743" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42b498b4-55c5-4b9a-a214-5c4777c96c89.json b/objects/vulnerability/vulnerability--42b498b4-55c5-4b9a-a214-5c4777c96c89.json new file mode 100644 index 00000000000..ee5e5d6a91d --- /dev/null +++ b/objects/vulnerability/vulnerability--42b498b4-55c5-4b9a-a214-5c4777c96c89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3553b66-f708-41c7-906c-e3c5b76e96f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42b498b4-55c5-4b9a-a214-5c4777c96c89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.400944Z", + "modified": "2024-09-13T00:19:41.400944Z", + "name": "CVE-2021-22503", + "description": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText™ eDirectory 9.2.3.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47d0495a-9160-4a51-b6f4-fbcfe1af4ee1.json b/objects/vulnerability/vulnerability--47d0495a-9160-4a51-b6f4-fbcfe1af4ee1.json new file mode 100644 index 00000000000..74116b81e47 --- /dev/null +++ b/objects/vulnerability/vulnerability--47d0495a-9160-4a51-b6f4-fbcfe1af4ee1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2e579d2-4991-4afb-8e42-cde16f8138c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47d0495a-9160-4a51-b6f4-fbcfe1af4ee1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.056864Z", + "modified": "2024-09-13T00:19:41.056864Z", + "name": "CVE-2021-38132", + "description": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText™ eDirectory. This impact all version before 9.2.6.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-38132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cb91196-c047-4443-99e0-bb0dd40d6baa.json b/objects/vulnerability/vulnerability--4cb91196-c047-4443-99e0-bb0dd40d6baa.json new file mode 100644 index 00000000000..fc667e2dada --- /dev/null +++ b/objects/vulnerability/vulnerability--4cb91196-c047-4443-99e0-bb0dd40d6baa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19f15b5c-fe15-4f55-8a09-c33fb1e30d77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cb91196-c047-4443-99e0-bb0dd40d6baa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.042735Z", + "modified": "2024-09-13T00:19:32.042735Z", + "name": "CVE-2024-8750", + "description": "Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fdf0549-4965-4764-aff6-118116a87995.json b/objects/vulnerability/vulnerability--4fdf0549-4965-4764-aff6-118116a87995.json new file mode 100644 index 00000000000..b505d923572 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fdf0549-4965-4764-aff6-118116a87995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77b80c21-0d2e-4d33-9ce5-65383ded59a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fdf0549-4965-4764-aff6-118116a87995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.020436Z", + "modified": "2024-09-13T00:19:32.020436Z", + "name": "CVE-2024-8640", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--517162e5-ebbe-4b8b-a2aa-164375182698.json b/objects/vulnerability/vulnerability--517162e5-ebbe-4b8b-a2aa-164375182698.json new file mode 100644 index 00000000000..969456c6e53 --- /dev/null +++ b/objects/vulnerability/vulnerability--517162e5-ebbe-4b8b-a2aa-164375182698.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3f7c00c-9b07-46fa-99f7-eff59068f2f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--517162e5-ebbe-4b8b-a2aa-164375182698", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.520666Z", + "modified": "2024-09-13T00:19:32.520666Z", + "name": "CVE-2024-7817", + "description": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7817" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--539b6b72-4cba-4187-832d-9176e63c77df.json b/objects/vulnerability/vulnerability--539b6b72-4cba-4187-832d-9176e63c77df.json new file mode 100644 index 00000000000..b5d231197cc --- /dev/null +++ b/objects/vulnerability/vulnerability--539b6b72-4cba-4187-832d-9176e63c77df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9abade86-f2a9-4bdf-94bd-8239f2a7bd5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--539b6b72-4cba-4187-832d-9176e63c77df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.954717Z", + "modified": "2024-09-13T00:19:32.954717Z", + "name": "CVE-2024-45849", + "description": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--570b2a89-2fa9-4c63-9ca0-446b51e51b5f.json b/objects/vulnerability/vulnerability--570b2a89-2fa9-4c63-9ca0-446b51e51b5f.json new file mode 100644 index 00000000000..b5926200549 --- /dev/null +++ b/objects/vulnerability/vulnerability--570b2a89-2fa9-4c63-9ca0-446b51e51b5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f89e16e8-5571-4cb2-be28-ff8af5035417", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--570b2a89-2fa9-4c63-9ca0-446b51e51b5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.332303Z", + "modified": "2024-09-13T00:19:32.332303Z", + "name": "CVE-2024-3163", + "description": "The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5761bdab-c8a0-4fa3-a347-44a3b00438fb.json b/objects/vulnerability/vulnerability--5761bdab-c8a0-4fa3-a347-44a3b00438fb.json new file mode 100644 index 00000000000..1d482a2f9ae --- /dev/null +++ b/objects/vulnerability/vulnerability--5761bdab-c8a0-4fa3-a347-44a3b00438fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bed06c01-2e5b-4e18-8ed2-852d989c7a23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5761bdab-c8a0-4fa3-a347-44a3b00438fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.972828Z", + "modified": "2024-09-13T00:19:32.972828Z", + "name": "CVE-2024-45854", + "description": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45854" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57cdd5cb-4e04-48d8-9959-3b7ed8e9219c.json b/objects/vulnerability/vulnerability--57cdd5cb-4e04-48d8-9959-3b7ed8e9219c.json new file mode 100644 index 00000000000..edc85e77c06 --- /dev/null +++ b/objects/vulnerability/vulnerability--57cdd5cb-4e04-48d8-9959-3b7ed8e9219c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cd482e3-5e72-46a5-9102-e6299ba0f3a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57cdd5cb-4e04-48d8-9959-3b7ed8e9219c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.953283Z", + "modified": "2024-09-13T00:19:32.953283Z", + "name": "CVE-2024-45824", + "description": "CVE-2024-45824 IMPACT\n\n\n\nA remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45824" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58b01dd4-d22a-413d-b48b-f6cefd809c44.json b/objects/vulnerability/vulnerability--58b01dd4-d22a-413d-b48b-f6cefd809c44.json new file mode 100644 index 00000000000..30f02f2450f --- /dev/null +++ b/objects/vulnerability/vulnerability--58b01dd4-d22a-413d-b48b-f6cefd809c44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--716d45bd-14cb-4922-9073-4146d390aa8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58b01dd4-d22a-413d-b48b-f6cefd809c44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.549959Z", + "modified": "2024-09-13T00:19:32.549959Z", + "name": "CVE-2024-7816", + "description": "The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7816" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60322d5b-109a-43f1-9ba2-5220dde74966.json b/objects/vulnerability/vulnerability--60322d5b-109a-43f1-9ba2-5220dde74966.json new file mode 100644 index 00000000000..2b6967d3e4b --- /dev/null +++ b/objects/vulnerability/vulnerability--60322d5b-109a-43f1-9ba2-5220dde74966.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5478e380-9af6-4dea-9c54-639da2b7ac59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60322d5b-109a-43f1-9ba2-5220dde74966", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.434597Z", + "modified": "2024-09-13T00:19:31.434597Z", + "name": "CVE-2024-42484", + "description": "ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in memory corruption related attacks. Normally there are two fields in the group information that need to be checked, i.e., the addrs_num field and the addrs_list fileld. Since we only checked the addrs_list field, an attacker can send a group type message with an invalid addrs_num field, which will cause the message handled by the firmware to be much larger than the current buffer, thus causing a memory corruption issue that goes beyond the payload length.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61f26ad7-4303-47c4-9098-3986b3464336.json b/objects/vulnerability/vulnerability--61f26ad7-4303-47c4-9098-3986b3464336.json new file mode 100644 index 00000000000..75c6d5acdd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--61f26ad7-4303-47c4-9098-3986b3464336.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7be9b31-2b7e-4e34-9e5d-64ca12c37d1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61f26ad7-4303-47c4-9098-3986b3464336", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.00469Z", + "modified": "2024-09-13T00:19:32.00469Z", + "name": "CVE-2024-8054", + "description": "The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8054" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6702c71c-825f-4a8c-a41a-1060a3aed1e6.json b/objects/vulnerability/vulnerability--6702c71c-825f-4a8c-a41a-1060a3aed1e6.json new file mode 100644 index 00000000000..3a7614a574a --- /dev/null +++ b/objects/vulnerability/vulnerability--6702c71c-825f-4a8c-a41a-1060a3aed1e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f35eb88c-89a2-4af3-b8b0-7145a208664a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6702c71c-825f-4a8c-a41a-1060a3aed1e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:28.539059Z", + "modified": "2024-09-13T00:19:28.539059Z", + "name": "CVE-2022-26322", + "description": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText™ \nIdentity Manager REST Driver. This impact version before 1.1.2.0200.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-26322" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6878b399-2ac1-442f-901a-e9ff10bcf581.json b/objects/vulnerability/vulnerability--6878b399-2ac1-442f-901a-e9ff10bcf581.json new file mode 100644 index 00000000000..6963fb31c29 --- /dev/null +++ b/objects/vulnerability/vulnerability--6878b399-2ac1-442f-901a-e9ff10bcf581.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a6d7524-6364-4f7c-a76f-8da46fe13eb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6878b399-2ac1-442f-901a-e9ff10bcf581", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.99232Z", + "modified": "2024-09-13T00:19:31.99232Z", + "name": "CVE-2024-8056", + "description": "The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a30ced3-7a96-44dc-9fc5-c3a64b66a7cd.json b/objects/vulnerability/vulnerability--6a30ced3-7a96-44dc-9fc5-c3a64b66a7cd.json new file mode 100644 index 00000000000..70161d24a3f --- /dev/null +++ b/objects/vulnerability/vulnerability--6a30ced3-7a96-44dc-9fc5-c3a64b66a7cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cef2a47b-19ee-4601-816d-60f9477bd0e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a30ced3-7a96-44dc-9fc5-c3a64b66a7cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.028699Z", + "modified": "2024-09-13T00:19:31.028699Z", + "name": "CVE-2024-32840", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a649beb-1a66-4a9f-8324-dc5173e35dab.json b/objects/vulnerability/vulnerability--6a649beb-1a66-4a9f-8324-dc5173e35dab.json new file mode 100644 index 00000000000..1f2613318ca --- /dev/null +++ b/objects/vulnerability/vulnerability--6a649beb-1a66-4a9f-8324-dc5173e35dab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b56c70e8-2362-4fa8-a279-0682f573d789", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a649beb-1a66-4a9f-8324-dc5173e35dab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.410355Z", + "modified": "2024-09-13T00:19:31.410355Z", + "name": "CVE-2024-6702", + "description": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6702" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b393c37-c7e4-4d7a-8237-4edbf5a8e2e7.json b/objects/vulnerability/vulnerability--6b393c37-c7e4-4d7a-8237-4edbf5a8e2e7.json new file mode 100644 index 00000000000..f181a38d58a --- /dev/null +++ b/objects/vulnerability/vulnerability--6b393c37-c7e4-4d7a-8237-4edbf5a8e2e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31e57fa6-f9a8-4321-80f7-7107c6957eb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b393c37-c7e4-4d7a-8237-4edbf5a8e2e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.398421Z", + "modified": "2024-09-13T00:19:41.398421Z", + "name": "CVE-2021-22518", + "description": "A vulnerability identified in OpenText™ \nIdentity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bd85ec2-9b2c-4d0d-91ae-82eaa1563b4a.json b/objects/vulnerability/vulnerability--6bd85ec2-9b2c-4d0d-91ae-82eaa1563b4a.json new file mode 100644 index 00000000000..d38682b8b2a --- /dev/null +++ b/objects/vulnerability/vulnerability--6bd85ec2-9b2c-4d0d-91ae-82eaa1563b4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ded4d24-5429-48a8-ab48-785dc687261a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bd85ec2-9b2c-4d0d-91ae-82eaa1563b4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.035322Z", + "modified": "2024-09-13T00:19:31.035322Z", + "name": "CVE-2024-32843", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32843" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ee57b04-93f8-4f24-9e49-3cd3740ba915.json b/objects/vulnerability/vulnerability--6ee57b04-93f8-4f24-9e49-3cd3740ba915.json new file mode 100644 index 00000000000..94c5823c095 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ee57b04-93f8-4f24-9e49-3cd3740ba915.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2de4a127-1ed7-404d-b1cd-ab3371a43d3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ee57b04-93f8-4f24-9e49-3cd3740ba915", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.407864Z", + "modified": "2024-09-13T00:19:31.407864Z", + "name": "CVE-2024-6510", + "description": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70d58d2a-1f56-4f78-88b1-5858e67edb0c.json b/objects/vulnerability/vulnerability--70d58d2a-1f56-4f78-88b1-5858e67edb0c.json new file mode 100644 index 00000000000..1d0c43d0b7a --- /dev/null +++ b/objects/vulnerability/vulnerability--70d58d2a-1f56-4f78-88b1-5858e67edb0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31fd74cc-65b1-42c2-a3f5-8deb5160ab6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70d58d2a-1f56-4f78-88b1-5858e67edb0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.018706Z", + "modified": "2024-09-13T00:19:32.018706Z", + "name": "CVE-2024-8631", + "description": "A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74ecf10f-d6b9-4316-9f86-1e60d6070b87.json b/objects/vulnerability/vulnerability--74ecf10f-d6b9-4316-9f86-1e60d6070b87.json new file mode 100644 index 00000000000..62f2a07d7f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--74ecf10f-d6b9-4316-9f86-1e60d6070b87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2070164b-ca66-477b-ab13-5ac0dc3fd8f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74ecf10f-d6b9-4316-9f86-1e60d6070b87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.325157Z", + "modified": "2024-09-13T00:19:32.325157Z", + "name": "CVE-2024-3306", + "description": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--752de727-102a-4a03-96cb-8ceaca73a8a9.json b/objects/vulnerability/vulnerability--752de727-102a-4a03-96cb-8ceaca73a8a9.json new file mode 100644 index 00000000000..c6e6e1c6233 --- /dev/null +++ b/objects/vulnerability/vulnerability--752de727-102a-4a03-96cb-8ceaca73a8a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed64c996-bf59-4707-badc-7ab09881ddf8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--752de727-102a-4a03-96cb-8ceaca73a8a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.909429Z", + "modified": "2024-09-13T00:19:32.909429Z", + "name": "CVE-2024-2010", + "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2010" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--758584af-a412-4a26-9ec4-2641b6b70129.json b/objects/vulnerability/vulnerability--758584af-a412-4a26-9ec4-2641b6b70129.json new file mode 100644 index 00000000000..741cd8fec4b --- /dev/null +++ b/objects/vulnerability/vulnerability--758584af-a412-4a26-9ec4-2641b6b70129.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcbfb6b2-23da-42d3-9c31-1da2e224e2a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--758584af-a412-4a26-9ec4-2641b6b70129", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.02438Z", + "modified": "2024-09-13T00:19:32.02438Z", + "name": "CVE-2024-8710", + "description": "A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8710" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--796cde43-8502-4bf6-ba5b-4f7ef0657b02.json b/objects/vulnerability/vulnerability--796cde43-8502-4bf6-ba5b-4f7ef0657b02.json new file mode 100644 index 00000000000..ddcb7a0daf8 --- /dev/null +++ b/objects/vulnerability/vulnerability--796cde43-8502-4bf6-ba5b-4f7ef0657b02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58cb1a0c-3771-41e7-80f8-5f62ab62f1bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--796cde43-8502-4bf6-ba5b-4f7ef0657b02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.017688Z", + "modified": "2024-09-13T00:19:32.017688Z", + "name": "CVE-2024-8622", + "description": "The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f85b1b4-18c2-43f0-a806-4c986c92c2eb.json b/objects/vulnerability/vulnerability--7f85b1b4-18c2-43f0-a806-4c986c92c2eb.json new file mode 100644 index 00000000000..d8cb4a66956 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f85b1b4-18c2-43f0-a806-4c986c92c2eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a0c99d2-0066-4f12-95a5-6956a7c89589", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f85b1b4-18c2-43f0-a806-4c986c92c2eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.45385Z", + "modified": "2024-09-13T00:19:41.45385Z", + "name": "CVE-2021-22533", + "description": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText™ eDirectory 9.2.4.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--806cd98b-dfc9-4a40-9247-f5d3b848e489.json b/objects/vulnerability/vulnerability--806cd98b-dfc9-4a40-9247-f5d3b848e489.json new file mode 100644 index 00000000000..5da610d2eb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--806cd98b-dfc9-4a40-9247-f5d3b848e489.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1083ed2-1fa7-492f-b6ab-8d30875fa7a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--806cd98b-dfc9-4a40-9247-f5d3b848e489", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.555865Z", + "modified": "2024-09-13T00:19:32.555865Z", + "name": "CVE-2024-7820", + "description": "The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8096b1b9-36d0-4b44-9453-9c8d4c2114c2.json b/objects/vulnerability/vulnerability--8096b1b9-36d0-4b44-9453-9c8d4c2114c2.json new file mode 100644 index 00000000000..3b95d784eb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--8096b1b9-36d0-4b44-9453-9c8d4c2114c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e05946e1-0d63-4071-aca9-2eb5d5c5e54e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8096b1b9-36d0-4b44-9453-9c8d4c2114c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.399387Z", + "modified": "2024-09-13T00:19:31.399387Z", + "name": "CVE-2024-6018", + "description": "The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86b7e4f8-a338-4f83-a261-01972029858d.json b/objects/vulnerability/vulnerability--86b7e4f8-a338-4f83-a261-01972029858d.json new file mode 100644 index 00000000000..9f778e097ae --- /dev/null +++ b/objects/vulnerability/vulnerability--86b7e4f8-a338-4f83-a261-01972029858d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a610094b-6fc7-4ece-91a8-4d5228256725", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86b7e4f8-a338-4f83-a261-01972029858d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:30.904599Z", + "modified": "2024-09-13T00:19:30.904599Z", + "name": "CVE-2024-27320", + "description": "An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88de9a4e-6763-477a-a929-b34470635861.json b/objects/vulnerability/vulnerability--88de9a4e-6763-477a-a929-b34470635861.json new file mode 100644 index 00000000000..cc4c79b6500 --- /dev/null +++ b/objects/vulnerability/vulnerability--88de9a4e-6763-477a-a929-b34470635861.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c99c42d9-74a6-4a6e-a36b-2af8bb95bb2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88de9a4e-6763-477a-a929-b34470635861", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.962363Z", + "modified": "2024-09-13T00:19:32.962363Z", + "name": "CVE-2024-45856", + "description": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--897e3b64-47ed-48be-9218-ccc14c6c9a4a.json b/objects/vulnerability/vulnerability--897e3b64-47ed-48be-9218-ccc14c6c9a4a.json new file mode 100644 index 00000000000..e1be69076d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--897e3b64-47ed-48be-9218-ccc14c6c9a4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77981d73-ee6f-488c-9e25-178f3917505e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--897e3b64-47ed-48be-9218-ccc14c6c9a4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.03583Z", + "modified": "2024-09-13T00:19:32.03583Z", + "name": "CVE-2024-8707", + "description": "A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8707" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--909dc71f-018c-43b6-a055-59c39062d569.json b/objects/vulnerability/vulnerability--909dc71f-018c-43b6-a055-59c39062d569.json new file mode 100644 index 00000000000..327f71ea879 --- /dev/null +++ b/objects/vulnerability/vulnerability--909dc71f-018c-43b6-a055-59c39062d569.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2d4d888-28e0-4d62-9fe6-dbd9306115a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--909dc71f-018c-43b6-a055-59c39062d569", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.500864Z", + "modified": "2024-09-13T00:19:32.500864Z", + "name": "CVE-2024-7960", + "description": "The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91f0ddc6-f705-44aa-bade-f0c6086e9cd1.json b/objects/vulnerability/vulnerability--91f0ddc6-f705-44aa-bade-f0c6086e9cd1.json new file mode 100644 index 00000000000..f70cafabbde --- /dev/null +++ b/objects/vulnerability/vulnerability--91f0ddc6-f705-44aa-bade-f0c6086e9cd1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c05bb70-a046-4467-a1b1-b0856af865ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91f0ddc6-f705-44aa-bade-f0c6086e9cd1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.52565Z", + "modified": "2024-09-13T00:19:32.52565Z", + "name": "CVE-2024-7822", + "description": "The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7822" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99046ae3-f275-42b0-b4cb-0a0d9288e789.json b/objects/vulnerability/vulnerability--99046ae3-f275-42b0-b4cb-0a0d9288e789.json new file mode 100644 index 00000000000..49ab400c4b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--99046ae3-f275-42b0-b4cb-0a0d9288e789.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5a0d0eb-959b-4bd4-b0f8-ef93e4742e6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99046ae3-f275-42b0-b4cb-0a0d9288e789", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.448024Z", + "modified": "2024-09-13T00:19:31.448024Z", + "name": "CVE-2024-42483", + "description": "ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bf4ebf2-7cd4-44ee-915c-eeb002ac6531.json b/objects/vulnerability/vulnerability--9bf4ebf2-7cd4-44ee-915c-eeb002ac6531.json new file mode 100644 index 00000000000..3e4545276a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--9bf4ebf2-7cd4-44ee-915c-eeb002ac6531.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4975f323-d6d7-42c8-81b4-a1665ba364a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bf4ebf2-7cd4-44ee-915c-eeb002ac6531", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.551106Z", + "modified": "2024-09-13T00:19:32.551106Z", + "name": "CVE-2024-7766", + "description": "The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ca1bac9-3386-4630-a141-938b2ea13050.json b/objects/vulnerability/vulnerability--9ca1bac9-3386-4630-a141-938b2ea13050.json new file mode 100644 index 00000000000..99b9fff8f85 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ca1bac9-3386-4630-a141-938b2ea13050.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa333c13-3d61-4a7c-9ea4-ebe6c754c638", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ca1bac9-3386-4630-a141-938b2ea13050", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.568101Z", + "modified": "2024-09-13T00:19:31.568101Z", + "name": "CVE-2024-4612", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f133e40-9b90-4e37-a758-ea2d946174cd.json b/objects/vulnerability/vulnerability--9f133e40-9b90-4e37-a758-ea2d946174cd.json new file mode 100644 index 00000000000..62ef3a81fbd --- /dev/null +++ b/objects/vulnerability/vulnerability--9f133e40-9b90-4e37-a758-ea2d946174cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aba421df-b910-4c55-8989-91bf380b002e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f133e40-9b90-4e37-a758-ea2d946174cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.377098Z", + "modified": "2024-09-13T00:19:31.377098Z", + "name": "CVE-2024-6701", + "description": "Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f67ab49-8c5e-4dbc-a663-931243bfa855.json b/objects/vulnerability/vulnerability--9f67ab49-8c5e-4dbc-a663-931243bfa855.json new file mode 100644 index 00000000000..e8b4b578766 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f67ab49-8c5e-4dbc-a663-931243bfa855.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2c94228-d8ee-4916-bfcb-f383b413bc66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f67ab49-8c5e-4dbc-a663-931243bfa855", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:30.947135Z", + "modified": "2024-09-13T00:19:30.947135Z", + "name": "CVE-2024-37397", + "description": "An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37397" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a27dfda5-15a5-46d2-8564-859433360269.json b/objects/vulnerability/vulnerability--a27dfda5-15a5-46d2-8564-859433360269.json new file mode 100644 index 00000000000..8befd04c384 --- /dev/null +++ b/objects/vulnerability/vulnerability--a27dfda5-15a5-46d2-8564-859433360269.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0cbc981-5618-46f7-9561-725af1f0742a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a27dfda5-15a5-46d2-8564-859433360269", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.026683Z", + "modified": "2024-09-13T00:19:32.026683Z", + "name": "CVE-2024-8124", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8124" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5547ca4-f000-4a64-9302-3b4223ad176e.json b/objects/vulnerability/vulnerability--a5547ca4-f000-4a64-9302-3b4223ad176e.json new file mode 100644 index 00000000000..468a98205f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5547ca4-f000-4a64-9302-3b4223ad176e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71410de5-3f7a-4f95-84db-5ff23252cbc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5547ca4-f000-4a64-9302-3b4223ad176e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.350489Z", + "modified": "2024-09-13T00:19:31.350489Z", + "name": "CVE-2024-6389", + "description": "An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a82de3fe-f9d6-4506-ace1-05ba77f62605.json b/objects/vulnerability/vulnerability--a82de3fe-f9d6-4506-ace1-05ba77f62605.json new file mode 100644 index 00000000000..4815ed17328 --- /dev/null +++ b/objects/vulnerability/vulnerability--a82de3fe-f9d6-4506-ace1-05ba77f62605.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccc60f02-9c2d-4133-a020-34a4f8063709", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a82de3fe-f9d6-4506-ace1-05ba77f62605", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.524013Z", + "modified": "2024-09-13T00:19:32.524013Z", + "name": "CVE-2024-7860", + "description": "The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7860" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a949f96e-e276-4cae-b307-6d792f79ae0f.json b/objects/vulnerability/vulnerability--a949f96e-e276-4cae-b307-6d792f79ae0f.json new file mode 100644 index 00000000000..254ecc253aa --- /dev/null +++ b/objects/vulnerability/vulnerability--a949f96e-e276-4cae-b307-6d792f79ae0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01465a6e-6b65-4801-9cc8-59a5e87b3f3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a949f96e-e276-4cae-b307-6d792f79ae0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.363472Z", + "modified": "2024-09-13T00:19:31.363472Z", + "name": "CVE-2024-6887", + "description": "The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9609baf-ba4c-444d-a226-6592f3661a31.json b/objects/vulnerability/vulnerability--a9609baf-ba4c-444d-a226-6592f3661a31.json new file mode 100644 index 00000000000..5fb73c8c681 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9609baf-ba4c-444d-a226-6592f3661a31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0007a481-c83e-4103-aa12-7eabaff08edf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9609baf-ba4c-444d-a226-6592f3661a31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.010205Z", + "modified": "2024-09-13T00:19:31.010205Z", + "name": "CVE-2024-32848", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab0d5829-8c58-45c6-b26d-2fec4c8e8df1.json b/objects/vulnerability/vulnerability--ab0d5829-8c58-45c6-b26d-2fec4c8e8df1.json new file mode 100644 index 00000000000..1146253fb3b --- /dev/null +++ b/objects/vulnerability/vulnerability--ab0d5829-8c58-45c6-b26d-2fec4c8e8df1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3076ef47-aedd-4ede-98da-9e4139d44deb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab0d5829-8c58-45c6-b26d-2fec4c8e8df1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.023246Z", + "modified": "2024-09-13T00:19:32.023246Z", + "name": "CVE-2024-8695", + "description": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--abe39573-e4ff-474a-8814-a2fe666e14f5.json b/objects/vulnerability/vulnerability--abe39573-e4ff-474a-8814-a2fe666e14f5.json new file mode 100644 index 00000000000..ed9ad7b4713 --- /dev/null +++ b/objects/vulnerability/vulnerability--abe39573-e4ff-474a-8814-a2fe666e14f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa20e4d8-1b8d-4af5-98ee-6cc06dbd5bef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--abe39573-e4ff-474a-8814-a2fe666e14f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.959845Z", + "modified": "2024-09-13T00:19:32.959845Z", + "name": "CVE-2024-45851", + "description": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aeeca933-d946-41d3-ac93-3ddb756c5e61.json b/objects/vulnerability/vulnerability--aeeca933-d946-41d3-ac93-3ddb756c5e61.json new file mode 100644 index 00000000000..82d822d2695 --- /dev/null +++ b/objects/vulnerability/vulnerability--aeeca933-d946-41d3-ac93-3ddb756c5e61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d00d24b2-4a7d-4758-90e7-01394f175932", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aeeca933-d946-41d3-ac93-3ddb756c5e61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.042525Z", + "modified": "2024-09-13T00:19:31.042525Z", + "name": "CVE-2024-32846", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0bc64dc-9aa2-4e87-8d7d-ddeb7f4f7ca6.json b/objects/vulnerability/vulnerability--b0bc64dc-9aa2-4e87-8d7d-ddeb7f4f7ca6.json new file mode 100644 index 00000000000..82f3dab16d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0bc64dc-9aa2-4e87-8d7d-ddeb7f4f7ca6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d789ebe-c736-4812-b95e-245732b4f733", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0bc64dc-9aa2-4e87-8d7d-ddeb7f4f7ca6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.96893Z", + "modified": "2024-09-13T00:19:32.96893Z", + "name": "CVE-2024-45857", + "description": "Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b10f0218-fbd5-48de-b38d-bc06d350d3ae.json b/objects/vulnerability/vulnerability--b10f0218-fbd5-48de-b38d-bc06d350d3ae.json new file mode 100644 index 00000000000..c5c5df22147 --- /dev/null +++ b/objects/vulnerability/vulnerability--b10f0218-fbd5-48de-b38d-bc06d350d3ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fad9262c-2fcc-4f8a-a377-4481fadc57d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b10f0218-fbd5-48de-b38d-bc06d350d3ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.374689Z", + "modified": "2024-09-13T00:19:31.374689Z", + "name": "CVE-2024-6019", + "description": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b379ad48-bb89-4eae-920a-372f2b2fd7fc.json b/objects/vulnerability/vulnerability--b379ad48-bb89-4eae-920a-372f2b2fd7fc.json new file mode 100644 index 00000000000..a8425a9c3ae --- /dev/null +++ b/objects/vulnerability/vulnerability--b379ad48-bb89-4eae-920a-372f2b2fd7fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b70a394-3bb9-4aa4-bade-ba0a575d39f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b379ad48-bb89-4eae-920a-372f2b2fd7fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.354632Z", + "modified": "2024-09-13T00:19:32.354632Z", + "name": "CVE-2024-3305", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3305" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b59e518a-d64c-4a73-b2dd-ab97646132e3.json b/objects/vulnerability/vulnerability--b59e518a-d64c-4a73-b2dd-ab97646132e3.json new file mode 100644 index 00000000000..39c92e3915e --- /dev/null +++ b/objects/vulnerability/vulnerability--b59e518a-d64c-4a73-b2dd-ab97646132e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--483fd222-b64a-4382-867c-139ce4334fde", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b59e518a-d64c-4a73-b2dd-ab97646132e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.300073Z", + "modified": "2024-09-13T00:19:32.300073Z", + "name": "CVE-2024-36066", + "description": "The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because the standalone CMP client originally was developed as test code, the salt was instead hardcoded and only 6 octets long.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b81dd4cd-d3f9-4735-9b04-6427e62060f3.json b/objects/vulnerability/vulnerability--b81dd4cd-d3f9-4735-9b04-6427e62060f3.json new file mode 100644 index 00000000000..9a4187ea2a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b81dd4cd-d3f9-4735-9b04-6427e62060f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1f5246a-0f38-46df-9ab9-215d42372ab3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b81dd4cd-d3f9-4735-9b04-6427e62060f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.904576Z", + "modified": "2024-09-13T00:19:31.904576Z", + "name": "CVE-2024-28990", + "description": "SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console.\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28990" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba178760-fe96-4d8d-b068-4bf4048d720a.json b/objects/vulnerability/vulnerability--ba178760-fe96-4d8d-b068-4bf4048d720a.json new file mode 100644 index 00000000000..76b857c54cf --- /dev/null +++ b/objects/vulnerability/vulnerability--ba178760-fe96-4d8d-b068-4bf4048d720a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ef7da69-d99a-4a79-b3f3-2115f4013ca2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba178760-fe96-4d8d-b068-4bf4048d720a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.991069Z", + "modified": "2024-09-13T00:19:31.991069Z", + "name": "CVE-2024-8711", + "description": "A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8711" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbf7efe9-f20b-44cf-9993-1fa181edae2e.json b/objects/vulnerability/vulnerability--bbf7efe9-f20b-44cf-9993-1fa181edae2e.json new file mode 100644 index 00000000000..792cbb7a0ee --- /dev/null +++ b/objects/vulnerability/vulnerability--bbf7efe9-f20b-44cf-9993-1fa181edae2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96ef4ba4-e257-4422-9859-ba0c8935031e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbf7efe9-f20b-44cf-9993-1fa181edae2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.686037Z", + "modified": "2024-09-13T00:19:32.686037Z", + "name": "CVE-2024-40457", + "description": "** DISPUTED ** No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bca4c911-47fb-427f-bf73-e0d3b3aeacaa.json b/objects/vulnerability/vulnerability--bca4c911-47fb-427f-bf73-e0d3b3aeacaa.json new file mode 100644 index 00000000000..30f12483a2b --- /dev/null +++ b/objects/vulnerability/vulnerability--bca4c911-47fb-427f-bf73-e0d3b3aeacaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa44cde7-15fe-476d-bfb9-70df1e391758", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bca4c911-47fb-427f-bf73-e0d3b3aeacaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.99772Z", + "modified": "2024-09-13T00:19:32.99772Z", + "name": "CVE-2024-45303", + "description": "Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd19f34d-0875-44e9-b829-58c010c16a36.json b/objects/vulnerability/vulnerability--bd19f34d-0875-44e9-b829-58c010c16a36.json new file mode 100644 index 00000000000..0a1c87210a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd19f34d-0875-44e9-b829-58c010c16a36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f417807-d583-4c78-b6c8-0ee914665d0c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd19f34d-0875-44e9-b829-58c010c16a36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.544935Z", + "modified": "2024-09-13T00:19:32.544935Z", + "name": "CVE-2024-7859", + "description": "The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be06d3cf-c666-48f2-9e84-0b053a2d6245.json b/objects/vulnerability/vulnerability--be06d3cf-c666-48f2-9e84-0b053a2d6245.json new file mode 100644 index 00000000000..619c0b20307 --- /dev/null +++ b/objects/vulnerability/vulnerability--be06d3cf-c666-48f2-9e84-0b053a2d6245.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f2c1cbb-9e69-45c9-82e4-6461abdf036d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be06d3cf-c666-48f2-9e84-0b053a2d6245", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.048767Z", + "modified": "2024-09-13T00:19:32.048767Z", + "name": "CVE-2024-8708", + "description": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8708" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf432d36-f5e2-4be5-a6ac-5b0f5f7c77d3.json b/objects/vulnerability/vulnerability--bf432d36-f5e2-4be5-a6ac-5b0f5f7c77d3.json new file mode 100644 index 00000000000..3d58a159bc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf432d36-f5e2-4be5-a6ac-5b0f5f7c77d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95e10988-b241-4393-965f-25cee5d54b94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf432d36-f5e2-4be5-a6ac-5b0f5f7c77d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.93889Z", + "modified": "2024-09-13T00:19:32.93889Z", + "name": "CVE-2024-45855", + "description": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45855" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5d90e0a-a9e2-441e-a80e-446acc522035.json b/objects/vulnerability/vulnerability--c5d90e0a-a9e2-441e-a80e-446acc522035.json new file mode 100644 index 00000000000..400e4ada59b --- /dev/null +++ b/objects/vulnerability/vulnerability--c5d90e0a-a9e2-441e-a80e-446acc522035.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e56e4518-09bb-469a-8d54-3ca2888354fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5d90e0a-a9e2-441e-a80e-446acc522035", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.037141Z", + "modified": "2024-09-13T00:19:32.037141Z", + "name": "CVE-2024-8751", + "description": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c695e065-69a6-4b79-98d8-d95b5c38bcce.json b/objects/vulnerability/vulnerability--c695e065-69a6-4b79-98d8-d95b5c38bcce.json new file mode 100644 index 00000000000..55418d641a5 --- /dev/null +++ b/objects/vulnerability/vulnerability--c695e065-69a6-4b79-98d8-d95b5c38bcce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--359e9260-422a-412e-a57f-27abdc2f4a87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c695e065-69a6-4b79-98d8-d95b5c38bcce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.405844Z", + "modified": "2024-09-13T00:19:31.405844Z", + "name": "CVE-2024-6077", + "description": "A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6077" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb12a062-0cbc-4279-9ab2-e9cb0a5f570c.json b/objects/vulnerability/vulnerability--cb12a062-0cbc-4279-9ab2-e9cb0a5f570c.json new file mode 100644 index 00000000000..46bca99513b --- /dev/null +++ b/objects/vulnerability/vulnerability--cb12a062-0cbc-4279-9ab2-e9cb0a5f570c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2947681-ed2c-4720-b061-c86b43fa660e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb12a062-0cbc-4279-9ab2-e9cb0a5f570c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.010312Z", + "modified": "2024-09-13T00:19:32.010312Z", + "name": "CVE-2024-8635", + "description": "A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc9dda5c-906b-4974-96a9-6714d2fba949.json b/objects/vulnerability/vulnerability--cc9dda5c-906b-4974-96a9-6714d2fba949.json new file mode 100644 index 00000000000..c05335cf64d --- /dev/null +++ b/objects/vulnerability/vulnerability--cc9dda5c-906b-4974-96a9-6714d2fba949.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ccdecfc-e21e-4dc8-bf25-0cef64db93b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc9dda5c-906b-4974-96a9-6714d2fba949", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.41378Z", + "modified": "2024-09-13T00:19:31.41378Z", + "name": "CVE-2024-6658", + "description": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n\n\n Product \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \n\n\n\n\n\n  \n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \n\n\n\n\n\n  \n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.11 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.0 (inclusive)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cccce2ac-2a8a-465d-8e8e-21e9cd992378.json b/objects/vulnerability/vulnerability--cccce2ac-2a8a-465d-8e8e-21e9cd992378.json new file mode 100644 index 00000000000..6e46e052a31 --- /dev/null +++ b/objects/vulnerability/vulnerability--cccce2ac-2a8a-465d-8e8e-21e9cd992378.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa570017-240c-44e9-80ab-0bea39bcdf54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cccce2ac-2a8a-465d-8e8e-21e9cd992378", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.007131Z", + "modified": "2024-09-13T00:19:32.007131Z", + "name": "CVE-2024-8311", + "description": "An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8311" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3e642c9-05a2-43dd-bdfe-c211528f3d99.json b/objects/vulnerability/vulnerability--d3e642c9-05a2-43dd-bdfe-c211528f3d99.json new file mode 100644 index 00000000000..f92970d983b --- /dev/null +++ b/objects/vulnerability/vulnerability--d3e642c9-05a2-43dd-bdfe-c211528f3d99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ebe1259-4e7a-44d6-8e38-152c2fbc4e5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3e642c9-05a2-43dd-bdfe-c211528f3d99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.043772Z", + "modified": "2024-09-13T00:19:32.043772Z", + "name": "CVE-2024-8522", + "description": "The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6307c15-6485-437d-ace0-0c9201229786.json b/objects/vulnerability/vulnerability--d6307c15-6485-437d-ace0-0c9201229786.json new file mode 100644 index 00000000000..dd1e1356d80 --- /dev/null +++ b/objects/vulnerability/vulnerability--d6307c15-6485-437d-ace0-0c9201229786.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f134e0d-af3a-4707-bfe8-00a21ef89e30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6307c15-6485-437d-ace0-0c9201229786", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:29.947383Z", + "modified": "2024-09-13T00:19:29.947383Z", + "name": "CVE-2020-24061", + "description": "Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-24061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d68285a4-8ea5-49f7-a676-c3e7a429dd4c.json b/objects/vulnerability/vulnerability--d68285a4-8ea5-49f7-a676-c3e7a429dd4c.json new file mode 100644 index 00000000000..e28ecb4e093 --- /dev/null +++ b/objects/vulnerability/vulnerability--d68285a4-8ea5-49f7-a676-c3e7a429dd4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbfc70b2-ecf7-49ae-b8db-5442011795f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d68285a4-8ea5-49f7-a676-c3e7a429dd4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.966692Z", + "modified": "2024-09-13T00:19:32.966692Z", + "name": "CVE-2024-45850", + "description": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45850" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7895cb2-9d74-42e3-b3b1-fe5aad3d3409.json b/objects/vulnerability/vulnerability--d7895cb2-9d74-42e3-b3b1-fe5aad3d3409.json new file mode 100644 index 00000000000..afa5735151b --- /dev/null +++ b/objects/vulnerability/vulnerability--d7895cb2-9d74-42e3-b3b1-fe5aad3d3409.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--775d17f3-a919-4005-9e7f-1e882af48344", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7895cb2-9d74-42e3-b3b1-fe5aad3d3409", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.663258Z", + "modified": "2024-09-13T00:19:31.663258Z", + "name": "CVE-2024-38222", + "description": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d92d9177-0e2b-416d-95cb-4662c87e7935.json b/objects/vulnerability/vulnerability--d92d9177-0e2b-416d-95cb-4662c87e7935.json new file mode 100644 index 00000000000..0fb0bd6f044 --- /dev/null +++ b/objects/vulnerability/vulnerability--d92d9177-0e2b-416d-95cb-4662c87e7935.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b569f44d-6b1d-4801-9929-341d6ccf2ce9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d92d9177-0e2b-416d-95cb-4662c87e7935", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.08044Z", + "modified": "2024-09-13T00:19:31.08044Z", + "name": "CVE-2024-44459", + "description": "A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44459" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbd03c25-0054-47de-a151-eb8dc13ae61d.json b/objects/vulnerability/vulnerability--dbd03c25-0054-47de-a151-eb8dc13ae61d.json new file mode 100644 index 00000000000..039fdcb476c --- /dev/null +++ b/objects/vulnerability/vulnerability--dbd03c25-0054-47de-a151-eb8dc13ae61d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d932cf6-e4a5-4f68-9b75-f405875cb855", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbd03c25-0054-47de-a151-eb8dc13ae61d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.850649Z", + "modified": "2024-09-13T00:19:32.850649Z", + "name": "CVE-2024-5435", + "description": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6828bc6-6faa-47c9-a7a9-555fa5106f2a.json b/objects/vulnerability/vulnerability--e6828bc6-6faa-47c9-a7a9-555fa5106f2a.json new file mode 100644 index 00000000000..4f27245167e --- /dev/null +++ b/objects/vulnerability/vulnerability--e6828bc6-6faa-47c9-a7a9-555fa5106f2a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7c5259e-03dc-4982-a33d-dbb6dcfcab9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6828bc6-6faa-47c9-a7a9-555fa5106f2a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.390498Z", + "modified": "2024-09-13T00:19:31.390498Z", + "name": "CVE-2024-6446", + "description": "An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6446" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8cb1fe3-fcbc-4b31-92e5-bf1c45544276.json b/objects/vulnerability/vulnerability--e8cb1fe3-fcbc-4b31-92e5-bf1c45544276.json new file mode 100644 index 00000000000..433871e5801 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8cb1fe3-fcbc-4b31-92e5-bf1c45544276.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c36dd3f-b697-4432-8d4c-2ed7987fe8e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8cb1fe3-fcbc-4b31-92e5-bf1c45544276", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:41.03547Z", + "modified": "2024-09-13T00:19:41.03547Z", + "name": "CVE-2021-38131", + "description": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText™ eDirectory 9.2.5.0000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-38131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e90f1db4-581d-4722-b2ca-8c6fa395e43c.json b/objects/vulnerability/vulnerability--e90f1db4-581d-4722-b2ca-8c6fa395e43c.json new file mode 100644 index 00000000000..cc78c87d178 --- /dev/null +++ b/objects/vulnerability/vulnerability--e90f1db4-581d-4722-b2ca-8c6fa395e43c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b3894ba-219b-43b0-befc-da469de0f5be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e90f1db4-581d-4722-b2ca-8c6fa395e43c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.987939Z", + "modified": "2024-09-13T00:19:32.987939Z", + "name": "CVE-2024-45826", + "description": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45826" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eac01688-9282-43f6-9e1d-6fb3ad34b989.json b/objects/vulnerability/vulnerability--eac01688-9282-43f6-9e1d-6fb3ad34b989.json new file mode 100644 index 00000000000..f82a335b573 --- /dev/null +++ b/objects/vulnerability/vulnerability--eac01688-9282-43f6-9e1d-6fb3ad34b989.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9e78aa8-e77c-4b28-8aaa-3f29be21434b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eac01688-9282-43f6-9e1d-6fb3ad34b989", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.015326Z", + "modified": "2024-09-13T00:19:32.015326Z", + "name": "CVE-2024-8754", + "description": "An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb0e6cf2-3b66-4603-ac93-e07abb0d4cbc.json b/objects/vulnerability/vulnerability--eb0e6cf2-3b66-4603-ac93-e07abb0d4cbc.json new file mode 100644 index 00000000000..afff8f21e0c --- /dev/null +++ b/objects/vulnerability/vulnerability--eb0e6cf2-3b66-4603-ac93-e07abb0d4cbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc5a12d1-10a5-4207-91ff-8ea3c613daee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb0e6cf2-3b66-4603-ac93-e07abb0d4cbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.991371Z", + "modified": "2024-09-13T00:19:32.991371Z", + "name": "CVE-2024-45848", + "description": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edae5092-5a81-4413-a6c2-f42d3c305bd7.json b/objects/vulnerability/vulnerability--edae5092-5a81-4413-a6c2-f42d3c305bd7.json new file mode 100644 index 00000000000..3571d00e54a --- /dev/null +++ b/objects/vulnerability/vulnerability--edae5092-5a81-4413-a6c2-f42d3c305bd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9aa7f53-96d0-4711-94d0-a022c5d68bd8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edae5092-5a81-4413-a6c2-f42d3c305bd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.978979Z", + "modified": "2024-09-13T00:19:32.978979Z", + "name": "CVE-2024-45823", + "description": "CVE-2024-45823 IMPACT\n\n\n\nAn\nauthentication bypass vulnerability exists in the affected product. The\nvulnerability exists due to shared secrets across accounts and could allow a threat\nactor to impersonate a user if the threat actor is able to enumerate additional\ninformation required during authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f03931f3-5608-4958-bb98-640a2f1a247e.json b/objects/vulnerability/vulnerability--f03931f3-5608-4958-bb98-640a2f1a247e.json new file mode 100644 index 00000000000..2b0afa3f277 --- /dev/null +++ b/objects/vulnerability/vulnerability--f03931f3-5608-4958-bb98-640a2f1a247e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b45d5c7f-64f3-47a7-a4a1-a9e8e7ae36ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f03931f3-5608-4958-bb98-640a2f1a247e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.497958Z", + "modified": "2024-09-13T00:19:32.497958Z", + "name": "CVE-2024-7961", + "description": "A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7961" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6ae57bf-fc84-4a69-ae36-e4c58b6bedb0.json b/objects/vulnerability/vulnerability--f6ae57bf-fc84-4a69-ae36-e4c58b6bedb0.json new file mode 100644 index 00000000000..9b4f44f1e83 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6ae57bf-fc84-4a69-ae36-e4c58b6bedb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3446b73-d444-4c59-8466-eb69e836db65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6ae57bf-fc84-4a69-ae36-e4c58b6bedb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.590382Z", + "modified": "2024-09-13T00:19:32.590382Z", + "name": "CVE-2024-41629", + "description": "An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f78b4513-ba0e-4fe7-946d-5c36ff9f7f88.json b/objects/vulnerability/vulnerability--f78b4513-ba0e-4fe7-946d-5c36ff9f7f88.json new file mode 100644 index 00000000000..ac6569f11a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f78b4513-ba0e-4fe7-946d-5c36ff9f7f88.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3562ecc5-55af-4a22-b15e-673c1edd0c35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f78b4513-ba0e-4fe7-946d-5c36ff9f7f88", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.041457Z", + "modified": "2024-09-13T00:19:32.041457Z", + "name": "CVE-2024-8749", + "description": "SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7918e88-c01c-4f50-875a-1b7371ac7f9a.json b/objects/vulnerability/vulnerability--f7918e88-c01c-4f50-875a-1b7371ac7f9a.json new file mode 100644 index 00000000000..7eb2a9fb960 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7918e88-c01c-4f50-875a-1b7371ac7f9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41b7a3f9-bcb3-4a43-9967-412d53a62ce7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7918e88-c01c-4f50-875a-1b7371ac7f9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:30.989708Z", + "modified": "2024-09-13T00:19:30.989708Z", + "name": "CVE-2024-32845", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9153586-856d-478d-b4f3-34e785a1aa0a.json b/objects/vulnerability/vulnerability--f9153586-856d-478d-b4f3-34e785a1aa0a.json new file mode 100644 index 00000000000..984664119b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9153586-856d-478d-b4f3-34e785a1aa0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8c27606-71d6-4fce-ab54-52b42a1b892d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9153586-856d-478d-b4f3-34e785a1aa0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.982616Z", + "modified": "2024-09-13T00:19:32.982616Z", + "name": "CVE-2024-45624", + "description": "Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f971a6e0-26e8-466c-a23c-e51c776bbd10.json b/objects/vulnerability/vulnerability--f971a6e0-26e8-466c-a23c-e51c776bbd10.json new file mode 100644 index 00000000000..dbf09bf517a --- /dev/null +++ b/objects/vulnerability/vulnerability--f971a6e0-26e8-466c-a23c-e51c776bbd10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1fdf80d-39df-4abe-a754-7f5e56257976", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f971a6e0-26e8-466c-a23c-e51c776bbd10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:31.000915Z", + "modified": "2024-09-13T00:19:31.000915Z", + "name": "CVE-2024-32842", + "description": "An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb906366-a41f-4c4a-8513-27c4aa1814e0.json b/objects/vulnerability/vulnerability--fb906366-a41f-4c4a-8513-27c4aa1814e0.json new file mode 100644 index 00000000000..30bdde95533 --- /dev/null +++ b/objects/vulnerability/vulnerability--fb906366-a41f-4c4a-8513-27c4aa1814e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--351e0800-2f13-472d-a0f0-470c0de9b899", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb906366-a41f-4c4a-8513-27c4aa1814e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-13T00:19:32.47258Z", + "modified": "2024-09-13T00:19:32.47258Z", + "name": "CVE-2024-34335", + "description": "ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34335" + } + ] + } + ] +} \ No newline at end of file